[ISN] Yale accuses Princeton of hacking into admissions Web site

From: InfoSec News (isnat_private)
Date: Fri Jul 26 2002 - 01:59:18 PDT

  • Next message: InfoSec News: "[ISN] Microsoft offers plug for 'critical' SQL Server holes"

    http://www.siliconvalley.com/mld/siliconvalley/3736460.htm
    
    By Diane Scarponi
    Associated Press
    July 25, 2002
    
    NEW HAVEN, Conn. - Yale University complained to the FBI on Thursday
    that admissions officials at Princeton improperly accessed a Yale Web
    site that was set up for prospective students.
    
    Yale said it found 18 unauthorized log-ins to the Web site that were
    traced back to computers at Princeton, including computers in the
    admissions office.
    
    ``We're assessing the information to see if there is a federal
    violation,'' FBI spokeswoman Lisa Bull said.
    
    The head of admissions at Princeton said the school just checked the
    site to see how secure it was. Princeton gained access by looking up
    students who had applied to both schools.
    
    ``It was really an innocent way for us to check out the security,''
    Stephen LeMenager, Princeton's dean of admissions, told the Yale Daily
    News, which broke the story Thursday in its online edition.
    
    ``That was our main concern of having an online notification system,
    that it would be susceptible to people who had that information --
    parents, guidance counselors and admissions officers at other
    schools.''
    
    Marilyn Marks, a spokeswoman for Princeton, said Thursday night that
    an independent investigator was to arrive at the New Jersey campus
    today.
    
    ``The actions reported today by the Yale Daily News represent a
    serious lapse of judgment by at least one member of our admissions
    staff,'' she said. ``The improper use of information provided to the
    university in good faith may have affected the ability of students to
    obtain information about their admission to Yale, something we deeply
    regret.''
    
    Yale said Princeton's actions violated the privacy of the students.
    
    ``We have therefore notified appropriate law enforcement authorities
    as well as the applicants whose Web locations were accessed,'' said
    Dorothy K. Robinson, Yale vice president and general counsel.
    
    The Web site was activated for a few weeks in the spring so that
    undergraduate applicants could find out if they got in to Yale.  
    Applicants could access the site by using their Social Security
    numbers and birth dates. The site included links to admissions
    information and personal data about the students.
    
    If a student was admitted, the site flashed fireworks and a
    congratulatory message. If the student did not get in, a message
    indicating that was displayed.
    
    The site included a notice that only students, not parents or others,
    may access the site, and it warned that Yale would investigate and act
    on any unauthorized use.
    
    This was the first year Yale used the Web site, which proved to be
    popular with students. The day it went online in April, more than
    9,700 applicants had logged in, including 1,190 of the nearly 1,500
    students who were admitted.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jul 26 2002 - 04:50:46 PDT