It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Student kicked out for exposing huge security flaw Student kicked out for exposing huge security flaw
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Student kicked out for exposing huge security flaw
Reply
 
Thread Tools
Old 22nd January 2013, 07:57   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 148,060
Stefan Mileschin Freshly Registered
Default Student kicked out for exposing huge security flaw

A computer science student at Montreal's Dawson College managed to identify a security flaw in the computer system used by numerous colleges in Quebec. The flaw compromised the security of 250,000 students' personal information, but instead of getting a pat on the back, the student was expelled from the school.

20-year-old Ahmed Al-Khabaz was working on a mobile app to allow students easier access to their college account, but in the process he and a colleague discovered what they describe as "sloppy coding" which would allow easy access to personal information listed on the system. Al-Khabaz said the flaw would make it possible for anyone with basic knowledge of computers to gain access to social insurance numbers, phone numbers, home addresses and even class schedules.

"I saw a flaw which left the personal information of thousands of students, including myself, vulnerable," said Al-Khabaz. "I felt I had a moral duty to bring it to the attention of the college and help to fix it, which I did. I could have easily hidden my identity behind a proxy. I chose not to because I didn't think I was doing anything wrong."

The college tech director praised Al-Khabaz and his colleague Ovidiu Mija for their work and promised that he would work with Skytech, the makers of the system, to address the flaws. However, two days later Al-Khabaz ran another security check to make sure the problems were corrected and a few minutes later he got a call from Edouard Teza, the president of Skytech.

Teza told Al-Khabaz that what he was doing was tantamount to a cyber attack and then went on to threaten him with criminal charges and arrest.

"I apologised, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn't agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement," said Al-Khabaz.

In the end, Al-Khabaz was expelled and the NDA prevents him from discussing confidential information he found on Skytech servers, or any information relating to Skytech, under pain of further legal consequences.

Taza told the National Post that he did contact Al-Khabaz and that he "mentioned" police and legal consequences, but did not make any threats, as if "mentioning" legal action and involving the police is not a threat.

http://news.techeye.net/security/stu...-security-flaw
Stefan Mileschin is online now   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samsung plant guilty of exposing female worker to carcinogens Stefan Mileschin WebNews 0 17th December 2012 10:42
Facebook security flaw allows account access without passwords Stefan Mileschin WebNews 0 5th November 2012 07:48
First Critical Windows 8 Security Flaw: Logon Passwords Stored in Plain Text jmke WebNews 0 15th October 2012 10:25
HP Sued Over Security Flaw in Printers Stefan Mileschin WebNews 0 12th December 2011 09:06
Apple Kicks Developer That Found iOS Security Flaw Stefan Mileschin WebNews 0 8th November 2011 08:21
Security Flaw Links BitTorrent Users to Skype Accounts Stefan Mileschin WebNews 0 21st October 2011 09:06
High risk security flaw found in Office 2007 jmke WebNews 0 25th February 2007 10:37
Huge Security Hole Found in Symantec Antivirus Software jmke WebNews 0 27th May 2006 15:42
Windows XP Security flaw jASjE Hardware/Software Problems, Bugs 5 11th September 2002 20:51

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 10:18.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO