morfizm (morfizm) wrote,
morfizm
morfizm

Canadian college screwed up on privacy and security policy

If these articles (news 1, news 2) are even remotely true, Canadian college screwed up big time. Student (Ahmed Al-Khabaz) was badly expelled from the Dawson College (with zeroing his grades, cancelling already awarded scholarships etc) for discovering and reporting a security flaw, and then testing that the flaw has been fixed.

The college has screwed up, first, by demonstrating draconian measures applied to misconduct case, reminding me of cruelty in medieval history (hey, it's Canada, and XXI century, isn't it?), and second with poor judgement that shows incompetency of professors in basic information security and privacy questions.

There's a website calling for support of the student http://www.hamedhelped.com/support/ - they are asking for re-instantiation and public apology. I've signed, but I think the guy has no problem anymore - he has got enough PR so he'll find a job or a new scholarship easily, but a more appropriate action against the college would be a privacy lawsuit, representing other students. If the college was not supporting ethical hacking (rather fighting it and retaliating harshly), especially after having discovered a real issue, it means, the college was covering up the criminals (in this case, software company who due to their negligence, lack of testing or other reasons, could let the security flaw happen). I think it's somewhat questionable whether or not a software company itself is criminal, and, perhaps, they've covered their ass with a bunch of legal disclaimers, but willfully covering it has clearly criminal intent - college should pay punitive damages to victims that had their data exposed.

Again, I say all this only assuming that the news are based on true facts and do not hide other important facts. Got ready with popcorn and will be watching more news on this as they come :)
Tags: in english, news, politics, software development
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment