This unfortunate Canadian Student, 20, Ahmed Al-Khabaz, gets suspended from School because of discovering such software flaw. It exposes 250,000 personal details of students in Dawson College in Montreal.
According to a report from NationalPost, Al-Khabaz discovered a security flaw in Omnivox software created by Skytech, which is widely used by the students in the School. He and his colleague find it when working with a mobile application.
He describe it as “Sloppy Coding”, and a user with basic computer skills could intercept it.
The issue was reported to the Director of Information Services and Technology:
After an initial meeting with Director of Information Services and Technology François Paradis on Oct. 24, where Mr. Paradis congratulated Mr. Al-Khabaz and colleague Ovidiu Mija for their work and promised that he and Skytech, the makers of Omnivox, would fix the problem immediately, things started to go downhill.
Things got bad when he tries to verify if the flaw still exists by running a security software scanner from acunetix.
The president of Skytech then contacted him, accusing of launching a penetration test without permission, and going to jail is possible, if he will not sign a non-disclosure agreement.
His professors expelled him already without hearing his side. That was after he agreed of signing the non-disclosure agreement.
In the report, Skytech did admit there were legal implications of the signed agreement but strongly denied threats.
“All software companies, even Google or Microsoft, have bugs in their software,” said Mr. Taza. “These two students discovered a very clever security flaw, which could be exploited. We acted immediately to fix the problem, and were able to do so before anyone could use it to access private information.”