Letters
We encourage all supporters of Hamed to write emails to the following individuals responsible for his expulsion:
- Richard Filion, Director General, Dawson College
- Robert Kavanagh, Academic Dean, Dawson College
- Diane Gauvin, Dean, Social Science & Business Technology, Dawson College
- Ken Fogel, Chairperson, Department of Computer Science, Dawson College
- François Paradis, Director of Information Services and Technology, Dawson College
The Dawson Student Union is supporting Hamed in his actions. In order to track letters we ask that you Cc advocacy@mydsu.ca and hamed@mydsu.ca.
Graphics
All photos and videos of Hamed helped are licensed under creative commons attribution 3.0. Remix ‘em or make your own media and share it with hamed@mydsu.ca.
Photos courtesy of Martin Reisch.
Font: Source Sans Pro | Full Graphics Kit, with hi-res photos
Social Media
You know what to do. Share Hamed’s story around the web. Whatever medium you use, use it to spread his story and to raise awareness.
Contribute
Legal action may be taken against Hamed or he may choose to take legal action against Dawson College. If that time comes we will be setting up a legal fund in his name to assist in the cost. Stay tuned.
Good luck, Mr. Ahmed, I hope you find justice. Immediately upon reading the National Post piece last night, I wrote a letter to Richard Filion expressing my disgust at Dawson’s unfair and narrow-sighted action. I also posted the article on Facebook, along with Mr. Filion’s email, to encourage friends to also write. One friend that I tagged works in internet security, and I think you will be interested in this blog piece he posted today in response: https://nohats.ca/wordpress/blog/2013/01/21/skytech-and-dawson-college-versus-ahmed-the-kid/
I have a response to my letter from one of the Dawson officials, in which it is stated:
“The discovery and testing of the flaws in the student portal have nothing to do with the student expulsion. His expulsion was based on other activities, committed repeatedly and for which he had been sanctioned.”
If true, this puts a very different spin on the matter.
Comment?
If this is the case, then why haven’t they specified the things he did? You’d think they would tell us if it meant getting all of this negative attention off their backs. They simply don’t want to own up to what they did, which is sickening.
Bonne chance, et surtout ne baisse pas les bras…courage
Comment un logiciel aussi nul qu’Omnivox réussit à être utilisé par la quasi-totalité des cégeps!? Je me suis toujours demandé cette question. Et c’est aujourd’hui que j’ai la réponse. Bravo Skyshit!
le lien de pétition ne fonctionne plus !!
We will support you …
Thank for protecting Dawson’s students data information. I am myself a student from Dawson. People don’t understand that those big company are the rich one and the heartless one. You are the one with a conscious!
Let me get this straight. You found an error and reported it. Dawson said thank you and informed the proper people and they were to take care of it. They told you NOT to do it again, and you did. Now you have to face the reality of a consequence and you’re crying about it to everyone who will listen.
Where does it say they told him NOT to do it again? How was it communicated? Were the consequences clearly defined? Was it explicit or inferred? There is a lot more information that is required to come to the decisive conclusion you’ve come to. And even if he was told, it seems like cruel and unusual punishment given the limited amount of information out there. Any reasonable person would either give him the benefit of the doubt or withhold judgement until more facts are known. But yes, there are a lot of unreasonable people out there.
Whether or not Dawson has said “NOT to do it again”, is not important. They could’ve said “NOT do it the first time” – so what does it make of them? Did they have the right to say “don’t check that the hole was closed”?
Dawson shows it does not support (and rather retaliate harshly) against ethical hacking, and it means criminal intent from their side – they cover up buggy software that can lead other students personal data to be exploited by serial killers etc. It’s one thing that software has security bugs – this may or may not be criminal, depending on the disclaimers you ship with software. Totally another thing is retaliation against security experts who are evaluating the system.
One more thing to add – there’s no question whether or not there was a misconduct by him doing it again. Maybe it was. The problem is a response which is totally blown out of proportion.
