Tuesday May 21, 2013


Local Video


    • More »

    QUESTION OF THE WEEK

    Survey results are meant for general information only, and are not based on recognised statistical methods.


    View results of current and past polls



    Featured Columnists

    When doing the right thing gets you expelled

    Dot Comrade
    January 24, 2013

    Christopher Poon

    Imagine this. You run a large post-secondary institution, a centre of higher education catering to thousands of students. Like any other school, you’re going to have a lot of those students’s private information on file. With that kind of responsibility sitting on your shoulders, perhaps the worst thing that could happen is that your school’s online security is flawed and that information is made public.

    Now let’s say that before something like that could happen, one of your students, a computer science major, discovers said flaw before it can be exploited and lets you know. What do you do to reward that individual? A scholarship? Throw them a pizza party?

    How about expelling them? Because that’s exactly what Montreal’s Dawson College did following student Ahmed Al-Khabaz’s discovery of such a flaw last fall.

    Now I’m sorry if you came here to hear about the latest and greatest in gadgetry and the like, but this case is so clearly ridiculous that it deserves more exposure.

    Last fall, Al-Khabaz was working on a mobile college profile application when he found that the system used by the institution allowed him to access any other student’s personal information. Following the discovery, Al-Khabaz notified the school, at which point he was praised and told it would be fixed. Two days later Al-Khabaz ran a program to check if the fix had been applied and when the school’s system operator noticed the attempted access, called Al-Khabaz saying that he was committing a cyber attack.

    As a result, Al-Khabaz was expelled from the school, and Dawson College is left looking like they kicked out a student for pointing out a potential threat, because they did.

    No doubt sensing the terrible PR it’s incurring, Skytech, the company responsible for overseeing Dawson’s online security is now offering Al-Khabaz a scholarship to finish his education in the private sector. This came after Al-Khabaz claimed the company had actually threatened him with jail time following his attempt to check if the flaw had been fixed.

    Now you’ve got a bunch of people calling on Dawson College to reinstate Al-Khabaz while the school continues to maintain that it’s following policy, blah, blah, blah. On the other side, security industry types are siding with Al-Khabaz not only for his obvious skill, but his moral decision to try and do the right thing.

    I mean, what does this really teach people? That highlighting a potential threat will only net you punishment? Would Dawson College have preferred Al-Khabaz keep the security flaw to himself, leaving it open for anyone else to discover?

    The Internet is a scary place and the fact is that those who have grown up with it from the very beginning are just going to be more versed in how it works. So when you have people like Al-Khabaz pointing out the errors, instead of taking advantage of them, maybe count your lucky stars instead.

    At the writing of this, Al-Khabaz was still expelled, though he had received several job offers by Internet security firms.

    So what can be learned from this? That rather than stifling today’s youth, we should be encouraging them to do good. Sounds simple, right? You’d think that an institution dedicated to higher learning would be a prime example of such, but then there’s Dawson College.

    Comments


    NOTE: To post a comment in the new commenting system you must have an account with at least one of the following services: Disqus, Facebook, Twitter, Yahoo, OpenID. You may then login using your account credentials for that service. If you do not already have an account you may register a new profile with Disqus by first clicking the "Post as" button and then the link: "Don't have one? Register a new profile".

    The Whistler Question welcomes your opinions and comments. We do not allow personal attacks, offensive language or unsubstantiated allegations. We reserve the right to edit comments for length, style, legality and taste and reproduce them in print, electronic or otherwise. For further information, please contact the editor or publisher, or see our Terms and Conditions.

    blog comments powered by Disqus



    About Us | Advertising | Contact Us | Sitemap / RSS   Glacier Community Media: www.glaciermedia.ca    © Copyright 2013 Glacier Community Media | User Agreement & Privacy Policy

    LOG IN



    Lost your password?