Update: Canadian student expelled for playing security “white hat”

An online petition drive launched to reinstate Ahmed Al-Khabaz, a student expelled from Dawson College after running security scans on a student information system that exposed major weaknesses.

This story has been updated with additional information from Dawson College

A 20-year-old Canadian computer science student has become, depending on your point of view, a martyr for computer security or a cautionary tale for students and others who take an interest in exposing security flaws in software products. While Ahmed Al-Khabaz said he felt he had a "moral duty" to probe the security of a student information system used by over 250,000 students, the school's administration said his acts were a "serious professional conduct issue" and expelled him. Now, fellow students are demanding his reinstatement, and the college and its software provider are facing a publicity and security backlash.

Al-Khabaz and another student reported finding a security flaw in the mobile application for Omnivox, a Web-based software package developed by Montreal-based Skytech Communications that is used by students to access and manage their personal information and college services—including their Social Insurance numbers, the Canadian equivalent of US Social Security numbers.

Read 12 remaining paragraphs | Comments