On Thu, 6 Jul 2000, Karl J. Runge wrote:
> Mindterm is a Java applet implementation of a SSH client. So if the ssh
> host is also serving web pages, you just plunk down the mindterm in
> some (possibly obscure) place in the web directories. Then you just
> have to type in a URL in any java enabled browser to establish a secure
> SSH connection back home!
While certainly better then simple, cleartext telnet, please imagine the
following scenario: An attacker manages to compromise the link between you
and the host you are trying to SSH to. This is, after all, why you want SSH
in the first place. The attacker intercepts the mindterm download and
replaces it with a trojan designed to filter all traffic though his systems.
There goes the neighborhood.
The only way to protect against intercept-and-replace attacks is with a
secret transported only via trusted media (e.g., your very own floppy disk),
and used only with trusted binaries.
And all blanket statements are false. ;-)
--
Ben Scott <[EMAIL PROTECTED]>
| "Living was struggling to do something impossible -- to succeed, or die, |
| knowing you had tried!" -- by Anne McCaffrey, _Dragonflight_ |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
