Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data
From: Benji <me () b3nji com>
Date: Mon, 21 Jan 2013 21:10:02 +0000

He found the vulnerability by running Acunetix against the system. He is
what most be would describe as, a class A moron.


On Mon, Jan 21, 2013 at 8:43 PM, Frank Bures <lisfrank () chem toronto edu>wrote:

A student has been expelled from Montreal’s Dawson College after he
discovered a flaw in the computer system used by most Quebec CEGEPs
(General and Vocational Colleges), one which compromised the security of
over 250,000 students’ personal information.

Ahmed Al-Khabaz, a 20-year-old computer science student at Dawson and a
member of the school’s software development club, was working on a mobile
app to allow students easier access to their college account when he and a
colleague discovered what he describes as “sloppy coding” in the widely
used Omnivox software which would allow “anyone with a basic knowledge of
computers to gain access to the personal information of any student in the
system, including social insurance number, home address and phone number,
class schedule, basically all the information the college has on a
student.”

http://tinyurl.com/bcdrelh

Cheers
Frank

--

<feeb () chem toronto edu>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]