Protect your device from malicious ads – CNET

Much attention has been paid this week to the Heartbleed security hole that has affected hundreds of thousands of Web servers. Read staff writer Richard Nieva explain how you can protect yourself from the Hearbleed bug.

In a nutshell, the best protection is to change your Web passwords. All of them. In a post from December 2011, I explained how you can master the art of passwords.

There's not much consumers can do to guard against infected servers, but there's plenty we can do to prevent becoming the next victim of the growing legion of malware purveyors. In a nutshell, don't click that link. This goes double for links in apps on our mobile devices, which generally aren't as well protected as PCs.

According to the Cisco Security Blog's March 2014 Threat Metrics released earlier today, advertising is the most likely source of malware on mobile devices, increasing from 13 percent of mobile malware occurrences in February 2014, to 18 percent last month. Business sites were the source of 13 percent of mobile malware encounters in March, down from 20 percent the previous month; video sites accounted for 11 percent of mobile infections in the most recent month, compared to only 7 percent in the preceding month, according to the report.

Don't be tricked into a malicious click

Security vendor Blue Coat Systems' 2014 Mobile Malware Report points out the increasing danger of ads on mobile devices. According to the report, Web ads supplanted pornography as the most frequent source of mobile malware, accounting for just under 20 percent of all mobile "threat vectors" in February 2014, compared to only 5.7 percent in November 2012; porn-based threats decreased to 16.5 percent of mobile malware encounters from more than 22 percent in the earlier period.

The malicious ads use a tried-and-true infection technique: a legitimate-looking alert warns that the device is infected and prompts you to click to remove the infection. On Android devices, you'll then be prompted to change your settings to allow third-party downloads from sources other than the Google Play store.

That's why one of the recommendations in the report is to download apps only from authorized sources. The company also suggests that you block mobile ads, but doing so takes a concerted effort, and that effort may not be much use.

For example, Eyeo's AdBlock Plus, one of the most popular ad-blocking services for PC browsers (available for Internet Explorer, Firefox, and Google Chrome), isn't available in either Google Play or iTunes. (There is an app called "AdBlock" on iTunes, but it's from a developer I've never heard of, and it appears to be a standalone browser; I describe an alternative ad-blocking browser for Android and iOS below.)

You can download a version of AdBlock Plus for Android devices, but doing so requires that you change the setting to allow downloads from sources outside the Google Play service. Also, you have to configure the app manually by changing your proxy settings.

AdBlock Plus for Android proxy configuration instructionsInstalling the version of AdBlock Plus for Android requires manually configuring the device's proxy settings. Screenshot by Dennis O'Reilly/CNET

Even after the ad blocker is configured, you'll still be shown ads in the device's native browser and in other apps. The clunky configuration process and inconsistent ad blocking lead me to the conclusion that there's a better way, or two actually: the free version of the Mercury browser, which includes an ad-blocking option; and the free Lookout Mobile Security app, which offers a real-time malware scanner. Both programs are also available for each platform from the iTunes and Google Play stores.

An ad-blocking browser

The Mercury browser's ad-blocking feature is off by default. To enable ad blocking in the iOS version, press the settings icon in the top-right corner of the window and choose Settings. Tap Extensions, and toggle the Ad Block setting to On. On Android devices, Mercury's settings icon is at the bottom of the Window. After you choose the Settings option on the menu, press Plug-ins and check the box to the right of Ad Block.

Mercury browser for AndroidThe free Mercury browser for Android and iOS devices includes an ad-blocking extension (Android version shown here). Screenshot by Dennis O'Reilly/CNET

The Mercury browser has many other security and usability features, including a private-browsing mode, login passcode, day/night mode, and an auto-brightness setting. I tested only the program's ability to block ads, which worked well in my testing.

The problem is, most popular Web sites encourage mobile users to download their standalone apps, so browsers aren't used as much on phones and tablets as they are on PCs. That's why an app that monitors all activity on the device is more effective at preventing a malware infection. This is where Lookout's Process Monitor feature shines.

The free version of Lookout for Android and iOS devices includes Process Monitor, which scans your apps and alerts you when one is running a malicious process. (I previously wrote about the Android version of Lookout in September 2012.) The iOS version notifies you of updates and warns you when an attempts to jailbreak the device. You also can back up your contacts and photos and locate a missing device by signing into your account on Lookout.com.

Lookout Mobile Security for iOSThe free Lookout Mobile Security app monitors your Android and iOS devices for malicious activity. Screenshot by Dennis O'Reilly/CNET

The premium version of the program costs $3 a month or $30 a year, and adds the Privacy Advisor and Safe Browsing features. You can try the premium version for 14 days without having to provide a credit card number.

Privacy Advisor lets you know which apps are tracking your location, reading your identity information, and accessing your messages and contacts.

Lookout Mobile Security Privacy DashboardThe Lookout Privacy Dashboard lists the apps that are tracking your location, reading your info, and accessing your messages and contacts. Screenshot by Dennis O'Reilly/CNET

The app's Safe Browsing feature warns you when you're about to click a dangerous link. When you open your browser, an alert appears to let you know Safe Browsing is enabled. In my testing I didn't encounter any links Lookout considered unsafe, so I don't know how the app alerts you or otherwise responds to a dangerous link.

Blocking ads is less effective at deterring infections on mobile devices than the real-time monitoring offered by Lookout. But your best defense is to avoid clicking ads specifically and links in general, particularly when you're unsure of the source -- whether in an email, on a social network, or embedded in an app. In this case, thank you for not sharing.

PC Magazine April Issue Now on Sale: Privacy Takes the Stage at SXSW – PC Magazine

Defiance picks up pace against Turkey’s Twitter – Europe Online Magazine

Istanbul (dpa) - Users were deftly employing workarounds to defy the blackout of Twitter in Turkey, leading to increases in the volume of messages posted from the country, as the government‘s ban of the popular social networking site entered its second day Saturday.

Estimates by data services say millions of tweets have been sent in the first 36 hours of the ban, including some by President Abdullah Gul, who was critical of the move, and pro-government newspapers, which have posted messages trying to justify the decision.

Social media rating agency Somera said usage of Twitter increased by 33 per cent since the ban went into effect.