Violating service use in order to check if a major security flaw was already fixed or not, is similar to, say, missing a class to save someone’s life. Yes, missing a class is a misconduct, but (a) it’s a very MINOR misconduct, and (b) it’s a misconduct for a MAJOR good cause.
Even if you discount (b), which itself is unprofessional ignorance, the fact that they blew retaliation totally out of proportion for (a) is poor judgement – they should pay for it in full, in my opinion.
The idea that a security specialist NOT verify that a vulnerability s/he reported has been patched is ludicrous.
I agree completely with Tom York.
It was fine that he found the bug in the first place but it was his own fault for going back after he was warned not to. I’d also like to say that I find it really pathetic how you’ve put up the names and e-mail addresses of the faculty involved!
No…what is wrong is the intimidating acts of power on innocent honest people.
Contact info should be there. I am paying my taxes to these people and they should now face this problem they caused. I am in full support of Hamed. Good day .
Considering he informed them of a problem, and they did nothing to fix it, it’s their responsibility. He was being an ethical student by reporting it and checking back up on. Go back to your hideyhole, Dawson sockpuppet.
Where does it say they did nothing? It says it was fixed two days later.
Whats wrong with those officials at Dawson?!!! Hamed we stand with you all the way. Stay strong!!
Stand up Hamed you have my total support. They should actually be grateful for what you did. Stay strong. We all stand beside you.
You are a genius.
Je n’en revien pas de l’injustice qu’il y a sur cette terre, et puis encore comme toujours tout ça pour : L’ARGENT. Quel bande d’imbéciles ! Désolée mais ce gars la à aidé son école pis eux y l’envoyent promener, ils détruisent sont avenir puis il leur demande encore de l’argent. Je ne comprend vraiment pu ou le monde s’en va…
You are standing up and giving hope to every student who has ever been wronged by their school systems. They were expecting for you to walk away while they dusted the dirt under the rug. Good for you for tossing them what they didn’t expect and pursuing a path to making them accountable. We support you Hamed, don’t back down!
An open letter to ‘rfilion@dawsoncollege.qc.ca’, ‘rkavanagh@dawsoncollege.qc.ca’, ‘dgauvin@dawsoncollege.qc.ca’, ‘kfogel@dawsoncollege.qc.ca’,
‘fparadis@dawsoncollege.qc.ca’
In reading the articles and listening to the various broadcasts, it is obvious that there was no mal intent on the part of Mr. Al-Khabaz. In fact, bringing the security flaws to the attention of the school is exemplary behavior on the part of this student. Double checking that the security risk was corrected showed diligence and responsibility of the highest order.
For Dawson College to reprimand and expel this student on the basis mentioned on the college’s website is an absurdity in itself. However, to alienate a student body based on the “good will” and responsible action of their fellow student is inexcusable and does nothing to advance a sense of responsibility, mutual respect, fair play or respect for justice amongst the students.
The respective statement on the Dawson College website counters wise decision making and smacks of hiding behind rules and regulations which are meant to be used against those with mal-intent. Mr.AlKhabaz did nothing of the sort.
In the Director General’s welcome back statement in which he refers to the difficult times ahead re: the budget and Bill 14, he states,
“I trust that we at Dawson will not be distracted and will keep focused on our educational mission, as stated in our Student Success Plan — educating the student as a whole person.”
From where I sit, this vindictive action by Dawson’s administration, completely counters the College’s principle of “Educating the student as a whole person”; not only for the individual but the student population as a whole. In fact, it undermines the trust and mutual respect that is so essential between administration, teachers and students in order to build and sustain a healthy campus community.
I strongly urge the College to reconsider its position and to re-admit Mr. Alkhabiz so that he may complete his studies accordingly.
Yours Sincerely,
Luc Horne
Vaudreuil-Dorion
We will support you! You have us!
Love and support from New York.
Not only will you have the support of us but the support of Allah swt, Inshallah your justice is brought upon these corrupt people
Administrative ignorance clearly knows no bounds.
