Welcome to The CITE -- a blog on Course materials, Innovation, and Technology in Education, created by Mark Nelson and now part of the Publications Department of the National Association of College Stores. CITE is a pun with multiple meanings - referring to cite as in citation, something people reference; site as in location, website, or place people go to; and sight as in foresight or looking ahead to what is coming. Comments, discussion, feedback and ideas are welcome.

Friday, September 12, 2014

Coursera Is Quick to Fix Possible Breach

While preparing to teach Stanford Law’s first Coursera class, the instructor stumbled across a potential breach that could have knocked Apple’s issues with a hack of iCloud security and compromising photos of entertainers out of the headlines. Jonathan Mayer, a computer scientist and lawyer, while setting up his massive open online course, was able to gain access to nine million Coursera names and email addresses.

In a blog post, Mayer wrote that: 
  • Any teacher can dump the entire user database, including over nine million names and email addresses.
  • Once logged into your Coursera account, any website that you visit can list your course enrollments.
  • Coursera’s privacy-protecting user IDs don’t protect much. 

Mayer alerted Coursera, which addressed the issues immediately and sent an apology to its users. Once the patches were completed, Mayer found plenty of improvements, but problems still exist.

“The bad news is that anyone with teacher access can still look up any individual student’s contact information, so long as he or she either knows the student’s internal ID (it’s embedded in many pages) or can guess a distinctive part of the student’s email address (maybe try first initial last name?),” he said. “That’s a questionable security model, and it’s potentially inconsistent with Coursera’s privacy policy.”

No comments: