Main Area and Open Discussion > Living Room
Computer science student expelled for testing university software security
Renegade:
To those defending the expulsion. Would you prefer if he would just keep the vulnerabilities secret and later he or someone else just abuse them? Because knowingly or not thats what you are advocating here.
-rxantos (January 21, 2013, 11:55 PM)
--- End quote ---
A thought popped into my head there while reading what you wrote.
What signal will this send to the next student?
* Report vulnerabilities
* Don't report vulnerabilities
* Sell exploits to pay for books & tuition
* Publish the exploit on Twitter & PasteBin then watch the SHTF? :P
Hmmm... ;D
mouser:
From that followup article:
Richard Filion, the director general of Dawson College, did not respond to requests for an interview, but told CBC Radio that “We have to abide by this legal requirement not to divulge any personal information of any student. The story that has been reported by many media today … was relying on an incomplete version of what had happened and what had led the college to make such a decision. The other side of the story is related to facts that we cannot divulge.”
--- End quote ---
I'm so sick of this cowardly lying legal bullshit.
So basically they are saying: You only know half the story, and if we could tell you the other half you'd understand why we did what we did. But we're not going to tell you because we want to protect the rights of the person we expelled.
But if the reason they weren't telling us the second half of the story was to protect the kid, they would let HIM decide if he wants the information released.
It's typical cowardly ass-covering behavior: insist there are some special secret facts that justify what they did and find some way to stall releasing it until the attention dies down.
If you kick some kid out of college for something like this, you need to be prepared to give him the written justification for why you've done so, so that he can properly defend himself against the institutions.
And for those of you who are saying we need to look at it from system administration perspective.. I'm not saying what he did was right.. In fact I am all for throwing the book at people who are trying to harm computer networks, or profit from stealing private information.. I understand how much hard painful work is involved in system administration and how much harm can be done by people trying to abuse and damage the system. The point here is that this was a young curious kid who by all accounts had no malicious intent at all and was merely curious about the system. Punishment was way out of proportion for the crime.
40hz:
I'm so sick of this cowardly lying legal bullshit.
So basically they are saying: You only know half the story, and if we could tell you the other half you'd understand why we did what we did. But we're not going to tell you because we want to protect the rights of the person we expelled.
-mouser (January 22, 2013, 12:37 AM)
--- End quote ---
I'm not a believer when it comes to secret tribunals or Star Chamber judgments.
But I could easily imagine a dozen different scenarios where something might have happened = or been said - where the administration felt expulsion was appropriate and then refused to talk about it afterwards.
You could have had a hypothetical situation where:
- some attempt was being made to mollify a local prosecutor who became aware of the case and wanted to pursue criminal charges, possibly against the university's desire to handle it in house. Being "sent down" is bad enough - but getting "sent up" would be far worse....
- when confronted with the possibility of suspension or expulsion, the student made a threat to do something stupid like extract physical/cyber revenge on the school as a whole - or the employee who turned him in...or had threatened to anonymously divulge additional vulnerabilities he had since discovered...
- made mention of fellow students, university employees, or outside associates who were accomplices - and then refused to name them during the investigation...
- was guilty of having been caught doing something not allowed a previous time (or times) and had been warned of the consequences if it happened again...
- had been caught doing something totally unrelated that was also not allowed, such as running an illegal file sharing server on a PC connected to the university's network...
- ran afoul of some contract provision (usually government) the university was under that had something in it that makes it required (or "understood") that anybody caught doing certain things while on the network either be expelled or have their employment terminated...
- was made to understand that the school had previously expelled someone else earlier for similar actions - and now felt compelled (for legal reasons) to be consistent with their previous decision...
- ran into the agenda of an influential individual (or individuals) at the university who were "fed up" for whatever reason and felt "a strong message needs be delivered"...
I could go on...but it's all hypothetical so why bother?
The point is we don't have the entire story...yet.
But in cases like this, the truth eventually comes out. Schools don't keep secrets very well. It will only be a matter of time.
-----
Regarding the average sysadmin's viewpoint regarding curious children, the best I can offer is that I've personally seen more true grief caused by people screwing around with things they've been told they shouldn't than I ever had (knock wood) caused by people specifically out to punk the system.
Kids play with matches too. Most times nothing happens. Sometimes, the worst that happens is they get a minor burn. Most outgrow it before any real damage gets done. But some have also caused major property damage or deaths while experimenting. So "simple curiosity" is no defense or justification as far as I'm concerned. There are limits - and as long as those limits are clearly communicated, I don't bend over backwards to excuse people who choose to disregard them. But that's because I do respect people enough that I feel most are capable of making their own informed decisions. And it's important that we do. Because if we don't, then the argument for the need for more and more ludicrous and restrictive laws to protect ourselves from ourselves - because none of us can really be trusted - starts to gain traction.
Like the John Hammond character said in Jurassic Park: "I don't blame people for their mistakes. But I do ask that they pay for them."
I think that's both respectful and fair. 8)
Renegade:
^^ You guys have some good points, but no matter how many hypotheticals, I just can't get over this:
It's typical cowardly ass-covering behavior: insist there are some special secret facts that justify what they did and find some way to stall releasing it until the attention dies down.
-mouser (January 22, 2013, 12:37 AM)
--- End quote ---
It seems like the typical answer now. There was another thread with an article posted in it about an FOIA request... Oh sure they got the document. Completely redacted. As in almost 100% - the cover sheet had a few lines of text on it.
While there may be good reasons for some secrets, why is it that everything is a secret?
"We can't divulge that because it's sensitive information." Oh really? Please tell me more about the information's feelings. :-\
mouser:
40hz i think you do a good job of explaining how painful these kinds of things can be from a system administrator's perspective.. i just don't see how he even comes close to deserving expulsion.
and that entire list of hypothetical reasons that might justify his expulsion.. i don't see anything in that list that deserves to be covered up and hidden as secret and explained away as: "we have secret reasons that justify expulsion but we're not going to tell you what they are."
if you are going to expel someone from college and cause them serious irreparable harm in continuing their education, you owe it to them to explain exactly why. no one is complaining about redacting personal names -- but i think we cannot let big organizations get away with this weasel behavior of saying: "trust us, if we explained to you the real reasons behind our actions you would unerstand, but we've decided we are not going to tell you the real reasons because [insert bullshit lie here]".
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version