Hashtags about the ban were trending both inside the country and abroad, making the topic of Twitter in Turkey one of the most talked about issues on social media.

The ban started hours after embattled Prime Minister Recep Tayyip Erdogan promised to "root out" Twitter, which has been utilised by anonymous users to publish audio recordings appearing to implicate the country‘s political elite in bribery and corruption.

The Sabah newspaper printed a list of 16 reasons given by the prime minister‘s office for the ban. One specifically referenced the online wiretap leaks, including recordings of Erdogan‘s private conversations.

"Twitter has become a way for gangs to post illegally obtained montages and voice recordings of a person, which leads way to character assassination," according to reason number four on the list.

The paper also compared the recordings and the wholesale ban of Twitter to Germany blocking specific neo-Nazi accounts on the social media site.

Data-crunching services estimated some 17,000 tweets were being sent a minute from the country. While initially usage dipped in the early hours of Friday, users quickly discovered workarounds.

Some of the most popular methods included changing DNS settings to Google‘s public domain, employing proxy networks known as VPNs, connecting via the Tor network of virtual tunnels and similar systems, many of which are free.

Graffiti and posters went up around Istanbul publicizing the ways to get around the ban. Some Turkish television and radio stations also explained to their audiences how to circumvent the blackout.

Humour has also been deployed. One cartoon depicted Erdogan trying to shoot the blue Twitter mascot, which was on his foot. Another showed him using pepper spray on the blue bird, a reference to heavy handed police tactics for dispersing anti-government protests with tear gas and water cannons.

Turkey passed a controversial new Internet law last month which allows the government to track users‘ browsing history and block websites or specific web pages.

Even prior to the new law, some 40,000 sites were blocked in the country, which also has the highest number of jailed journalists.

The government says it attempted to have Twitter itself block accounts it found problematic, but the company declined.

"Twitter officials have been neglecting hundreds of court decisions since January," the government said, in an apparent reference to law suits brought by members of the ruling Justice and Development Party (AKP) against accounts which they claimed were in violation of privacy laws.

"We stand with our users in Turkey who rely on Twitter as a vital communications platform. We hope to have full access returned soon," Twitter‘s policy team said in a tweet, posted in English and Turkish.

Hurriyet newspaper said the company had employed a lawyer who was engaged in talks with the government, seeking to end the ban.

Experts have cautioned that the government‘s ways of blocking websites may become more sophisticated in the future, making workarounds more difficult.

Level 3 and Cogent ask FCC for protection against ISP “tolls” – Ars Technica

Network operators Level 3 and Cogent Communications today urged the Federal Communications Commission to prevent Internet service providers from charging what they deem to be excessive fees for interconnection.

The Federal Communications Commission's first attempt to create net neutrality rules, which were struck down in court after a challenge by Verizon, prevented discrimination, blocking, and pay-for-play charges on the so-called last mile of broadband networks. This required ISPs like Comcast, Verizon, and AT&T to treat Web services equally once traffic entered their networks and started making its way to residential and business customers.But the FCC implemented no rules for the interconnections between consumer ISPs and Internet transit providers like Level 3 and Cogent. Notably, Netflix pays Level 3 and Cogent to distribute its traffic across the Internet, and ISPs are demanding payment from all three of these companies in exchange for accepting traffic. Level 3 and Netflix both pay Comcast while Cogent has held out. Verizon and AT&T are also both seeking payment from Netflix.

While ISPs say the traffic loads are too heavy, Level 3, Cogent, and Netflix argue that ISPs are abusing their market power, since customers often have little to no choice of Internet provider. That means there's only one path for Netflix traffic to reach consumers, at least over the last mile.

FCC Chairman Tom Wheeler has said he intends to issue new net neutrality rules. Netflix argued for rules that cover interconnection agreements last night, and both Level 3 and Cogent filed comments with the FCC today to outline proposals.

"Level 3 urges the Commission to protect the Internet from this abuse, by ensuring that bottleneck ISPs, which control the only means of Internet access to millions of consumers, are not permitted to impose these arbitrary access charges," Level 3's filing said. "That does not mean that ISPs should not be able to offer—and charge for—CDN, transit, or other services to edge providers and others. Rather, the Commission should declare that large bottleneck ISPs, in addition to offering any commercial services they chose to make available, must also exchange Internet traffic on commercially reasonable terms without imposing access charges. That is, ISPs should be permitted to charge other providers for services they provide, but they may not charge fees simply for the privilege of accessing that ISP’s customers."

Level 3 acknowledged that its proposal lacks some important specifics. "Level 3 does not here propose to define (and the Commission need not define at the outset) every potentially commercially reasonable approach to interconnection," the company said. "But the Commission should set out some principles for, and examples of, commercial reasonableness."

Cogent's filing is similar, with one difference being that Cogent asked the FCC to reclassify broadband providers as common carriers, which would allow implementation of stricter rules. Recognizing that a common carriage classification isn't likely, Cogent spent most of its filing describing steps the commission could take, short of reclassification.

Cogent argued for stricter transparency rules forcing ISPs to disclose network management practices. It also asked for required testing that would show performance data of "the actual speeds at which popular edge-provider content [like Netflix and YouTube] is being downloaded during peak usage periods (7:00-11:00p.m., adjusted for local time zones) on a system-specific level."

When interconnection points become congested, the FCC should have authority to intervene, Cogent said. This would force the broadband provider "to show cause why it should not be required to implement prompt remedial measures to relieve the sustained state of congestion," Cogent said.

Cogent claims its proposal wouldn't prevent ISPs from seeking paid peering agreements, but in practice, the FCC under Cogent's proposal could force ISPs to relieve congestion without payment. "[T]he proposal would allow a broadband ISP the flexibility to attempt to reach a paid peering agreement with peering partners in order to relieve a sustained state of congestion," Cogent wrote. "However, if such agreement cannot be reached, then the broadband ISP must upgrade its interconnection with its peering partner(s) as is necessary to relieve the sustained state of congestion."

The interconnection points carry all sorts of Web traffic, so congestion can slow down e-mail or general Web browsing, but streaming video suffers more because of how much bandwidth it requires.

