Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [Joey Mengele] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date: Mon, 21 Apr 2008 12:04:41 -0400 
Groffg,

I think you are mistaken. Perhaps you have an outdated version of 
the document in question?

J

On Fri, 18 Apr 2008 16:58:07 -0400 "Garrett M. Groff" 
<groffg@gmgdesign.com> wrote:

Joey, are you certain that you're looking at RFC 959? There is no 
4.3.3 
section in RFC 959.

- G


----- Original Message ----- 
From: "Joey Mengele" <joey.mengele@hushmail.com>
To: <joey.mengele@hushmail.com>; <valdis.kletnieks@vt.edu>
Cc: <full-disclosure@lists.grok.org.uk>
Sent: Friday, April 18, 2008 4:26 PM
Subject: Re: [Full-disclosure] Security issue in Filezilla 
3.0.9.2:passwordsare stored in plain text (sitemanager.xml)



Valdis,

On Fri, 18 Apr 2008 16:24:13 -0400 Valdis.Kletnieks@vt.edu 

wrote:



     3.4.3.  COMPRESSED MODE

        There are three kinds of information to be sent:  

regular

data,
        sent in a byte string; compressed data, consisting of
        replications or filler; and control information, sent 

in

a
        two-byte escape sequence.  If n>0 bytes (up to 127) of
regular
        data are sent, these n bytes are preceded by a byte 

with

the
        left-most bit set to 0 and the right-most 7 bits
containing the
        number n.

If you think run-length-encoding compression is security, you're
even less
clued than I thought.


My mistake, I meant 4.3.3.

J

--
Click here for the latest quotes on bankruptcy refinancing!


http://tagline.hushmail.com/fc/Ioyw6h4fRnroSLsvHrCYtJ9JDLtdNw4IP7N4
gbgWgeI5CYmB23TeUw/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
Cheap Diet Help Tips. Click here.
http://tagline.hushmail.com/fc/Ioyw6h4exXztrH7T7dHwpPcqZ7V0k15LYuUwAduIP8Miv2xFtcdc7m/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80, Joey Mengele
Next by Date:  [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Mark Crowther
Previous by Thread:  SyScan'08 Singapore - Call for Paper, organiser@syscan.org
Next by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]