<p>IP is just a unique number showing your computers "address" on the internet - so other computers can find you basically.</p>
<p>If someone knows your IP they can perform a lookup to see what nameserver the address originates from and they might be able to see where you're from. For instance if a lookup showed your IP address as originating from the customer.Sacramento.Comcast.com or student.xyzdorm.umich.edu it wouldn't be hard to know where you were in a roundabout way.</p>
<p>It's irrelevent to this discussion, however. If they wanted to check to make sure that it was actually the kid in question doing this "hacking" all they would have to do is compare server logs. If the person logging into the allowable section had the same ip as the one who logged into the off limits section it would be pretty much open and shut. Of course they wouldn't even take the time to do this because to log into the second, off limits part you needed a student # you could only get from first logging into the part you were allowed to be in (thats why kids could only get their admissions decisions).</p>
<p>I think the best analogy of the whole situtation was the one of looking at your grade that's lying on your teacher's desk. The information was open on the internet. All you had to do is type in the right address. Of course, you "ethically" shouldn't be looking for your decision, but it's really more of a flaw on the college/ApplyWeb's side for weak(non-existent) security.</p>
<p>I think that the Universities (especially Harvard) are overreacting here bigtime. No harm was done. It's just what everyone here has been saying - a peep look at an acceptance or rejection. It's not even like they could change it - it was just access to the display page that we will all see online in a few weeks. Yeah it is snooping, but I mean come on. These college adcoms don't have any empathy for this?? Professional athletes can get away with murder and get a measly $1000 fine and a slap on the wrist for committing CRIMES, and these kids get their whole future ruined over being a little curious. Sounds like a big double standard to me. </p>
<p>Have these kids take an ethics class for PR purposes or have them attend a lecture on this stuff, keep them admitted, and move on.</p>
<p>i agree greatly with crypto...perhaps they cud be warned severly abt their actions and punished perhaps in other way but completely rejecting an admitted student is too much...</p>
<blockquote>
<p>They probably needed their ID, SS#, PW, Birthdate, ect to get into the first part.</p>
</blockquote>
<br>
<p>That would be quite conclusive. IP addresses are far more definitive in conjunction with the ISP info. An AOL address might resolve to Virginia, for example, but given detailed log information AOL would know which user account had logged in and where they logged in from. Whether they would cooperate with a college is another question.</p>
<p>IP addresses are certainly still quite circumstantial; the detailed personal info would be far better proof.</p>
<p>I think there's a difference between cheating (altering your grade by copying, using answer lists, etc.) and what these people did (to continue the analogy, sneaking a peek at your test grade when the teacher left the room).</p>
<hr>
<p>What a bad analogy. These people did not just go to a website put in their name and have this information pop up. That would be like seeing a graded test on their teacher's desk. </p>
<p>For students: This is my analogy - A student finds out how to access your guidance counselor's site which will give you access to all of your student records. Now you can see the recommendation they wrote for you & see your character scores, etc. Do you really think if you get caught you will not get into trouble. This would not be treated lightly at my kid's school. Then of course, you have this on your record so future colleges and possibly employers can get it. Did you hurt anyone because you didn't change grades or access anyone else's records? Yes, you hurt yourself (getting into a college of your choice, possibly suspended (more than likely), and possibly losing future jobs.</p>
<p>For adults: My analogy is that if you and several of your co-workers were up for a promotion and someone in your office tells you how to access your boss' records which contains everything about you including their personal remarks & interviews with your peers & other higher-ups just so you can figure out whether you are a good candidate or what they think about you. Would you do that? Do you honestly think your boss is going to pat you on the back and say wow, I'm so glad you found that we have a weak link in our computer's security system. Or do you know that you are going to be fired?</p>
<p>That being said, it doesn't matter what any of us think. Any institution has the explicit right to decide whether or not they want those students at their school.</p>
<p>Also to address the comment about it being the institution's fault because they were not better protected to address this form of hacking. OMG - I can't even believe anyone would believe this or do you believe that it is the guns fault and not the person's fault who shot the gun. Is it my fault if I leave my car unlocked in my own garage & someone breaks into my garage and steals my car that it is my fault because it was unlocked?</p>
<p>Is there not anyone left who believes in character anymore or that there are consequences to our actions?</p>
<p>The log in pages had two diffrent ways to log in.</p>
<p>One wanted SS# and birthday to access to see if your app was complete. The other log-in asked for a student ID number and your soc number to see your decision. The only problem is you aren't going to be mailed your ID# for a month.</p>
<p>After you log into the first place your student ID number is conspicuously displayed. It's unethical to take that number and log into the other part?</p>
<p>Mominsearch:
With all due respect, I don't think those analogies are apt. Without getting into the debate as to what punishment fits the "crime," at the end of the day what the students saw was what they would see down the road in any event (if I've got my facts right), i.e., a yay or a nay. In your analogies, the students and the workers gain access to confidential information that, but for their midconduct, they'd never have seen.</p>
<p>mominsearch: You, much like the school administrators, clearly misunderstand the technology. I suggest that you reread this entire thread to better understand what was actually done.</p>
<ol>