Netflix's payment to Comcast for a direct connection to its network wouldn't necessarily be outlawed under this proposal, Cogent said. "As long as a broadband ISP's network is not congested at interconnection points to the degree that its customers are not able to reasonably access the open Internet, then the fact that one or more edge providers are paying for a 'dedicated lane' is not inconsistent with the reasonable and timely deployment of broadband service to all Americans," Cogent said.

However, if the payments for "dedicated lanes" are "the product of anticompetitive conduct, then such conduct can and should be addressed by the antitrust enforcement authorities."

While Level 3 and Cogent are in lock step today, they weren't always so friendly. In 2005, Level 3 cut off its peering connection with Cogent, making the same arguments Comcast, Verizon, and others make today.

"In order for free peering to be fair to both parties, the cost and benefit that parties contribute and receive should be roughly the same," Level 3 said at the time, the same argument ISPs have recently made about Level 3 and Cogent. "We determined that the agreement that we had with Cogent was not equitable to Level 3. There are a number of factors that determine whether a peering relationship is mutually beneficial. For example, Cogent was sending far more traffic to the Level 3 network than Level 3 was sending to Cogent's network."

Level 3 and Cogent eventually settled and began exchanging traffic again. Analyst Dan Rayburn pointed out this past dispute today in a blog post accusing Netflix and Level 3 of ignoring inconvenient facts while making arguments that could benefit them financially.

Rayburn argued that Netflix failed its own customers by sending traffic through congested links at Level 3 and Cogent when it "could use multiple providers to connect to ISPs and could also use third-party CDNs like Akamai, EdgeCast, and Limelight, who are already connected to ISPs, to deliver their traffic. In fact, this is how Netflix delivered 100 percent of its traffic for many, many years, using third-party CDNs. Netflix likes to make it sound like there is only one way to deliver videos on the Internet when in fact, there are multiple ways."

In another filing with the FCC today, the Telecommunications Industry Association argued against "prescriptive network management rules," saying they deter network investment. The lobby group also said regulation and enforcement should come only after the identification of "actual harm" and be narrowly tailored.

Level 3 today argued that the un-competitive nature of the consumer ISP market means that ISPs can charge whatever they want and actually charge more for peering than Level 3 does for transit:

Both tolls on edge providers and tolls on transit providers pose the same risks to the free and open Internet. That is, just as an ISP has the incentive and ability to charge tolls to edge providers in order to generate revenues (and which generate significant negative externalities), it has the same incentive and ability to charge tolls to transit providers to generate revenue. If an ISP’s tolls were charged and paid, transit providers, which operate in a highly competitive market which has seen tremendous price compression over the years, would have no choice but to pass these significant, additional costs on to those who purchase transit from them—the very edge providers that the Commission was attempting to protect from such tolls.

While the precise size of the tolls demanded vary from ISP to ISP, in Level 3’s experience they frequently equal or even exceed the price that Level 3 charges its customers for transit to those ISPs’ networks (and the rest of the Internet as a whole). Said another way, some ISPs want to charge an access fee for access to their little corner of the Internet (i.e. their customers) that frequently equals or exceeds the fees Level 3 charges its transit customers to reach every destination on the Internet.

In response to Level 3's latest statements, Rayburn wrote that the proposal itself is too vague to be properly evaluated, and that the failure of companies to release details of existing agreements makes it even harder to decide what a proper outcome should be.

"What I want are all the facts so I can make an informed decision of what should be done. But without details on the current business terms and how they work between all the parties involved and details, with numbers, on how they want it to change, it really keeps all of us in the dark," he wrote.

Comcast declined comment today, but in response to Netflix yesterday, Comcast noted that it supported the FCC's previous net neutrality rules "because they struck the appropriate balance between consumer protection and reasonable network management rights for ISPs."

"The Open Internet rules never were designed to deal with peering and Internet interconnection, which have been an essential part of the growth of the Internet for two decades," Comcast said. "Providers like Netflix have always paid for their interconnection to the Internet and have always had ample options to ensure that their customers receive an optimal performance through all ISPs at a fair price."

UPDATE: AT&T Senior VP James Cicconi gave his company's take in a blog post published late Friday. Cicconi disputed Netflix CEO Reed Hastings' arguments and accused Netflix of forcing AT&T to build new facilities and pass costs on to customers who may or may not subscribe to Netflix.

"[If] Netflix is delivering that increased volume of traffic to, say, AT&T, we should accept the fact that AT&T must be ready to build additional ports and transport capacity to accept the new volume of capacity as a consequence of Netflix’s good business fortune," Cicconi wrote. "And I think we can all accept the fact that business service costs are ultimately borne by consumers. Mr. Hastings blog post then really comes down to which consumers should pay for the additional bandwidth being delivered to Netflix’s customers. In the current structure, the increased cost of building that capacity is ultimately borne by Netflix subscribers. It is a cost of doing business that gets incorporated into Netflix’s subscription rate.  In Netflix’s view, that’s unfair. In its view, those additional costs, caused by Netflix’s increasing subscriber counts and service usage, should be borne by all broadband subscribers—not just those who sign up for and use Netflix service."

Cicconi went on to compare Netflix's streaming service with the mail order service that got Netflix started. "When Netflix delivered its movies by mail, the cost of delivery was included in the price their customer paid," Cicconi wrote. "It would’ve been neither right nor legal for Netflix to demand a customer’s neighbors pay the cost of delivering his movie. Yet that’s effectively what Mr. Hastings is demanding here, and in rather self-righteous fashion...  It’s simply not fair for Mr. Hastings to demand that ISPs provide him with zero delivery costs—at the high quality he demands—for free. Nor is it fair that other Internet users, who couldn’t care less about Netflix, be forced to subsidize the high costs and stresses its service places on all broadband networks."

UPDATE 2: Level 3 VP Mark Taylor offered an explanation as to why the Level 3/Cogent dispute in 2005 is different from the disputes Level 3 has with ISPs today. The dispute came at a time when "our business models diverged and the peering agreement hadn't contemplated that," he said. "Level 3 very significantly extended the geographic coverage of its network, particularly in Europe. At the same time Cogent focused more heavily on one part of the Internet market; Content companies. That meant we ended up carrying bits that moved through our interconnection points for a far greater distance than those bits travelled over the Cogent network. We no longer shared costs equally."

