A student suspects there is a vulnerability on a system where student grades are stored. She tests this by trying to exploit the vulnerability from the network (because she is not authorized to use the machine and does not have an account on it). She succeeds, becoming root, and reports both the hole and her exploiting it to the system staff, who in turn report it to the chairperson of the department. She is promptly hauled before the university's equivalent of our Student Judicial Affairs on the charge of breaking into a computer system.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562