Student Attempting To Improve School Security Suspended 282
TA_TA_BOX writes "The University of Portland has handed a one-year suspension to an engineering major after he designed a program to bypass the Cisco Clean Access (CCA). According to the University of Portland's Vice President of Information Systems, the purpose of the CCA is to evaluate whether the computers are compliant with current security policies (i.e., anti-virus software, Windows Updates and Patches, etc.). Essentially the student wrote a program that could fool the CCA to think that the computers operating system and anti-virus were fully patched and up to date. 'In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues. He says that the method he chose is "one of six that I came up with." Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed. "I was planning on going to Cisco with the vulnerability this summer," Maass says. '"
University doing a favor (Score:5, Insightful)
Re:University doing a favor (Score:5, Insightful)
Re:University doing a favor (Score:4, Insightful)
NOW, that being said, I am the first that will say - if you do something like this, know that you are breaking the rules and be prepared to pay the consequences (the guy is ROTC, and probably is going to own the Air Force some money). If you stumble upon something, that is one thing. But to blatantly break the rules for SEVEN months - bad idea.
And the guy can say "I was planning on going to Cisco with the vulnerability this summer," But that is just talk. Yes, it could be true, but it also could be something he is saying to try to cover his butt since he was found out. Sorry, paint me skeptical.
RonB
Re: (Score:3, Insightful)
Now imagine that a virus got in through this hole and deleted all their e-mails on campus. What would the opini
Re: (Score:2, Insightful)
Re: (Score:2, Insightful)
Have you any idea how much confidential information lives on university networks? Many university researchers sit on loads of proprietary and/or highly sensitive data with confidentiality and nondisclosure agreements up the yingyang. Public health, national security, and defense research come to mind. Security MUST be part of the picture, lest the university loose the trust and the funding from external sources that value the privacy of their data.
You mus
Re: (Score:3, Interesting)
Believe me, UP is a nice school, but it's not one of those.
Having worked with some of these particular IT people, they're mostly ignorant and get very nasty about any who tries to point it out. They are only coming down on him so hard because he made them look bad. It's being done to make him an example to anyone else who might make them look bad.
They reall
Re: (Score:3, Insightful)
As someone who has fallen victim of University ID theft (SSN taken from a University computer), this guy could have been putting information at risk. Sorry, do not pass go, do not collect $200.
RonB
Re:University doing a favor (Score:4, Insightful)
There should be no connection between computers in dorms, labs, and classrooms, and any computer that has secure/financial information. They shouldn't have to rely on a crappy program from Cisco to give them the illusion of security.
Sorry about your ID theft. I'm a veteran who uses the VA, and I'm sure my SSN was one of those 26 million that were recently compromised. Got a nice letter saying they were sorry but I shouldn't worry. Of course, no credit monitoring, no ability to "freeze" my credit reports... just sit back and wait and hope nothing happens. Kind of like the University in this case... but not by choice.
Re: (Score:2)
Confidential information should not be on a computer connected to an untrusted network, nor stored in an unencrypted format. If your data is that confidential, if you have any network at all it needs to be completely isolated from the outside world (no internet connection AT A
Re: (Score:2)
Now, was it pretty cool that he did this? Definitely. But he was an idiot for not coming forward with it sooner. It completely strips his "I was going to tell Cisco later!" argument of any credibility. If you want students to study vulnerabilities in software, you do it on a closed network; not one that is used by other students and faculty.
This is a s
Re: (Score:2)
If you were a student, you'd have waited until you were ready to apply for a summer internship, that is, if you had any brains or business sense.
BTW - there were students who wre not required to run CCA - they were using macs or linux. There's a lesson there - Windows is not suited for use in schools.
Re: (Score:2)
And, is windows really suited for use anywhere else?
Re: (Score:2)
"But, he should have come forward to a professor or administrator first"
Well, he did give it to one of his professors. Looks like the professor also found it useful to get around the hassles of CCA ...
"And, is windows really suited for use anywhere else?"
I highly recommend all sorts of windows - casement, sliding, patio, even X Windows (or just "X") ... just not Microsoft Windows.
Re: (Score:2)
Re: (Score:2)
So, if you don't have bars on your windows, you deserve to get robbed? If you park your car on the street, you deserve to have it broken into? If a girl dresses slutty, she deserves to be raped? Yeah, great argument you got there.
