Omnimaga
General Discussion => Technology and Development => Other => Topic started by: Juju on January 21, 2013, 01:48:31 pm
-
http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/
The guy reports a security flaw that could compromise the data of nearly every college student in Québec without any malicious intent, then reaches an agreement with the president of the company who made the software... and he gets expelled from his college while ruining his life.
This is stuff that shouldn't happen.
-
It should, indeed, not happen. It's irresponsible to ruin the young guy's life as a result of him doing the community a service, without malicious intent.
-
This is another reason for why we as a society fail in some respects. Individual concerns are more important than the whole of society. Hopefully the school is shamed enough by this that positive will come from this. I understand that they may have wanted to keep the security breach a secret until they got it fixed, and I agree that he should have notified the company before testing the fix-- they have no way of knowing if it is a malicious attack or not until after the fact. However, the school's actions are upsetting.
-
What is sad is that it's the computer science department who expelled him, with probably no other information than "lol he launched an attack against the system the school uses".
School staff here are usually pretty paranoiac and won't hesitate a second to expell or call the RCMP the second someone does unwanted stuff in the system.
Also note that my school also use that software. :/
-
I found numerous leaks in the school's system XD Some laptops had special teachers features to them sometimes (god knows why), so we used those to do stuff with cmd, hooking up usbsticks, installing software etc.
-
It's just sad that these things happen :( He's only trying to help people, but apparently big companies couldn't care less about our information.
-
DAMN, note to self: don't go to that college, he should file a lawsuit, he'd easily win.
-
There's a petition going too apparently http://www.hamedhelped.com/petition/
Almost 2000 people signed it already o_o
-
I found numerous leaks in the school's system XD Some laptops had special teachers features to them sometimes (god knows why), so we used those to do stuff with cmd, hooking up usbsticks, installing software etc.
Well, my school usses macs sadly, but they are stupid, they store student google accounts and online grades passwords in a .txt file
-
Darn that sucks. Although personally what I would do is avoid in any way possible to try exploiting the security issue, the fact that some schools are so paranoid that they might think I tried to break through security on purpose might just make me feel relunctant about even bothering to warn them at all. But then if I don't warn them I get concerned about my privacy. :/
Or worse, when you accidentally run into the exploit and the school is monitoring everything you do.
There should be a protest or something when such things happen, although I think the student checking a second time if the security exploit is still present might have been a bit risky.
-
I honestly think that this guy's life is not ruined because he was able to point out the flaw.
Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
-
I honestly think that this guy's life is not ruined because he was able to point out the flaw.
Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
Did the security company approve of his deed?
-
I honestly think that this guy's life is not ruined because he was able to point out the flaw.
Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
Did the security company approve of his deed?
That particular one did until he tested to see if there was a fix made
-
Yeah the issue there is that on the second attempt to break through, the company might have seen it as if the 1st attempt was a implying a threat that the guy will abuse the security flaw if it's not fixed ASAP, like some malicious hackers do as punishment for buggy security.
Also juju got the 333333rd post O.O
-
There's a petition going too apparently http://www.hamedhelped.com/petition/
Almost 2000 people signed it already o_o
12000 by now :P
And it is just sad that something like that can happen.