Jeff Schiller sent the following to ITPartners on July 31st, 2009:

At this week’s “Black Hat” conference yet another attack on SSL was
unveiled. Its an interesting attack, but probably nothing that is
immediately practical (though the jury is not completely back on
that!).

While thinking about the attack, and how to defend against it, I
thought that it might be useful to put together a seminar on how to
program websites in a secure fashion. It turns out that this is
trickier then it seems on the surface. There are plenty of ways to do
authentication for a website that “work” but wind up being vulnerable
to attack.

I am thinking along the lines of a brief seminar on the basic
technologies, how they are attacked and how to defend against the
attacks, followed by an interactive discussion about the trends we see
and how we might evolve the web environment at MIT to cope. I don’t
know how much time we would need, but I am thinking something on the
order of two hours.

I know this is the summer and people may be on vacation and what have
you. Therefore I suspect that we may want to do this more then once.

To gauge interest (and to help me understand how large a room we might
need!), I have setup a small website to let people register their
interest.

You can do so at: http://jis.qyv.name/showinterest

Note: Because we don’t have a date, this isn’t a formal registration
and you are making no commitment by showing interest. Once I have some
feedback, we’ll attempt to schedule a time.

Thanks

-Jeff

P.S. The website is hosted by Google Apps, and isn’t secure (how to
use Google Apps securely is also an interesting topic, but I didn’t
bother for this simple information gathering app).