Comp Sci student expelled for finding security flaw in schools website

[Train]

Sorry if repost.

http://news.nationalpost.com/2013/0...ed-security-of-250000-students-personal-data/

Clifs:

1. Student woking on mobile app for student records.
2. finds "sloppy code" that put 250k records at risk
3. reports it to school
4. Vendor says they will fix it ASAP
5. Student runs a vulnerability tester a few days later to see if flaw was fixed
6. Vendor threatens to have him arrested and prosecuted unless he signs an NDA
7. He signs the NDA
8. School expels him with no hearing, no appeal.

Sucks for him, hopefully another college takes him despite the expulsion on his record.

 

[Saint Nick]

Sad state of affairs, this country. At least in some respects.

 

[Train]

Sad state of affairs, this country. At least in some respects.

He is in Canada, attending Montreal’s Dawson College

 

[SheHateMe]

I hope he gets an offer for a better school. What a bunch of idiots.

 

[Corif]

I'm pretty sure another school will give him a offer, well i hope they do

 

[JM Aggie08]

He is in Canada, attending Montreal’s Dawson College

It says 'CANADA' in size 52 font at the top of the article (that apparently was not even opened by SN).

That said, this kid looks remotely like TridenT.

 

[Train]

“I was called into a meeting with the co–ordinator of my program, Ken Fogel, and the dean, Dianne Gauvin,” says Mr. Al-Khabaz. “They asked a lot of questions, mostly about who knew about the problems and who I had told. I got the sense that their primary concern was covering up the problem.”

Idiots indeed. If expelling him was in an effort to "keep it quiet", they will have accomplished the exact opposite as this story is gaining a lot of traction on twitter.

 

[Train]

It says 'CANADA' in size 52 font at the top of the article (that apparently was not even opened by SN).

I was just clearing it up, just in case. Knowing full well most people won't click the link and the clifs would suffice. I wasn't sure if Saint Nick was referring to USA or Canada when he said "this country".

 

[jagec]

Idiots indeed. If expelling him was in an effort to "keep it quiet", they will have accomplished the exact opposite as this story is gaining a lot of traction on twitter.

School's website getting hacked via unpatched security hole in 10...9...8...7...

 

[MagnusTheBrewer]

He made a poor choice and should have been punished. However, as a student, he does not have the same responsibilities and professional ethics as an administrator or IT professional. He should not have been expelled. Also, unless he provided code to the company and/or the school to fix the security hole, expecting it to be fixed in two days is rather naive.

 

[Ferzerp]

Sorry if repost.

http://news.nationalpost.com/2013/0...ed-security-of-250000-students-personal-data/

Clifs:

1. Student woking on mobile app for student records.
2. finds "sloppy code" that put 250k records at risk
3. reports it to school
4. Vendor says they will fix it ASAP
5. Student runs a vulnerability tester a few days later to see if flaw was fixed
6. Vendor threatens to have him arrested and prosecuted unless he signs an NDA
7. He signs the NDA
8. School expels him with no hearing, no appeal.

Sucks for him, hopefully another college takes him despite the expulsion on his record.

Number 5 is the issue. At that point the student can longer claim to just have "stumbled on to" something and has moved in to the wrong side of ethics. It also does not hold up to scrutiny. If the student was already aware of some vulnerability, why would he need to take that particular action if his true goal was to see if it still existed? Why not check how he found it in the first place.

Pretty much this looks like a case of the story not matching the situation because the story's sequence of events for the student are utterly implausible.

 

[Saint Nick]

Sad state of affairs, this country. At least in some respects.

He is in Canada, attending Montreal’s Dawson College

It says 'CANADA' in size 52 font at the top of the article (that apparently was not even opened by SN).

That said, this kid looks remotely like TridenT.

Yeah I just got owned. Barely paid any attention to the context of the article.

 

[JM Aggie08]

I was just clearing it up, just in case. Knowing full well most people won't click the link and the clifs would suffice. I wasn't sure if Saint Nick was referring to USA or Canada when he said "this country".

I know, I wasn't calling you out