On Sat, March 8, 2008 9:08 am, Bob La Quey wrote: > On Sat, Mar 8, 2008 at 9:05 AM, Gus Wirth <[EMAIL PROTECTED]> wrote: >> >> Bob La Quey wrote: >> > This is pretty neat. >> > >> >>From Amazon Developer news. >> > >> > The AnyTerm project caught my eye recently. Using AnyTerm you can >> > embed an SSH window in a web page. If you do this, you can sit in >> your >> > favorite coffee shop and run your EC2-powered business without having >> > to worry about open ports. In fact, you can travel light and use >> > browser-based access at your favorite net cafe. This might be useful >> > if you are planning to build a Google of One. >> > >> > http://anyterm.org/index.html >> > >> > Anyterm consists of some Javascript on a web page, >> > an XmlHttpRequest channel on standard ports back >> > to the server, and an Apache module. It runs over SSL. >> > >> > So do you see any problems with this? >> >> It's only secure if you control both ends of the connection. If you are >> using someone else's machine they could be running a key logger and you >> are still not secure. >> >> Gus > > > Yes, that makes sense. > > I also just saw this. There may be a similar Javascript exploit > applicable to anyterm. > > http://blog.programmableweb.com/2008/03/07/are-you-logged-into-google/ > > BobLQ > >
Well, _my_ first thought was, I'm not likely to trust my security to someone else's javascript ... but I freely admit that comes from prejudice and ignorance. I'm sure I rely on javascript every time I log into my bank or Amazon <be afraid ...> -- Lan Barnes SCM Analyst Linux Guy Tcl/Tk Enthusiast Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
