Full Disclosure mailing list archives

Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

From: "Garrett M. Groff" <groffg () gmgdesign com>
Date: Tue, 22 Apr 2008 14:38:33 -0400

Sounds like your mind is made up. Good luck in your search for scholarly 
wisdom in this matter.

- G


----- Original Message ----- 
From: "Joey Mengele" <joey.mengele () hushmail com>
To: <full-disclosure () lists grok org uk>; <groffg () gmgdesign com>
Sent: Tuesday, April 22, 2008 2:22 PM
Subject: Re: [Full-disclosure] Security issue in 
Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Groffg,

On Tue, 22 Apr 2008 13:02:34 -0400 "Garrett M. Groff"
<groffg () gmgdesign com> wrote:

Joey,

The topic write-ups for data compression and cryptography (go to
that page
in lieu of "encryption") are reasonably good. You can then branch
to other
sources for the sake of verification via cross referencing. That
should help
to elucidate the substantial difference between encrypting data
and
compressing data.


Reasonably good? Says who? Chairman Mao?

As far as Wikipedia being a scholarly source, I'd say that
scholars will
choose many sources, Wikipedia among them. Someone [citation
needed!] once
commented about Wikipedia that it has 10 times the information as
an
encyclopedia volume but with a 10% reduction in accuracy. Indeed,
one would
be wise to cross reference any information gleaned from Wikipedia
that is to
be used for anything more substantial than satisfying mere
curiosity. But
using Wikipedia as an initial resource doesn't seem like a bad
idea to me.


To you? What is your credibility?

Coming back to the topic at hand, I hope that this will wrap up
your concern
over the perceived weakness in FileZilla (which, as it turns out,
is simply
an innate weakness of using FTP).



I disagree. The flaw that I have discovered still lies in the
FileZilla implementation of FTP. Until a SCHOLARLY source can
contradict my findings, I do not anticipate anyone on this list or
elsewhere swaying me. Thanks for your time but it is back to the
grill for me.

- G


J

--
Click to see huge collection of discounted designer watches.
http://tagline.hushmail.com/fc/Ioyw6h4dibSq5yrXbPCWd043cVzPPIKkKOV8oABuXVAfxcVSTooof1/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 22)
- Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 22)
- <Possible follow-ups>
- Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 22)
  - Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 22)