It was well written and had simple to follow examples. Plus it was interesting to see such a blatant security hole... Any follow up from the university on it?
I appreciate it. The University definitely took it seriously at the time (the project became a neat recruiting story for the InfoSec class), however outside of taking down the website to check for ID validity, I do not believe there was any other recourse. There was such a high overhead to change systems and reissue the ID's (some professors have decade old ID's), that I think it was viewed as "not worth fixing."