Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date: Mon, 21 Apr 2008 15:43:57 -0400 
On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:


Exactly, I was talking about the RFC that supersedes that 
particular RFC. 


0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
     (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228,
     RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)

RFC2228 is in fact about a security extension to FTP - unfortunately, section
4 of it does not have any subsections, so there is no 4.4.3.

RFC2640 is about internationalization of FTP, and has sections 4.3, 4.3.1,
and then 5.  No 4.4.3 to be found.

RFC2773 is about encryption using SKIPJACK, but it goes from 4.0 to 5.0
with no intervening 4.4.3.

RFC3659 is about FTP extensions, but unfortunately section 4 is about the
SIZE extension, and has a 4.4 but no 4.4.3 subsection.

So which RFC were you talking about?

Hint: When you find you've dug yourself into a hole, it's usually not a
good idea to keep digging...

Attachment: pgpEcVis8uVgU.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Ureleet
Next by Date:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele
Previous by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele
Next by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Andrew Farmer
Indexes:  [Date] [Thread] [Top] [All Lists]