It should, indeed, not happen. It's irresponsible to ruin the young guy's life as a result of him doing the community a service, without malicious intent.

What is sad is that it's the computer science department who expelled him, with probably no other information than "lol he launched an attack against the system the school uses".

School staff here are usually pretty paranoiac and won't hesitate a second to expell or call the RCMP the second someone does unwanted stuff in the system.

Also note that my school also use that software.

It's just sad that these things happen He's only trying to help people, but apparently big companies couldn't care less about our information.

There's a petition going too apparently http://www.hamedhelped.com/petition/
Almost 2000 people signed it already o_o

Darn that sucks. Although personally what I would do is avoid in any way possible to try exploiting the security issue, the fact that some schools are so paranoid that they might think I tried to break through security on purpose might just make me feel relunctant about even bothering to warn them at all. But then if I don't warn them I get concerned about my privacy.

Or worse, when you accidentally run into the exploit and the school is monitoring everything you do.

There should be a protest or something when such things happen, although I think the student checking a second time if the security exploit is still present might have been a bit risky.

I honestly think that this guy's life is not ruined because he was able to point out the flaw.

Do you not think that some security company's not going to hire him right away due to his ability to point out security flaws?

Did the security company approve of his deed?

Yeah the issue there is that on the second attempt to break through, the company might have seen it as if the 1st attempt was a implying a threat that the guy will abuse the security flaw if it's not fixed ASAP, like some malicious hackers do as punishment for buggy security.

Also juju got the 333333rd post