Canadian student expelled for playing security “white hat”
I guess being a white hat doesn't make you the good guy anymore?
A lesson to hackers out there: administration would rather not know about their vulnerabilities than be informed by you, so don't try to help them.
A 20-year-old Canadian computer science student has become, depending on your point of view, a martyr for computer security or a cautionary tale for students and others who take an interest in exposing security flaws in software products. While Ahmed Al-Khabaz said he felt he had a "moral duty" to probe the security of a student information system used by over 250,000 students, the school's administration said his acts were a "serious professional conduct issue" and expelled him. Now, fellow students are demanding his reinstatement, and the college and its software provider are facing a publicity and security backlash.
Al-Khabaz and another student reported finding a security flaw in the mobile application for Omnivox, a Web-based software package developed by Montreal-based Skytech Communications that is used by students to access and manage their personal information and college services—including their Social Insurance numbers, the Canadian equivalent of US Social Security numbers.
I guess being a white hat doesn't make you the good guy anymore?
A lesson to hackers out there: administration would rather not know about their vulnerabilities than be informed by you, so don't try to help them.