[lug] security of mindterm applet?

[Phil Rasch]

I have a question about security of a java applet running some an
arbitrary machine, and rather than spending a few days spinning up on
java and security I am hoping some of you can answer my question
easily, or point me in the right direction.

I travel quite a lot. And increasingly I am finding myself walking
past a publicly accessable machine, with a browser running, and
network access (e.g. in airports, cybercafe, mall, library, or
institute I am visiting). 

It would be really nice to just sit down at the local machine, head to my
home page, click on a URL for "mindterm applet", which opens a
text window on the local machine where I can read mail, check computer
tasks etc). 

My question is: is this reasonably safe? Clearly the mindterm programs SSH
protocol is going to encrypt the bytes traversing the network. Do I need to
worry about rogue programs running on the local machine capturing
keystrokes? Is there anyway I should be verifying the integrity of the
connection and/or local machine I am running on?

Can you point me to a brief explanation of the difference between a
signed and unsigned applet?

Maybe it is obvious, but the thing I am worrying about is revealing
passwords and machine entry procedures to my home machines. 

Thanks

Phil


-- 
Phil Rasch, Climate Modeling Section, National Center for Atmospheric Research
Mail     --> P.O. Box 3000, Boulder CO 80307  
Shipping --> 1850 Table Mesa Dr, Boulder, CO 80305
email: pjr at ucar.edu, Web: http://www.cgd.ucar.edu/cms/pjr Phone: 303-497-1368, FAX: 303-497-1324