Hacking applicants turned down by Stanford

[Pengwuino]

I don't understand something here. Are some of you privy to more information then the others? Some people are saying that they simply changed the URL or were told there applications were online and they could go retrieve it. Where are they getting this information? Its not in the article so I am assuming some people have a different source of information and i would like to see it too.

 

[Anttech]

Can I go into someone's house and rumage around as long as I don't steal or damage anything? No, it's called trespassing, illegal entry.

Of course not, but in this case that isn't what happened (imo)...

They had a huge billboard in there living room with secret info, but didnt close the curtains...So they just 'walked past' and had a peek through the window, they didnt tresspass, they did what we are doing right now, looking at a public www site... ie looking through the window at publically available info, if the info wasnt supposed to be public then don't put it up on the www site...

Anyway the person who was the most unethical was the person who told them, if you look at such and such url you will find info on your application!

 

[dduardo]

Here is how they did it:

http://poweryogi.blogspot.com/2005/03/hbsapplyyourself-admit-status-snafu.html

 

[Pengwuino]

Oh well if that's how htey did it, that's completely unethical. They were snooping around, plain and simple. I think the 'peek through your window' analogy would now have to be modified so that there was a curtain blocking the billboard and you walked through the door and opened hte curtain to see the billboard...

which to me is unethical.

 

[PerennialII]

I'd place the "blame", if there actually is any to place, 50/50 after reading the description ... being turned down because of sloppy software & admin seems like another act of PC PR . Ethics ougth to be reserved for issues which actually matter.

 

[exequor]

I'd place the "blame", if there actually is any to place, 50/50 after reading the description ... being turned down because of sloppy software & admin seems like another act of PC PR . Ethics ougth to be reserved for issues which actually matter.

I agree with you, it is 50/50. I've seen lots of cases like this on Judge Judy and it ends up with the resposibility going 50/50.

unethical - not conforming to approved standards of social or professional behavior

Maybe ethics is the problem after all because what someone may perceive as unethical another person may not and that's how the world is. People always try to put limits on these things but I guess that's one of the pitfalls of "freedom". I heard of the story where a burglar broke into a house, got injured, and still sued the owner of the house. Now, is this ethical?

Oh I got the answer to the problem; Stanford should just let all prospective students view their admissions status. I can't believe the solution was that easy (sarcastically).

 

[Pengwuino]

But isn't judge judy just... stupid :D. I mean, arent there normally 2 people who both did something rather unethical/illegal and not just 1 person (like in this case)

 

[exequor]

But isn't judge judy just... stupid :D. I mean, arent there normally 2 people who both did something rather unethical/illegal and not just 1 person (like in this case)

True, because whenever its only one person, the case only takes 5 minutes to solve.

It all falls back to ethics, its the same reason why hacking is considered unethical. In the past social engineering was the main way for the hackers to get into a system and maybe it still is today, its too bad guys like Kevin Mitnick had to go to jail for nothing (my opinion).

 

[franznietzsche]

No, the correct analogy is that the internet is a system of roads and along these roads there are homes and businesses. Each one can be reached by an address (URL, IP address). Some are public some are private. Even in public places there are rules. They broke the rules.

These people were applying to school for their masters. They knew what they were doing was wrong. Just because no damage was done doesn't mean they didn't act unethically, which is why they were denied.

Can I go into someone's house and rumage around as long as I don't steal or damage anything? No, it's called trespassing, illegal entry.

No its not. If i put up a file that has public read permissions on it on a website, that i don't want someone to see, that is my own damn fault. Granted, what these kids did was stupid and unethical, but it is not akin to trespassing or breaking and entering in anyway.

 

[Evo]

No its not. If i put up a file that has public read permissions on it on a website, that i don't want someone to see, that is my own damn fault. Granted, what these kids did was stupid and unethical, but it is not akin to trespassing or breaking and entering in anyway.

That's what I've been saying in every single one of my posts...it's unethical.

Trespassing and illegal entry had to do only with going in someone else's house.

 

[franznietzsche]

That's what I've been saying in every single one of my posts...it's unethical.

Trespassing and illegal entry had to do only with going in someone else's house.

I don't think it deserves a bold unethical. It was unethical only in the sense that they were abusing someone else's stupid mistake. In so far that they profited from it, or that the other suffered from it (other than humiliation), I don't see how you can make a case for that. So they saw their admissions status early. And? Again, they shouldn't have done it, and they knew they weren't suppsoed to, but a far bigger deal is being made out of it than should be.

