School that expelled student hacker may have ignored 16-month-old security flaw

    Date23 Jan 2013
    2165
    Posted ByDave Wreski
    It's tough not to feel pangs of sympathy for Hamed Al-Khabaz, the 20-year-old aspiring computer scientist who was expelled from Dawson College after exposing a security flaw in the school's academic portal. Whether Al-Khabaz deserved his punishment is certainly worth questioning, though it's also worthwhile to ask why the college hadn't bothered to fix a flaw in its public-facing Web server 16 months after it had first been reported. Based on the various reports and statements about the incident, here's what went down: In September, the student uncovered flaws in the online academic portal, exposing sensitive information -- Social Security numbers, phone numbers, and home addresses -- belonging to more than 250,000 college students. He said he stumbled across the flaw, which he attributed to "sloppy coding," while working on a project for his school's software development club.
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.