Hey wiki comics is advertising some pharmacy links you can find below. Sorry for any inconvenience. Hope you can understand... Links are below: Tadalafil Citrate | generic cialis 10 mg | tadalafil citrate 10mg | tadalafil citrate 5mg | generic cialis 40 mg |

Business - Written by on Tuesday, September 30, 2008 8:43 - 5 Comments

Jeff DeChambeau
When being open isn’t your choice

Carleton University has been in the news lately for being the victim of a hacking attack. Erm, more accurately, Carleton has been in the news for having a student, Mansour Moufid, identify a serious security flaw in the Carleton Campus Card, which enabled him access to the email passwords of 32 of his fellow students. Moufid then wrote a report on how he was able to breach the school’s security, and snail mailed it to the school’s security department, who ignored him (says Moufid).

Ten days after mailing the physical copy of the report to Carleton, Moufid emailed the 32 students whose accounts had been completely compromised, and informed them that the school had been made aware of the attack on security, and had decided to ignore it. One of the students happened to be an intern at a CBC newsroom, and her supervisor found the story to be interesting — it grew from there. Carleton said that they only received the package the same day that Moufid emailed the 32 students, leaving them with no time to do anything at all.

Moufid’s attack came from recognizing a substantial logical flaw in Carleton’s user authentication system: that once someone has access to a compromised email account, they have direct access to just about everything else. After seeing this design flaw, Moufid worked backwards, using what he knew about the Carleton systems, to figure out his point of attack, which turned out to relate to the Campus ID cards.

Once word was out that Carleton was looking for the hacker, Moufid promptly turned himself in. Carleton did not elect to expell him, but instead made it a condition of his continued presence at school that he claim to have lied about alerting the school to the security issue, among several other punishments.

While my heart goes out to Mouffid, I think he could have handled the situation in a much more delicate manner, Universities are built on reputation, and don’t respond well to students taking direct, public attacks on their reputations.

Since I’m still a student, this story hits home for me. Not because I intend to break into my school’s security system, but because someone else may have already, and my school could be sweeping it under the carpet. As the two links to wikileaks above point out, once the information is out there, it’s out there, and there won’t be a broom large enough to clean up the mess so that no one finds out.

As for how a university expects to have a population comprised almost entirely of the leaders of tomorrow, and be able to repress information that that population has access to, I’m not sure — I don’t see it happening. By ignoring Moufid, and then trying to discredit him (assuming that Moufid had given them plenty of notice), Carleton has set a precedent that will deter future students from bringing forth security issues: it paints their options as either allowing the insecurities to remain (by being ignored when hilighted), or receiving harsh penalties for trying to bring those security flaws to light.

I don’t mean to be hard on Carleton, it just happens to be the school where this incident happened, but it could just have easily been anywhere else. Universities need to make sure that they’re properly prepared for, or at least open to the idea of, uncomfortable situations such as these when the powers that be aren’t the ones with all of the answers.

Members of the net generation will scrutinize everything to make sure that it meets their standards, including especially the security systems that their universities provide. When you’ve got the architects of the security systems of tomorrow on hand, and they’re happy to find the holes in your current security system for you, it seems only prudent to seriously entertain their suggestions.


You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Sep 30, 2008 9:35

this is great writing

even a strikethrough- good net writing. :)

Sep 30, 2008 16:32

It’s improbably to think a university, with budget constraints, will have the best IT security.

Jeff DeChambeau
Sep 30, 2008 23:39

Thanks jpeek.

Brent, while I agree that schools are tight on money (though I can’t fathom how, given how much of mine I’ve given them), I am inclined to think that it’s cheaper solving a problem quietly once than it is to solve it in plain view of the world after spending money on PR to clean up a mess that the problem created. I guess it’s a gamble that schools have to make, though it shows a marked lack of faith in the ingenuity of their students if they make the wrong bet.

Oct 1, 2008 4:37

Recent years have delivered too many lies by those in trusted positions, and it is an outright abuse of authority to attempt to force a student to lie to the public and discredit themselves. Budget constraints are no excuse, frankly I’m sick of accepting any excuse.

Abuse of the public trust deserves zero tolerance. Bring back some respect to these institutions, integrity first, money second.

Oct 23, 2008 15:09

You are right Tel:too many lies by thoses in trusted position visit this link and you will see another lie bu those in trusted position:


Now available in paperback!
Don Tapscott and Anthony D. William's latest collaboration, Macrowikinomics: New Solutions for a Connected Planet. Learn more.

Business - Oct 5, 2010 12:00 - 0 Comments

DRM and us

More In Business

Entertainment - Aug 3, 2010 13:14 - 2 Comments

Want to see the future? Look to the games

More In Entertainment

Society - Aug 6, 2010 8:19 - 4 Comments

The Empire strikes a light

More In Society