Author Topic: Beware next time you report a security flaw...  (Read 6592 times)

0 Members and 1 Guest are viewing this topic.

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Beware next time you report a security flaw...
« on: January 21, 2013, 01:48:31 pm »
http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/

The guy reports a security flaw that could compromise the data of nearly every college student in Québec without any malicious intent, then reaches an agreement with the president of the company who made the software... and he gets expelled from his college while ruining his life.

This is stuff that shouldn't happen.

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: Beware next time you report a security flaw...
« Reply #1 on: January 21, 2013, 01:50:12 pm »
It should, indeed, not happen. It's irresponsible to ruin the young guy's life as a result of him doing the community a service, without malicious intent.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Xeda112358

  • they/them
  • Moderator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 4704
  • Rating: +719/-6
  • Calc-u-lator, do doo doo do do do.
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #2 on: January 21, 2013, 02:01:46 pm »
This is another reason for why we as a society fail in some respects. Individual concerns are more important than the whole of society. Hopefully the school is shamed enough by this that positive will come from this. I understand that they may have wanted to keep the security breach a secret until they got it fixed, and I agree that he should have notified the company before testing the fix-- they have no way of knowing if it is a malicious attack or not until after the fact. However, the school's actions are upsetting.

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: Beware next time you report a security flaw...
« Reply #3 on: January 21, 2013, 02:12:12 pm »
What is sad is that it's the computer science department who expelled him, with probably no other information than "lol he launched an attack against the system the school uses".

School staff here are usually pretty paranoiac and won't hesitate a second to expell or call the RCMP the second someone does unwanted stuff in the system.

Also note that my school also use that software. :/
« Last Edit: January 21, 2013, 02:15:23 pm by Juju »

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Keoni29

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2466
  • Rating: +291/-16
    • View Profile
    • My electronics projects at 8times8
Re: Beware next time you report a security flaw...
« Reply #4 on: January 21, 2013, 02:31:00 pm »
I found numerous leaks in the school's system XD Some laptops had special teachers features to them sometimes (god knows why), so we used those to do stuff with cmd, hooking up usbsticks, installing software etc.
If you like my work: why not give me an internet?








Offline ElementCoder

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 611
  • Rating: +42/-2
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #5 on: January 21, 2013, 02:46:33 pm »
It's just sad that these things happen :( He's only trying to help people, but apparently big companies couldn't care less about our information.

Some people need a high five in the face... with a chair.
~EC

Offline Link

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 152
  • Rating: +7/-3
  • Well excuse me princess!
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #6 on: January 21, 2013, 02:50:18 pm »
DAMN, note to self: don't go to that college, he should file a lawsuit, he'd easily win.

Offline ElementCoder

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 611
  • Rating: +42/-2
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #7 on: January 21, 2013, 03:03:32 pm »
There's a petition going too apparently http://www.hamedhelped.com/petition/
Almost 2000 people signed it already o_o
« Last Edit: January 21, 2013, 03:04:01 pm by ElementCoder »

Some people need a high five in the face... with a chair.
~EC

Offline annoyingcalc

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1953
  • Rating: +140/-72
  • Found in Eclipse.exe
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #8 on: January 21, 2013, 03:18:57 pm »
I found numerous leaks in the school's system XD Some laptops had special teachers features to them sometimes (god knows why), so we used those to do stuff with cmd, hooking up usbsticks, installing software etc.
Well, my school usses macs sadly, but they are stupid, they store student google accounts and online grades passwords in a .txt file
This used to contain a signature.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Beware next time you report a security flaw...
« Reply #9 on: January 21, 2013, 04:39:37 pm »
Darn that sucks. Although personally what I would do is avoid in any way possible to try exploiting the security issue, the fact that some schools are so paranoid that they might think I tried to break through security on purpose might just make me feel relunctant about even bothering to warn them at all. But then if I don't warn them I get concerned about my privacy. :/

Or worse, when you accidentally run into the exploit and the school is monitoring everything you do.

There should be a protest or something when such things happen, although I think the student checking a second time if the security exploit is still present might have been a bit risky.
« Last Edit: January 21, 2013, 04:43:46 pm by DJ_O »

Offline pimathbrainiac

  • Occasionally I make projects
  • Members
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1731
  • Rating: +136/-23
  • dagaem
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #10 on: January 21, 2013, 04:43:35 pm »
I honestly think that this guy's life is not ruined because he was able to point out the flaw.

Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
I am Bach.

Offline Keoni29

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2466
  • Rating: +291/-16
    • View Profile
    • My electronics projects at 8times8
Re: Beware next time you report a security flaw...
« Reply #11 on: January 21, 2013, 04:51:18 pm »
I honestly think that this guy's life is not ruined because he was able to point out the flaw.

Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
Did the security company approve of his deed?
If you like my work: why not give me an internet?








Offline pimathbrainiac

  • Occasionally I make projects
  • Members
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1731
  • Rating: +136/-23
  • dagaem
    • View Profile
Re: Beware next time you report a security flaw...
« Reply #12 on: January 21, 2013, 04:53:31 pm »
I honestly think that this guy's life is not ruined because he was able to point out the flaw.

Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?
Did the security company approve of his deed?

That particular one did until he tested to see if there was a fix made
I am Bach.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Beware next time you report a security flaw...
« Reply #13 on: January 21, 2013, 05:23:46 pm »
Yeah the issue there is that on the second attempt to break through, the company might have seen it as if the 1st attempt was a implying a threat that the guy will abuse the security flaw if it's not fixed ASAP, like some malicious hackers do as punishment for buggy security.

Also juju got the 333333rd post O.O
« Last Edit: January 21, 2013, 06:03:09 pm by DJ_O »

Offline Sorunome

  • Fox Fox Fox Fox Fox Fox Fox!
  • Support Staff
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 7920
  • Rating: +374/-13
  • Derpy Hooves
    • View Profile
    • My website! (You might lose the game)
Re: Beware next time you report a security flaw...
« Reply #14 on: January 22, 2013, 07:04:04 pm »
There's a petition going too apparently http://www.hamedhelped.com/petition/
Almost 2000 people signed it already o_o
12000 by now :P

And it is just sad that something like that can happen.

THE GAME
Also, check out my website
If OmnomIRC is screwed up, blame me!
Click here to give me an internet!