Re: Filezilla's silent caching of user's credentials

[Christian Sciberras <uuf6429 () gmail com>]

> I'm not quite sure I grasp your 'red district' example, perhaps it's a
difference in national slang?

It's no use the criminal is handcuffed if he's not locked up in jail (or on
the way to one) - it's a matter of time for him/her sawing/picking them off.

> I also think that a flame war might be brewing

The objective was to get people like you and Evans to think about it. I
don't care if people like silky
just won't hear any reason, opinion or whatever, on the matter. Ever since
he wrote "there's no discussion", I realized he's a lost case.

----

> exactly how wrong their thought processes are. My post was meant to
> encourage the reader to actually try and re-evalue his position own
> his own and try a little bit of self-education on the matter.

That's some nice encouragement. Kind of reminds me of Windows XP's
connection troubleshooter;
"Please visit the interwebz and we'll help you connect to the internet."

Just because you signed up on FD and have a fancy blog doesn't mean you're
any better.
Really.
I wonder how many under-paid chinese hackers even own a wordpress account -
 and we know how they seem to find 0days which we don't find with our fancy
tools.

> the issue.The game now (or at least here, on this list) is to try and
> steer people away from FileZilla if it doesn't change. Anyones opinion

And that is my point exactly. While I'm shouting out loud, let me ask a
question:
How many FD readers are dumb enough to share their harddisks with the world?
None? So what is the problem in using FileZilla personally? I mean, anyone
which
takes security seriously, would be encrypting their drive in the first
place.




On Thu, Oct 14, 2010 at 10:07 AM, silky <michaelslists () gmail com> wrote:

> On Thu, Oct 14, 2010 at 6:51 PM, Chris Evans <scarybeasts () gmail com>
> wrote:
>
> [...]
>
> > > Sorry, but your comments are totally useless here and can't even
> > > really be addressed properly, given their quite ridiculous nature.
> >
> > Well done on behaving in a gentlemanly manner and winning people over
> with
> > your in-depth technical arguments.
>
> Just because someone has managed to sign up to full disclosure and
> send an email doesn't entitle them to have an email from me explaining
> exactly how wrong their thought processes are. My post was meant to
> encourage the reader to actually try and re-evalue his position own
> his own and try a little bit of self-education on the matter.
>
> Like I said to the other guy, I really don't care if you understand
> the issue.The game now (or at least here, on this list) is to try and
> steer people away from FileZilla if it doesn't change. Anyones opinion
> other than the developer on the issue of the nature of stored
> passwords on a local machine is meaningless. If their position is
> *influenced* by yours, then I will comment, otherwise, I don't see the
> point.
>
> --
> silky
>
> http://dnoondt.wordpress.com/
>
> "Every morning when I wake up, I experience an exquisite joy — the joy
> of being this signature."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/