Thank you for your intelligence and knowledge which saved the private information. Unfortunately Mr. Richard Filion is negative and ignorant who doesn’t understand the seriousness of the problem. He should take security computer courses to further his knowledge. He should congratulate you on your expertise and reinstate you since you are an asset to Dawson college.
Thank You Hamed you have a become a legend and we Dawson students are with you bro
Its Raza by the way miss you man 
hope it all works out buddy. Keep your head up 
Salam
Raza Afridi-Awan
Bonne chance!!! Le lien fonctionne maintenant!
This is ridiculous on the part of Dawson College. The story indicates that Hamed reported the problem to the authorities and now they are expelling him. What kind of people are in positions of authority at Dawson when they fail to recognize this situation, assuming it is as has been reported. He discovered an incredible flaw in software and his reward is expulsion?
This situation reflects poorly on Dawson College. Even the company’s public statement congratulates him, calls him talented, and offers him a job. This reflects well on Skytech, even though it was their mistake.
Good luck bro! Hope you will get justice for what they did! Don’t worry! In no time you’ll be back at Dawson
!! We all miss you! ps: its khaled from msa 
I give my support to you.
This is bullshit. I hope justice is done and you’re reinstated with a full apology.
I’ve responded with an article.
http://morfizm.livejournal.com/773755.html
Good luck from North Carolina! I think someone’s “big ego” in the Dawson College IT department and Skytech got crushed by your findings. Keep up the good work…and stay on the right track. You’re doing the right thing.
They should be rewarding him for being a highly talented young man. Instead they expel him, showing just how narrow minded they are.
This so reminds me of “Dead Poets Society”
Every student at Dawsons should get their parents involved. Who would want their kid to be treated this unfairly?
My mother knows his mother, she’s a really nice person and I think that she most likely really feels bad about it. :/
If you ever feel dropping by EU – i am sure we can find you a job – just post if you ever get the interest
A brother white
Le comportement de ce collège est inqualifiable. Je n’arrive pas à comprendre qu’on puisse mettre quelqu’un à la porte alors qu’il a voulu protéger le bien de tous. S’il avait eu des intentions malhonnêtes, il se serait tu et tant pis pour la poire des autres. C’est ça leur volonté ?
Vraiment, c’est y perdre le nord.
Personnellement, je l’aurais engagé puisqu’il fait preuve non seulement de confiance, d’altruisme, mais aussi de capacités.
J’espère en tous cas que cette fâcheuse histoire lui portera bénéfice car de par son acte il le mérite.
Good luck dude
Artitcle on arstechnica: http://arstechnica.com/security/2013/01/canadian-student-expelled-for-playing-security-white-hat/
I guess bullying by students is wrong, but bullying by the school is permitted?
The administrators of this college should be ashamed of itself.
The problem with today’s society and “justice system” is that it only looks at the letter of the law and no longer takes into consideration the SPIRIT of the law. Mr. Filion’s decision to stick by the rules and regulations without considering the situation is ignorant in my mind, and not exactly something a director of an EDUCATIONAL institution should do. The young man did the right thing in this situation, Dawson did not. Skytech has tried to make amends, but Dawson continues in its deplorable attitude. When my children come of age to go to CEGEP, I am certainly not sending them to, what I am ashamed to say, is my alma mater. Shame on you, Mr. Filion and Dawson College.
Bonjour Hamed,
Je te souhaite bonne chance et que dieu t’aide
Dear Dawson leaders,
I sent this letter below yesterday, and now direct it toward you.
Having heard more in depth reports this morning, including official Dawson representatives, we are all the more appalled. As a Faculty Lecturer at McGill (as well as a Dawson parent) I am especially sensitive to the need to apply penalties up to expulsion for violation of academic standards. However, what makes such violations in the extreme is intention rather than simply not following the letter. Thus, tears or not, I have had no hesitation to turn in students at risk of expulsion who have attempted to cheat or violate academic integrity.
