Main Area and Open Discussion > Living Room
Computer science student expelled for testing university software security
cmpm:
Ahmed Al-Khabaz, a 20-year-old computer science student at Dawson and a member of the school’s software development club, was working on a mobile app to allow students easier access to their college account when he and a colleague discovered what he describes as “sloppy coding” in the widely used Omnivox software which would allow “anyone with a basic knowledge of computers to gain access to the personal information of any student in the system, including social insurance number, home address and phone number, class schedule, basically all the information the college has on a student.”
Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites, to ensure that the issues he and Mija had identified had been corrected. A few minutes later, the phone rang in the home he shares with his parents.
Run the Test again, Mr. Al-Khabaz.
the damn fools.....
Josh:
But he went in scanning for ADDITIONAL vulnerabilities AFTER he advised them of the first one. That is the problem here. I've watched tools like this drag a network to a crawl from a simple scan. Retina and other tools, while basic in nature, can degrade a network to the point of sheer non-usability. Intent aside, he did not have permission to scan, was not asked to do so after the initial report, and could have taken other avenues with the IT staff to conduct a proper security audit based on what he had already seen. Going in again is where he made his mistake.
wraith808:
When reached for comment Mr. Taza acknowledged mentioning police and legal consequences, but denied having made any threats, and suggested that Mr. Al-Khabaz had misunderstood his comments.
--- End quote ---
This is what makes me want to BBQ them instead. This wasn't because of hacking or even running the software. They were in CYA mode, and the uni is helping them to CYA. What I'd like to see is the complaint that the professors voted on. It wasn't as simple as this guy ran this... should we expel. There's still CYA going on. And that's the big problem that I see- this guy is getting crushed in the machinery of maintain contracts and CYA.
wraith808:
Going in again is where he made his mistake.
-Josh (January 21, 2013, 03:24 PM)
--- End quote ---
No one is saying what he did wasn't a mistake- he should have been informed as to such, and perhaps punitive measures taken based on the fact that he violated university rules, if indeed there was such in place. But there is intent, and reasoned response. That's what's being questioned. The argument over whether running it was the wrong move is a straw man, IMO.
mouser:
What I'd like to see is the complaint that the professors voted on.
--- End quote ---
Ditto -- who here would be surprised to find out they voted based on some totally overblown fantasy that this kid was some criminal mastermind repeatedly trying to hack into and bring down their computer systems and steal and misuse the private information of others.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version