A bunch of business schools are in a tizzy because prospective students found out their admission status early by exploiting a hole in a Web application used to process the admissions. Phil Greenspun has an explanation of how this exploit (and I hesitate to call it that) worked, along with some pithy commentary. What these schools need to do is fire the vendor that supplied them with some truly horrible software. Given the trivial nature of the exploit involved (all you had to do was modify a URL a bit), I can’t imagine anyone not checking their admission status early.