Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [Joey Mengele] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date: Mon, 21 Apr 2008 15:10:56 -0400 
Michael,

On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham 
<techie.micheal@gmail.com> wrote:

But, but, feet are tasty.



Uhhh ?


I can't believe people are commenting in here not knowing that FTP 
is
plaintext. Any infosec 101 book will tell you this. Along with 
telnet.


Most 'infosec 101' books also tell you buffer overflows, XSS and 
other such shit cause problems, yet people post that here all day.


Don't use them, use the secure alternatives, such as FTPS or SFTP
(which is indeed a subprocess of SSH, look at sshd.conf if you 
don't
believe me, nevermind that it was already covered) and SSH in 
place of
telnet. Those protocols are specifically meant to replace their
insecure counterparts.



You can't tell me what to do.


Here's a few references on this "discovery."

http://forum.filezilla-
project.org/viewtopic.php?f=2&t=5906&p=20285&hilit=xml+plaintext#p2
0285
http://forum.filezilla-
project.org/viewtopic.php?f=4&t=1328&p=4660&hilit=xml+plaintext#p46
60



http://www.bufferoverflow.com 
http://www.google.net
http://lololololol.info


If you don't want your passwords stored in this manner, remember 
your
passwords or use a password manager.



Stop telling me what to do. You are wrong anyway, suck my foot old 
man. 

J

--
Fly in style.  Click here for information on private jets.
http://tagline.hushmail.com/fc/Ioyw6h4eR3JbzP6haQwUcBJWOV4NawQKJfp6PNWZTthbNJpHNeION6/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele
Next by Date:  Re: [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Ureleet
Previous by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele
Indexes:  [Date] [Thread] [Top] [All Lists]