<p>Last fall, Yale University was touting its new admissions Web site to anyone who would listen.</p>
<p>For the first time at any Ivy League university, students would be able to log on and learn whether they had been accepted to the school, on a perfectly secure site.</p>
<p>"We will not move forward with this until we're rock solid on security," Richard Shaw, Yale's undergraduate admissions dean, vowed at the time.</p>
<p>Eight months later, Yale is eating its words -- and colleges around the nation are rethinking campus computer security.</p>
<p>Not only was Yale's "rock-solid" admissions site hacked last spring, it was hacked with relative ease by administrators at rival Princeton. With a few keystrokes they were in, reading which applicants had been accepted to the New Haven, Conn., school.</p>
<p>Higher education security experts say that behind last week's juicy "Ivygate" scandal is a sober lesson for U.S. colleges: Even the computer networks at the nation's most elite universities are vulnerable.</p>
<p>While the Princeton-Yale scandal is an unusual case, involving university officials who had access to students' Social Security numbers and birthdays, it is the first high-profile breach of university computer security since the Sept. 11 terrorist attacks heightened worries about the nation's networks. All the publicity surrounding the Yale case has served to remind schools they need to pay more attention to their computer networks.</p>
<p>"Some of the computers are not taken care of as well as they could be," said Lawrence Rogers, a senior staff member at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, which advises corporations and universities nationwide on computer security. "Traditionally, universities ... are a bit more open in what they allow their users to do."</p>
<p>University networks have vast numbers of users working on everything from paying campus bills to storing research data. Often, parts of the network are overseen by overworked graduate students, and sensitive information is vulnerable to hackers, Rogers said.</p>
<p>The CERT (for "Computer Emergency Response Team") Coordination Center said reports of security breaches on corporate, university and other networks more than doubled last year, to 52,658, from 21,756 in 2000. This year is likely to be another record breaker, with 43,136 breaches reported in the first six months.</p>
<p>After Sept. 11, universities were warned by the White House to pay more attention to computer security, to guard against terrorists who might try to sabotage networks or hack into research data.</p>
<p>But last week, Yale revealed that it does not take a terrorist to get access to sensitive information.</p>
<p>Yale officials traced 18 attempts at entering their admissions Web site to Princeton computers, and contacted the FBI.</p>
<p>Earlier this week, Princeton President Shirley Tilghman said four of the incidents were innocent:</p>
<p>One was a teenager checking to see whether he was accepted to Yale while he was on a tour of the Princeton campus with his family last spring. Three others were Princeton students checking to see if their siblings got into Yale.</p>
<p>But the other 14 incidents, involving the applications of eight students, were traced to Princeton's admissions office. Stephen LeMenager, an associate dean and admissions director, was suspended after he admitted to hacking into the Yale site using information off application forms of students who had applied to both Ivy League schools.</p>
<p>LeMenager, who said his hacking was an experiment to test the security of the Yale site, is on administrative leave while Princeton conducts an internal investigation.</p>
<p>Princeton would not comment on reports that Lauren Bush, the fashion-model niece of the president, and Ara Parseghian, grandson of the former Notre Dame football coach, were among the students whose records were hacked.</p>
<p>Tilghman apologized to all of the students involved and said the university will cooperate with authorities.</p>
<p>"Basic ethical principles of privacy and confidentiality are at stake here. We teach these principles and we hold our students, faculty and staff to them. Violations of these principles therefore must not, and will not, be tolerated," Tilghman wrote in an e-mail message to the Princeton community Monday.</p>
<p>Meanwhile, Yale is reassessing the security on its admissions Web site, which was taken down after last spring's admission season.</p>
<p>Some schools considering similar admission Web sites, including Cornell University, say they are also rethinking their security plans.</p>
<p>Other universities say they are comfortable with the security of their systems. Rutgers University, for one, is sticking with its admissions Web site, university spokeswoman Sandra Lanman said.</p>
<p>The Rutgers site requires applicants to enter their Social Security number and a personal identification number to reach a screen that tells them the status of their application. The six-digit PIN, which the student chooses when applying, helps guard against prying parents, guidance counselors and hackers, Lanman said.</p>
<p>College officials noted that the Yale incident is rare in that the identity of the hacker was revealed.</p>
<p>Most cases, including last fall's hacking of the College of New Jersey's e-mail system, go unsolved.</p>
<p>All 9,700 College of New Jersey students, faculty and staff had to change their passwords after the system was broken into during Thanksgiving break. The hacker inserted a program that stole users' passwords.</p>
<p>The Ewing-based college is now more diligent about looking for security breaches, but there is only so much school officials can do, said Shawn Sivy, the campus' associate director of networking.</p>
<p>"It's not unusual that people try to get into your systems," Sivy said. "We have something called an intruder detection system. It sends up red flags."</p>
<p>But sorting through all of the red flags is time-consuming, Sivy said. The college is also looking into using smart cards and other secure identification methods to make it harder for outsiders to slip into the university system.</p>
<p>At Rutgers, New Jersey's largest university, school officials have launched an aggressive campaign using seminars and pamphlets to warn its staff and 50,000 students about viruses, hackers and other threats to computer security. However, public universities do not want to make it too difficult for users to get into their systems, said Lance Jordan, Rutgers' director of information protection.</p>
<p>"We try to maintain a good balance between open access -- because it is an institution of higher learning -- and some degree of protection," Jordan said. "We get to a point where we'll do as much as we can do."</p>