 hm
@videotron.ca | reply to booj
Re: [Serious] Dawson College expels hacking student said by booj:and yet somehow everyone is better off because he did it
We are only better off because he went public with such a massive security/privacy hole. Otherwise both the company and Dawson wanted his face shut up.
Kid should have went public with what he found right from the beginning, as we are seeing. And from what Dawson College also taught all of us. |
|
|
|
Reviews:
 ·Cogeco Cable
| said by hm :We are only better off because he went public with such a massive security/privacy hole. Otherwise both the company and Dawson wanted his face shut up. ... we don't know that, only two days had passed since the student reported the issue, before he abused the exploit. Resolutions to exploits take time to evaluate prior to updating them, otherwise an entire student body could be adversely affected.
said by hm :Kid should have went public with what he found right from the beginning, as we are seeing.
... or he could have waited for them to patch the bug. Or he could have simply communicated with the appropriate people if he was concerned they had not yet resolved the issue.
Again, there's a right way and a wrong way to do things, and this student chose the wrong way. |
|
resa1983Premium
join:2008-03-10
North York, ON
kudos:7 Reviews:
·TekSavvy Cable
| reply to Linklist
Skytech have offered him a scholarship, and a PT job.
»www.cbc.ca/news/technology/story···baz.html
--
Battle.net Tech Support MVP |
|
 LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | Good for them. And the school says it isn't backing down - the idiots.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. |
|
| reply to DKS
said by DKS:Your post is a great example of an inability to see an issue within an ethical framework. Sorry.
Sorry DKS, you are blind as a bat.
The kid had a test account and this was on a test server.
Also you fail to realize all this is is a cover up by the company (with the NDA after the discoveries) and a security and privacy breach cover-up by the college and them going way out of bounds. |
|
hm
@videotron.ca | reply to got_milk
said by got_milk:said by hm :said by got_milk:what he was doing was illegal.
Mind posting a URL showing us that scanning a URL is illegal in Canada? I'm not familiar with the ins and outs of the Canadian Criminal Code, but a friend of mine who works for a large security firm told me that his company won't pentest anything without signed documents granting him access to do so as without consent, as not only is it unethical to do so but it's against Canadian law. I've been meaning to read up through the code on exactly what is and what isn't legal, but I haven't been able to do that yet. Sorry I can't provide a direct source. So in other words, what you stated was hearsay BS and it's not legal fact. Nor is it illegal.
k.
So we have cleared up one fallacy. It is not illegal. At all. |
|
 digitalfuturSees More Than ShownPremium
join:2000-07-15
BurlingtonON
kudos:2 | reply to DKS
said by DKS:said by milnoc:Lesson learned. The next time you find a vulnerability in someone else's system, stay quiet about it, and exploit it for your own benefit. No point in doing "the right thing" if you're going to be punished for it anyway.
He did the wrong thing by attempting to check out the college's web site a second time. That was his mistake. It is like calling crimestoppers. You call, pass on the information and walk away. It is not up to you to solve the problem or deal with the issue. Report it and you have done your duty. Correct analysis. The makers of Omnivox, said to student Al-Khabaz, they would fix the problem immediately. That is what he should have been reported to the college, not trying to confirm that it had been fixed by trying to hack in.
Zero-day exploits don't get fixed in a couple of days, regression testing alone takes at least that long. A bit of patience and understanding of corporate quickness would have save Al-Khabaz from this harsh, but correct sanction.
--
Logic requires one to deal with decisions that one's ego will not permit.
All that is necessary for the triumph of evil is that good men do nothing - Edmund Burke. |
|
| reply to resa1983
A scholarship to where - one of those places advertised on a matchbook cover? Cuz he won't get into a 'real' university with a permanent "academic misconduct" notation on a transcript - that will follow him the rest of his life. |
|
hm
@videotron.ca | reply to resa1983
Funny, eh.
And, BTW, in Quebec (dunno about the rest of Canada), that scholarship will be written off 100% from the companies income tax and also go towards the mandatory percentage of obligatory employee training funds (another tax write-off).
Company really gave this guy nothing, other than their own tax write-off and good PR for themselves after intimidating him and threatening him the way they did.
Of course this would mean he would have to drop any potential lawsuit against this creep of a company with privacy and security holes.
Wouldn't surprise me if this was the legal advice given to this company. |
|
| reply to Linklist
What's a 'white hat' security researcher make in Silicon Valley these days? I'd guess $250-500k/year - if he has the academic creds. But he'll never get the academic creds now, and might never be allowed into the US if he wanted to go.
Present Value of that kind of pay for 45 years discounted @ 4% but not adjusted for inflation is in excess of $5-10MM. I'd sue the school for $25MM in order to account for inflation/salary growth, plus an additional $100MM as punitive damages. |
|
hm
@videotron.ca | reply to dragonfly
Even more on what Dawson did to hide their security and privacy hole:
awarded him zeroes in all his classes and tarred his transcript, essentially ruining his academic future.
