Dawson student expelled for exposing software security flaw

Shawn Knight

Posts: 13,084   +131
Staff member
A student from Montreal Dawson College has been expelled from the school with failing grades after exposing a security flaw in a computer system used by a number of Quebec general and vocational colleges. The “sloppy code” found by Ahmed...

[newwindow="https://www.techspot.com/news/51393-dawson-student-expelled-for-exposing-software-security-flaw-.html"]Read more[/newwindow]

Kezhen Gao

Posts: 30   +32
Well Skytech did offer him scholarship to finish his diploma in the private sector and also offered him a part time job within the company.


I don't buy his version of events at all, how come everyone always seems to instantly be on the "victim's" side before the even know if said story is true? Advice: don't.


Ahmed Al-Khabaz could had sold the security flaw to hackers for a lot of money and kept quiet about it. Instead, he gave the information about the security flaw to the company freely, and everyone has treated him as a criminal for it.

How about punishing the software company for failing to secure their code? But of course that isn't a crime under law to build sloppy code. So, why should reporting security flaws be a crime, unless you want to support sloppy code in the first place to be rewarded for doing so.

Whoever prevents people from reviewing code, has something to hide. Only open source code is honest, and should be the only code worth trusting. When proprietary code (hidden code) is used, you already will get this results with security flaws in them.

Telling everyone it is illegal to review code, is just insanity, crazy, knowing that is like blind faith, to believe in something you know nothing about. Proprietary code is nothing more than obscurity in design, and should never be accepted as reviewed code, proven secure and safe.

If anyone was to insert a backdoor in software, it would be in proprietary code. Give Ahmed Al-Khabaz a break, he isn't the criminal for EXPOSING the truth. His actions were of a good person, to warn others about the security flaw.

The software company and school should had acted to resolve the security flaw, not to punish the messenger who spoke the truth. But, we all know why this happens, because of financial gain, the money involved. As clearly, nobody praised Ahmed Al-Khabaz for doing the right thing.

He deserves better than this treatment upon him. He isn't the advisory, the enemy, his actions are examples for all of us to follow, by seeking out the truth.
Well, it's not exactly a new story, and so far, Skytech, and the school itself have chosen not to reply to any media question or inquiry.
So the only information we have is based on the victem here.
And as he did say there was threat of police action from the Skytech president.
Who in an intereview did confirm that he did say police action would be taken, but he didn't mean it as a threat(Back pedaling, just because I said, I'll kill you, didn't mean I'll really kill you)
So until the other side come out with a statement or official source, the student and the student council and body that is petitioning for him to be reinstated is taken as fact.
Interesting, Skytech(Company in question) gave the student a test account to a test server to test things, without any prior word against him using a common security scanner to scan for vulnaribity
Which he then used to see if the vulnerbility he discovered still exist.

Interviewer: ?But did you tell them ahead of time that you were going to run this software??

Ahmed: ?Well, I thought it was pretty obvious, from my point of view; they gave me the test account, and, uh, it was made for testing purposes.?

So, this company gave the kid an account on their test server (he says he only ran the pentest software on their test server), and they come back and yell at him?


Posts: 12,696   +6,056
I know its off-topic but;
I wonder if these professors that kicked this kid out of college, play violent video games.

For those of you who know about the other topic, you may find a little humor in this comment.