?

Log in

No account? Create an account
   Journal    Friends    Archive    Profile    Memories
 

Canadian college screwed up on privacy and security policy - morfizm


Jan. 21st, 2013 10:55 pm Canadian college screwed up on privacy and security policy

If these articles (news 1, news 2) are even remotely true, Canadian college screwed up big time. Student (Ahmed Al-Khabaz) was badly expelled from the Dawson College (with zeroing his grades, cancelling already awarded scholarships etc) for discovering and reporting a security flaw, and then testing that the flaw has been fixed.

The college has screwed up, first, by demonstrating draconian measures applied to misconduct case, reminding me of cruelty in medieval history (hey, it's Canada, and XXI century, isn't it?), and second with poor judgement that shows incompetency of professors in basic information security and privacy questions.

There's a website calling for support of the student http://www.hamedhelped.com/support/ - they are asking for re-instantiation and public apology. I've signed, but I think the guy has no problem anymore - he has got enough PR so he'll find a job or a new scholarship easily, but a more appropriate action against the college would be a privacy lawsuit, representing other students. If the college was not supporting ethical hacking (rather fighting it and retaliating harshly), especially after having discovered a real issue, it means, the college was covering up the criminals (in this case, software company who due to their negligence, lack of testing or other reasons, could let the security flaw happen). I think it's somewhat questionable whether or not a software company itself is criminal, and, perhaps, they've covered their ass with a bunch of legal disclaimers, but willfully covering it has clearly criminal intent - college should pay punitive damages to victims that had their data exposed.

Again, I say all this only assuming that the news are based on true facts and do not hide other important facts. Got ready with popcorn and will be watching more news on this as they come :)

1 comment - Leave a commentPrevious Entry Share Next Entry

Comments:

From:archaicos
Date:January 22nd, 2013 07:41 am (UTC)
(Link)
I think the uni are a bunch of silly ignorants in denial. I don't know CA's laws, but if there's at all a way to make them pay for their stupidity, a few good lawyers could and should line up to help the guy for free as it would be right and they'd get some good PR as well.

Gosh, people seem to never learn or are like a century behind in important matters.