Full Disclosure mailing list archives
Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
From: "jipe foo" <foojipe () gmail com>
Date: Wed, 23 Apr 2008 18:26:48 +0200
2008/4/22 Joey Mengele <joey.mengele () hushmail com>:
Valdis, On Mon, 21 Apr 2008 22:53:55 -0400 Valdis.Kletnieks () vt edu wrote: >On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said: > >> So are you trying to suggest compression is not as secure as >> encryption? Have you even *read* the RFC in question? > >The design goal of most compression algorithms is that *anybody* >can take >the compressed data and get back the original. The design goal of >most >encryption is that *only the intended recipient* can decrypt and >get the >original data back. > I think you have your terms mixed up, insert foot here LOLOL. And you didn't answer my question. Have you even *read* the RFC in question? And please, no "you must work at a fast food restaurant" cop outs this time.
Sorry for not joining this incredibly interesting conversation about the ftp RFC ;-) but the original post was about the security of the passwords on the support not on the wire. So Carl, as the default installation directory is %APPDATA%\FileZilla and %APPDATA% is likely to be a subdirectory of the user's %HOMEPATH% (only readable by the corresponding user himself), I would like to say... WTF ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), (continued)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Andrew Farmer (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Turgut Baumann (Apr 23)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 22)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) jipe foo (Apr 23)