Dawson student expelled after finding online security flaws
A Dawson College computer science student was expelled after discovering the personal information of students using an academic online portal system across Quebec could be uncovered.
Hamed Al-Khabaz, 20, said he uncovered the site flaws while working on a school project for the software development club at the Montreal school. Al-Khabaz said he and a fellow student discovered the potential breach by accident.
"I was just trying to help and make sure our data was safe,” Al-Khabaz told CBC Montreal’s Daybreak.
While looking at the student portal's website, they discovered that by exchanging other student numbers in the encrypted links, they could easily obtain information such as the social insurance numbers, home addresses and phone numbers of more than 250,000 students.
Al-Khabaz informed the school’s head of information technology immediately after discovering the vulnerability in the school’s Omnivox software and was congratulated for the discovery. Days later, Al-Khabaz says he ran a program to check if the vulnerabilities he discovered on the site existed, and almost immediately, he received a phone call at home from Skytech, the maker’s of the Omnivox software.
Al-Khabaz said the call was from Edouard Taza, the president of Skytech, who informed him that he had launched a cyberattack on the site that could result in jail time. He told Al-Khabaz to sign a non-disclosure agreement or face possible criminal charges, so Al-Khabaz signed.
'Attack' made portal unresponsive for users
Skytech released the following statement in response to Al-Khabaz’s test for site vulnerabilities:“The attack … made the College Portal extremely unresponsive for its thousands of users. Had it not been countered, it would have put the College Portal out of order for the entire students and teachers population of Dawson. The attack was traced, and it turns out that it came from one of the students who participated, earlier that week, in the discovery of the security flaw. We therefore decided to be clement, and not to report the attack to the authorities.”
Dawson College then decided to expel Al-Khabaz.
Dawson's administration would not comment on the specifics of the case, but released a statement saying Al-Khabaz was expelled for breaching the school’s code of conduct.
The Dawson Student Union is appealing for the school to reinstate Al-Khabaz.
"Hamed is a brilliant computer science student who simply wanted to help his school," said Morgan Crockett, the union’s director of internal affairs and advocacy.
"Dawson College should be thankful for his talent and foresight. They must immediately reinstate Hamed, refund the debt he has incurred as a result of his unjust expulsion and offer him a public apology."
1 Comments:
A Dawson College computer science student was expelled after discovering the personal information of students using an academic online portal system across Quebec could be uncovered. high security doors
Post a Comment
Subscribe to Post Comments [Atom]
<< Home