Benlog

By now you’ve probably heard about Harvard, MIT, and Carnegie Mellon business schools rejecting MBA applicants who “hacked” into the admissions web site to see their acceptance status early. The problem is, what they did amounts to little more than curious exploration, not hacking: they just twiddled a URL on a horribly insecure web site.

A few members of the Crypto Group here at MIT wrote to MIT Sloan to explain how qualifying this as hacking is dangerous and erroneous. After all, if an admissions staff member mistakenly posted the results in a public hallway, students would hardly be held responsible. The web is no different.