Coursera Patched Vulnerabilities Found by a Surveillance Law Professor

The Citizen's Guide to the Future
Sept. 5 2014 12:43 PM

Coursera Patched Vulnerabilities Found by a Surveillance Law Professor

coursera2
Coursera says it will step up its cybersecurity game.

Screencap from Coursera.

Jonathan Mayer, a computer scientist and lawyer, is teaching Stanford Law’s first Coursera class beginning in October. While setting everything up, he’s been “extensively poking around the platform,” and in the process he found a bunch of vulnerabilities, which he outlined them in a blog post. Now Coursera is patching them.

Mayer pointed out that any registered Coursera instructor could use the site’s autocomplete feature to access the platform’s whole user database, which includes information like names and email addresses for 9 million accounts. He also noticed that once users were logged into Coursera, third-party services could potentially access their course registration histories.

Advertisement

In a statement posted early Friday morning, Coursera said that it has patched the vulnerabilities:

We deeply apologize to our learners for any potential risk to their privacy. In our investigation, we have found no reason to believe that our learners’ personal information has been abused. Our team responded immediately to Dr. Mayer’s report, and has now closed off the vulnerabilities that were uncovered. We continue to monitor and improve our platform to provide the best and safest experience to all learners.

It’s heartening that Coursera reacted so quickly to fix the security flaws, but it is a little strange that in its statement Coursera admits to “focus[ing] less effort on deflecting malicious attacks that might be made by one of our trusted partners.” It makes sense to assume that a partner in good standing won’t itself initiate an attack, but leaving data exposed that should be private is problematic no matter what. A malicious hacker can exploit a “trusted partner” just as easily as an untrusted one if a vulnerability exists.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Jurisprudence

Scalia’s Liberal Streak

The conservative justice’s most brilliant—and surprisingly progressive—moments on the bench.

Colorado Is Ground Zero for the Fight Over Female Voters

There’s a Way to Keep Ex-Cons Out of Prison That Pays for Itself. Why Don’t More States Use It?

The NFL Explains How It Sees “the Role of the Female”

The Music Industry Is Ignoring Some of the Best Black Women Singing R&B

Culturebox

Theo’s Joint and Vanessa’s Whiskey

No sitcom did the “Very Special Episode” as well as The Cosby Show.

Television

The Other Huxtable Effect

Thirty years ago, The Cosby Show gave us one of TV’s great feminists.

Cliff Huxtable Explains the World: Five Lessons From TV’s Greatest Dad

Why Television Needs a New Cosby Show Right Now

  News & Politics
Weigel
Sept. 18 2014 8:20 PM A Clever Attempt at Explaining Away a Vote Against the Farm Bill
  Business
Moneybox
Sept. 18 2014 6:02 PM A Chinese Company Just Announced the Biggest IPO in U.S. History
  Life
The Slate Quiz
Sept. 18 2014 11:44 PM Play the Slate News Quiz With Jeopardy! superchampion Ken Jennings.
  Double X
Doublex
Sept. 18 2014 8:07 PM Crying Rape False rape accusations exist, and they are a serious problem.
  Slate Plus
Behind the Scenes
Sept. 18 2014 1:23 PM “It’s Not Every Day That You Can Beat the World Champion” An exclusive interview with chess grandmaster Fabiano Caruana.
  Arts
Brow Beat
Sept. 18 2014 4:33 PM The Top 5 Dadsplaining Moments From The Cosby Show
  Technology
Future Tense
Sept. 18 2014 6:48 PM By 2100 the World's Population Could Be 11 Billion
  Health & Science
Science
Sept. 18 2014 3:35 PM Do People Still Die of Rabies? And how do you know if an animal is rabid?
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.