said by FFH5:"Well, if you look at the Criminal Code, it is clear that if someone is having access without authorization to any computer service, he is ... guilty in a criminal act," said Filion.
The kid noticed that if he switched some numbers around in the URL, then he had full and unfettered access to someone elses info. SIN, D.O.B. Grades, Address, phone number, Courses taken or dropped or added, including locker number and combinations.
THIS is what he brought to their attention. A security hole the same magnitude in size and number as this: »
Re: [Serious] HRSDC does it again!!! And it has even more info than that breach.
At this point he was congratulated by everyone, including Dawsons own Computer admins.
It's only once he ran this program freely downloadable program, »
www.acunetix.com/vulnera ··· ownload/, to check if the hole was fixed (which he should be concerned about since his info is in it and accessible to anyone) that both the company and Dawson came down on him. The threats and intimidation to tell no one and to sign an NDA from this creep of a company, and an expulsion with support by his own faculty to step on him. Not only so, but Dawson goes to great lengths to even lie by saying he was injecting cross site XSS exploits, which he wasn't and confirmed by the company. Dawsons excuse is a lie to cover themselves. And it also goes to show how little the faculty at Dawson teaching Comp Sci even know what and XSS exploit is.
Looks bad on all of them and makes them look like total idiots.
And to top it off, let is not forget this was only *just one* exploit he found out of many. And again this is a magnitude similar to the HRDC breach.
Seems to me Dawson is just hiding from both the public and the press, as well as making crap up and the CBC more or less called them out on.