Hope he finds himself a very good lawyer (»ccla.org/) and also asks privcom to investigate and conduct an audit to see if there has been any breach.
»www.hamedhelped.com/
(put up by the student union)
This affects millions of people all across Quebec. |
|
| said by hm :http://www.hamedhelped.com/
(put up by the student union)
Ouch, ironically they're suffering from an Apache configuration issue (httpd.conf error). |
|
hm
@videotron.ca | said by urbanriot:said by hm :http://www.hamedhelped.com/
(put up by the student union)
Ouch, ironically they're suffering from an Apache configuration issue (httpd.conf error). Worked fine when I made that post 9.5-hrs ago 
*shrug*
Maybe by the time this post shows it will be working again |
|
| reply to hm
said by hm :Funny, eh.
And, BTW, in Quebec (dunno about the rest of Canada), that scholarship will be written off 100% from the companies income tax and also go towards the mandatory percentage of obligatory employee training funds (another tax write-off).
Company really gave this guy nothing, other than their own tax write-off ...........
There will be no tax write-off because the 'scholarship' will never be used, because he'll never be admitted anywhere decent. |
|
hm
@videotron.ca | said by MaynardKrebs:There will be no tax write-off because the 'scholarship' will never be used, because he'll never be admitted anywhere decent.
Play of words. He can go into any technical program (non college), or even apply as a mature student at the local uni's and plead his case. Or even Vanier or Champlain college to plead his case considering the Company who he pissed off is giving him the money and made it public that they don't even agree with Dawson. And will likely write him a nice letter of recommendation w/ a doantation (another tax write-off).
With the word that got out, I can see Champlain or Vanier taking him. Even one of the uni's.
Besides, as long as he shows he took any course, it's a tax credit. More than a tax credit, this type of tax write off gets the company a tax *refund* in Quebec. Look up revenue Quebec and the diff training taxes, you will find a few applicable for this that they will file under.
It's all a joke really what the company offered him. They lose nothing, and gain a refund + the PR which they need at this point.
But most importantly, and what is worth more, is the company showing they don't agree with the staff, faculty, and direction of Dawson. Makes his case stronger should he go to court.
Same for when TSI opens their office in Quebec. Nice tax *refunds* for them if they pull this right and do this right for both training and R&D. All refundable. Used to do this for companies years back to the tune of tens of thousands to a hundred grand depending on size.
He isn't finished. Not even close. |
|
LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | said by hm :said by MaynardKrebs:There will be no tax write-off because the 'scholarship' will never be used, because he'll never be admitted anywhere decent.
Play of words. He can go into any technical program (non college), or even apply as a mature student at the local uni's and plead his case. Or even Vanier or Champlain college to plead his case considering the Company who he pissed off is giving him the money and made it public that they don't even agree with Dawson. And will likely write him a nice letter of recommendation w/ a doantation (another tax write-off). With the word that got out, I can see Champlain or Vanier taking him. Even one of the uni's. Besides, as long as he shows he took any course, it's a tax credit. More than a tax credit, this type of tax write off gets the company a tax *refund* in Quebec. Look up revenue Quebec and the diff training taxes, you will find a few applicable for this that they will file under. It's all a joke really what the company offered him. They lose nothing, and gain a refund + the PR which they need at this point. But most importantly, and what is worth more, is the company showing they don't agree with the staff, faculty, and direction of Dawson. Makes his case stronger should he go to court. Same for when TSI opens their office in Quebec. Nice tax *refunds* for them if they pull this right and do this right for both training and R&D. All refundable. Used to do this for companies years back to the tune of tens of thousands to a hundred grand depending on size. He isn't finished. Not even close. i agree. Anyone who thinks his educational opportunities are over is way off base.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. |
|
 milnoc
join:2001-03-05
H3B
kudos:1 | At the same time, if Dawson College behaved improperly in the student's expulsion (the process is based on an presumption of guilt, not one of innocence like in our court system), the student may still have some legal recourse to be financially compensation for his expulsion, and have the expulsion cleared from his permanent record.
I'll post the links to this morning's follow-up interviews from CBC Daybreak Montreal's Web site when they're made available later in the morning. They've been really on the ball with this news item.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | If there was no malicious intent by the student, then this is way over the top but obviously they cannot go overboard on rewards and congratulations which should be in order - especially from his software-computer profs (dont want to send an invitation for others to emulate). If he was stealing data then the actions taken are too lenient. |
|
milnoc
join:2001-03-05
H3B
kudos:1 | There wasn't. As mentioned before, the second attack was done using the test account the software firm had given him. It was an attack on a component with no data behind it.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live |
|
resa1983Premium
join:2008-03-10
North York, ON
kudos:7 Reviews:
·TekSavvy Cable
| reply to Linklist
Apparently, he's had 10 job offers now. 
»twitter.com/finnertymike/status/···94450176
Good to see his future isn't completely ruined.
--
Battle.net Tech Support MVP |
|
