School that expelled student hacker may have ignored 16-month-old security flaw


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

School that expelled student hacker may have ignored 16-month-old security flaw

User Rating:

How can I rate this item?

Source: InfoWorld - Posted by Dave Wreski

It's tough not to feel pangs of sympathy for Hamed Al-Khabaz, the 20-year-old aspiring computer scientist who was expelled from Dawson College after exposing a security flaw in the school's academic portal. Whether Al-Khabaz deserved his punishment is certainly worth questioning, though it's also worthwhile to ask why the college hadn't bothered to fix a flaw in its public-facing Web server 16 months after it had first been reported. Based on the various reports and statements about the incident, here's what went down: In September, the student uncovered flaws in the online academic portal, exposing sensitive information -- Social Security numbers, phone numbers, and home addresses -- belonging to more than 250,000 college students. He said he stumbled across the flaw, which he attributed to "sloppy coding," while working on a project for his school's software development club.

Read this full article at InfoWorld