October 2009
Seeing as I'm stuck in a hotel room with nothing else I want to do, I thought I'd talk a little bit about how I made this site. Why? A few reasons. First, I know that at least one of my readers is mildly interested in Drupal (the software that powers this site). Secondly, I've put a lot of work into this site, and I'm proud of the result and want to brag. Lastly, I have this vague hope that some of my academic colleagues will wander by the site and be inspired to make one like it for themselves. So... How I Made This Site (short form): I stopped hand-coding HTML, thank god.
Seeing as this is ostensibly a crypto blog, I'd like to comment on a paper from earlier this year: It's no secret-- Measuring the security and reliability of authentication via 'secret' questions, by Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman. This paper looks at the security of 'security questions': those questions about yourself you have to answer to get back into an account when you've forgotten your password. And (shock! surprise!) they find that this sort of mechanism generally sucks from a security point of view-- perhaps even more than passwords do.
I have attempted to correct a problem previously pointed out by Andromeda: that a 'break' tag was being exported in my RSS feed. If you have subscribed to this blog through your favorite RSS reader, you should unsubscribe and re-subscribe. (Note that the URL for the RSS feed has changed. But on the bright side, most RSS readers will now understand 'www.jonathanherzog.com' as the URL for the feed.)
After a long period of inactivity, I am pleased to report signs of life for two of my papers-- and a tech report, besides.
- Men present: 20
- Women present: 1
- Women missing: 19 (95%)
It looks like I will be able to attend the 16th ACM Conference on Computer and Communications Security (also known simply as CCS 2009). Will any of my fellow cryptographers also be there? Or, if any my readers have been there before: this will be my first time. What should I expect?
My employer, MIT Lincoln Laboratory, is looking to hire at least a half-dozen computer security researchers in the near future. Do you know any computer-security experts? Do you have any students looking for jobs? Do you have any interest in using your skills to solve critical national-security problems?
- Number of men in audience: 16
- Number of women in audience: 4
- Number of women missing: 12 (75%)
Looks like I'm not the only person to be writing about women in computer science. My friend Andromeda has some thoughts on the matter, talking about why she didn't enter CS.
No, really. Where are they? Now that I've noticed, I can't help but see a conspicuous absence of female computer scientists at every CS event I attend. So where are they?*