Level 3 still believes that "business benefit and costs should be equally shared," and that cost should be measured in terms of "bit miles," the distance traffic is carried rather than the direction it flows in. Taylor continued:

[T]here are three fundamental differences with that when a global backbone network like Level 3’s connects to a broadband provider like AT&T.

First, if an AT&T subscriber asks to see Internet content, whatever provider is delivering that content has no option but to use AT&T to deliver it to the AT&T customer that asked for it. In other words, unlike the Internet backbone, there is no competitive choice in the last mile of the Internet.

Secondly, our business models are completely different. The backbone operator’s commercial model is to sell services based on the amount of traffic a customer uses at the busiest time. So Level 3’s revenues go up and down as traffic goes up and down. In contrast the broadband operators sell services on a fixed monthly fee irrespective of the amount of traffic consumed.

Thirdly, our network is fully synchronous [and] theirs is asynchronous. Broadband operators sell a service that is built to deliver more bits in one direction than the other. Consumption patterns magnify that effect. It simply isn't even possible to be in balance—not even close.

And so it becomes pretty obvious pretty quickly that a simple ratio of send to receive traffic in no way acts as a proxy for equal business benefit or equal cost.

The market at the Internet's "backbone" where companies like Level 3 operate is a lot more competitive, Taylor said. "Carriers in the backbone of the Internet have similar business models," he said. "They sell services to content companies, businesses and to other network providers like the broadband networks. The backbone of the Internet is highly competitive, and the networks operated there are fully synchronous; that is the pipes that comprise those networks are capable of sending and receiving the same amount of traffic. If a network company is in the same, competitive business, has a similar geographic network and a similar network design then three things are likely true; both networks will benefit equally from interconnection; both networks will incur equal cost for carrying a packet from a to b across their interconnection points; and if either network operator does not want to do business with the other, competitive alternatives are available."

PSA: Having trouble accessing MobileSyrup from Chrome on Android or iOS … – MobileSyrup.com

We’ve been hearing about readers having difficulty accessing MobileSyrup.com from their mobile browsers, specifically when using Chrome for Android or iOS. While the issue isn’t widespread, we’ve nailed down the reason, which is unfortunately out of our control at the moment.

It appears that Google’s Bandwidth management feature, which was brought to Chrome on both Android and iOS last year, is blocking the site from loading across a small subset of IP addresses. The feature sends all mobile data through a Google proxy server, which compresses the data and sends it down to your phone or tablet. At the moment, the only solution to accessing the site when it is not loading appears to be turning this feature off, which could potentially cause you to use more data over a cellular or WiFi network.

To turn off this feature, head to Settings/Bandwidth management/Reduce data usage and turn the feature off. We apologize for the inconvenience, as we understand this is otherwise a very useful feature. We are actively working with both Google and our hosting company to fix the issue, but in the meantime, if you’re having issues accessing MobileSyrup on a mobile browser, this should do the trick.

Install and configure transparent squid <b>proxy</b> server : RHEL/CentOS <b>…</b>

In this tutorial,we will learn about how to install and configure transparent squid proxy server on RHEL/CentOS 6.x .In this practical,we will install Squid version 3.5.0 package in CentOS 6.5 / RHEL 6.5 . Squid server are designed to run in Unix like operating system. Up to version 2.7, Windows Operating System was supportive. Till the date of writing this post, no Windows Operating System supportive port has been developed in Squid version 3.x .

What is Squid Server

Squid is a web cache and web filtering server.It is based upon Harvest Cache Daemon.
Because Squid server has ability to do cacheing, it helps in improving the performance of web access. It can deliver the web content either static,dynamic or streaming way.It helps to speed up web browsing to its end clients.

Default port number use by Squid service

By-defualt port number 3128 is used by squid service

Squid : Transparent Web Proxy Server

Squid Server widely used for Web filtering and cacheing. It is also used as Transparent Web Proxy Server. Transparent Proxy is also known as Interception Caching.

Interception Caching is a process when a HTTP request from client ends redirected to Cache Server(Squid) without doing any configuration in end user clients. By this way,end user clients do not know the traffic has been redirected to cache server(Transparent Proxy)

Transparent Squid Proxy versus Ordinary Squid proxy

In Ordinary Squid Proxy Server, the end user client traffic is redirected to Squid proxy server but for this , we have to configure the web browser settings in each client machine.(We will also show,how to do settings in this tutorial)

In Transparent Squid Proxy, we do not have to do settings in web browser of each client machine.The traffic can be easily redirected to Squid Server. IPTABLES for NAT (Network Address Translation),play very crucial role to setup the Transparent Squid Proxy.(always remember this)

Squid Proxy Server

Install and Configure Squid Transparent Proxy Server

Follow the given below steps to install and configure the Squid Web Proxy Server.

Step 1: Create a yum client repo file in RHEL/CentOS. This step we are doing ,to get the latest Squid version.

vi /etc/yum.repos.d/squid.repo

vi /etc/yum.repos.d/squid.repo

Paste given below contents in file /etc/yum.repos.d/squid.repo

[squid] name=Squid repo for CentOS Linux 6 - $basearch #IL mirror baseurl=http://www1.ngtech.co.il/rpm/centos/6/$basearch failovermethod=priority enabled=1 gpgcheck=0

[squid]

name=Squid repo for CentOS Linux 6 - $basearch

#IL mirror

baseurl=http://www1.ngtech.co.il/rpm/centos/6/$basearch

failovermethod=priority

enabled=1

gpgcheck=0

Step 2: Install EPEL repository in system (For getting Perl packages)

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 3: By using yum command install Squid and perl-Crypt-OpenSSL

yum install squid perl-Crypt-OpenSSL

yum install squid  perl-Crypt-OpenSSL

Below given is reference.It shows the packages which will be installed on using command yum install squid perl-Crypt-OpenSSL

Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Installing: squid x86_64 7:3.5.0.001-1.el6 squid 2.7 M Installing for dependencies: ksh x86_64 20120801-10.el6_5.3 updates 756 k libtool-ltdl x86_64 2.2.6-15.5.el6 base 44 k perl x86_64 4:5.10.1-136.el6 base 10 M perl-Crypt-OpenSSL-X509 x86_64 1.800.2-1.el6 epel 37 k perl-DBI x86_64 1.609-4.el6 base 705 k perl-Module-Pluggable x86_64 1:3.90-136.el6 base 40 k perl-Pod-Escapes x86_64 1:1.04-136.el6 base 32 k perl-Pod-Simple x86_64 1:3.13-136.el6 base 212 k perl-libs x86_64 4:5.10.1-136.el6 base 578 k perl-version x86_64 3:0.77-136.el6 base 51 k Transaction Summary ===================================================================================================== Install 11 Package(s) Total download size: 15 M Installed size: 47 M Is this ok [y/N]: y

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

Dependencies Resolved

=====================================================================================================

Package                         Arch           Version                        Repository       Size

=====================================================================================================

Installing:

squid                           x86_64         7:3.5.0.001-1.el6              squid           2.7 M

Installing for dependencies:

ksh                             x86_64         20120801-10.el6_5.3            updates         756 k

libtool-ltdl                    x86_64         2.2.6-15.5.el6                 base             44 k

perl                            x86_64         4:5.10.1-136.el6               base             10 M

perl-Crypt-OpenSSL-X509         x86_64         1.800.2-1.el6                  epel             37 k

perl-DBI                        x86_64         1.609-4.el6                    base            705 k

perl-Module-Pluggable           x86_64         1:3.90-136.el6                 base             40 k

perl-Pod-Escapes                x86_64         1:1.04-136.el6                 base             32 k

perl-Pod-Simple                 x86_64         1:3.13-136.el6                 base            212 k

perl-libs                       x86_64         4:5.10.1-136.el6               base            578 k

perl-version                    x86_64         3:0.77-136.el6                 base             51 k

Transaction Summary

=====================================================================================================

Install      11 Package(s)

Total download size: 15 M

Installed size: 47 M

Is this ok [y/N]: y

Step 4: After installing squid package, all squid related configuration files will be located at /etc/squid .Explore these files

[root@localhost ~]# cd /etc/squid/ [root@localhost squid]# [root@localhost squid]# ls -l total 48 -rw-r--r--. 1 root squid 419 Jan 27 18:19 cachemgr.conf -rw-r--r--. 1 root root 419 Jan 27 18:19 cachemgr.conf.default -rw-r--r--. 1 root root 1547 Jan 27 18:18 errorpage.css -rw-r--r--. 1 root root 1547 Jan 27 18:18 errorpage.css.default -rw-r--r--. 1 root root 11954 Jan 27 18:19 mime.conf -rw-r--r--. 1 root root 11954 Jan 27 18:19 mime.conf.default -rw-r-----. 1 root squid 2315 Jan 27 18:19 squid.conf -rw-r--r--. 1 root root 2315 Jan 27 18:19 squid.conf.default [root@localhost squid]#

[root@localhost ~]# cd /etc/squid/

[root@localhost squid]#

[root@localhost squid]# ls -l

total 48

-rw-r--r--. 1 root squid   419 Jan 27 18:19 cachemgr.conf

-rw-r--r--. 1 root root    419 Jan 27 18:19 cachemgr.conf.default

-rw-r--r--. 1 root root   1547 Jan 27 18:18 errorpage.css

-rw-r--r--. 1 root root   1547 Jan 27 18:18 errorpage.css.default

-rw-r--r--. 1 root root  11954 Jan 27 18:19 mime.conf

-rw-r--r--. 1 root root  11954 Jan 27 18:19 mime.conf.default

-rw-r-----. 1 root squid  2315 Jan 27 18:19 squid.conf

-rw-r--r--. 1 root root   2315 Jan 27 18:19 squid.conf.default

[root@localhost squid]#

Step 5:Take the backup of squid.conf file.

cp -p /etc/squid/squid.conf /etc/squid/squid.conf.orig

cp -p /etc/squid/squid.conf /etc/squid/squid.conf.orig

Step 5: Disable the SELINUX . Edit the file /etc/sysconfig/selinux and change the value of SELINUX=disabled

vi /etc/sysconfig/selinux SELINUX=disabled

vi /etc/sysconfig/selinux

SELINUX=disabled

Now restart the system so that SELINUX can take effect permanently.

IMPORTANT NOTE : In case , you want to use SELINUX in ENFORCING mode, read this post .(You may have to use the same steps more than one times because of avc denial in SELINUX policy for Squid)

Step 6: Below given is default squid.conf file configuration settings.(You can use same settings for Ordinary Squid Proxy Server)

NOTE : egrep -v '^#|^$' will hide the lines starting with # and all blank lines.

[root@localhost ~]# egrep -v '^#|^$' /etc/squid/squid.conf acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 [root@localhost ~]#

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

[root@localhost ~]# egrep -v '^#|^$' /etc/squid/squid.conf

acl localnet src 10.0.0.0/8    # RFC1918 possible internal network

acl localnet src 172.16.0.0/12    # RFC1918 possible internal network

acl localnet src 192.168.0.0/16    # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern .        0    20%    4320

[root@localhost ~]#

Step 7: To make Squid Proxy Server as Transparent Proxy Server. Add “accel vhost allow-direct” with line “http_port 3128″ in /etc/squid/squid.conf file .

http_port 3128 accel vhost allow-direct

http_port 3128 accel vhost allow-direct

As per our network, we are using 172.16.0.0/255.255.0.0 inside LAN .Hence we will edit squid.conf file at acl localnet src

Now I will add the new local network acl line in squid.conf file and comment acl lines related to other local network(10.0.0.0/8 ,172.16.0.0/12, 192.168.0.0/16)

vi /etc/squid/squid.conf ## added this new line as per my network acl localnet src 172.16.0.0/16

vi /etc/squid/squid.conf

## added this new line as per my network

acl localnet src 172.16.0.0/16

Below given is complete configuration for Squid Transparent Proxy Server

acl localnet src 172.16.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny blocksites http_access allow localnet http_access allow localhost http_access deny all http_port 3128 accel vhost allow-direct cache_dir ufs /var/spool/squid 100 16 256 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

acl localnet src 172.16.0.0/16    # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access deny blocksites

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 3128 accel vhost allow-direct

cache_dir ufs /var/spool/squid 100 16 256

coredump_dir /var/spool/squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern .        0    20%    4320

