Expelled for doing the RIGHT thing?

Bio

Blog


	Expelled for doing the RIGHT thing? Posted By: Tommy Schnurmacher tschnurmacher@cjad.astral.com · 1/22/2013 1:18:00 PM He's been offered a job, a scholarship... but he's still persona non grata at Dawson College. 20-year-old computer science student Ahmed Al-Khabaz was expelled from Dawson after exposing a vital online security flaw, then checking the next day to see if it had been fixed (it had not). It was this follow-up that the school labeled a “cyber-attack”... but should they be giving him a medal instead? We ask Ahmed what happened, and what he plans to do about it… listen to the audio and let me know how YOU think Dawson handled the situation. Share This Tommy Schnurmacher Show Loading Leave a comment: showing all comments · Subscribe to comments Comment Like 3 3 * * * Please fill in the CAPTCHA below to complete your action. NOTE: This thread is moderated, comments will not post immediately. Submit Loading Cancel Reset Password Simply confirm your registered email address below and click "Reset Password." We will immediately email you a link back to the site where you can enter a new password for this account. Account E-mail: Becoming a CJAD Insider Club Member only takes a minute. Don’t miss out on exclusive information, opportunities and giveaways available only to our members. Account E-mail: Password (Case Sensitive): Reset your password Login with Facebook We've found your existing E-Club account. Please login below to complete the Facebook login process. E-mail Address: email@address.com Password The password you have entered is incorrect. Please try again. If you're unable to remember it, you can reset your password. Not a member yet? Sign up now! Theo posted on 01/23/2013 10:27 AM When is hacking ever ethical? It is not. Here is an analogy. Tell your neighbor - I saw you had a cheap lock on your front door so I tried to pick it and I was able to open your front door and enter your house. Aren't you glad I alerted you to this? 1 hide replies · reply· like· report David posted on 03/04/2013 10:49 AM @Theo From the description in this article, your analogy doesn't relate. Do we know that he did anything but "turn the handle of the door" (to use your analogy)? All too often computer security breaches are covered up and not ever properly fixed. When I have submitted evidence of a security flaw, I have always checked later to make sure measures had been taken to remedy the situation. Think of it this way: me: "Hey, I know you just armed your security system, but did you know that there is a big hole in the back wall and people can just walk into the house?" you: "Oh, great. I will fix that. Thanks" some time later: me: "Hey, I was in my back yard and I see that there is still a giant hole in your wall. Are you planning on fixing that?" Was I wrong to notice? In this case, it is your property, so you can do what you want; fix it or not. In the case at Dawson, the student likely felt a shared responsibility in protecting the school from the security flaw. In that case, I would have felt an obligation to follow up and make sure the school "plugged the hole". If the school fixed it, that's great. If the school didn't, they are negligent. Your house is your private property. He was using an information system meant for use by both students and the public. His concerns about the protection of his, and others', information are completely valid. What seems to have happened here is something like the following: me: "Hey, I checked again and the giant hole in your wall is still there." you: "You aren't supposed to be looking at my wall. In fact, I'm calling the police because you were looking into my private space; my house, without my authorization. You should move, and never come back" Seems a little harsh, doesn't it? The line between "public" and "private" is very undefined in the digital world. Unless there are clear security measures in place to impose a line, there is no line. Listen to the audio. There is nothing wrong with what he did. His approach seemed very reasonable and professional. There seems to be everything wrong with how Dawson reacted to a valid verification of their fix. I'm very glad to see that Mr. Al-Khabaz is now being courted by security firms instead of ending up in court. reply· like· report Loading Drew posted on 02/19/2013 09:36 AM This kid does not deserve to be expelled. He found a dangerous flaw in the system that could have devastated all the students. I can not say more about where the flaw was but some American Company will most likely pick this up this story and end up up paying for his education and we have lost another valuable citizen who has gone South and not for the winter. reply· like· report Loading showing all comments Comment Like Please fill in the CAPTCHA below to like this content anonymously. x Submit x Reset Password Simply confirm your registered email address below and click "Reset Password." We will immediately email you a link back to the site where you can enter a new password for this account. Account E-mail: Please enter your email and password to log in. Account E-mail: Password (Case Sensitive): Reset your password Login with Facebook We've found your existing E-Club account. Please login below to complete the Facebook login process. E-mail Address: email@address.com Password The password you have entered is incorrect. Please try again. If you're unable to remember it, you can reset your password. Not a member yet? Sign up now!