This is a university, their primary concern should be research, their secondary concern should be education
Exactly. Securing their network against attacks by their own students is neith
Re: (Score:2)
Shame he wasn't a CS major and when he brought it to a professor he should have brought it to the head of the Arts & Sciences department. They usually have a little pull and instead of getting suspended they would have probably contacted Cisco and said "WTF?! Fix this!"
Re: (Score:3, Interesting)
At my uni we are given a pathetic 150mb/month internet quota and we are charged $7/gig extra.
I naturally found a way to get free net and I really dont have any problem using it for personal use.
I dont abuse it or anything either.
If the Cisco software put constrains on how the guy could use the computer then I would hire him in a instant.
The more you try to lock something down, the more people try to fight back.
You'd be stupid
Re: (Score:2)
Its good that he got the flaws out in the open.
Catch me if you can (Score:4, Insightful)
These people can outsmart you every minute of the day if you give them reason to. Why not just employ them and get on their side?
Oh right, this isn't about security, this is another stupid power struggle.
RTFA before commenting... (Score:5, Insightful)
Would you care to quote the policy you claim he broke?
No, it sounds like he embarassed the University IT administration, so they closed ranks and used a kangaroo court to express their displeasure. Dean Wormer put him on double secret probation first, I'm sure.
Re: (Score:3, Interesting)
And, btw, university code of conduct, aups and the
Re: (Score:3, Informative)
Put that in your smug pipe and smoke it.
Re: (Score:2)
Keep in mind that some universities require that you run only WINDOWS on machines attached to their network, including computers connected from your dormitories. Sometimes policy is stupid and ought to be ignored, just as unjust laws ought to be broken.
Re: (Score:2)
Re:University doing a favor (Score:4, Insightful)
You obviously didn't read the articles. He did nothing that people with Macs or Linux or BSD on their computer are allowed to do. Its only Windows computers that they force users to run Cisco Clean Access ... and they also force them to us Symantec Antivirus instead of letting them choose ther own AV product.
Considering that Symantec AV is not the only antivirus out there, if you were running a different antivirus, you would have to bypass CCA as well.
Check out the article - CCA was taking up to 20 minutes to load - who wouldn't bypass that?
Also, it is not clear that it "violates university policy" to write such a program, if you're a computer major, and your class work involves looking at vulnerabilities in software - which is what he learned in class. Then again, those who can, do - those who can't - teach.
FTFA:
"Disrespect for authority?" "Disorderly conduct?" Aren't they part of what yo go to university for - to question the "accepted wisdom"? Or are universities becoming enclaves where they'll start teaching that women have fewer teeth then men, because Aristotle taught that, and it must be true... (in this case Aristotle was clearly an idiot - he was married - twice - and never bothered to check!!! Sort of like the university's VP of IT, because they don't understand the difference between a program a student runs on his own computer, and "hacking their system.")
So, are they going to suspend every student who goes on a kegger? Flips the bird at a politician? Refuses to let their computer be hijacked by a buggy program? Sounds like a great place not to get an education.
BTW - his actions exactly suit his words - of course he'd withhold giving it to Cisco until he was ready to ask for a summer job / internship. Your uninformed criticism of him, on the other hand, shows you're real university administration material.
Re:University doing a favor (Score:4, Insightful)
First, any computer user can get around CCA just by using Firefox and using the user agent switcher to say that its running Linux - and this is very well known, has been for a long time, so CCA isn't about security; its about promoting a cover-your-ass mentality.
Second, CCA is part of the problem, not part of the solution. CCA isn't a cure - it's a "feel good because we're doing something about it" thing. A cure, on the other hand, will only come about if people get cut off the network because their Windows box is p0wned. Then maybe they'll switch to a real operating system, and everyone will be ahead. The longer people continue to insist on their "right" to use a proven crappy toy operating system, and the longer its tolerated, the harder it gets to fix everything.
Third, nobody was asking the school IT department to support "any software package" - if you had bothered to follow all the links, and then do some more research, you'd have found out that the VP of IT is despised by students and faculty, in part because of the crappy "support" for essentials (like half the computers in engineering don't work, AND they're not available after hours), but still finding time to force everyone to use CCA spyware.
Fourth, he wasn't "hacking a production network." He wasn't trying to break into a database, or steal sensitive information, or access the network on conditions different from any mac or linux user ... or any windows user running firefox and user agent switcher. Get a grip. Be less pompous. CCA is a piece of shit. Its KNOWN to be a piece of shit. Anyone who thinks they're secure because they run CCA is incompetent and should be fired - which is what a lot of people are saying about this particular VP of IT, for this and other problems.