<li> You were only able to access your own record.</li>
<li> Your "record" contained only your acceptance decision.</li>
<li> This record was not in some background database. It was THE page students were going to see a week later.</li>
<li> Nothing was broken, the security of student information was not compromised, and there is no way this process could have been used TO do so.</li>
</ol>
<p>Again, read the complete thread to learn more.</p>
<p>It does not matter how they did it or what they saw. What they did was clearly wrong, and I'm sorry if my analogies don't fit your interpretation of what they did. They clearly went on the website with information to find out something they had no right to see which in my view shows a clear lack of character. If those of you above think you wouldn't be fired for doing it "the exact way" that these students did it for other purposes you are in for a real suprise when you enter the workforce.</p>
<p>Yeah, that's the bottom line: IT WAS WRONG. Cheating is cheating no matter how you do it. With cheating comes consequences. How anyone can disupute this fact is beyond me.</p>
<p>uc_benz - Thank you so much for agreeing. My co-workers and I have read the articles and this is what we see. Someone posted on a message board a way to find out what your admission status was. Without that post none of these people would have found out how to do it. We all agree that they knew what they did was wrong and that is the whole point (after all most of these students have 1500+ SAT's - they knew it was wrong). It would have been a whole different story had they just happened upon this on their own by accident. Again, it doesn't matter if they only accessed their own records and didn't compromise the security. It is totally unethical. I hope these students learned a lesson, and to some degree I feel sorry for them.</p>
<p>Mominsearch: Been in the workforce for 25 years. (: In my day, the only way to "cheat" would have been to hold someone else's college/grad school snail mail up to a light and see if you could see through the envelope!</p>
<p>
[quote]
Without that post none of these people would have found out how to do it.
[/quote]
</p>
<p>I disagree. I think it was probably glaringly obvious due to the numbers involved. 1000 MBA applicants to top schools weren't all reading an obscure message board.</p>
<p>So back to the actual story: if the student ID was in the url and the section to check your decision only asked for a student ID that's wrong?</p>
<p>these people should not be punished the firm who managed the website should be getting fired come on no harm was DONE!!!!. same thing happened on this website, when sat scores were online the site went down, someone here posted a link to the sat scores and i found out my scores a bit early what the heck is wrong with that and for those who say this is cheating i think ur all mean jerks. ( i dont want to curse)</p>
<p>I have a problem w/ some of the statements listed below:
(Thank you mominsearch...I read your reply after I wrote mine ;-)</p>
<p>Reply#4 "1) The security breach is ultimately the responsibility of the institute in question"</p>
<p>What? If I don't have an alarm system installed on my home, it is MY fault if I am burglarized (or viewed by a peeping tom... or stalked...etc.) ? Sorry, that way of thinking really disturbs me. What these kids did was wrong, they knew it. The punishment may be harsh, but I definitely do not agree that they are not at fault because the security system was not strong enough!Is it any less a theft if the door is left open?</p>
<p>Looking at your grade on a stack of papers analogy also is also flawed. It is one thing to glance at the stack left out on the desk and happen to see your grade. It is another to go up to the desk, filter through the stack to find your paper. It took effort and time and a deliberate choice to defy the intent of the "teacher" to do the second. </p>
<p>Cheating can be justified in many ways. I bet the hackers knew they weren't "supposed" to be looking -- and they did it anyway, with some effort. It is a fine line on each side of the law, and a dangerous one for those who try to justify their actions. What may be "legal" is not always what is just or ethical.</p>
<p>Again, the punishment may be harsh, but I am frightened at the number who feel that since no harm is done, it doesn't make any difference.</p>
<p>kjofkw - Thank you! Thank you! Thank you! I was starting to feel very lonely on this topic. I know how frightened you feel - it scares me to death. I can't even believe that people feel okay about it since these students would have ultimately seen the letter anyway. That makes it okay? Not in the world I grew up in. The analogy of seeing the paper on the top of the pile is so ridiculous I want to die laughing. They didn't just turn on their computers and have this info pop up - that would be equivalent to seeing their paper on the top of the pile. Maybe this is how peeping Tom's feel. They left their curtains open so it makes it okay. Did the peeper hurt anyone in this case either? Hmmm....</p>
<p>I am absolutely stunned. Just floored. I thought it took the media, with money at stake, to sensationalize things this much. I feel as though stating the facts was as futile as debating religion.</p>
<p>Nom - First of all I did not bring up this topic and I am stating the facts as I see them. I have every right to have an opinion on this topic and I know that neither one of us will ever see the other's view. But perhaps you and I quote "As someone who nearly got into very deep hot water for probing the security of my school's student database, I find the distinction very important." don't see this the same way as I do. I see what they did as stealing. Maybe that sounds harsh but they stole the right that these schools had to decide when they published this information. If you look at the poll they did on the one link over 72% polled felt the same way I did so I can't be too far off. Sorry!</p>
<p>Of course these business school applicants should not be punished, they are acting like...business school applicants. Remember: business people are slezebags. Business school students are slezebags-in-training. Business school applicants are sleazebag-in-training wannabees. </p>
<p>What else would you expect? Does anyone really believe that those who did not peek are any more honest than those who did? Does anyone really believe that no business school applicant would steal another student's ID to implicate him or her in "cheating"? What a business person cheat and steal? I'm shocked.</p>