Step 8 : Restart the Squid service

/etc/init.d/squid restart

/etc/init.d/squid restart

Step 9 : Create a IPTABLES script . You can modify the script as per your requirement. (Test the script in staging machine before applying it to live server)

Create bash script file

Paste below given contents in file /root/firewall.sh. Save and close the file after this

#!/bin/bash # # # # Ethernet device name connected to LAN ETHERNET_LAN="eth2" # Ethernet device name connected to Internet ETHERNET_INTERNET="eth0" # Squid Server IP Address SQUID_SERVER_IP="172.16.15.1" # Squid port number SQUID_PORT="3128" ### Multiple Port Number - TCP based MULTI_PORT="22,20,21" #### Flush iptables iptables -F ##### Delete a user-defined chain iptables -X ### -t defines table ### #### Flush NAT Rules/user-defined NAT chain iptables -t nat -F iptables -t nat -X #### Flush Mangle Rules/user-defined NAT chain (mangle — Used for specific types of packet alteration. ) ##### iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp ##### Enable IP forwarding for IPV4 #### echo 1 > /proc/sys/net/ipv4/ip_forward ## iptables -P INPUT DROP iptables -P OUTPUT ACCEPT ## INPUT/OUTPUT rules for loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i $ETHERNET_INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $ETHERNET_INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $ETHERNET_LAN -j ACCEPT iptables -A INPUT -i $ETHERNET_LAN -j ACCEPT iptables -A OUTPUT -o $ETHERNET_LAN -j ACCEPT iptables -t nat -A PREROUTING -i $ETHERNET_LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_IP:$SQUID_PORT iptables -t nat -A PREROUTING -i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT ###### IPTABLE Allow rule for tcp based multiple port #### To disable - Use # in front of below given line iptables -A INPUT -p tcp -m multiport --dports $MULTI_PORT -j ACCEPT iptables -A INPUT -j LOG iptables -A INPUT -j DROP

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

#!/bin/bash

#

#

#

# Ethernet device name  connected to LAN

ETHERNET_LAN="eth2"

# Ethernet device name connected to Internet

ETHERNET_INTERNET="eth0"

# Squid Server IP Address

SQUID_SERVER_IP="172.16.15.1"

# Squid port number

SQUID_PORT="3128"

### Multiple Port Number - TCP based

MULTI_PORT="22,20,21"

#### Flush iptables

iptables -F

##### Delete a user-defined chain

iptables -X

### -t defines table ###

#### Flush NAT Rules/user-defined NAT chain

iptables -t nat -F

iptables -t nat -X

#### Flush Mangle Rules/user-defined NAT chain (mangle — Used for specific types of packet alteration. ) #####

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack

modprobe ip_conntrack

modprobe ip_conntrack_ftp

##### Enable IP forwarding for IPV4 ####

echo 1 > /proc/sys/net/ipv4/ip_forward

##

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

## INPUT/OUTPUT rules for loopback

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i $ETHERNET_INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface $ETHERNET_INTERNET -j MASQUERADE

iptables --append FORWARD --in-interface $ETHERNET_LAN -j ACCEPT

iptables -A INPUT -i $ETHERNET_LAN -j ACCEPT

iptables -A OUTPUT -o $ETHERNET_LAN -j ACCEPT

iptables -t nat -A PREROUTING -i $ETHERNET_LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_IP:$SQUID_PORT

iptables -t nat -A PREROUTING -i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

###### IPTABLE Allow rule for tcp based multiple port

#### To disable - Use # in front of below given line

iptables -A INPUT -p tcp -m multiport --dports $MULTI_PORT -j ACCEPT

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP

Step 10 : Give execute permission to /root/firewall.sh and only to owner that is root

chmod 700 /root/firewall.sh

chmod 700 /root/firewall.sh

Step 11 : Execute the firewall.sh script

Client Side Configuration

Step 12: At client side,you do not have to configure Web browser.
The only requirement is, the IP Subnet of client should be allowed in Squid Proxy Server

sharad chhetri (366 Posts)

My name is Sharad Chhetri. I am a Linux System Engineer.I love working on Linux,Unix and Open Source Technology. I also support and advocate the Freedom of Open Source Softwares. Apart of Unix Based Operating System, I also have experience in Windows Server and Cisco Networking. If you find my post useful to you/your organization and would like to donate. I will be felt rewarded if you donate to any Open Source Project or Charity Organization.I honestly and proudly admit, some blog readers has done donation.I will also appreciate if you notify me about your donation via email at [email protected] .


Vladimir Putin, Internet Villain – Bloomberg View

Russian President Vladimir Putin and Turkish Prime Minister Recep Tayyip Erdogan appear to have an intuitive understanding of the work of Richard Heeks. The British academic, who predicted the overthrow of Ukrainian President Viktor Yanukovich, believes that countries with high levels of real-life oppression and lots of Internet freedom are most likely to experience revolutions.

Putin and Erdogan are responding in classic authoritarian style: Instead of reducing oppression, they're clamping down on access to the Internet.

Erdogan recently declared that he would not "leave this nation at the mercy of Facebook and YouTube," threatening to shut off access to both services after local elections later this month. This week's protests in Istanbul, which left two people dead, must have reinforced Erdogan's belief that the social networks serve only to provide his enemies with communication and propaganda channels.

Putin, for his part, moved decisively against Internet media critical of his actions. On Wednesday, Alexander Mamut, chairman of Rambler Afisha SUP, the holding company that owns the LiveJournal blog service and a number of popular websites, fired Galina Timchenko, editor of Lenta.ru, one of Russia's most popular websites with about 1.2 million daily visitors. The firing followed an official warning issued to Lenta for citing, neutrally, an anti-Russian rant by a Ukrainian ultranationalist. Timchenko's replacement, Alexei Goreslavsky, once ran a Kremlin-sponsored site, and the Lenta team saw the firing as politically motivated. Thirty-nine of 84 staffers, including 32 of 55 journalists, immediately resigned.

