When 20-year-old Ahmed Al-Khabaz, a computer science student at Montreal's Dawson College, discovered a critical flaw in his college's student web portal, he decided it was his "moral duty" to share the discovery with the institution's leaders so that the bug can be fixed before doing serious harm.
But what he probably could not have imagined at the time is that this - for all intents and purposes - honorable decision will ultimately lead to his expulsion from college.
Al-Khabaz, who was also a member of the college's software development club, and fellow student Ovidiu Mija were working on a mobile app that would facilitate the students' access to their account on the portal in question, when they discovered that the web application's "sloppy coding" allows anyone with a basic knowledge of computers to access all of the student's accounts and the information contained in it: personal information (including Social Security numbers), grades, class schedule, and more.
Continued : http://www.net-security.org/secworld.php?id=14274
Computer science student first praised, then expelled for poking around
Canadian Student Expelled After Finding Critical Flaw in Software Used by Colleges