The Dawson spokespeople have not implied that there was anything but noble intention by Mr. Khabaz. Rather, he has exposed a Dawson lapse in need of correction, yet he is being treated as the cause of the lapse rather than the solution or even the whistleblower. The tech community rewards such individuals handsomely.
Dawson is sending absolutely the wrong message to students, including my children, utterly unbecoming of any institution of higher learning. What doubly troubles me is that I believe you know that, yet persist.
Far wiser it is to climb down (as Skytech has) rather than persist publically in punishing excellence. Or is Dawson stubbornly defying wisdom and its love — philosophy — and excluding critical thought in offering education?
Sincerely,
The Rev. Fr. Robert C. Assaly
Dear Mr. Pemberton,
I have a daughter attending Dawson, and a son who graduated last year, and another who is considering Dawson after High School. I write you as Dean of Student Records.
I also note that I have son graduated from John Abbott, which I believe also uses Omnivox.
If there is not much more to the CBC report on the expulsion of Mr. Khabazhttp://www.cbc.ca/news/canada/montreal/story/2013/01/21/montreal-dawson-college-hack-hamed-al-khabaz.html , suffice it to say we are appalled. Further note that as a parent I can accept that mistakes are sometimes made, in this case with poor quality computer programming that led to the vulnerability of my children’s personal information. What I cannot accept is the metaphorical shooting of the messenger, Mr. Khabaz.
Moreover, Dawson by doing so, in seeking to cover its tracks rather congratulating him for detecting the error, is exposing my children’s records to unauthorized access and Dawson to ridicule. I think it advisable that:
1. This Kafkaesque expulsion of Mr. Khabaz be reversed immediately;
2. A very public apology be issued to him;
3. He be financially compensated as a consultant for bringing to light electronic security flaw, in an amount equivalent to that spent or what should have been spent by Dawson and Skytech on computer and records security, or a flat $100,000. That amount is potentially recoverable by Dawson from Skytech.
4. All students be assured that despite the College’s reputation for mediocrity, excellence will never again be punished at Dawson.
5. a reply to this email be forthcoming.
Thanks,
Robert Assaly
robertassaly@gmail.com
What a horrible school, that guy should NOT go back there and search for a private place to continue.
It seems to be a hostile environment when it comes to one of the most important talents a scientist should have. “curiosity”
Ceci est vu par les médias. Regardons plutôt les deux cotes des détails. Comme mentionner par Robert en haut: ““La découverte et l’essai des failles dans le portail étudiant n’ont rien à voir avec l’expulsion des étudiants. Son expulsion est fondée sur d’autres activités, commises à plusieurs reprises et pour lequel il avait été sanctionné.””
Si l’étudiant a bien essayer a nouveau de pénétrer dans le système et la deuxième fois, il avait d’autres intentions, comment peut-on le savoir? La seule façon est que l’administrateur montre les actions qu’il a posées lors de sa pénétration sur le réseau d’omnivore et prouver que ceci est juste sur base de tests.
Découvrir un trou de sécurité est comme avoir un nouveau jouet,
-Report a l’école pour se penser bon
-pis abuser du système vu qu’il croit qu’il n’est pas monitor. Vendre ensuite ton point qu’il verifiais a nouveau si le systeme ete reparer ou pas, ceci pourrait semble etre un pure mensonge.
un vrai pirate ne laissera pas de trace une seconde tentative, quelle ignorance de sa part.
Tu dit n’importe quoi. Il a avisé les responsables. La porte est resté ouverte, au monde entier, pas juste à lui. Il n’a pas accédé au système en pénétrant de l’intérieur non plus. S’Il aurait voulu qu’on ne connaisse pas son identité, il aurait pu utiliser un proxy public ou même passer par TOR. Ton commentaire démontre que tu ne connais rien en sécurité informatique.
Força!!!
Hope you get a chance to finish your degree!
Hamed Al-Khabaz neglected to mention that he made several attempts to break into other systems in the college.