On Thursday, Russia's telecom regulator, on behalf of the prosecutor general, required Internet providers to block access to three anti-Putin opinion and commentary sites -- ej.ru, Grani.ru and Kasparov.ru, the latter operated by former world chess champion Garry Kasparov. Their alleged crime was "calling for illegal activity and the participation in mass rallies held in violation of the established order." The regulator also blocked opposition leader Alexei Navalny's LiveJournal blog, claiming the politician was not allowed to update it while under house arrest. Ekho Moskvy, Moscow's most popular talk radio station, was ordered to remove a mirror of the blog from its website or face a full blockage of the site. The station promptly obliged, though it says it will appeal the authorities' actions.

Russia's moves don't add up to a Great Chinese Firewall. They do, however, represent the biggest crackdown on Russian Web freedom yet -- and are clearly a consequence of Russia's invasion of Crimea. Putin is putting a squeeze on what his press secretary, Dmitri Peskov, recently termed "a nano fifth column" of critics. "This means the nation will soon be subjected to new torrents of lies," economist Sergei Aleksashenko wrote on his LiveJournal blog in what became one of the most widely shared posts on Russian social networks. Putin and his entourage sincerely believe the lies, he wrote, "because they have shut themselves off from all information sources that do not toe the party line."

Whether Putin believes his own propaganda, he has inundated television, the Kremlin-controlled press and even social networks with it. People who require a more multifaceted picture are already discussing ways to bypass a nationwide firewall when -- not if -- it is set up. At this point, the options are many, from using free public proxies provided by the likes of HideMyAss and ZenMate to switching to the Tor anonymous network, well-known to hackers and denizens of mail-order drug markets. Anonymizers that give a Russian user's computer an IP address from another country easily solve the problem of local blockages: A U.S. or, say, Hong Kong user can access any of the blocked sites.

The ease of bypassing blocks is no secret to Putin's cyberpolice. For now, they are just making it more difficult to use opposition resources in the hopes that most people won't want to waste their time on proxies, which tend to slow down browsing. Eventually, however, both Russian and Turkish users will need to rely on the experience of hackers who have been trying to pick apart the Chinese firewall since 2003, when it first came into existence.

China blocks Tor, using ingenious algorithms to track down machines trying to make connections to the encrypted network. Hackers must make a special effort to break through the defenses. Most publicly available proxy servers do not work in China, either: The addresses they employ are known to the Chinese Web police and are shut off. Right now, the only way to use Facebook and other blocked sites, including Bloomberg.com, is to subscribe to one of the smaller, lesser known paid virtual private network services. These are detected and cut off once in a while, but new ones spring up, allowing both Chinese people and visitors to venture outside the Great Firewall.

Curiosity and a thirst for information are impossible to stop these days. One would have to cut off Internet access completely to make any site truly unavailable. Many people will go to great lengths to retain sources they consider reliable and, at some point, to organize resistance. Once real-world oppression becomes unbearable, they will do more than subscribe to a VPN. As Ukraine's experience proves, they will sometimes pick up sticks and shields and fight on the barricades. Cracking down on Web freedoms is at best a temporary solution.

(Leonid Bershidsky writes on Russia, Europe and technology for Bloomberg View. Follow him on Twitter at @Bershidsky.)

To contact the writer of this article:
Leonid Bershidsky at [email protected]

To contact the editor responsible for this article:
Mark Whitehouse at [email protected]

Staying One Step Ahead of Modern Hackers – BizTech Magazine

[unable to retrieve full-text content]
Staying One Step Ahead of Modern Hackers
BizTech Magazine
... out from the corporate network by its application fingerprint. So, depending on exactly what features are being used in a web security gateway (proxy), a next-generation firewall may be able to completely replace that gateway function. ... A number ...

How will an Anonymous <b>Proxy</b> along with Anonymous <b>Browsing</b> <b>…</b>

Posted by admin on Mar 12th, 2014 in Uncategorized | 0 comments

imagesBrowsing securely and safely on the web is getting increasingly essential than mere bother. This specific article explains why it is essential to make anonymous browsing and just how this is achieved by using Anonymous Proxy servers. It describes how by making use of several anonymous proxies it’s possible to possibly hide one’s IP and therefore do not be victim of criminals, destructive software and viruses. Body: We really do not have anything to become concerned about how anonymous web browsing works best for the straightforward reason why it truly is only a simple process where we Internet users are worried.

It’s accomplished by making use of anonymous proxy servers. As well as the purpose of knowing the value of going anonymous online, let us discuss exactly how browsing the net anonymously works inside a bit more detail. This might ultimately lead completely new Internet users to value the reason why several internet users choose anonymous browsing in addition to Internet privacy. Let us begin by us having our very own IP address. This is actually our identity on the web. This really is assigned to us by our Internet service provider (ISP).

Your ISP knows your IP and your details. As soon as you browse online, you may be abandoning an archive along with your ISP concerning which internet sites you visited, and other data that you simply acquire whenever you surf online. As you opt through this step daily, you could have made a login regarding your regularly visited websites and your Internet behavior or even pattern. This will then make a target for advertisements and also unwanted traffic, pop-ups along with cookies, which is frustrating and also dangerous.

You could discover your laptop infected along with countless viruses as well as spyware. And also the worst of all situations come in the big event that the hacker chooses to use your identity for their own nefarious designs. This really is identity theft, which is one of the most troublesome crimes of our times. This is really where anonymous web browsing is available in. Within browsing the net anonymously, we can safeguard ourselves from the online hackers and malicious criminals to steal in addition to abuse our identity in addition to personal data. Find more infohttp://www.ninjastik.com

MOOC Learners: Who They Are, What Motivates Them – Huffington Post

Lately, I've noticed that much of the discussion around massive open online courses (MOOCs) has focused almost exclusively on one point: Completion rates, or those students who achieve a certificate in a particular course. While this data point, borrowed from the traditional university model, is certainly an important measure, it only represents one small segment of a very diverse group of MOOC learners eager for access to education. We've learned a lot from the first year of courses offered on edX, and the recently released working papers from Harvard and MIT shed new light on the diversity of our students and how they are using our courses.

Before looking at the goals of our learners, let's take a look at who they are. MOOC learners are diverse, coming from many cultures across the globe and all ages and backgrounds. For instance, edX learners, who now number two million, range in ages from eight to 95, come from every country in the world and have varying levels of education. We see learners from elementary schoolers to Ph.D.s. Despite this diversity, three main attributes unite them: A desire to learn, a desire to connect to a global community and a desire to experience and consume content online.

