A pair of Oxford University students have been suspended over a little hacking project they undertook to "expose" security flaws in the University's IT system.

First-year students Patrick Foster and Roger Waite were able to snoop on traffic sent over the network - including email passwords sent in plain text, a contravention of University security policies - and unencrypted CCTV footage. They published an account of their activities in the Oxford Student paper in May 2004, suggesting that University IT systems were "wide open to hackers".

Systems were not "hacked" but "snooped on", according to University techies, who criticised the duo's reporting as inaccurate and “sensationalist”. Oxford dons were also angry with the student hacks' actions and instigated disciplinary proceedings.

Last week Oxford's Court of Summary Jurisdiction suspended Foster, 20, from the university until May 2005. Waite, 21, was banned from university buildings and facilities (a process known as rustication) for a lesser period of one term. He's been suspended from the second year of his history course until January, the BBC reports.

Both undergraduates admitted the various charges (unauthorised access, violating users' privacy and wasting staff time) against them. Foster, a politics, philosophy and economics student, who has since become editor of Oxford Student, and Waite have both vowed to appeal their sentences. ®

Related stories

Oxford Uni hacks-to-hackers land in hot water
Hacking, downloading and bad Web design
Student hackers: we didn't defeat campus debit card system
Victory for commonsense in nuke lab hacking case