Full Disclosure mailing list archives
Re: Filezilla's silent caching of user's credentials
From: silky <michaelslists () gmail com>
Date: Thu, 14 Oct 2010 17:46:13 +1100
On Thu, Oct 14, 2010 at 5:39 PM, Christian Sciberras <uuf6429 () gmail com> wrote:
Not all attackers are created equally.I still see this a simple matter of violating KISS to introduce a layer of encryption. The question is, to which end? Sure, an attacker might see the encrypted file and think it's "too difficult" for him to get to the passwords. Another might use a certain utility to decrypt the said file. The thing is, to which end are we encrypting the data? Just for the sake of making it work like the N other programs? I mean, if this doesn't *work*, why even *bother*?
Sorry, but your comments are totally useless here and can't even really be addressed properly, given their quite ridiculous nature. You are missing the point of the encryption, and it is not my job to convince you, and any further comments with anyone other than the developer are useless.
There is no question here. There is no discussion. It should be done, and if it is not, password saving should be stopped in FileZilla or an alternative program should be sought. It's that simple.Great. If it's so simple that it can be done in under 10 mins, go complain to them.
This email thread *is* a direct complaint to them, after bugs have been closed for years. I didn't start this thread. Do you even understand what is going on here? Your emails suggest you do not.
Cheers, Chris.
-- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Filezilla's silent caching of user's credentials, (continued)
- Re: Filezilla's silent caching of user's credentials Brandon McGinty (Oct 11)
- Re: Filezilla's silent caching of user's credentials rdsears (Oct 11)
- Re: Filezilla's silent caching of user's credentials Mutiny (Oct 13)
- Re: Filezilla's silent caching of user's credentials Chris Evans (Oct 13)
- Re: Filezilla's silent caching of user's credentials Ryan Sears (Oct 13)
- Re: Filezilla's silent caching of user's credentials Valdis . Kletnieks (Oct 13)
- Re: Filezilla's silent caching of user's credentials silky (Oct 13)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 13)
- Re: Filezilla's silent caching of user's credentials silky (Oct 13)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 13)
- Re: Filezilla's silent caching of user's credentials silky (Oct 13)
- Re: Filezilla's silent caching of user's credentials Chris Evans (Oct 14)
- Re: Filezilla's silent caching of user's credentials silky (Oct 14)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 14)
- Re: Filezilla's silent caching of user's credentials silky (Oct 14)
- Re: Filezilla's silent caching of user's credentials Valdis . Kletnieks (Oct 14)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 14)
- Re: Filezilla's silent caching of user's credentials Valdis . Kletnieks (Oct 14)
- Re: Filezilla's silent caching of user's credentials Pete Smith (Oct 14)
- Re: Filezilla's silent caching of user's credentials Adnan Vatandas (Oct 14)
- Re: Filezilla's silent caching of user's credentials Jeffrey Walton (Oct 14)