The goals of our learners are as diverse as they are. When they first enroll in a course, some may be interested in engaging with homework or other interactive labs, or in completing the coursework to earn a certificate (we call these "active learners"). Others may simply want to browse and view a few of the videos. Data collected from edX shows that approximately 56 percent of learners rated "gaining understanding of the subject matter for lifelong learning," as an extremely important reason for taking an edX course, and another 57 percent cite "learning from the best professors in the world." However, only 27 percent rated "earning a certificate of mastery to add to my professional credentials," as an extremely important reason for enrolling in a course.

When we measure completion rates among our active students, certificate rates average about 50 percent and, in some courses, can rise to 70 percent and even 80 percent. Similarly, completion rates of learners who've paid for a verified certificate are about 60 percent. These numbers are well within the range of completion rates we see in traditional universities.

In the overview of the Harvard and MIT working papers, Justin Reich, the Richard L. Menschel HarvardX Research Fellow, and Andrew Ho, an associate professor at the Harvard Graduate School of Education and co-chair of the HarvardX Research Committee, write, "While certificates are easy to count, certification is a poor proxy for the amount of learning that happens in a given course. Many registrants engage in courseware without choosing to complete the assessments for credit." We're seeing a lot of discussion about what these MOOC students are not doing (e.g. completion rates, certificates) and not enough about what students are gaining (e.g. knowledge, interaction with a global community and free education from the world's best universities).

MOOCs provide learners with what they want: Access to courses and content that interest them. There is no admissions process, so registering for a MOOC is as easy as clicking on a webpage. Citing their recent findings in an op-ed for The Atlantic, Reich and Ho write:

...Many who register for HarvardX courses are engaging substantially in courses without earning a certificate. In these courses, 'dropping out' is not a breach of expectations, but the natural result of an open, free and asynchronous registration process, where students get just as much as they wish out of a course and registering for a course does not imply a commitment to completing it.

Others have suggested using the term "stopping out" to better capture the expectations of learners who are merely browsing a MOOC. Data points from Harvard and MIT's The First Year of Open Online Courses show that from fall 2012 to summer 2013, 43,196 registrants in the 17 edX courses analyzed earned certificates of successful completion, while another 35,937 explored half or more than half of course content without certification. As GigaOM highlights in a recent article, "79,133 people likely learned some valuable information without paying thousands of dollars or even having to leave their homes."

Our experience in this first year has taught us that many of our learners don't fit a traditional mold. So we need to change the lens through which we view them. In a research paper written by Jennifer DeBoer, Andrew D. Ho, Glenda S. Stump and Lori Breslow and published in Educational Researcher, the authors make a compelling argument for rethinking the very terms we use to talk about learners in MOOCs versus traditional educational environments.

The massive databases of MOOCs hold immense analytic potential but are ripe for misuse and misinterpretation. It is not only the magnitude of data, but also the diversity of user intentions and backgrounds...that distinguish the MOOC context from conventional classrooms.

MOOCs are offering individuals open access to high quality educational content and information that may otherwise have been out of their reach. Our learners are diverse and curious about the world around them. Although many do not have interest in earning certificates for the courses they enroll in, an impressive number are gaining so much more: access to world-class education and an engaged global community. All without going through an admissions process.

Proxies

proksyfree.com
foxwebproxy
USA Proxy Golden
hide ip usa
deamen proxy
Hotel murah di Jakarta
Proxy Tube
Medo Proxy
Hide My IP
Proxies
Proxies
Proxies
Proxies
Proxies
spain proxy
snake proxy
unblock instagram
pakistan proxy
provide free web hosting
Private IP
Give Me Proxy
opera
opera
msproxyo
unblockbrowser
ded proxy
ulimnate hide
http://proxyforallsites.com/
alexeproxy
mega-surf
mostfastproxy
mostfastproxy
monsterproxy
monsterproxy
monsterproxy
checkproxi
ProProxy
opera
opera
opera
opera
opera
super fastttttt
opera
opera
opera
unblocker
opera
wamdpro free proxy service
obat penggugur kandungan
Hotel murah di jakarta
Alfamart Official Partner Merchandise Fifa Piala D
Unit Link Terbaik di Indonesia Commonwealth Life I
Kuliner Balikpapan
ProProxy
school proxy
super proxy free
PC Notdienst
Arif Hosting Harga Murah dan Hosting Terbaik di In
voyance gratuite en ligne sans inscription
proxy gratis
Alfamart official partner FIFA piala dunia 2014
Mobil Sedan Corolla terbaik

tarot de marseille
Eroxid - A Free Proxy
Newborn Pacifiers from Babvo Baby Shop
Escorts Services in Delhi
maxproxa
piiiiipoooooo
ipxxxxxxxxxx
miniprox
paprox
eproxa
unpro
biprox
zprox
Mobil Sedan Corolla
propox
PROXY
wikiyopi.com
maprox
maxprox
goodprox
speedprox
bita
go-net
FoJi
propo
thex
batt
Ojimo Phone Cases
voyance gratuite
Pakar SEO
propp
maxproxz
getprox
vimax asli
ffproxy
ttproxy
bigprox
faceprox5
faceprox4
faceprox3
faceprox2
faceprox1
fir4
fir3
fiiir2
fiiir
maxproxyx
camera.co.id toko kamera murah di indonesia
reiki
proxystar.net
rapid90.com
Jejak Seo
princeproxy
http://www.socialsurfing.tk/
http://bbc2proxy.blogspot.com/
proxy ssl
Uk Web Proxy
proxy03
Super Fast Proxy
Website Unblocker
http://reverse-proxy.info/
college online proxy
http://name-proxy.info/
Open Blocked Websites
Hide Me Thanks
Uk Web Proxy
Unblock Proxy
unblock facebook
Free Server Proxy
ip change
gag no ads
chat proxy
Mansy Proxy | Free Anonymous Browsing
Mansy Proxy | Free Anonymous Browsing
Mansy Proxy | Free Anonymous Browsing
Proxy 2 Fun
unblock facebook
hideurip.3owl.com
Franceproxy
Texas Proxy is not like any websites proProxy
The free proxy
GoxyProxy