Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stanford Rejects Business School Hackers

Posted by Zonk on from the don't-count-your-chickens dept.

robbarrett writes "The Stanford Report offers the next chapter in a continuing story about business school applicants manipulating URLs on the ApplyYourself system to determine their personal admission status. Harvard immediately rejected the 'hacker' applicants, but Stanford gave 'offenders' the opportunity to defend their actions. However, none of the competitive applicants 'was able to explain his/her actions to our satisfaction,' according to Stanford's dean, so all were rejected. The story mentions the decisions reached by other schools involved in the mess."

5 of 406 comments (clear)

  1. Re:Heh by Anonymous Coward · · Score: 3, Informative

    Subject verb agreement. The subject is none, not applicants.

    "None" is a special case of the singular. It should have a singular verb applied to it.

  2. Re:Heh by Guido+del+Confuso · · Score: 4, Informative

    "None" is short for "not one" and so it uses the singular verb form. The subject of the sentence is "none", not "applicants", so the usage is correct.

    http://dictionary.reference.com/search?q=none

  3. Re:Heh by nacturation · · Score: 2, Informative

    In addition to the other posts, it is worthwhile to note that the subject of the sentence is never located within a prepositional phrase. "of the ... applicants" is a prepositional phrase, where a preposition is "of", "on", "in", etc. So this should read "None ... was able to explain", which still sounds rather odd even though it's correct.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  4. Re:Getting to the goodies... by MichaelSmith · · Score: 3, Informative
    If the article is right, all they did was poke around the system with URL munged from information they already had.

    About five years ago the Federal Government here in Australia introduced a new goods and services tax. Businesses had to register to use the new system and the ATO (tax office) provided a nifty web interface for them to query their account.

    One enterprising person changed the account number in the URL and accessed the details of other account holders.

    IIRC he called up the ATO and told them he had found a security hole, and exactly how he found it.

    Of course, he was charged with hacking the system.

    So the Stanford experience is not exactly isolated. For me it is a bit like going to a public office, and trying an unmarked door. It is not your fault if the door is not locked and they can't really charge you with breaking and entering as long as you didn't use the opportunity to commit a crime.

    --
    http://michaelsmith.id.au
  5. Re:If they had been Comp Sci students.... by cortana · · Score: 3, Informative

    Good grief, tell me you're not a sysadmin for any public webapps so I can breathe a sigh of relief. I don't want to be arrested for cracking into your system the next time I mis-type a URL!

    Also your analogy is crap, because accessing an unsecured resource at a publicly-available URL is not the same as waltzing into an open bank vault and making off with the contents.