1. Find a bug that could reveal the personal information of 250,000 students
2. Report it to the proper authorities at his school, Dawson College in Montreal, Canada
3. Get threatened with jail, and get expelled from college

Twenty-year-old Ahmed Al-Khabaz found a flaw in the college-management Omnivox software that most colleges in Quebec use, according to Canada’s National Post. He reported it to the college’s director of IT, who congratulated him and thanked him.

But two days later, when Al-Khabaz decided to double-check whether a fix was in place, he was surprised by a phone call from Edouard Taza, the president of Skytech, the company that makes Omnivox. Al-Khabaz say that Taza accused him of implementing a “cyber-attack,” threatened him with jail, and forced him to sign a nondisclosure agreement.

But despite his cooperation with what some might say was an unreasonable and bullying approach, Al-Khabaz was expelled from college.

Calls to Donna Varrica and Carey-Ann Pawsey at the Dawson’s communications office go straight to voicemail, but the college has posted a statement on its website, standing by its decision and saying that Al-Khabaz had been warned on at least one occasion to “cease and desist.”

Dawson College stands by its policies regarding academic integrity and professional code of conduct. The provisions of these policies are clearly stated in the Institutional Student Evaluation Policy and the Code of Conduct on the website (listed below).

Under the terms of Quebec privacy laws, it is illegal to discuss the details of student files with individuals or with the media. Dawson College practices due process and due diligence in every case brought before the review committee. If a student does not agree with a decision, he or she has the right to appeal, as spelled out in the policies

In the recent case of Ahmed Al-Khabaz, which he himself brought to the media, the College stands by its decision. The reasons cited in the National Post article for which the student was expelled are inaccurate. The process which leads to expulsion includes a step in which a student is issued an advisory to cease and desist the activities for which he or she is being sanctioned, particularly in the area of professional code of conduct. Conditions for remaining in the College on good terms are clearly explained in person to the student.

When this directive is contravened by the student by engaging in additional activities of the same sort, the College has no recourse but to take appropriate measures to sanction the student.

I have not been able to speak to Al-Khabaz yet, but based on the publicly available facts, Dawson College and Skytech — sounds suspiciously like Skynet, no? — should be thanking him and perhaps rewarding him.

VentureBeat has reached out to Edouard Taza, Skytech’s president, and will update if he responds.

photo credit: Gìpics via photopin cc

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

If you think your iPad 2 is completely secure after enabling the passcode protection feature for iOS 5, then think again.

Apple blog 9to5 Mac, citing a German site, reported a security flaw that allows anyone with one of Apple’s Smart Covers to gain access to the device — giving them free rein on emails, messages, browser history, contacts and any application with stored login information (Facebook, mobile bank account apps, Twitter, etc.).

The flaw can be exploited on a locked iPad 2 by holding down the power button, which will eventually prompt you to slide a horizontal scroll button to turn off the device. With the “power off” screen still up, close the smart cover. When you lift up the cover again the “power off” screen is still present, but clicking cancel brings you to the home screen — thus bypassing the need to enter in the correct passcode.

The trigger seems to be when the iPad is put to sleep (locked), which cannot be done by clicking the power button again. However, the iPad 2 can get around this because it uses magnet sensors from the Smart Cover to lock the device when the cover is on and unlock it when taken off. Since the first generation iPad isn’t compatible with Smart Covers, it doesn’t suffer from the flaw.

Some iPad owners are reporting that the security exploit isn’t limited to iOS 5, and will also work on version 4.3 of the operating system. I can’t confirm if this is the true because I don’t have an iPad running 4.3, nor do I have the desire to roll back the operating system to an earlier version. Although, anyone who is running 4.3 on their iPad is more than welcome to test the exploit and let us know if it works. (Just drop us a comment below, or email us at tips@venturebeat.com.)

Presumably, Apple will issue a fix in the next iOS update, which is due out any day now. In the meantime, if you’re worried about your iPad 2 geting compromised before the update is released, there is a temporary solution. As 9to5 Mac points out, iPad owners can disable the Smart Cover locking/unlocking function found in the Settings app under the “General” tab.