Fifth, its a university network. If its not there for the student's education, WFT IS it there for? (aside from downloading pr0n, that is). Its already "insecure" (CCA is readily bypassable by the firefox user agent trick) so what's the harm of pointing out other ways that CCA fails in its purpose? Or are you one of those who actually believes "security through obscurity and SLAPP lawsuits" works?
Sixth, we already know that monocultures are a bad thing. Requiring that all Windows users use the same brand of antivirus is just f*cked up. This was a stupid decision, because CCA can be configured to accept a list of AV packages. Bypassing CCA in this case is necessary if you want to avoid the problems of a monoculture within a monoculture.
Re: (Score:3, Interesting)
Does that mean that a student who owns a Mac won't be allowed on the University Network since Macs don't need, or at least very few of them have any anti-malware crap? Does that mean Mac users, or even Windows users are forced to run all sorts of garbage software, just so they may use the University's precious network? I'd find myself a more enlightened place to spend precious education dollars. What business is is of anybody to sear
Re: (Score:2)
Au contrair. The biggest offense was signing the policy and then using his software on a system that was not his to bypass security assessments.
Who the hell thinks that this guy wouldn't do the same damn thing, were he hired by a securities brokerage?
It's a cannard that he was only testing it. It worked. There was no reason to continue the subtrefuge. He should have expunged t
Don't do security research in the US (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Using the Ravenous Bugblatter Beast of Traal method. All we need to do is arrest anyone who points out your obvious idiocy then the obvious idiocy will obviously disappear.
PS IAASR, though a relative beginner at the job.
Re: (Score:2)
Re: (Score:2)
Th
Re: (Score:2, Funny)
Ookaaay then (Score:5, Funny)
Getting past two imflammatory headlines (Score:4, Insightful)
In any case, he didn't go around giving out exploit code, and he even worked on the problem of patching the hole (as well as solving other problems with the CCA software), with the intent of full diclosure of the patch and upgrades. This isn't really a punishment for breaking things, it's a DMCA-style punishment for figuring out how someone might break things.
Re:Getting past two imflammatory headlines (Score:5, Insightful)
In any case, he didn't go around giving out exploit code...
From TFA:
Also from TFA:
I don't think this guy deserved the punishment he got. But the whole, "I was just trying to help them" argument sounds fishy. Seems more likely that the uni put cumbersome security requirements on students, this guy tried to circumvent them, and the IT folks caught him and overreacted.
Not impressed (Score:5, Interesting)
Re:Not impressed (Score:4, Interesting)
Re:Not impressed (Score:5, Interesting)
http://www.securityfocus.com/archive/1/408603/30/
As in, they've known about this for at least 20 months...
Re: (Score:2)
My experience with CCA (Score:2, Interesting)
Re: (Score:2)
I found that, rather than booting into SuSe, I was better off just grabbing firefox and telling the User Agent Switcher to represent me as a Mac or Linux, or anything else, really. I never had a problem after, never needed to download the software, and I passed on this tip to dozens of individuals. Six weeks after the beginning of the semester, Network Operations came to me (I had intervewed for a part-time position there) and asked
Re: (Score:2)
University policy exists for a reason and must be followed!
Think about how many viruses would be caught if everyone were like you! None! What would we do then?! Why, we would be unable to justify our salaries!
Adam Zweimiller, we are obligated to bring the hammer down upon you!
Heh (Score:3, Insightful)
Cisco Clean Access Agent... (Score:5, Interesting)
Re: (Score:2, Informative)
At this university the rules only enforce that you've got McAfee and the EPO agent installed, that your patterns are up-to-date, and that you're at a reasonably recent patch level for Windows. They're only set to restrict systems we can reasonably expect to enforce policies
Re: (Score:2, Informative)
Glad he didn't use his powers for evil... (Score:2)
Am I Nitpicking (Score:3, Interesting)
~S
Re: (Score:2)
Re: (Score:2)
Read the second link (Score:2)
If you look at it out of context, their decision makes some sense, however, as soon as you apply ANY logic to it, their reaction is way too far. What is the result? I would never do research there or even TOUCH anything security related. Imagine if you got suspended because you left
Stop instituationalizing young people (Score:5, Insightful)
Steve Jobs openly admits to phone phreaking and calling the Pope. Both he and Bill Gates eventually dropped out of school. It's clear that, to become a person of substance, you have to be willing to challenge authority once in a while. Are we trying to raise a generation of corporate drones who are so obedient they can never pose a competitive threat to existing oligarchy. Are we so insane we let disturbed students stay in school and own guns, but suspend ones who are merely using university's property, paid for by their tuition, more efficiently than average?
