MIT Master's Program To Use MOOCs As 'Admissions Test' ( 104

jyosim writes: In what could usher a new way of doing college admissions at elite colleges, MIT is experimenting with weighing MOOC performance as proof that students should be accepted to on-campus programs. The idea is to fix the "inexact science" of sorting through candidates from all over the world. And it gives students a better sense of what they're getting into: "When you buy a car, you take a test drive. Wouldn't it be a great value for prospective students to take a test course before they apply?" said one academic blogger.

ESR On Why the FCC Shouldn't Lock Down Device Firmware ( 134

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

IP Address May Associate Lyft CTO With Uber Data Breach ( 90

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 8

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.

Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms? 81

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

Wealth of Personal Data Found On Used Electronics Purchased Online 67

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."
The Internet

Yale Makes Available Online 170,000 Photographs From WWII Period 49

schwit1 writes: Yale University had posted online 170,000 Library of Congress photographs taken in the United States from 1935 to 1945. The photos come from all over the U.S., and can be accessed with this easy-to-use interactive map. They also used the original captions allowing the viewer to get an honest feel for the time period.

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments 41

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Verizon Is Merging Its Cellphone Tracking Supercookie with AOL's Ad Tracking Network 99

schwit1 writes: ProPublica reports that Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL's ad network, which in turn monitors users across a large swath of the Internet. That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — "your gender, age range and interests." AOL's network is on 40 percent of websites, including on ProPublica.
The Internet

Scandal Erupts In Unregulated Online World of Fantasy Sports 173 writes: Joe Drape and Jacqueline Williams report at the NYT that a major scandal is erupting in the multibillion-dollar industry of fantasy sports, the online and unregulated business in which an estimated 57 million people participate where players assemble their fantasy teams with real athletes. Two major fantasy sports companies were forced to release statements defending their businesses' integrity after what amounted to allegations of insider trading — that employees were placing bets using information not generally available to the public. "It is absolutely akin to insider trading. It gives that person a distinct edge in a contest," says Daniel Wallach. "It could imperil this nascent industry unless real, immediate and meaningful safeguards are put in place."

In FanDuel's $5 million "NFL Sunday Million" contest this week, DraftKings employee Ethan Haskell placed second and won $350,000 with his lineup that had a mix of big-name players owned by a high number of users. Haskell had access to DraftKings ownership data meaning that he may have seen which NFL players had been selected by DraftKings users, and by how many users. In light of this scandal, DraftKings and FanDuel have, for now, banned their employees from playing on each other's sites. Many in the highly regulated casino industry insist daily fantasy sports leagues are gambling sites and shouldn't be treated any differently than traditional sports betting. This would mean a high amount of regulation. Industry analyst Chris Grove says this may be a watershed moment for a sector that may need the legislation it has resisted in order to prove its legitimacy. "You have information that is valuable and should be tightly restricted," says Grove. "There are people outside of the company that place value on that information. Is there any internal controls? Any audit process? The inability of the industry to produce a clear and compelling answer to these questions to anyone's satisfaction is why it needs to be regulated."
The Almighty Buck

NY Times Passes 1M Digital Subscribers 92 writes: Many news organizations, facing competition from digital outlets, have sharply reduced the size of their newsrooms and their investment in news gathering but less than four-and-a-half years after launching its pay model the NY Times has increased coverage as it announced that the Times has passed one million digital-only subscribers, giving them far more than any other news organization in the world. The Times still employs as many reporters as it did 15 years ago — and its ranks now include graphics editors, developers, video journalists and other digital innovators. "It's a tribute to the hard work and innovation of our marketing, product and technology teams and the continued excellence of our journalism," says CEO Mark Thompson.

According to Ken Doctor the takeaway from the Times success is that readers reward elite global journalism. The Wall Street Journal is close behind the Times, at 900,000, while the FT's digital subscription number stands at 520,000. "These solid numbers form bedrock for the future. For news companies, being national now means being global, and being global means enjoying unprecedented reach," says Doctor. "These audiences of a half-million and more portend more reader revenue to come."
Hardware Hacking

Sensor Network Makes Life Easier For Japan's Aging Rice Farmers 91

szczys writes: The average age of Japan's rice farmers is 65-70 years old. The work is difficult and even small changes to the way things are done can have a profound impact on these lives. The flooded paddies where the rice is grown must maintain a consistent water level, which means farmers must regularly traverse the terraced fields to check many different paddies. A simple sensor board is changing this, letting farmers check their fields by phone instead of in person.

