Computer Science Student Expelled for Finding Security Flaw [Updated]

This is one of those stories that’s simply unbelievable.  A Canadian college has expelled a Computer Science student who discovered a security flaw in their system that puts every student at serious risk, allowing anonymous users to access a plethora of personal information.  Hamed Al-Khabaz’s story is as infuriating as it sounds…

On November 14th, 2012, Dawson College in Montréal, Québec, Canada, expelled Computer Science student Hamed Al-Khabaz for discovering weaknesses and security flaws in Skytech’s Omnivox Student Portal. Had Hamed not made his discoveries, the personal data of millions of Québec students, College and University staff, as well as alumni dating as far back as 1994 would have continued to be easily exploitable.

Despite Hamed’s insistance that he had no criminal intent, Dawson has rejected his appeal, awarded him zeroes in all his classes and tarred his transcript, essentially ruining his academic future. To make matters worse, he has been ordered by the Province of Québec to refund the bursaries he had received for the 2012-2013 Academic year. He has also been threatened with criminal charges and jailtime.

This site exists to tell those in positions of power that the people will not be silenced. That bullying, intimidation and coercion will not be tolerated. The villifation and criminalisation of a generation of programmers, hackers and web enthusiasts is an afront to democracy and civil liberties.

Hamed helped, let’s help Hamed. [hamedhelped]

If everything is true here then something is very, very wrong.  If you feel angered by his story then please sign the online petition to try to get Hamed back into College.

Update