http://www.securityfocus.com/brief/829
”
Hack-and-tell student quits school, awaits trial
Published: 2008-09-29
The 20-year-old student that allegedly hacked Carleton University’s e-mail system refused last week to agree to penalties and, instead, quit school and now awaits his trial on computer-intrusion charges, according to a local news report.
”
So, I can’t support running a security audit without authorization even in a place claiming to be “for higher education” and probably with the normal abismal security practices common among Universities. (mine anyhow)
What caught my interest in this specific report was the following:
”
the university required last week that Moufid admit that he did not alert the school to the problems before distributing the report. Moufid told the Citizen that such an admission would be a lie
”
This seems to be a common knee jerk reaction among companies responding to security researchers even when they do go about the practice ethically. I think the school’s demand is unacceptable myself but I admit that I haven’t enough of the information to determin what basis they make that demand on. Thoughts?