Boston.com reports that Harvard Business School said on Tuesday it is rejecting applications from 119 would-be students it accused of hacking into a Web site to learn early if they were accepted, before the sending of official notifications.
According to Philip Greenspun
In the 1960s the term "hacking" meant smart people developing useful and innovative computer software. In the 1990s the term meant smart evil people developing and running programs to break into computer systems and gain shell access to those systems. Thanks to Harvard Business school the term now means "people of average IQ poking around curiously by editing URLs on public servers and seeing what comes back in the form of directory listings, etc."
Outside the Beltway comments So, essentially, the students are being denied entrance to business school for the crime of . . . backspacing?
Hat tip to Begging to Differ for the link to ComputerWorld which tells a slightly different story. Using the screen name "brookbond," the hacker broke into the online application and decision system of ApplyYourself Inc. and posted a procedure students could use to access information about their applications before acceptance notices went out. The hack was posted in a Business Week online forum mainly frequented by business students, said Len Metheny, CEO of the Fairfax, Va.-based ApplyYourself.
ComputerWorld explanation has NOTHING to do with HOW the 119 applicants got access to their results. In my opinion Philip Greenspun was right, and what they did was trivial (and in fact something I have done myself, and I don't consider myself a hacker). What ComputerWorld calls "hacking" was just that the person who discovered how to get the information, and who posted it on the Business Week online forum registered for the Forums & Message Boards (as well as access to Portfolio Manager, Magazine Archives, and Free Newsletters) using an alias.
Update 3/16 NYT published an OpEd by Lauren Weinstein entitled Harvard Needs More Hackers. The tease was Business schools should use the recent breach of their security by "hackers" to teach — and take — an ethics lesson. The article admitted On the scale of "hacks," this incident barely makes the needle quiver. Yes, the students shouldn't have done it, since they presumably realized that they were trying to gain access to information that wasn't intended for their eyes at that moment. On the other hand, they also knew that they were using their own accounts and would be looking only at their own status. They weren't trying to alter files or gain access to others' data. It also admits The students who used it first logged into their accounts, then entered a minor modification into a Web address - the same sort of alterations that curious surfers routinely make all over the Internet. As it turned out, many of those who tried this trick simply saw blank pages, but the schools could tell which students had made the attempts., and then goes on to conclude Instead of rejecting these applicants based solely upon this shared lapse, the business schools could ask them to become the focal point of much-needed ethical education courses. These students could then serve as ambassadors of this cause to other students, faculty and, yes, administrators. Instead of being relegated to the ranks of student rejects, these applicants could become superior managers and executives by virtue of this experience - that is, if they're permitted to continue their studies.
Let me be sure I understand.
- The students used a technique curious surfers routinely make all over the Internet
- they were looking only at their own records
- many of those who tried this trick simply saw blank pages
- on the scale of "hacks," this incident barely makes the needle quiver
No comments:
Post a Comment