Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

B-schools say they won't admit hackers

From: David Farber <dave () farber net>
Date: Sat, 12 Mar 2005 11:09:17 -0500

------ Forwarded Message
From: WJCarpenter <bill-ip () carpenter ORG>
Date: Fri, 11 Mar 2005 20:59:40 -0800
To: <dave () farber net>
Subject: RE: [IP] B-schools say they won't admit hackers

It's easy to think the B-schools are over-reacting or grandstanding or
whatever over this.  It's also easy to think that they were negligent
in not seeing to it that their contractor properly protected the data,
and to think the contractor employs incompetent fools for programmers.

My guess is that the folks at ApplyYourself and the folks at B-schools
who contracted them thought just what most of the burned candidates
think: Yeah, it's not much in the way of security, but there's not
much harm done if someone gets past it.  Now, looking back,
everybody's sorry and ashamed, etc, but I'm betting it all seemed
pretty reasonable to the company and the schools before the big story
broke.

It's also fun to think of ways that people could "innocently" do the
modified URL thing.  You have to especially feel for the guy whose
wife was checking on his status.  Ouch ... awkward around the dinner
table.  

But imagine this hypothetical (it's just a thought experiment because
I don't have any way of knowing if it's even technically possible in
this particular situation).  Someone who is legitimately supposed to
be using those modified URL (maybe someone at ApplyYourself or maybe
someone from one of the schools) is also running one of those browser
search engine helper thingies.  Most people know that if you turn on
"spy on me", they report something about your searches to HQ.  Some of
them also report *other* URLs you visit (not as the result of a
search), the idea being that it's more spidering start points for the
search engine.  Now all of a sudden a search on someone's name brings
up the magical URL.  Oh, the temptation to click...!


------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: