[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
- From: Gary Baribault <gary@xxxxxxxxxxxxx>
- Date: Thu, 24 Jan 2013 10:30:09 -0500
The real funny part is where 15 teachers voted .. you mean there are 15
teachers at Dawson that understand the implications of a pen test tool?
I am in Montreal and I know Dawson, they are usually much saner than that!
Let's see if they now have the guts to do a Mea Culpa and fix this
injustice.
Gary Baribault
Courriel: gary@xxxxxxxxxxxxx
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
On 01/24/2013 10:16 AM, Benjamin Kreuter wrote:
> On Tue, 22 Jan 2013 08:32:11 +0000
> Benji <me@xxxxxxxxx> wrote:
>
> > Someone please explain to me why he had to run a vulnerability
> > scanner to check one vulnerability, and again, how are we still
> > arguing about this? Whether you think he had a 'right' to test this
> > or not, he was either too dumb or too naive to know it was against
> > the law.
>
> I do not think the issue is whether or not he broke the law; rather,
> the issue is whether or not the law serves the people's interest. I am
> not a Canadian, so maybe I do not really have a say, but given that
> this kid did not cause any measurable damage, it seems hard to make the
> case that he should have been punished for his actions. Throwing a
> student out of school because he used a pen-testing tool is more
> damaging to the school and to society as a whole than what the student
> actually did.
>
> There is also the matter of the school itself. They were presented
> with a student who had found a vulnerability, reported it, and then
> checked to see if there were still problems. Does expulsion really
> sound like a reasonable punishment to you? Does any punishment seem in
> order, given that the student made no attempt to maliciously exploit
> his discoveries? It seems to me that a much better approach would have
> been to offer the student a chance to present the vulnerability in a
> computer security class. The school's mission is, theoretically, to
> teach its students -- why, then, would they remove from the student
> body someone who could do just that?
>
> Sure, maybe the school has a policy of expulsion for any student who
> breaks the law -- but why would the school expel a student
> preemptively, before he was even found guilty by a court (or even
> charged with a crime)? If he had been arrested, it would have made
> sense for the school to put him on academic suspension until the
> conclusion of his criminal case, at which point a guilty verdict might
> mean expulsion.
>
> -- Ben
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/