[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
- To: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
- From: "jipe foo" <foojipe@xxxxxxxxx>
- Date: Wed, 23 Apr 2008 18:26:48 +0200
2008/4/22 Joey Mengele <joey.mengele@xxxxxxxxxxxx>:
> Valdis,
>
>
> On Mon, 21 Apr 2008 22:53:55 -0400 Valdis.Kletnieks@xxxxxx wrote:
> >On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
> >
> >> So are you trying to suggest compression is not as secure as
> >> encryption? Have you even *read* the RFC in question?
> >
> >The design goal of most compression algorithms is that *anybody*
> >can take
> >the compressed data and get back the original. The design goal of
> >most
> >encryption is that *only the intended recipient* can decrypt and
> >get the
> >original data back.
> >
>
> I think you have your terms mixed up, insert foot here LOLOL. And
> you didn't answer my question. Have you even *read* the RFC in
> question? And please, no "you must work at a fast food restaurant"
> cop outs this time.
>
Sorry for not joining this incredibly interesting conversation about
the ftp RFC ;-)
but the original post was about the security of the passwords on the support not
on the wire.
So Carl, as the default installation directory is %APPDATA%\FileZilla
and %APPDATA%
is likely to be a subdirectory of the user's %HOMEPATH% (only readable
by the corresponding
user himself), I would like to say... WTF ?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/