CS Student from Dawson Expelled for Reporting Bug in Online Portal

April 16, 2022 Sam Dixon North America 0

This article was last updated on April 16, 2022

Canada: Free $30 Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…
USA: Free $30 Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…

A computer science student at Dawson College has been expelled from the college for apparently discovering a loophole in the database containing personal information of students embedded in an academic online portal system across Quebec. 20-years-old Hamed Al-Khabaz claims he identified a bug, or flaw, in the website during a school project for the software development club at the Montreal school.

Al-Khabaz claims that he was with a fellow student when he discovered the potential breach by an accident. He alleged that “I was just trying to help and make sure our data was safe.” He found out a way by which any user could exchange ID’s of other students in an encrypted link in the student portal’s website, ultimately providing personal information, like social insurance numbers, home addresses and phone numbers, of more than 250,000 students effortlessly. Al-Khabaz was vigilant enough to inform the school’s head of information technology soon after finding out the bug in school’s Omnivox software.

Al-Khabaz was congratulated to identify the loophole, but few days later when he ran the same software again to check if the vulnerabilities still existed on the website, he was immediately contacted by the maker’s of the Omnivox software, Skytech. The president of Skytech, Edouard Taza, warned Al-Khabaz that he has launched a cyberattack on the site, which could result in jail time.

Taza made Al-Khabaz sign a non-disclosure agreement to avoid facing any possible criminal charges. The agreement was released by Skytech, saying that “the attack … made the College Portal extremely unresponsive for its thousands of users. Had it not been countered, it would have put the College Portal out of order for the entire students and teachers population of Dawson. The attack was traced, and it turns out that it came from one of the students who participated, earlier that week, in the discovery of the security flaw. We therefore decided to be clement, and not to report the attack to the authorities.”

Share with friends
You can publish this article on your website as long as you provide a link back to this page.

Be the first to comment

Leave a Reply

Your email address will not be published.


*