> The eventual consensus was that there were holes in HotJava - that
> the user configuration hole sucked - but that aside - the level of
> security _appear_ sufficient that you wouldn't cut the tap off.
The biggest hole I know of is that you can apparently open pretty much an
arbitrary socket from HJ. It has some restrictions, but mostly it'll let you
connect inside a firewall or outside a firewall but not both.
It shouldn't be too hard to embed a SATAN clone in an applet and have it
sniff out information and send it back via an SMTP connection.