haha right, I hope he checked to see if there is also a rejection notice in a p tag somewhere, with logic that displays the correct one based on a boolean from the backend
Harvard had a similar bug - you could modify the url to find out if you had entry. They found out and revoked admission from all students who used the url on ethics violations.
It isn't, Harvard is just virtue signaling. Their admissions have always been fucked up. This is the same university that treats Asians as third-class candidates and openly defies the Supreme Court rulings on affirmative action.
The HBS folks incorrectly thought that their work in the system was private.
TBH, they should be mad at the company and mad at themselves for not engaging in due diligence. That said, I can see how this would be an ethical violation, akin to asking a friend who works in the admissions department for an update.
When I was in university we had a page you could go to and see your grades which were released after a certain date. It also showed your cumulative GPA to two decimal places which oddly was not embargoed so, you could plausibly back-solve to figure out what your grades were. In my case I thought I had failed a class somehow because my GPA took a hit, turns out they had mistakenly left me registered class I withdrew from, which I cleared up.
I graduated 20 years ago and I still regularly dream that it's the end of the semester and there's a course I had that I forgot to attend and need to go write the exam.
Similarly graduated 10 years ago now. I still with regularity have bad dreams of exams and the anxiety of failing an exam that I had back then as well.
It doesn't help that at the time I was actually on the brink of failing some classes in my final year so I think it has just amplified the severity of the dreams I get.
Back 20-ish years ago when NIS+ was used to federate ssh logins on multiple *NIX clusters at some CS department that shall remain nameless:
getent passwd | awk | johntheripper
Say "hello" to trivial plaintext passwords of 6 tenured profs, a dozen associate profs, and 30+ students in a few minutes and without rainbow tables. (There was no ill-intent involved and the unfortunate parties were notified indirectly.) The flaw was giving everyone access to unsalted crypt password hashes. Exploring systems today would likely result in an instant Aaron Swartz-style crucifixion because of the cult of "zero tolerance" equals zero justice and zero proportionality because curiosity must be immediately murdered by the "culture of 'no'".
40 comments
[ 4.6 ms ] story [ 96.1 ms ] threadWhat would you prefer to see in the bookmarks bar instead?
https://arstechnica.com/tech-policy/2021/10/viewing-website-...
https://www.computerworld.com/article/2568748/harvard-reject...
https://arstechnica.com/uncategorized/2005/03/4693-2/
Slightly more involved than the original post, but only slightly.
https://arstechnica.com/uncategorized/2005/03/4693-2/
The HBS folks incorrectly thought that their work in the system was private.
TBH, they should be mad at the company and mad at themselves for not engaging in due diligence. That said, I can see how this would be an ethical violation, akin to asking a friend who works in the admissions department for an update.
I assume that these IDs were not trivial like intitials and last name.
More recently I'm wandering campus trying to find my next class.
It doesn't help that at the time I was actually on the brink of failing some classes in my final year so I think it has just amplified the severity of the dreams I get.