Canadian Student Expelled for Finding Security FlawAdded: Friday, January 25th, 2013
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extratorrent.com
One of the computer science students at Montreal's Dawson College has found security vulnerability in the network used by many colleges in Quebec. The discovered vulnerability compromised the security of 250,000 students’ personal details, but instead of appreciation the student was kicked out of college.
Ahmed Al-Khabaz, 20, was developing a mobile application to provide students easier access to their school account. However, in the process he and his partner found out a so-called “sloppy coding” which could allow easy access to personal details stored on the system. The student admitted that the vulnerability would make it possible for everyone having basic knowledge of computers to access social insurance numbers, phone numbers, and home addresses.
Ahmed explained that he noticed a flaw which left the personal details of thousands of students, including himself, vulnerable. So he felt he had a moral duty to bring the flaw to the attention of the college and help to fix it. That’s exactly what he did without hiding his identity behind a proxy, because he didn’t think he was doing something wrong.
Originally, the college tech director praised both students for their work and promised to work with Skytech, the developers of the system, in order to address the flaws. But two days later the student had to run another security check to make sure everything is fixed and immediately got a call from the president of Skytech, who claimed that his actions were tantamount to a cyber attack and started threatening the student with criminal charges and arrest.
Despite the fact that Ahmed repeatedly apologized and tried to explain that he was the one who discovered the flaw and was simply testing now, Skytech kept threatening him with jail sentence of 6 to 12 months. In addition, they made Ahmed meet their representative and sign a non-disclosure agreement.
Finally, Al-Khabaz was expelled and the non-disclosure agreement now prevents him from discussing confidential data he found on Skytech servers under pain of further legal consequences. In response, Skytech admitted that they contacted the student and mentioned police and legal consequences, but denied they did any threats. As if mentioning legal action and the police is not a threat...
January 25th,2013Posted by:
Friday, January 25th, 2013
|posted by (2013-01-25 16:36:21)|
|Same thing happened to me in High School. Found security flaw, brought it up and was not allowed to touch the computers for the rest of the year. And the one time they allowed me to I had password cracking tools on my thumb drive, because I used it for unlocking people from their computers as part of one of my computer tech support jobs, they scanned the drive without notifying me and said I tried to run a virus. White hats hate when they get shown how idiotic they were and that missed something, so they turn into being like the RIAA and MAFIA to cover their asses.|
|These are the people who are supposed to be protecting us and yet they see the guy as a threat because all they ever see is fear. These are the people who should be sacked for the incompetent programming and mishandling of a helper. You know what to do next time dude, go to the papers, these corporate asses need shaming|
|these guys need to get in touch with bill gates they'll be made for life|
|posted by (2013-01-26 02:18:11)|
|W o w and why aren t i shocked guess all students at Montreal's Dawson College are now using proxies like crazy and no one at the collage fix's the leak they don t care . .|
|posted by (2013-01-26 08:09:13)|
|Thanx for the article Sam. I went to Dawson's a long time, could someone please ask Ahmed to change my grades for $50.|
|Don't try to bloody help them! Just exploit them! When will people learn?|
|posted by (2013-01-26 13:59:56)|
|Its all about the money.and totally agree with you Faceless42001.exploit them and the would have to fix the vulnerability in the network, come forward and they will blame you or make money from you )|
|thanks for this one sam|
|Bet you a million bucks we wouldn't even be reading about this, if his name was John Smith or Joe Bloke...|
|posted by (2013-01-27 07:02:47)|
|He should just sue. The NDA is null and void if it can be shown that it was signed under duress.|
FYI, this guy got numerous job offers after this story went public. Still, he should make an example of Skytech and take them to the cleaners legally.
|Here is the rest of the story; which explains why he was legitimately expelled. An action the school really didn't want to take; but did so only after numerous other attempts AFTERWARD.. Now that we all know the rest of the story we can put our conspiracy theory hats back into the closet for another day, Whew|
At a news conference on Tuesday, Dawson director-general Richard Filion acknowledged Al-Khabaz had found the flaw, but said he was expelled after he repeatedly tried to gain access to areas of the college information system where he had no authorization.
Filion said the student was kicked out because he breached the college’s code of professional conduct.
“Dawson College has the responsibility to instil the principles of proper conduct in the workplace so that employers hiring our graduates know they are responsible citizens and qualified workers who understand how to behave in a professional environment,” Filion said.
Francois Paradis, the college’s director of information services, said Al-Khabaz was warned after being sighted twice in Dawson’s system before he reported the computer flaw. Paradis said Al-Khabaz was spotted again after being told about limitations on tests he could conduct after finding the flaw.
Most Popular Stories