Main Area and Open Discussion > Living Room

Computer science student expelled for testing university software security

<< < (18/22) > >>

mouser:
I don't think you need a sacrificial lamb in a case like this..

What i suspect will happen is that the computer science faculty will realize that they voted to expel this kid on some trumped-up overblown misleading description of what the kid did, and want to walk away from that vote as soon as they possibly can before they find themselves in the spotlight they deserve. I expect that they will be the first weak link in the chain because they are going to be easy to identify and explicitly voted (based im guessing on minimal investigation, and because there is already one of them who knows the truth and voted AGAINST expelling the kid -- which is going to make it awfully hard for the rest of them to get away with brushing this under the rug).

The faculty will agree in retrospect (if only to escape from scrutiny) the kid should not have been expelled.. at that point, the college will not be able to defend the expulsion and the college will find a way to say "we made the right decision and did nothing wrong and we're not going to argue the point any further.. but,  on review we've decided to give him another chance anyway -- he can come back to school with all complaints dropped.  now please leave us alone"


They key to understanding all of this is that you can be sure that NO ONE in the chain of f*ckups who decided to expel this kid and reject his appeal and now defend the college's actions -- has the SLIGHTEST conception of what he did and why they are expelling him.  They only know that that a decision to do so was made and that therefore it was the right thing to do and up the chain it goes with everyone saluting and saying "it was the right thing to do, unquestionably."  As soon as the CS professors swallow their pride and admit they fucked up, everything else should unravel.

This kid is EXTREMELY lucky, partly because that there is so much attention on this, but mainly because most of the time the way these things come down is you never find the people who actually made the decision that killed you -- and everyone involved says: "there was no choice, we were just following rules".  In this case the fact that they have this vote of faculty members that was the deciding factor -- surely that will be what creates the leverage to undo this.

cmpm:
Dawson's website is still compromised according to this report.

http://o.canada.com/2013/01/22/dawson-student-expelled-while-college-website-remains-hacked-16-months-later/

Renegade:
^^ From that article:

“Shelling happens frequently on busy public servers – standard operating procedure in any professional organization is to assume the attack has successfully rooted the operating system and bleach the server outright, alerting anyone who has credentials on the box or website and begin again, usually on a new domain/IP and patched architecture.”

“Doing otherwise indicates a complete disregard for the privacy of every user and every other admin on the domain as demanded by federal and provincial law.”
--- End quote ---

I'm missing what the domain has to do with anything.

Could one of the sysadmins here explain how DNS resolution compromises a server? (Well, other than MTM and all that - which seems to me like a different issue.)

40hz:
Wow... if that's the real series of events, I withdraw my statement that he did anything wrong.  This timeline is pretty damning.
-wraith808 (January 22, 2013, 11:11 PM)
--- End quote ---

Ditto. And that's from my own sysadmin perspective.


The faculty will agree in retrospect (if only to escape from scrutiny) the kid should not have been expelled.. at that point, the college will not be able to defend the expulsion and the college will find a way to say "we made the right decision and did nothing wrong and we're not going to argue the point any further.. but,  on review we've decided to give him another chance anyway -- he can come back to school with all complaints dropped.  now please leave us alone"
-mouser (January 23, 2013, 02:07 AM)
--- End quote ---


Right now I think Dawson is desperately seeking for a way to disengage without admitting any wrongdoing. Something that has always worked well for major corporations when they're caught up to no good.

Now that more information is available, it does appear that some significant administrative "wilding" has taken place. Likely at the behest of some "fusty-musty" admin/faculty types. (Those of you who 'served time' in any college or university will know the tribe - they have first names like Sterling or Cornelius, wear tweed suits all year long, and favor paisley or yellow bow ties.)



I think the utterly vindictive (and likely illegal) act of failing him in all his courses in addition to expelling him is a very clear indication of the mindset of those who made the decision. (And I somehow can't help but think that having a name like Ahmed Al-Kahbaz figured significantly into how this incident got handled by the school.)

I think Mouser has called it. The school will probably offer this guy a deal where they'll reinstate his student status, grades, and grant(s) in exchange for a written admission of some sort of wrongdoing on his part; an agreement to waive his right to seek future legal remedies; and most likely some sort of 'gag agreement' not to criticize or say anything that would put Dawson in a bad light.

This is a sad state of affairs in that it would be in this student's best interest to accept such an arrangement, and then leave the school, rather than go out under a cloud that would likely take years of expensive litigation to resolve.

Oh well...right now this kid has some flex room in that he could always threaten to break that NDA (and likely get it invalidated in the process since it was obtained under 'extreme duress' assuming Canada has such a law) and go public with the whole story in detail - something Dawson seems extremely anxious to avoid.

I'm sure he'll settle with Dawson. I just hope he receives competent legal advice and gets enough back before he does so.

40hz:
I'm missing what the domain has to do with anything.

Could one of the sysadmins here explain how DNS resolution compromises a server? (Well, other than MTM and all that - which seems to me like a different issue.)
-Renegade (January 23, 2013, 09:25 AM)
--- End quote ---

I really doesn't AFAIK except by a stretch as you noted. I suppose you could somehow compromise or poison the internal DNS cache, or bugger with HOSTS and do some voodoo rerouting - but again that's a pretty big stretch - and easily detected.

I think he's speaking of somehow compromising a Windows server (where DNS/AD and the whole domain model are completely intertwined) and is either leaving something out of the point he thinks he's making, or is just a little confused. Which is understandable. The Windows implementation of DNS as it relates to AD can get confusing at times.

assume the attack has successfully rooted the operating system and bleach the server outright
--- End quote ---

I'm much more interested in how you could "bleach" a server. That's a new one for me. Unless the writer is from China?  :P  (Sorry. that wasn't very PC on my part, was it?) ;)

Navigation

[0] Message Index

[#] Next page

[*] Previous page