School that expelled student hacker may have ignored 16-month-old security flaw

    Date23 Jan 2013
    2138
    Posted ByDave Wreski
    It's tough not to feel pangs of sympathy for Hamed Al-Khabaz, the 20-year-old aspiring computer scientist who was expelled from Dawson College after exposing a security flaw in the school's academic portal. Whether Al-Khabaz deserved his punishment is certainly worth questioning, though it's also worthwhile to ask why the college hadn't bothered to fix a flaw in its public-facing Web server 16 months after it had first been reported. Based on the various reports and statements about the incident, here's what went down: In September, the student uncovered flaws in the online academic portal, exposing sensitive information -- Social Security numbers, phone numbers, and home addresses -- belonging to more than 250,000 college students. He said he stumbled across the flaw, which he attributed to "sloppy coding," while working on a project for his school's software development club.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.