Full Disclosure mailing list archives

Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000

From: Peter Dawson <slash.pd () gmail com>
Date: Thu, 24 Jan 2013 12:41:46 -0500

@Valdis, your correct.

"He was expelled for other reasons. Despite receiving clear directives not
to, he attempted repeatedly to intrude into areas of College information
systems that had no relation with student information systems.

These actions and behaviours breach the *code of professional
conduct<http://www.dawsoncollege.qc.ca/public/72b18975-8251-444e-8af8-224b7df11fb7/info_desk/420a0_-_professional_conduct.pdf>
* for Computer Science students, a serious breach that requires the College
to act."


/pd

On Thu, Jan 24, 2013 at 12:34 PM, <Valdis.Kletnieks () vt edu> wrote:

On Thu, 24 Jan 2013 10:16:29 -0500, Benjamin Kreuter said:

There is also the matter of the school itself.  They were presented
with a student who had found a vulnerability, reported it, and then
checked to see if there were still problems.  Does expulsion really
sound like a reasonable punishment to you?  Does any punishment seem in
order, given that the student made no attempt to maliciously exploit
his discoveries?  It seems to me that a much better approach would have
been to offer the student a chance to present the vulnerability in a
computer security class.  The school's mission is, theoretically, to
teach its students -- why, then, would they remove from the student
body someone who could do just that?


I've seen reference to a few more details on this - namely:

1) The kid, as part of his major, signed an ethics document.
2) He was either told or agreed to not run the scanner again.
3) He did so anyhow.

and that he didn't get kicked out because he ran the scanner, but
because he did so *in violation of the ethics standard*.

I'll probably have to go back and find references for all that - but
even without that, it's something to think about.  If somebody
agrees not to do something, and then does it anyhow, is he *trustworthy*
enough for a degree in that field?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data, (continued)
- - - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data Ian Hayes (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data Jeffrey Walton (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data Philip Whitehouse (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Nick FitzGerald (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Sanguinarious Rose (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Nick FitzGerald (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Benji (Jan 22)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Benjamin Kreuter (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Gary Baribault (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Valdis . Kletnieks (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Peter Dawson (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Stefan Weimar (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Valdis . Kletnieks (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Jeffrey Walton (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Stefan Weimar (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Daniel Richards (Jan 22)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Ferenc Kovacs (Jan 24)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Jeffrey Walton (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Nick FitzGerald (Jan 21)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 Alan J . Wylie (Jan 22)
    - Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data Julius Kivimäki (Jan 22)

(Thread continues...)