Hello Richard: On Sun, 14 Apr 2002 18:55:13 +0200 (CEST), [EMAIL PROTECTED] (Richard Menedetter) wrote:
> Hi Samuel! > 11 Apr 2002, "Samuel W. Heywood" <[EMAIL PROTECTED]> wrote: > SH> I am aware of some web sites that have online Java Applets being > SH> Telnet clients which are purportedly very useful for connecting > SH> to Telnet services. I hesitate to use any one of those Java Applet > SH> Telnet programs because of security concerns. > Java has a big advantage ... it runs on the client side. Thanks for explaining. So the applet is just downloaded like any other executable program and then Windows automatically runs it in your own machine, right? You don't have a chance to scan it for virii first. Can a Java Applet have a virus, as well as other kinds of malicious code? > SH> Would the web site be able to capture everything I do during my Telnet > SH> session, to include login usernames and passwords? > normally not ... but it depends what the applet does. > Ie if it is malicious it could copy all characters to another server. The problem with all things suspicious is that one does not know if they are malicious. Hence the intense psychological need for one to cultivate and nurture his paranoid intincts. > _BUT_ the biggest security risk is telnet itself. > It transmits and receives in CLEAR !!! (ie not encrypted) > So you don't need a malicious programm to read the session ! Don't most POP3 email clients also transmit passwords in the clear upon contacting the server? Doesn't one have to be a highly advanced geek in order to sniff passwords? Who would be interested in getting into my email anyway? I am not a politician involved in an affair with an intern and I am not involved in any illegal conspiracies and I don't use email to talk with suspicious and corrupt and sinister people such as lawyers. > Use SSH (secure shell) instead. > It is a "encrypted telnet" which offers scp/sftp capabilities. > scp is a secure version of rcp (remote copy) > sftp -> secure ftp I have heard about that but I don't know how to use it. There is a nice Telnet program that comes with BasicLinux, an operating system that I am using from time to time and slowly learning more about. Do you know if I can do SSH with the Telnet program that comes with BasicLinux? > if you don't trust those applets in the wild, download an applets from a > secure source and install it into a free webspace provider. This sounds like an excellent idea. Can you recommend a trustworthy applet? When I perform some google searches to look for Telnet applets I find that many of them have been GNU'd. I don't know how they have been altered. > SH> Most people including myself are paranoid about Java because it is > SH> so easily employable for evil and malicious purposes. > It is not ! > actually Java tries to be VERY secure. (runs in a sandbox, per default has > minimal rights only) > Maybe you mixed it up with M$ active-x ?? > This has absolutely _NO_ security measures !!! Yes, most people including myself think of M$ active-x as just being just another term for Java. Are we very badly mistaken? The reason why I don't know much about M$-Window$ topics is that I always avoid using Window$ as much as I can. I find that most of the people who claim to know a lot about Window$ are really very ignorant about how computers work, especially those who don't know how to do DOS. > SH> Another reason why most people are paranoid about Java is that most of > SH> us don't understand Java. > It's a programming language like C, Cobol, BASIC et al. > Only difference is that apllets (not applications) have enormous security > restrictions, and that Java is a mixture between compiled and interpreted > language. Oh, I wasn't aware of the security restrictions at all. Maybe this is because of my ignorance in confusing Java with active-x. > In order to be platform independant, SUN has specified a "virtual > processor" (called the Java VM) > ..java source files are compiled to produce java bytecode (.class files) > (machine language for the virtual processor) > this bytecode is than interpreted by the Java VM. > (and can also by compiled to native code ... than you naturally loose the > platform independence) > SH> Do we know what these Telnet Java Applets do? Are they safe? > It depends ... (usually yes but unless you have not read the source you can > never know what it does) > This is completely independant of the programming language. Doesn't Java have its own programming language? The only programming languages I know anything about are BASIC, C, RPG, and COBOL, and I am no expert in any of the above, although I have a college degree in computer programming that might impress some people who don't know how to uncover my ignorance. > Ie if you haven't read the arachne source, you can't be sure what she does. > I personally use a ssh applet downloaded from a secure source. > (giving the URL will not help as it can only connect to 1 computer > configured in the config file of the applet) > If you want I can send you the applet in private mail. If you think I can figure out how to use this SSH thing without having to climb a steep learning curve, please send it to me. Thanks for your reply. Sam Heywood -- This mail was written by user of The Arachne Browser - http://arachne.cz/
