Student Expelled From College After Discovering Vulnerability In System

A Canadian computer science student was expelled from his college after he identified a security holw in a software which the college was using.Ahmed Al-Khabaz, who is 20year old who studied at Montreal’s Dawson College was developing a mobile application to allow other students to access their college account came across the hole along with his colleague.Described as “sloppy coding” in the Omnivox software,it allowed anyone who uses a computer to get access to personal credentials of any student in the system such as social security number,address,phone numbers, brief,all information of the student.
Ahmed told NationalPost,"I saw a flaw which left the personal information of thousands of students, including myself, vulnerable," he also added, "I felt I had a moral duty to bring it to the attention of the college and help to fix it, which I did. I could have easily hidden my identity behind a proxy. I chose not to because I didn’t think I was doing anything wrong.
After doing so,he and his colleague was congratulated by the developers of the software and were told that this issue will be fixed.Ahmed later run a scan using Acunetix vulnerability scanning software to see whether there has been any positive progress but within some times,he received a call at his parents home,it was Edouard Taza,the president of the software developing company.
"He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack. I apologized, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn’t agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement.”
Mr Taza said that he did mentioned about police and legal issues,but denied about making any threats and told Ahmed that he misunderstood his comments.
The college administration saw everything from a different point of view and proceeded in expelling Mr. Al-Khabaz.After a meeting with the college's administration,professors in the computer science department were asked to vote for or against the expel of Ahmed,in which fourteen of the fifteen professors voted for.Ahmed appealed for the expulsion as he said he never had any opportunity to explain but the appeal was denied.
I was acing all of my classes, but now I have zeros across the board. I can’t get into any other college because of these grades, and my permanent record shows that I was expelled for unprofessional conduct. I really want this degree, and now I won’t be able to get it. My academic career is completely ruined. In the wrong hands, this breach could have caused a disaster. Students could have been stalked, had their identities stolen, their lockers opened and who knows what else. I found a serious problem, and tried to help fix it. For that I was expelled.
Morgan Crockett, director of internal affairs and advocacy for the Dawson Student Union said:"Dawson has betrayed a brilliant student to protect Skytech management,” Ms Crockett also added: "It’s a travesty that Ahmad’s academic future has been compromised just so that Dawson and Skytech could save face. If they had any sense of decency, they would reinstate Ahmad into [the] computer science [program], refund the financial aid debt he has incurred as a result of his expulsion and offer him a full public apology "
Source:[Click Here]


Free counters!


MauriHackerS - Providing Latest IT Security and Hacking News !