[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis,

On Mon, 21 Apr 2008 15:43:57 -0400 Valdis.Kletnieks@xxxxxx wrote:
>On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>
>> Exactly, I was talking about the RFC that supersedes that 
>> particular RFC. 
>
>0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
>     (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by 
>RFC2228,
>     RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)
>
>RFC2228 is in fact about a security extension to FTP - 
>unfortunately, section
>4 of it does not have any subsections, so there is no 4.4.3.
>
>RFC2640 is about internationalization of FTP, and has sections 
>4.3, 4.3.1,
>and then 5.  No 4.4.3 to be found.
>
>RFC2773 is about encryption using SKIPJACK, but it goes from 4.0 
>to 5.0
>with no intervening 4.4.3.
>
>RFC3659 is about FTP extensions, but unfortunately section 4 is 
>about the
>SIZE extension, and has a 4.4 but no 4.4.3 subsection.
>
>So which RFC were you talking about?
>

I don't have time to hold your hand through this, some of us have 
jobs to do other than posting RFC titles on Internet mailing lists.

>
>Hint: When you find you've dug yourself into a hole, it's usually 
>not a
>good idea to keep digging...
>

I think you have demonstrated this for everyone. Perhaps now we can 
close this thread. Or do you intend to continue your hijack?

J

--
Ultimate Travel Deals - Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dxvWYxGQfH96r7mHhCR9sgijPQtjXzxNBRhQp6ErubcppyA/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/