No good deed, huh. A student from Dawson College in Montreal, Canada, has been expelled for his involvement in the uncovering of a potentially horrible flaw in his school’s online directories. Sounds dumb, right? Even worse: Everyone more or less agrees he meant no harm.
Here’s what happened: Ahmed Al-Khabaz — a computer science student at Dawson — and a friend were working on a mobile app to allow students mobile access to their school data. In the process, they uncovered a pretty serious vulnerability (“sloppy coding”) that would have put student information at risk. What kind of information? According to Al-Khabaz, “social insurance number, home address and phone number, class schedule, basically all the information the college has on a student.”
So Al-Khabaz took the issue to the school’s Director of Information Services and Technology. The meeting went well, and he was told that Skytech, that company that makes the software in question, would get right on it. After not hearing back for a few days, Al-Khabaz decided to check to see if the vulnerability had been patched, using a program called Acunetix. That was a mistake. He immediately received a call from the head of Skytech, saying this was the second time in a few days that he’d been spotted in their system, and this was a serious breach. The software he’d used to check up on the system could have caused serious problems, since it was used without prior notification to the system admin.
Al-Khabaz apologised, and eventually signed an NDA forbidding him from discussing the case, but that wasn’t the end of it. Despite the Skytech people acknowledging that there was no malicious intent, Dawson’s faculty held a vote on whether it should expel him for “unprofessional conduct.” Al-Khabaz was not allowed to speak on his own behalf, and 14 of 15 professors voted to expel him — rendering his grades for the semester zeroes across the board. Two motions for appeal have been turned down.
So that’s Al-Khabaz’s situation right now: 20 years old, expelled from school with bottomed-out grades and a record of being expelled. All for trying to help, and bungling it a bit. You can read the rest of the sad, regrettable situation over at the National Post. [National Postvia Techmeme]
Picture: Sergey Nivens/Shutterstock