Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data

[Benji <me@xxxxxxxxx>]

He found the vulnerability by running Acunetix against the system. He is
what most be would describe as, a class A moron.


On Mon, Jan 21, 2013 at 8:43 PM, Frank Bures <lisfrank@xxxxxxxxxxxxxxxx>wrote:

> A student has been expelled from Montreal’s Dawson College after he
> discovered a flaw in the computer system used by most Quebec CEGEPs
> (General and Vocational Colleges), one which compromised the security of
> over 250,000 students’ personal information.
>
> Ahmed Al-Khabaz, a 20-year-old computer science student at Dawson and a
> member of the school’s software development club, was working on a mobile
> app to allow students easier access to their college account when he and a
> colleague discovered what he describes as “sloppy coding” in the widely
> used Omnivox software which would allow “anyone with a basic knowledge of
> computers to gain access to the personal information of any student in the
> system, including social insurance number, home address and phone number,
> class schedule, basically all the information the college has on a
> student.”
>
> http://tinyurl.com/bcdrelh
>
> Cheers
> Frank
>
> --
>
> <feeb@xxxxxxxxxxxxxxxx>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/