Montreal College Expelled Youth Who Found ‘Sloppy Coding’ Compromising Students’ Security

by
editors
After discovering a flaw in the computer system used by the most Quebec CEGEPs which compromised the security of thousands of students at Montreal’s Dawson College, the student has been expelled by the institution’s authorities.

Montreal College

Image: Wikipedia

After discovering a flaw in the computer system used by the most Quebec CEGEPs which compromised the security of thousands of students at Montreal’s Dawson College, the student has been expelled by the institution’s authorities.

A computer science student and a member of the school’s software development club, Ahmed Al-Khabaz was using a mobile application to facilitate students’ access to their college accounts when he discovered a flaw, described as a ‘sloppy coding’ by him, in the Omnivox software.

The error he found in the computer systems allowed access to the personal information of the students including the social insurance number, phone number, home address, class schedule and all other related data to anyone with the basic knowledge of computers.

According to Al-Khabaz, he wanted to put the issue forward to the college authorities because he felt it was his moral responsibility to do so. Director of Information Services and Technology Francois Paradis congratulated him and promised that he and Skytech would take care of the situation. However, things didn’t go as planned.

Mr. Al-Khabaz ran software Acunetix to ensure the problem had been fixed when he received an unexpected call from the president of Skytech telling him to stop what he was doing as it was a cyber attack. According to Al-Khabaz, he apologized to the man saying he was the one to point out a major error in the college software and was just checking whether the error had been removed or not.

Edouard Taza, the president of Skytech, then told Ahmed Al-Khabaz that he could be sentenced to a six or twelve month jail for this act and threatened him that he could get arrested if he didn’t sign a non-disclosure agreement which prevented Al-Khabaz from discussing anything related to Skytech servers and also prevented him to talk about the agreement itself. When approached, Taza denied the threat allegations but said he did mention police and legal action. He said that the flaw had been fixed immediately after it had been found.

The student had agreed to sign the agreement but his problems worsened when the professors of his college expelled him over ‘unprofessional conduct’ without giving him a chance to explain his side of the story.

Carbonated.TV