Student Attempting To Improve School Security Suspended

TA_TA_BOX writes "The University of Portland has handed a one-year suspension to an engineering major after he designed a program to bypass the Cisco Clean Access (CCA). According to the University of Portland's Vice President of Information Systems, the purpose of the CCA is to evaluate whether the computers are compliant with current security policies (i.e., anti-virus software, Windows Updates and Patches, etc.). Essentially the student wrote a program that could fool the CCA to think that the computers operating system and anti-virus were fully patched and up to date. 'In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues. He says that the method he chose is "one of six that I came up with." Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed. "I was planning on going to Cisco with the vulnerability this summer," Maass says. '"

Re:Read the second link

[OverlordQ]

If he's on a ROTC Scholarship he should know better then to pull something like this without prior notification, and without the knowledge of the people whose systems he was 'testing'

IT staff

[bussdriver]

University IT staff are almost all dork sysadmins. They handle the unknown almost superstitiously just a bit more advanced than using lucky charms to aid them. When something like this happens they freak and pull out their "lucky" conviction charm.

Re:University doing a favor

[Ja'Achan]

Are you saying that pants are a sufficient defense against rape?