B-school “hacking” incident finally fades from the news
No reporters have called in the last couple of weeks to ask about the Harvard Business School “hacking” incident, in which applicants who edited URLs could discover whether or not they’d been admitted. I had a tough time understanding why the story had such long legs when, after all, quite a few Web sites over the past 15 years have had similar vulnerabilities. What was unusual about the business schools is that they blamed their Web site users. Every other publisher has secretly spanked its programmers, patched the hole, and tried to pretend that it never happened. The B-schools, however, somehow came up with the innovative idea of blaming everything on the cut-and-pasters out there in the wider world rather than on the dazed-by-donuts coders who couldn’t get the authorizations right for various pages. That’s what made the story different and what attracted so much press.
[This was not actually the first time that HBS had trouble with the world of commercial junkware. They outsourced their placement office interview scheduling a few years back and the system managed to screw up students desperate for jobs in a down economy. The student newspaper ran a cartoon lampooning the administrators responsible and the deans decided to fix the problem by threatening to expel the editor of the newspaper for violating Harvard’s speech code (see http://www.thefire.org/index.php/article/4909.html).] Full post, including comments