[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
- To: valdis.kletnieks@xxxxxx, andfarm@xxxxxxxxx
- Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Mon, 21 Apr 2008 22:31:53 -0400
Andrew,
On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer
<andfarm@xxxxxxxxx> wrote:
>On 21 Apr 08, at 12:43, Valdis.Kletnieks@xxxxxx wrote:
>> On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>>> Exactly, I was talking about the RFC that supersedes that
>>> particular RFC.
>>
>> 0959 File Transfer Protocol. J. Postel, J. Reynolds. October
>1985.
>> (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by
>> RFC2228,
>> RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)
>
>There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE",
>which
>might look superficially like encryption to the untrained eye.
>However, it appears that most modern FTP clients (and many FTP
>servers, in fact) don't support it. Also, it's not encrypted.
>
So are you trying to suggest compression is not as secure as
encryption? Have you even *read* the RFC in question?
J
--
Fly cheap! Click here for great airfare deals.
http://tagline.hushmail.com/fc/Ioyw6h4eRrBGYJ3UscagEYUIwguU1xscZkRVAR3AhaA2OI83ydDnAE/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/