About the Show       Bio              Blog        Podcast

Expelled for doing the RIGHT thing?

Posted By: Tommy Schnurmacher · 1/22/2013 1:18:00 PM

He's been offered a job, a scholarship... but he's still persona non grata at Dawson College. 20-year-old computer science student Ahmed Al-Khabaz was expelled from Dawson after exposing a vital online security flaw, then checking the next day to see if it had been fixed (it had not). It was this follow-up that the school labeled a “cyber-attack”... but should they be giving him a medal instead? We ask Ahmed what happened, and what he plans to do about it… listen to the audio and let me know how YOU think Dawson handled the situation.

Leave a comment:

showing all comments · Subscribe to comments
  1. Theo posted on 01/23/2013 10:27 AM
    When is hacking ever ethical? It is not. Here is an analogy. Tell your neighbor - I saw you had a cheap lock on your front door so I tried to pick it and I was able to open your front door and enter your house. Aren't you glad I alerted you to this?
    1. David posted on 03/04/2013 10:49 AM
      @Theo From the description in this article, your analogy doesn't relate. Do we know that he did anything but "turn the handle of the door" (to use your analogy)? All too often computer security breaches are covered up and not ever properly fixed. When I have submitted evidence of a security flaw, I have always checked later to make sure measures had been taken to remedy the situation.

      Think of it this way:

      me: "Hey, I know you just armed your security system, but did you know that there is a big hole in the back wall and people can just walk into the house?"
      you: "Oh, great. I will fix that. Thanks"

      some time later:

      me: "Hey, I was in my back yard and I see that there is still a giant hole in your wall. Are you planning on fixing that?"

      Was I wrong to notice? In this case, it is your property, so you can do what you want; fix it or not. In the case at Dawson, the student likely felt a shared responsibility in protecting the school from the security flaw. In that case, I would have felt an obligation to follow up and make sure the school "plugged the hole". If the school fixed it, that's great. If the school didn't, they are negligent. Your house is your private property. He was using an information system meant for use by both students and the public. His concerns about the protection of his, and others', information are completely valid.

      What seems to have happened here is something like the following:

      me: "Hey, I checked again and the giant hole in your wall is still there."
      you: "You aren't supposed to be looking at my wall. In fact, I'm calling the police because you were looking into my private space; my house, without my authorization. You should move, and never come back"

      Seems a little harsh, doesn't it?

      The line between "public" and "private" is very undefined in the digital world. Unless there are clear security measures in place to impose a line, there is no line.

      Listen to the audio. There is nothing wrong with what he did. His approach seemed very reasonable and professional. There seems to be everything wrong with how Dawson reacted to a valid verification of their fix.

      I'm very glad to see that Mr. Al-Khabaz is now being courted by security firms instead of ending up in court.
  2. Drew posted on 02/19/2013 09:36 AM
    This kid does not deserve to be expelled. He found a dangerous flaw in the system that could have devastated all the students. I can not say more about where the flaw was but some American Company will most likely pick this up this story and end up up paying for his education and we have lost another valuable citizen who has gone South and not for the winter.
showing all comments