Interesting People mailing list archives
B-schools say they won't admit hackers
From: David Farber <dave () farber net>
Date: Sat, 12 Mar 2005 11:09:17 -0500
------ Forwarded Message From: WJCarpenter <bill-ip () carpenter ORG> Date: Fri, 11 Mar 2005 20:59:40 -0800 To: <dave () farber net> Subject: RE: [IP] B-schools say they won't admit hackers It's easy to think the B-schools are over-reacting or grandstanding or whatever over this. It's also easy to think that they were negligent in not seeing to it that their contractor properly protected the data, and to think the contractor employs incompetent fools for programmers. My guess is that the folks at ApplyYourself and the folks at B-schools who contracted them thought just what most of the burned candidates think: Yeah, it's not much in the way of security, but there's not much harm done if someone gets past it. Now, looking back, everybody's sorry and ashamed, etc, but I'm betting it all seemed pretty reasonable to the company and the schools before the big story broke. It's also fun to think of ways that people could "innocently" do the modified URL thing. You have to especially feel for the guy whose wife was checking on his status. Ouch ... awkward around the dinner table. But imagine this hypothetical (it's just a thought experiment because I don't have any way of knowing if it's even technically possible in this particular situation). Someone who is legitimately supposed to be using those modified URL (maybe someone at ApplyYourself or maybe someone from one of the schools) is also running one of those browser search engine helper thingies. Most people know that if you turn on "spy on me", they report something about your searches to HQ. Some of them also report *other* URLs you visit (not as the result of a search), the idea being that it's more spidering start points for the search engine. Now all of a sudden a search on someone's name brings up the magical URL. Oh, the temptation to click...! ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- B-schools say they won't admit hackers David Farber (Mar 12)