This might not sound like much, but reducing the number of times someone needs to walk the fields has a big effect on the man-hours spent on each crop. The system, called TechRice, is inexpensive and the nodes recharge batteries from a solar cell. The data is aggregated on the Internet and can be presented as a webpage, a text-message interface, or any other reporting scheme imaginable by utilizing the API of the Open Source software. This is a testament to the power we have as small groups of engineers to improve the world.

Ask Slashdot: Best Country For Secure Online Hosting? 112

An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?

Stolen Patreon User Data Dumped On Internet 161

After the personal data breach at crowd-funding site Patreon reported a few days ago, there's some worse news: the information isn't just in limbo any more; Patreon reported Saturday that the compromised information has been leaked in the form of a massive data dump. (The slightly good news is that no credit card information was leaked.)

Selected Provisions: TPP, CETA, and TiSA Trade Agreements 43

While proponents suggest that international trade agreements increase economic prosperity, writes reader Dangerous_Minds, it's often hard to find much detail about their details. Here's an exception: Freezenet is offering an update to known provisions of the Trans-Pacific Partnership Agreement (TPP), the Comprehensive Economic and Trade Agreement (CETA), and the Trades in Services Agreement (TiSA). Among the findings are provisions permitting a three-strikes law and site blocking, multiple anti-circumvention laws, ISP liability, the search and seizure of personal devices to enforce copyright at the border, and an open door for ISP-level surveillance. Freezenet also offers a brief summary of what was found while admitting that provisions found in the Transatlantic Trade and Investment Partnership (TTIP) as it relates to digital rights remains elusive for the time being.

Vigilante Malware Protects Routers Against Other Security Threats 79

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

DARPA Is Looking For Analog Approaches To Cyber Monitoring 41

chicksdaddy writes: Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog emissions from connected devices, including embedded systems, industrial control systems and Internet of Things endpoints, Security Ledger reports.

DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.

The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."

China Beats US In Early Cuban Internet Infrastructure Investment 109

lpress writes: The US would like to sell Cuba Internet service and equipment, but we have had little success so far. China has won the first round — they financed and installed Cuba's undersea cable, supplied backbone equipment and public WiFi access centers and will provide equipment for the forthcoming home DSL rollout. That being said, Cuba has very little connectivity today and most of what they have and plan to install is already obsolete by today's standards, so they will be buying a lot of equipment in the future.

How Someone Acquired the Domain Name For a Single Minute 70

An anonymous reader writes with the story of how Sanmay Ved bought "" even though it only lasted a minute. BGR reports:We've all been there: It's nearly 2 in the morning and you're cruising around the Internet looking for new domain names to purchase. I mean, talk about a cliched night, right? Now imagine that during the course of your domain browsing, you unexpectedly discover that the holy grail of domain names — — is available for purchase for the low, low price of just $12. Testing fate, you attempt to initiate a transaction. Dare I say, you're feeling a little bit lucky. And just like that, in the blink of an eye, the transaction goes through and the vaunted and the highly valuable Google domain is in your possession. While this might read like a ridiculous plot summary from some horrible piece of nerd fiction, this series of events above, believe it or not, actually happened to former Googler Sanmay Ved earlier this week.
The Internet

Video We Asked Doc Searls: Do Ad Blockers Cause Cancer? (Video) 116

A whimsical headline, but not much more of a shark-jumper than some of the talk we've heard lately from ad agencies, online publishers, and others who earn their living from online advertising. Doc Searls recently wrote a piece on his personal blog titled Beyond ad blocking — the biggest boycott in human history. Naturally, we wanted to ask Doc to expand a bit on what he's been writing about ad blocking and advertising in general. So we had a fine conversation about online advertising -- ending with a challenge to the advertising industry, which Doc says should be looking for ways to produce better, more effective, and less annoying ways to sell to us online.