Hamed Al-Khabaz neglected to mention that he was working with other students on the project which led to accidently discovering a glitch in the student portal.
Has anybody ever asked the question as to why the other two students were not sanctioned? Has anybody noticed that the expulsion letter posted online by Mr. Al-Khabaz himself outlined other security breaches he was involved with. That he had been warned? This is how I interpret that expulsion letter.
Me: Hamed, I noticed you are roaming around my house. Is there something I can help you with? I want you to stop roaming around my house please.
Hamed: “I found the doors to your house unlocked and thought I would warn you.
Me: Great thanks, I will make sure my doors will be locked from here on in. I really appreciate you telling me and I will work on it. Thanks again
Sometime later
Me: Oh Hamed, why are you trying to open my doors again? We fixed the problem and now you are roaming around my house again. I told you to stop doing it and you are still at it. But this time, I also saw you trying my car doors.
Hamed: “oh well, I am just trying to protect you”.
Me; Hamed, I warned you not to roam around my property any more.
Now do you get the message? Is this simple enough for you all.
Hamed cares about the self being of others and he cares not only about his own security but that of others and took it upon himself to make sure that everything is secure for the benefit of ALL.
@The Facts,
Your comments are embarrassing… Let’s do something, take your story, and replace “my house” with “the room where I am keeping YOUR social insurance number”. It’s not the same thing, is it?
wish the university will change their mind and return him back to class to finish his degree , no education institute should act like that with any of its students future and should consider other ways of punishment if required, especially if the student has extra skills and talent.
Hamed we support against the corruption, go ahead and don’t forget that GREAT GOD with you.
Pentesting infrastructure without proper permission is clearly a bad idead… its time to pay for it!
Good luck, Mr. Ahmed, I hope you find justice. Immediately upon reading the National Post piece last night, I wrote a letter to Richard Filion expressing my disgust at Dawson’s unfair and narrow-sighted action. I also posted the article on Facebook, along with Mr. Filion’s email, to encourage friends to also write. One friend that I tagged works in internet security, and I think you will be interested in this blog piece he posted today in response: https://nohats
Courage Ahmed!
that what happened when ignorant, and uneducated administrators are in charge….college education by itself means nothing
This is injustice to accuse innocent people who are right,faithful and fair, I support Mr.Hamed because I’m feeling he is a good Guy. Please don’t be afraid and worried from any one, really you are right man…We have all to disclose the corruption.
“J’ai fait mon Hamed” donc juste un test en qlq secondes via mon browser
il y a une possibilité de DOS et certainement bien plus sur le site dawsoncollege.qc.ca donc ça vaudrait la peine qu’ils reprennent Hamed pour les aider à supprimer la (voir les) faille(s) !
https://whyweprotest.net/community/threads/expelled-and-threatened-with-jail-time-over-exposing-a-major-security-flaw.108308/
You’re on the radar.
You’re a computer science major. How about writing a script that emails the above people every 5 minutes until it reaches the point that their inbox is virtually useless. There are services online that lets you use different emails in case they decide to block your email.
Meu amigo eu apoio.
Deviam era colocar este aluno no quadro de honra, mas a tecnologia pode avançar e as mentalidades…?
Partilhem e assinem, algo poderá mudar…
http://www.netmais.info/
Hope that all the imams will help you!!
Peut-etre a cause de ton nom ADMED ( accent arabe @ piratage informatique pour fin terrorism???? ) que les gens ont des doutes ???? .-J’espere que le NASA ou les autres grandes compagnies IT vont embaucher Admed comme futur spécialiste de programmation .- C’est un gar doué .- Les etudiants issus de la région du Moyen-Orient ( langue arabe ) sont excellents en informatique
Gut gemacht lass den kopf nicht hängen,
denn du hast ka alles richtig gemacht.
So if someone in uganda was hacking it and getting access to people’s credit card, they can’t do shit to him but they punish a student who finds the flaw that attends their own university. go fuck yourself