wow, excellent points (Score:5, Interesting)
Which brings up your main, and correct, point. It's sad when we penalize so harshly for students just being clever. Would they have suspended him for a year for putting a penny in the dorm elevator (in effect locking it on a single floor during early morning rush time)??? I often joke, and I'm sadly accurate: If I did half of what I did 20 years ago in highschool and later college....today...I'd be a multiple strike felon...and yet no one or any property was really ever hurt
Re:wow, excellent points (Score:5, Interesting)
In under a week I had captured the accounts of every active student user on the system, plus all the supervisory accounts. It was pretty unbelievable (as in, "holy SHIT Jesus Mary mother of God" unbelievable) and I couldn't understand why there were no precautions taken against that sort of thing. Needless to say I had no problems with account time after that. That was on the one mainframe: there was another guy, pretty sharp coder, that figured out what I was doing. At first I thought I was screwed, but he was delighted by the idea and duplicated it on the bigger system (this was years before the word "pwned" came in to the popular lexicon but it's no less applicable.) No surprise, a few days later and he had the run of that machine. So far as I'm aware, nobody ever figured out what we'd done. The big system was the one that had everything administrative on it from student grades to paper clips and we could have wreaked havoc if we'd wanted to. As it was, though, we just wanted more computer time to do our homework.
A couple of years later my father testified in front of my State's legislature regarding a new "computer crime" bill they were shopping around. It was one of those ridiculous "zero tolerance" laws that make the lawmakers look "tough on crime" but end up shafting a lot of people that don't deserve it. Dad pointed out to these idiots that, if passed, their brain-child would immediately criminalize 90% of the best and brightest students in our engineering and computer science curricula. They backed off in a hurry and came back with a more reasonable bill, which never got passed anyway.
That was then. Nowadays, I don't think our lawmakers would bat an eye if they put half our smartest engineering students in jail. They're just engineers, after all, and
Re: (Score:2)
Re: (Score:2)
I ended up opening it as a text file in dreamweaver and fishing the file out of the cache folder.
I'll spare the complaints about the rest of that whole experience as they're offtopic, but I will
If everyone had guns.... (Score:2)
Either way, there are ways to attack someone who has a gun without a gun, and actually WIN.
1. Find a fire hose, and spray the whole floor so its slippery when running, you can even spray it directly on him to make him fall.
2. Get a fire extinguisher and spray him/hall way/room like hell so its so foggy you cannot see anything, and breathing those chemicals in is
not nice either.
Re: (Score:2)
Depends on what you mean by "we". If you mean the powers that be, the average person, the democratic mean, then... yes, "we" are. If you mean you, or me, specifically, then no "we" aren't.
PS I wonder: you ended your sentence with a period instead of a question mark; was it a rhetorical question.
I hope he has his assertion well documented (Score:4, Insightful)
The article summary posted here on
Maass' program was in use for approximately seven months before the University froze his UP account.
So he ran this thing for most of the school year and gave it away to his friends and put up a facebook page about it without telling Cisco? At some point it starts to look like the, "I was about to tell Cisco!" claim is just an excuse to get out of trouble. Once he had a working demonstration he should have approached Cisco, not distributed it while he put off talking to the vendor for half a year.
Still, it seems like the uni is going overboard on the punishment.
Re: (Score:2)
Re: (Score:2)
Normally, what one do on his/her own personal machine is that person's business and nobody else's, including the network administrators, unless and until he/she causes harm to the normal operation of the network or other systems on the network.
Okay, maybe putting it on a facebook page was stupid....
When will people learn.. (Score:2)
They'd rather things disappear and get bitten in the ass for it in the future, than deal with it now, if it means someone's going to get embarrassed. There's no intellectual honesty anymore..
Schools... (Score:2)
Wait, that is the lie people have been telling us forever.
