Main Area and Open Discussion > Living Room
Computer science student expelled for testing university software security
hamradio:
So by that information to me it appears he broke the "protocol" agreement that he signed...thoughts on that?
-hamradio (January 23, 2013, 11:47 AM)
--- End quote ---
He did. Definitely in the wrong on that point. But as most of us (including we sysadmins) seem to be leaning, the school's response was way out of proportion to the offense that was committed. So much so that it doesn't make sense...
I can't help thinking there's still something more behind this incident than what is being acknowledged. I'm guessing this student got caught up in something else that was going on at Dawson (perhaps an ongoing investigation into an earlier or much more serious network breech?) and those behind it thought they had finally "got their man."
If so, some of the rabidness on the part of Dawson starts to make a bit more sense. As does their insinuation that there's more going on than they can publicly discuss. Which would certainly be the case if there was a police investigation currently in progress over something that had happened on Dawson's network.
Oh well...as time passes, more will come out. :o
-40hz (January 23, 2013, 12:05 PM)
--- End quote ---
The question though to me is what was in the "protocol" that he signed...like if it wasn't followed and such...like consequences. So until that is posted in truth one has to assume that the "protocol" made him a "professional" and that it had a thing in it saying he could be expelled for not following them...
40hz:
^Up to a point, yes. Doing a scan from an unauthorized point of access may very well have made him subject to expulsion. I know students who have been expelled for doing similar things.
But in those situations the procedure was to suspend the student and have him go before the school's judicial review board for an expulsion hearing. Once that was done, if the determination was to expel, the student was out - and that was the end of it.
I've never seen a school fail a students grades, pressure him into signing an NDA, and start a process to recover all his grant or scholarship money.
And threatening him with prosecution (unless he refused to attend his school hearing) is unheard of since anything he said at such a hearing could be used in evidence against him at a real trial. So with disciplinary boards it's usually one or the other: (a) sign an agreement you'll stand before the school and accept their decision without further legal recourse on your part, or further action from the school - or (b) refuse, in which the case the school will call in the police - and summarily suspend you until that gets resolved in some court a year or three later.
From what I've seen, expulsion is still enough of a big deal that schools need to be very careful about it. Much like employers have to be when they terminate an employee. My sister terminated one of her employees for stealing. Six months later she got sued for wrongful discharge and was ultimately made to settle with the girl for all her back wages because the girl claimed she hadn't. The thing that lost the case for my sister was the fact she did not call the police and have the girl arrested. Because of that, it was considered her word against the girl's that a crime had been committed.
But maybe the laws are different up in Canada?
wraith808:
The question though to me is what was in the "protocol" that he signed...like if it wasn't followed and such...like consequences. So until that is posted in truth one has to assume that the "protocol" made him a "professional" and that it had a thing in it saying he could be expelled for not following them...
-hamradio (January 23, 2013, 12:09 PM)
--- End quote ---
Nothing so draconian if it's a normal agreement for such. There might be provision for such, but it would have required more of a hearing than he received in general. But all of this is speculation until posted- I definitely wouldn't err on the side of trusting the Uni after what they've shown.
IainB:
Some pointed comment at Slashdot:
CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era"
Posted by samzenpus on Wednesday January 23, @07:37PM
from the getting-up-to-speed dept.
An anonymous reader writes "The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20 year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."
--- End quote ---
Stoic Joker:
Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.'-the Article
--- End quote ---
Alex, is retarded. But that's a common trap for academics...no access to the real world. Just a lot of time in a rarefied bubble of their own little world.
Anybody who's spent any amount of time doing administrative level site work knows that hacking is flatout part of the job. Nobody ever documents anything properly, keeps support agreements current, or (frequently) has the slightest clue of what actually happens in the magical world behind the lit screen. So if you want to get done with a "5 minute" job in less than a week ... You damn well better know how to gently probe and disassemble something quickly without crashing it. Obviously this clown has never heard of the CEH classification (but it's on my to-do list).
I've said it before, and I'll say it again: The only difference between a hacker and an administrator is a paycheck and a pair of handcuffs. Because you'll never be able to keep people out, if you don't know how and where they get in.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version