but will instead be given an important role to play in the Canadian spying industry. What a talented young man! Okay, he made a mistake going into the CRA's database without their knowledge .... the right thing to do should have been to tell the CRA beforehand that he would like to test the system to make it failsafe from the "heartbleed" virus. I don't think this smart guy would have wanted to bleed the CRA data for any other purpose then to show that he could do it... and right now it's not even clear that he did more than access the system via the virus. The extraction of the 900 SIN numbers could have been done by somebody else.
Zoe McKnight and Alyshah Hasham writing at TorontoStar:
....Alleged Heartbleed hacker known for finding flaws.
London, Ont. computer prodigy challenges ‘liked to challenge’ decisions, even in spelling bee.
The young man who stands accused as the Heartbleed hacker has a penchant for pointing out weakness.
As a teenage spelling bee champion, he challenged the judges.
When he was 14, the computer science prodigy tried to warn his high school administrators the computer system was vulnerable to hacking. They didn’t believe him, so he went in and proved it by finding confidential information, his lawyer is quoted as saying.
In university, he was known to send computer science assignments back to his professors with a note saying he’d found an error in the question.
And when the so-called Heartbleed bug — a flaw in computer code that was supposed to encrypt private data, but didn’t — made headlines, Stephen Arthuro Solis-Reyes, 19, allegedly tested the security breach and got himself arrested.
On Tuesday, the second-year computer science student at Western University turned himself in to authorities in London, Ont., where police are helping the RCMP investigation. A statement that said police believe Solis-Reyes extracted “private information” came two days after the Canada Revenue Agency announced the social insurance numbers of 900 Canadians had been extracted from its database. The two have not been directly linked by law enforcement and police have not clarified exactly what Solis-Reyes is accused of accessing.
The flaw in the software, known as OpenSSL and used by major websites like Google and Facebook, had the potential to leave hundreds of millions of online passwords and other sensitive information like credit card numbers exposed. That prompted the CRA to shut down its website for five days in April at the height of tax season.
Solis-Reyes was charged with one count of unauthorized use of a computer and one count of mischief. He was later released. It’s not known how he will plead.
“Maybe he was just testing his skill, and maybe the Canada Revenue Agency is not a good idea to test with,” said Ayan Chaudhury, a PhD candidate who was Solis-Reyes’s teaching assistant for Computer Fundamentals II in winter 2013.
Solis-Reyes received a perfect grade on all four of his assignments and never missed a lab, Chaudhury said. The young man’s work was often used as a benchmark against other students......
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.