School (high school and univ) in my opinion is a very poor excuse for "preparation" for the real world. In all of the jobs that I've had, identifying, working through, and solving problems is what its all about. Of course in school, the students are rarely if ever
Re: (Score:3, Insightful)
Imagine what the job market and the economy would look like if everyone in our overpopulated civilization who
Re: (Score:2)
College (and life) is what you make of it, don't complain about being spoon fed everything when you never showed any ability to eat on your own.
Re: (Score:2)
Re: (Score:3, Insightful)
Likewise children should be taught to do the damn work, contrary to what you
Re: (Score:2)
Yes, in any job there is paperwork and boring repetitive things that aren't fun. But, in school for me I would be assigned 50 math problems, I could do 2 or 3 and I would know the concepts and understand how to apply them to various different problems. I could based on those 2 or 3 problems get 95%+ on tests. Unfortunately, if you can't stand to be completely bored for 2 hours and crank out those
lets just suspend ALL students and save time (Score:5, Interesting)
why is this country SO AFRAID of students and so into controlling them? I'm not sure I could survive in a modern high school or even college environment now. I'd be too angry all the time at how badly they are mismanaging our youth.
I am quickly losing all my faith and trust in the so-called 'education system' we have in the US. its becoming not much more than babysitting and nannying.
and I fear for the kind of young adults we are going to produce from this brainwashing factory we call 'school'.
anyway, what good is there in suspending this kid? what does that accomplish? the fact that he found YOUR security flaw embarassed you? is that a reason to punish him?
perhaps the school does not DESERVER your funding. yes, YOU fund the school - they work FOR YOU. its not the other way around. YOU are the consumer. if school-A is giving you crap, why not take your business elsewhere? yes, school IS a business - very much so.
ob simpson's quote (Score:2)
Re: (Score:2)
you must be knew here (grin).
in use for seven months (Score:2, Informative)
We avoided situations like this... (Score:3, Funny)
The solution...
Take the engineering department off of the campus network and maintain it ourselves.
It worked out fairly well when I was there, but resulted in some equipment deficiencies. We ended up getting the backend of the upgrade cycle, but that was fine as we were allowed to "blow them up."
This would not have worked without volunteer work and when I had returned I was already a competent admin. It probably wouldn't scale too well, but it's a good learning experience for some.
It does lead to issues though...
At one point, a professor proclaims the network seems to be having issues and at that point I poked my head up.
"Um, no it's not... I'm putting in dDNS... because it looked like fun."
Things were back up momentarily. (Hey I was young!)
The best was probably the day I rooted the servers and updated the motd.
"Under new management -- cylix"
This was of course the policy for gaining administration for maintaining systems. The final system I had to social engineer my way into... sorta... I basically made it into the server room with the prof maintaining things and he left to go get some papers. He knew I was after the final system and just wouldn't let me take it over without a fight. He had to know what I was going to do and probably just wanted to see how fast I could get my hands into the system. The moment he stepped out I tackled the keyboard like it was a drunken cheerleader.
The only catch was no denial of service. So, if you were going to bring something down... no one could notice.
Fun times!
Tell people before doing this type of project (Score:2)
If he had nothing to hide in the first place, then he shouldn't have hid it in the first place.
University of Portland (Score:4, Informative)
To be honest... (Score:3, Insightful)
Let's see.... (Score:3, Funny)
Total? -9 points. Not good. The university had no choice. For reference, here is the scale:
Too bad the guy may lose his scholarship. He presented it wrong, especially giving it out and not telling Cisco immediately, along with running it himself. But it doens't deserve a full suspension for a semester.
CCA (Score:3, Informative)
If your CCA isn't acceping an antivirus scanner you like, why not go through the proper channels to find out *why* it's not supported and see about getting that fixed?
the article doesnt mention.... (Score:2, Informative)
Re: (Score:2)
From the misleading headline department (Score:4, Informative)
* He used the software to bypass the security check for seven months
* He distributed the software to several other students and a professor
* He did not disclose the vulnerability to the vendor before releasing his exploit
* He did not ask permission
Now, this is not to say that the University's use of CCA is wise or it's reaction was reasonably proportionate to the damage done. (If the damage and the policy violation is as minimal as the article claims, a 1-year suspension is insane.) But Mr. Maass did not do a good job of covering his ass, either.
Let this be a lesson to the next guy.
