Princeton Caught Hacking Yale's Online Admissions System
from the oops dept
Oh, those crazy Ivy Leaguers. Yale today accused Princeton of illegaly hacking into their online admissions system to check on students who applied to both schools. Yale had seen a number of “unauthorized” attempts to log in, including some that were traced back to the Princeton admissions office. For their part, Princeton doesn’t seem to be denying any of this. They claim that they were “curious” as to how secure the Yale system was. It seems that none of these systems are all that secure. A friend of mine who applied to Harvard Business School figured out very quickly (just change a number in the URL) to change the result of the admissions proceedure. Within a few seconds we could easily setup a page that said any student got in, was put on the waitlist, or was rejected. Perhaps schools might want to think about more secure systems for such things. Using login information would be a start… Update: Now Princeton has suspended their director of admissions for this little fiasco.