After all, its not like they were illegaly stealing computer lab time from their university for personal profit *cough**cough*.

edit: Further, maybe you don't really realize how much this is the fault of the people running the website. All it takes to keep people from seeing a page who aren't supposed to is 'chmod 660 filename' (on a *nix platform, Windows I don't know, I don't use windows for any real purpose anymore). Thats all it takes. One command, and voila, they can't see the page even if they try that trick with the url. And any competent webadmin should know not to have readable permissions for anyone other than the owner UNTIL you want the page seen. PERIOD.

 

[Evo]

I don't think it deserves a bold unethical. It was unethical only in the sense that they were abusing someone else's stupid mistake. In so far that they profited from it, or that the other suffered from it (other than humiliation), I don't see how you can make a case for that. So they saw their admissions status early. And? Again, they shouldn't have done it, and they knew they weren't suppsoed to, but a far bigger deal is being made out of it than should be.

After all, its not like they were illegaly stealing computer lab time from their university for personal profit *cough**cough*.

edit: Further, maybe you don't really realize how much this is the fault of the people running the website. All it takes to keep people from seeing a page who aren't supposed to is 'chmod 660 filename' (on a *nix platform, Windows I don't know, I don't use windows for any real purpose anymore). Thats all it takes. One command, and voila, they can't see the page even if they try that trick with the url. And any competent webadmin should know not to have readable permissions for anyone other than the owner UNTIL you want the page seen. PERIOD.

I know what you are saying, but I have been called in as an expert witness in a number of cases that went to court. The fault mainly lies on the perpetrator. Just because he finds a weakness does not give him authority to then enter the site and do as he pleases. It would be like a robber finding the home owner dropped their keys outside, he finds them, then let's himself inside to do whatever he wants. It is illegal entry and trespassing, even if there is no theft. That person has no right inside your home. We have a right to expect reasonable use on the internet. Anything that goes beyond that is not ok.

As with anything illegal, if it does not adhere to the rules you've been given, don't do it. I'm talking about the world of corporate business here. Stanford has a good reputation in business, which is why their MBA graduates are sought after. If it became known that a number of applicants had used questionable methods with which to obtain status and Stanford had not cracked down on them, Stanford would have lost a lot of respect in the business community. People want to get their MBA from Stanford because it's reputation opens doors. That reason is because they are respected for high quality academics and ethics. If Stanford would have brushed this under the rug, they would have lost faith of many large corporations that look to them to produce applicants of high ethical character.

So if the actions by Stanford seemed steep, yes they were and for a reason. The very same reason these applicants wanted to go there, "the name" and the credibility. Stanford does not wish to lose either.

Hey there are shopping strip mall colleges that give out MBA's, they can always go to one of these, they probably won't mind if they check on status without permission...a match made in heaven.

 

[franznietzsche]

I know what you are saying, but I have been called in as an expert witness in a number of cases that went to court. The fault mainly lies on the perpetrator. Just because he finds a weakness does not give him authority to then enter the site and do as he pleases.

I agree.

It would be like a robber finding the home owner dropped their keys outside, he finds them, then let's himself inside to do whatever he wants. It is illegal entry and trespassing, even if there is no theft. That person has no right inside your home. We have a right to expect reasonable use on the internet. Anything that goes beyond that is not ok.

I would think its more akin to leaving your belongings on the front lawn, under a tarp, than leaving your house open.

I'm not saying what the kids did was permissible.

As with anything illegal

There is nothing illegal about what they did (AFAIK. They did not gain unauthorized access to the system (user access), did not do anything to the university's system, did not steal anything, aside from information about themselves).

, if it does not adhere to the rules you've been given, don't do it. I'm talking about the world of corporate business here. Stanford has a good reputation in business, which is why their MBA graduates are sought after. If it became known that a number of applicants had used questionable methods with which to obtain status and Stanford had not cracked down on them, Stanford would have lost a lot of respect in the business community. People want to get their MBA from Stanford because it's reputation opens doors. That reason is because they are respected for high quality academics and ethics. If Stanford would have brushed this under the rug, they would have lost faith of many large corporations that look to them to produce applicants of high ethical character.

I'm not saying Stanford had any choice. Of course they had to reject the students as a result, doesn't mean the punishment fit the crime though. Stanford had to protect its reputation. Looking incompetent by admitting the mistake was their own (or whoever was maintaining the site, seems it was actually used by a number of universities) would have hurt them, as would letting the students in. They did what they had to do. I have no complaint with that, that's how reality works.

So if the actions by Stanford seemed steep, yes they were and for a reason. The very same reason these applicants wanted to go there, "the name" and the credibility. Stanford does not wish to lose either.

Indeed. If I had been forced to make the decision for Stanford in their best interests I would have done the same thing they did.

However vilifying these kids (who are actually all older than me, but that's beside the point) is unnecessary, and not warranted.