This program was overkill. (Score:2)
Re: (Score:2, Informative)
Blue Squads of Death (Score:2)
Gates Announces Security Death Squads [bbspot.com]
This illustrates "transitive trust" fallacies (Score:5, Insightful)
Think about it logically for a second
Trusted input (e.g. Cisco Clean Access)
+ Untrusted computation (unknown host)
!= Trusted output (i.e. an assertion from the CCA that the computer is trustworthy)
The nature of this equation is that the untrusted computer is implicitly trusted to compute its own trustworthiness. What ramifications does that have on the real world analogies?
Banker: Can I trust that you'll repay this loan for $1 Billion?
Some joe off the street: [Hides "will work for food" cardboard sign behind his back.] Uh, sure.
And yet, how many NAC/NAP vendors actually try to challenge the unknown host (java applet, activeX control, native code, etc.)? Answer is: nearly all of them, unfortunately. Even if Cisco fixes this hole, what will happen next? This is not unlike Cisco trying to sell a perpetual motion machine-- this simply defies the "natural laws" of security.
--
NAC is not the answer. How about those good ol' 3270 connections?
"go to Cisco?" then he's documented his code then (Score:2)
I have a hard time believing his story without some proof he'd been discussing visiting Cisco or interning there well in advance of getting busted for spoofing their APIs.
LoB
Honest Your Honor! (Score:3, Funny)
Bait and Switch (Score:5, Insightful)
"Trying to improve security" my a$$ (Score:2)
It may be unpopular, but when you connect your computer to some networks you do so under agreement which may limit what you can do, may require you to consent to monitoring, and may require you to install software to enforce the terms of that agreement. Tampering with the software may be a violation of that agreement, it doesn't matter if it's "your" computer, we're talking contracts here.
There's no
Cho Vs Maass (Score:2)
Wasn't it his computer? (Score:2)
From what I gather, the breach occurred on his own computer!? Since when does keeping your own computer private from the intrusive eyes of others count as a computer crime?
Essentially, what the university is asking for is the root password to your own machine, in exchange for network access. I think I'd rather do without the university network if I had to run snoopware.
And on what ethical principle does the university believe they have a right to own a machine for which they haven't paid? I can un
Re: (Score:2)
Well, if he gave it to Cisco, he'd lose control over what happens to it, and Cisco may well release a patch but that wouldn't mean that his school would obtain it right away. He probably wanted to talk it over with the school first to make sure his own school's interests were covered before letting it get out.
And for this loyalty, he gets suspended.
Typical.... absolutely typical.
Re:This summer? (Score:4, Informative)
I take back what I said before.
The idea that he was about to tell Cisco about it is a pretty weak cover story, given his behaviour.
Re:This summer? (Score:5, Insightful)
OTOH, if he were smart enough to break this thing and he were malicious, he would have instead sold it to some Russian hacking group to put into new viruses. He didn't. He didn't crack anybody else's machines with it. He didn't run it on university equipment. He didn't do any of the thousands of truly malicious things he could have done. Based on that, I see no reason to believe that the guy didn't intend to tell Cisco about it... but probably not until after he graduated so that he wouldn't have to deal with a bug-fixed version of the software that disabled his workaround....
Instead of using the software maliciously (which would have been relatively easy by comparison), the guy just ran it on his own personal machines and gave it to other people to willingly run on their own personal machines so that they could use the network without the interference of an overbearing piece of security software. All the guy did was write software that made it look like he was running the stupid tool that the uni required him to run in order to use the network without actually having to run it. That's hardly malicious behavior, and if the guy was running reasonable antivirus protection software and was keeping up-to-date with security patches without the "assistance" of the tool in question, it really didn't create any significant security risk, either.
No, this is a typical knee-jerk reaction by bureaucrats. I would expect nothing better from most universities, but it's still a shame every time someone's life is needlessly wrecked because of a bunch of pencil pushers.
Never help a corporate, NEVER (Score:2)
If any thing, give the info to a smaller competitor so they can exploit it in marketing.
Unless you know the IT admin or department head personally, dont go being a hero and make them look bad.
If they arent your friend, they are your enemy
Re: (Score:3, Interesting)
If the former, then yeah, the kid had it coming. You don't bypass security on computers that aren't yours. Punishment was too harsh, but it sounds like he did break policy, and the university is in the right to do something. If he didn't have permission to bypass security on their network for research, then he has no excuse.
Now if it was the latter, and he did this on his OWN machine on the uni
Re: (Score:2)