College expels student for reporting security hole

[AndrzejL]

That is a legal approach, hardly an educational one.

So if a adult student breaks into a bank vault we should still educate him and we shouldn't send him to prison? No - he would go to prison like every other criminal. This guy committed crime - he pentested (and possibly broke into) the students database... I am asking again. Why should we treat him any different? He is lucky he was expelled from school and not arrested...

Regards.

Andrzej

[Crow]

AndrzejL you keep pulling things out of context or simply not existent, I don't discuss anymore, you win.

[AndrzejL]

AndrzejL you keep pulling things out of context or simply not existent, I don't discuss anymore, you win.

I didn't realized that we were in a contest / battle Crow?

All I do is call it as I see it. I am not going for the prize of the Golden Carrot - if You thought I was that means that You misread me Amigo.

[µT6]

crow, i still agree with you, the rest, well, i and taking it as the grain of sand it is 

[kjpetrie]

You will get no agreement because this is a cultural issue around what constitutes crime and whether there has to be criminal intent or serious harm. That depends on local beliefs.

Suppose I walk down your street and notice your door is open so I point it out to you. The next day I walk down your street again and see your door is shut but I'm not sure whether it's locked, so I try the handle. Am I doing right (looking after your interest by making sure your house is secure) or wrong (trying to open your door when it's none of my business)? The answer is cultural. In some countries that would be seen as being a good neighbour, and in others the owner would be entitled to shoot me down on the spot for interfering with his property. It's cultural.

The case is complicated here because the student concerned has a foreign name and may well not be in his own country, and therefore might well have been brought up with different values from those in which the college exists. In such circumstances it is easy for actions and boundaries to be misunderstood. We don't know enough to form a judgement. We have to trust those on the scene to have taken relevant factors into account.

[µT6]

you are right Kjpetrie, some things are relative to where you live

still some things must be tolerated and others not

this guy showed that he can do alot, and certainly will get a job very quickly after this

if he is a good or bad person, that is questionable, still he left everybody trying to digest what he did but the way he did it, i think he made everything right, as in right for him 

[Just17]

You will get no agreement because this is a cultural issue around what constitutes crime and whether there has to be criminal intent or serious harm. That depends on local beliefs.

Suppose I walk down your street and notice your door is open so I point it out to you. The next day I walk down your street again and see your door is shut but I'm not sure whether it's locked, so I try the handle. Am I doing right (looking after your interest by making sure your house is secure) or wrong (trying to open your door when it's none of my business)? The answer is cultural. In some countries that would be seen as being a good neighbour, and in others the owner would be entitled to shoot me down on the spot for interfering with his property. It's cultural.

It is my understanding he did not only test the door, but entered.

That, to me makes a huge difference .....  and yes might be a cultural thing, but having strangers (to me) not only test my security, but enter if possible, is not acceptable.
Yes he was a 'stranger' in so far as he was not approved to enter.

The case is complicated here because the student concerned has a foreign name and may well not be in his own country, and therefore might well have been brought up with different values from those in which the college exists. In such circumstances it is easy for actions and boundaries to be misunderstood. We don't know enough to form a judgement. We have to trust those on the scene to have taken relevant factors into account.

As I said earlier, there is too little information available to form a firm opinion ....   I would not be inclined to jump either way because of that.

[AndrzejL]

You will get no agreement because this is a cultural issue around what constitutes crime and whether there has to be criminal intent or serious harm. That depends on local beliefs.

Suppose I walk down your street and notice your door is open so I point it out to you. The next day I walk down your street again and see your door is shut but I'm not sure whether it's locked, so I try the handle. Am I doing right (looking after your interest by making sure your house is secure) or wrong (trying to open your door when it's none of my business)? The answer is cultural. In some countries that would be seen as being a good neighbour, and in others the owner would be entitled to shoot me down on the spot for interfering with his property. It's cultural.

The case is complicated here because the student concerned has a foreign name and may well not be in his own country, and therefore might well have been brought up with different values from those in which the college exists. In such circumstances it is easy for actions and boundaries to be misunderstood. We don't know enough to form a judgement. We have to trust those on the scene to have taken relevant factors into account.

I see what You did there and I must agree. I will admit I trust no one... which makes Your post even more more accurate.

Regards.

Andrzej

[AndrzejL]

What chances?  he reported the problem, "checked" if the solution was there and that was all.

There was an update on the matter:

In a statement posted to the college's website, the school implied that Al-Khabaz had been previously warned off his actions, and despite that warning went back again and ran the site scanner. "The reasons cited in the National Post article for which the student was expelled are inaccurate," the college administration's statement read. "The process which leads to expulsion includes a step in which a student is issued an advisory to cease and desist the activities for which he or she is being sanctioned, particularly in the area of professional code of conduct. Conditions for remaining in the College on good terms are clearly explained in person to the student."

http://arstechnica.com/security/2013/01/canadian-student-expelled-for-playing-security-white-hat/#p3n

One of Al-Khabaz's former instructors went further, writing a letter to the Montreal Gazette on the matter, mocking the media for painting an unfair picture of the college's actions. "I can tell you that our Computer Science program, like virtually all professional programs, has a professional conduct policy that lays out expectations that our students must meet, in addition to purely academic requirements," wrote Alex Simonelis, a member of the faculty of Dawson College's Computer Science Department.

"The media need to fill in some blanks in their accounts," Simonelis continued. "Exactly how did the student “stumble upon” the flaw? Was it by running intrusion tests against Skytech’s website? If so, did he have Skytech’s permission to do so, given that it is unacceptable to do so otherwise? Was the student given a cease-and-desist warning regarding such actions by our college’s administration? After informing our college of the flaws, and being invited to demonstrate them at the college on a specific date, did the student sign an agreement not to run further intrusion tests against Skytech? Did the student run such an intrusion test again, after the warning/signing?  Did the student have a hearing with our department chair and dean? I believe I know the answers to those questions, but I could be wrong, and so would really appreciate any correction the media provide."

Regards.

Andrzej