Main Area and Open Discussion > Living Room
Computer science student expelled for testing university software security
hamradio:
Quotes from the site...
October 24th
Hamed and his colleagues meet with François Paradis to test their theory of data access. A test server is setup for them to run their findings. They sign a Protocol for Portal Vulnerability Test. Part of said protocol stipulates that testing must happen on College grounds under the supervision of Dawson College IT staff.
--- End quote ---
and then in summary...
Hamed was eager to verify the updated security of Omnivox on October 26th and performed tests from his home.
--- End quote ---
So by that information to me it appears he broke the "protocol" agreement that he signed...thoughts on that?
Stoic Joker:
I'm missing what the domain has to do with anything.
Could one of the sysadmins here explain how DNS resolution compromises a server? (Well, other than MTM and all that - which seems to me like a different issue.)-Renegade (January 23, 2013, 09:25 AM)
--- End quote ---
Perhaps it's in reference to the externally facing public (www...) domain, and not the internal LAN/AD domain.
The link was publicly recorded in Aug., 2011, at Zone-h, an open source mirror frequented by #AntiSec factions, who frequently record f** files to independents, who then confirm, store and register the hack with public search engines indicating a given domain has been compromised.-article
--- End quote ---
Stoic Joker:
Wow... if that's the real series of events, I withdraw my statement that he did anything wrong. This timeline is pretty damning.
-wraith808 (January 22, 2013, 11:11 PM)
--- End quote ---
Ditto. And that's from my own sysadmin perspective.-40hz (January 23, 2013, 09:46 AM)
--- End quote ---
:-*
Stoic Joker:
m much more interested in how you could "bleach" a server. That's a new one for me.
-40hz (January 23, 2013, 09:59 AM)
--- End quote ---
A superficial google search implies that 'Bleach' is a type of MineCraft server ... :-\ ... So I guess (in Canada) if a server goes past a certain point they just give up and play video games on it.
40hz:
So by that information to me it appears he broke the "protocol" agreement that he signed...thoughts on that?
-hamradio (January 23, 2013, 11:47 AM)
--- End quote ---
He did. Definitely in the wrong on that point. But as most of us (including we sysadmins) seem to be leaning, the school's response was way out of proportion to the offense that was committed. So much so that it doesn't make sense...
I can't help thinking there's still something more behind this incident than what is being acknowledged. I'm guessing this student got caught up in something else that was going on at Dawson (perhaps an ongoing investigation into an earlier or much more serious network breech?) and those behind it thought they had finally "got their man." Or at least "somebody involved" who they thought they could lean on hard to get to the people they were really after.
If so, some of the rabidness on the part of Dawson starts to make a bit more sense. As does their insinuation that there's more going on than they can publicly discuss. Which would certainly be the case if there was a police investigation currently in progress over something that had happened on Dawson's network.
Oh well...as time passes, more will come out. :o
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version