Slashdot Mirror

← Back to Stories (view on slashdot.org)

Princeton Hacks Yale, Harvard Not Surprised

Posted by timothy on from the mit-has-cooler-hacks dept.

Semji Rkim writes: "Yale Daily News is running a story of several occassions in which Princeton officials entered the Yale Online website and viewed admissions decisions. Princeton officials claim they were simply researching security for their own website. Reportedly the website, on initial log-in, would show applicants either a congratulatory fireworks display or a rejection notice. Princeton officials informally mentioned that they had accessed students' records on Yale's admissions site at an Ivy League deans' conference. The Yale website apparently used names, birth dates, and social security information as unique identifiers to allow access to the site. They are considering adding a PIN in the future."

18 of 304 comments (clear)

  1. Obligatory Simpson's Quote by unicron · · Score: 4, Funny

    Sideshow Bob: Are you still angry about being kicked out of clown college?

    Cecil: I'll thank you not to refer to Princeton that way.

    --
    Finally, math books without any of that base 6 crap in them.
  2. In case of slashdotting by Anonymous Coward · · Score: 5, Funny
    Here's the original article:

    HTTP/1.1 Server Too Busy

  3. Re:Sneaky by CaseyG · · Score: 5, Funny
    If anything, it shows that the guys at Princeton can 'think outside the box' more than those at Yale.

    Unfortunately, they wandered into someone else's box.

    -c.

    --
    Casey

    More scratches on the cave wall, thanks be to anonymity.

  4. Nice by Reality+Master+101 · · Score: 5, Funny

    Reportedly the website, on initial log-in, would show applicants either a congratulatory fireworks display or a rejection notice.

    Fireworks? What's their rejection notice, then? Top rejection notice graphics:

    -- Picture of Nelson saying "HA! HA!"
    -- Picture of MacDonald's and link to "Hamburger University"
    -- Picture of funeral with the casket labelled "your future" slowly being lowered into ground
    -- The Dell guy saying, "Dude, you're goin' to Community College!"

    --
    Sometimes it's best to just let stupid people be stupid.
    1. Re:Nice by Reality+Master+101 · · Score: 4, Funny

      By the way, just in case anyone thought I was kidding, there really is a Hamburger University. :)

      --
      Sometimes it's best to just let stupid people be stupid.
  5. They weren't hacking. by Elwood+P+Dowd · · Score: 4, Funny

    Just think... if they had notified the Attorney General's office it would have been legal. Well. In a few months.

    --

    There are no trails. There are no trees out here.
  6. SSNs should be published in the phone book by anthony_dipierro · · Score: 4, Interesting

    This way stupid schools won't be tempted to use them as security codes.

  7. "hack" by jd142 · · Score: 5, Interesting

    How many times have people here wailed at the non-tech press for using the word "hack" to describe what most would technically term a "crack"? Well if you ever actually read the article, you'd see that Princeton didn't hack or crack. They used the ssn and birthdate supplied to them by their own applicants to access Yale's pages. In other words, they had the users' login and passwords and used them. Not a hack, not a crack. Thoroughly evil of course, but "merely" a lie.

    1. Re:"hack" by theLOUDroom · · Score: 4, Informative

      Actually the term hacker originally had nothing to do with unauthorized use of computer systems. Its a very old term (>20yrs). Read about it.
      You don't know what you talking about. Get over it.

      --
      Life is too short to proofread.
    2. Re:"hack" by jd142 · · Score: 5, Insightful

      ESR's authority to "deprecate" the meaning of the word for his or anyone else's little ego reasons.

      The correct term is amelioration - the changing of the definition of a word to a better connotation. Happens all the time in the world. ESR doesn't have the authority, but users of the language do. The opposite is pejoration. Examples of amelioration are praise (originally a synonym for appraise), knight (originally a servant), and earl(originally just a man). More examples of amelioration and pejoration are left as an exercise for the student.

    3. Re:"hack" by Reality+Master+101 · · Score: 4, Insightful

      Happens all the time in the world. ESR doesn't have the authority, but users of the language do.

      Exactly the point. A dictionary should reflect the language usage, not attempt to mold it. That's why I find ESR's attempt to change the meaning so offensive. He's corrupting the very purpose of a dictionary.

      --
      Sometimes it's best to just let stupid people be stupid.
  8. MIT by inburito · · Score: 5, Interesting

    Fortunately MIT does this a little differently and slightly more hacker proof. They don't rely on any publicly (to any admissions office) available information but assign you with a unique 9-digit id number from the beginning of the application process and all of your online information is tied to this id.

    I should point out that you can only view your status (summary of received documents and final decision, nothing else) if you have this id and a last name but to actually update and change information on their information system you require a kerberos identity, the passphrases for which are sent (regular mail) after you're confirmed and accepted admission. I recall that the initial id-number is sent to you via regular mail with a confirmation that they received your application and assigned an interviewer etc.

    Basically as long as you're not a complete moron (I think it is safe to assume this if you have been admitted to MIT) you're probably not going to give out your ssl-certificates or give out your id/uname/pw-combo plaintext over internet (and if you do you're totally responsible for all the misuse - they're not going to clear your name).

    So I suppose MIT beat all the other ivy-league schools with respect to not getting hacked but then again what should you expect from the home of "hacks".

