March 29, 2021 Opener

A student suspects there is a vulnerability on a system where student grades are stored. She tests this by trying to exploit the vulnerability from the network (because she is not authorized to use the machine and does not have an account on it). She succeeds, becoming root, and reports both the hole and her exploiting it to the system staff, who in turn report it to the chairperson of the department. She is promptly hauled before the Committee on Student Support on the charge of breaking into a computer system.

  1. Did the student act ethically by testing the system for the security hole before reporting it?
  2. Did the chairperson act ethically by filing charges against the student?
  3. The system staff did not fix the hole, because the action taken by the CSS would deter any future break-ins through that hole. What do you think of this?
  4. What do you think of a disciplinary committee being called the “Committee on Student Support”?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of March 27, 2021 at 2:14PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh