Hamed has handed a legal waiver to Dawson College allowing them to discuss the entirety of the events leading up to his expulsion. We here at #HamedHelped look forward to their response. Now that they can no longer hide behind their veil of legality, they’ll be able to share any documents they so decide, including the “cease and desist” letter he was purportedly served.
I still don’t understand why you scanned the website after, and not just check for the specific vulnerability? From the looks of it, anyway, the scanner wouldn’t have found your vulnerability anyway, and just checking using the vulnerable URL would’ve taken a whole 5 seconds.
I’m pretty sure it’s illegal to scan websites like this without any authorization. Of course you’re gonna get in trouble.
Should you try to bruteforce the dean’s password next to make sure his password is secure?
Read the account of what happened – he was running the vulnerability test against a test server specifically set up by the IT staff.
So? I doubt he was autorized or even asked if he could run that scan, whether it was a test server or not.
@Kevin, Well there might be other loopholes in the software not only the one that he found earlier, or it could be possible patching one loophole create another one. You never know. Brute-forcing and scanning vulnerabilities are two different things, you cannot compare both. Its like comparing apple with oranges.
@Manan: Well I don’t think it’s that different in this example. I used brute-forcing because it’s more evident that it is illegal compared to scanning for vulnerabilities, but if you have common sense you know that you shouldn’t be doing either.
The punishment of destroying a student’s academic career, especially in light of his intentions (which had already been made known), is a punishment that does not fit the crime. In fact, it’s such a ridiculous response, it deserves reprimand in and of itself.
What else were they to do? You don’t follow the rules, you get kicked out.
AFAIK, he failed his courses because he was expelled since he couldn’t get passing grades anymore. They didn’t expell AND fail him. My brother fell sick and had to stop his semester after the cancellation limit date and therefor failed his courses. Why should this be any different?
He simply screwed up and don’t want to face the consequences. It’s harsh but I don’t think it’s ridiculous.
> and not just check for the specific vulnerability?
I assume because he thought that there might be more, undiscovered, vulnerabilities. He should have got permission. Harsh lesson to learn but you’d lose your job for doing the same thing.
16,000 signatures and counting….hope you like bad publicity, Dawson!