  9. This happens all the time by patrick146 · · Score: 4, Insightful

    I work for UC Santa Barbara, and I've seen a lot of this before. We force users to select usernames and passwords, and until recently, did not encrypt the users passwords in our database. Just out of curiosity, I tried using the applicants username/password on the e-mail accounts they entered.

    Sure enough, I was able to access many of the e-mail accounts. I quickly stopped, realizing that some of these people probably also used the same username/password combinations for their bank accounts, etc.

    Now, when users log in, an MD5 hash is compared against the hashed password in the database.

    Many of the people were Hotmail users. Just think when your .NET Passport is also your bank and credit card authentication, or your NationalID card authentication, or...

  10. Exclusive schools do all kinds of sneaky things by karlm · · Score: 5, Interesting
    Supposedly MIT and Harvard talk about who got admitted where. If you would have been admitted both places for engineering, they'll often only admit you at MIT and the other way arround for humanities and some of the pure sciences. And of course, if it seems you cn't live without "highest honors", they flag you for Brown. (Boo, hiss, yeah, I know. I really wanted to poke at Harvard, but Brown is so much worse in that respect.)

    There was some fuss a few years ago about all of the Ivy League schools talking about what they were going to offer for financial aid, and then offering identical packages to the same student. They claimed it was so that only the studen't opninion of the school made the difference, some students felt it was illegal anticompetitive behavior.

    In any case, schools always have gambles with who to let in. Admitting a student means you have to find space for her/him. Empty beds cost you money. The University of Michigan Anne Arbor is notorious for wait-listing students they think will go elsewhere. They wait-listed me and I got into MIT with no wait. The same thing happened to several of my friends at MIT.

    High acceptance percentages also help pestige, which give you better students and more proud alums. More proud alums are better donators and better students make for more rich alums.

    --
    Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
  11. Re:Ah, a true nerd's war by Otter · · Score: 4, Insightful
    My sister graduated from princeton and they teach you to hate hate hate yale and harvard. At their triangle shows (a really funny play that the theater group puts on), if they say Yale at any time during their show, everyone in the theater must immediately say SUCKS. There is something similar for harvard, but I haven't been to a show in so long so I forgot). From the outside it seems lame, but it sure is funny.

    Well, what's lame about it is that the rivalry exists solely on the Princeton side. Yale and Harvard focus their mutual dislike on each other, with Princeton carrying on their one-sided grudge from New Jersey and MIT periodically playing geekish pranks on Harvard. (Pasadena being too far away for routine hacks.)

    March, march on down the field, fighting for Eli,
    Break through that crimson line, their strength to defy...
    --
    What I'm listening to now on Pandora...
  12. In Defense of Princeton by SMN · · Score: 4, Insightful
    There's plenty of evidence to back Princeton's excuse that they were just "testing" the system. Princeton doesn't have any system up to inform students of their admissions decisions online; Yale does. Princeton IS evaluating ways to do this, and it would appear that they were actually testing how well Yale's system works. In doing so, they found that Yale's system did NOT work so well.

    And what did they do? Like the responsible hackers who merely hack to test for security holes and whose stories are sometimes linked here on Slashdot, they tried to tell the Yale people that their system was insecure. How does Yale respond? Do they thank Princeton for the warning? No, they report them to the police! If this were any "normal" hacker warning of security holes they found, everyone here would be up in arms!

    OK, so what Princeton did was obviously stupid, immoral, and probably illegal, and certainly deserving of punishment. But while the Yale Daily Herald does mention Princeton's explanation/excuse, they do so in very dismissive terms, and several friends of mine who read the article entirely missed the excuse and thought that this hacking was purely malicious. It was NOT, and it would be nice if that were noted. Then again, this is Slashdot, which isn't exactly famous for its impartiality =)

    (Disclaimer: I was one of the students who got into Princeton this year, so I'm biased. Any other current students or incoming freshmen here?)

    --
    -- Imagine how much more advanced our technology would be if we had eight fingers per hand.
  13. Yale Knew They Had a Problem--Or Should Have by John+Murdoch · · Score: 5, Interesting

    I just linked to the Daily Yalie site, and in their comments on the article there's a note from a former columnist in the Yale Herald: back in 2000 he wrote a column pointing out Yale's prediliction for using the SSN for a password, and how anybody with half a brain could use that to hack all sorts of Yale systems. Definitely worth a look--and it will lead you to the conclusion that Yale's admissions people are, well, stupid.

    John Murdoch
    Penn '80

  14. Re:I might just be an Oxbridge dummy but... by the+gnat · · Score: 4, Insightful

    I just (barely) graduated from Yale, so I'll bite...

    1. Why would Princeton want Yale rejects?

    Because Yale (like many other schools of its type) gets so many good applicants that the admissions office claims you could get just as good a freshman class from the rejects each year. Since admissions is pretty much just dumb luck anyway, some quality people get rejected. And, of course, there's quite a bit of competition for applicants. Hell, some people get rejected from Yale and accepted at Harvard.

    2. How crap is Yale for allowing something stupid like this?

    Without going into too much detail, pretty dumb, yes. Most things here are given more careful thought.

    3. How stupid are Yale for getting caught?

    That's "Princeton" you meant. I think that's probably dumber. But it's hilarious all around. You just can't make this shit up...