Kid Got Expelled from College for Reporting a Security Problem to School Officials

Illustration for article titled Kid Got Expelled from College for Reporting a Security Problem to School Officials

No good deed, huh. A student from Dawson College in Montreal has been expelled for his involvement in the uncovering of a potentially horrible flaw in his school's online directories. Sounds dumb, right? Even worse: Everyone more or less agrees he meant no harm.


Here's what happened: Ahmed Al-Khabaz, a Computer Science student at Dawson, and a friend were working on a mobile app to allow students mobile access to their school data. In the process, they uncovered a pretty serious vulnerability ("sloppy coding") that would have put student information at risk. What kind of information? According to Al-Khabaz, "social insurance number, home address and phone number, class schedule, basically all the information the college has on a student."

So Al-Khabaz took the issue to the school's Director of Information Services and Technology. The meeting went well, and he was told that Skytech, that company that makes the software in question, would get right on it. After not hearing back for a few days, Al-Khabaz decided to check to see if the vulnerability had been patched, using a program called Acunetix. That was a mistake. He immediately received a call from the head of Skytech, saying this was the second time in a few days that he'd been spotted in their system, and this was a serious breach. The software he'd used to check up on the system could have caused serious problems, since it was used without prior notification to the system admin.

Al-Khabaz apologized, and eventually signed an NDA forbidding him from discussing the case, but that wasn't the end of it. Despite the Skytech people acknowledging that there was no malicious intent, Dawson's faculty held a vote on whether it should expel him for "unprofessional conduct." Al-Khabaz was not allowed to speak on his own behalf, and 14 of 15 professors voted to expel him—rendering his grades for the semester zeroes across the board. Two motions for appeal have been turned down.

So that's Al-Khabaz's situation right now: 20 years old, expelled from school with bottomed-out grades and a record of unprofessional conduct. All for trying to help, and bungling it a bit. You can read the rest of the sad, regretable situation over at the National Post, or sign an online petition to help him out. [National Postvia Techmeme]

Image by Sergey Nivens/Shutterstock



Reminds me of almost getting expelled in high school. The IT Admin wasn't running any antivirus on the computers at school, depending on a program called Deep Freeze to restore the machine back to the original image after a reboot. A buddy and I found a program that disabled Deep Freeze on the local machine. While we were dumb, there was no malicious intent. Once it was discovered, we were immediately marked for expulsion and had to get legal representation to fight it. The IT Admin declared that we hacked into, and compromised the entire school network. It was later discovered that the "IT Admin" didn't hold any certifications and he was just decent with computers. That was his last year in that position.

That one mistake almost cost me graduating high school and receiving a scholarship.