[lug] security of mindterm applet?

Ferdinand P. Schmid fschmid at archenergy.com
Sun Oct 29 15:48:26 MST 2000


The very short answer is - SSH logins from public machines are reasonably safe.


> My question is: is this reasonably safe? Clearly the mindterm programs SSH
> protocol is going to encrypt the bytes traversing the network. Do I need to
> worry about rogue programs running on the local machine capturing
> keystrokes? Is there anyway I should be verifying the integrity of the
> connection and/or local machine I am running on?

On Windows systems it would be fairly easy to listen for and record keystrokes.  But that would mean
somebody would need to also record the corresponding screens...  I doubt all that effort would be
worthwhile just to read somebody's e-mail.

> Can you point me to a brief explanation of the difference between a
> signed and unsigned applet?

Signed applets are deployed with the digital signature from a key authority. They can do more than
unsigned applets.  Depending on the JDK (1.1, 1.2, 1.3) the security model will allow you some
local machine access features, such as reading from or writing to the local disk.  The security
model of JDK 1.2 (aka Java 2) is much improved over JDK 1.1 - but standard browsers only support JDK
1.1.  For your application it doesn't matter because the security is primarily meant to protect the
client machine (the one sitting at the cyber cafe) - and not your hosting system.  More info can be
found at:
http://java.sun.com/sfaq/


> Maybe it is obvious, but the thing I am worrying about is revealing
> passwords and machine entry procedures to my home machines.
>
> Thanks
>
> Phil

e-mail - unless you use PGP is not secure by any means.  If you back up your e-mail system then your
worst case would be someone else reading your messages.  Since they were readable in plain text to
any system (person) along their travel you won't loose much in case somebody really got into your
system.

--
Ferdinand Schmid
Architectural Energy Corporation
http://www.archenergy.com
(303) 444-4149






More information about the LUG mailing list