Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [Joey Mengele] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date: Mon, 21 Apr 2008 22:31:53 -0400 
Andrew,

On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer 
<andfarm@gmail.com> wrote:

On 21 Apr 08, at 12:43, Valdis.Kletnieks@vt.edu wrote:

On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:

Exactly, I was talking about the RFC that supersedes that
particular RFC.


0959 File Transfer Protocol. J. Postel, J. Reynolds. October 

1985.

    (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by  
RFC2228,
    RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)


There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", 
which  
might look superficially like encryption to the untrained eye.  
However, it appears that most modern FTP clients (and many FTP  
servers, in fact) don't support it. Also, it's not encrypted.



So are you trying to suggest compression is not as secure as 
encryption? Have you even *read* the RFC in question?

J

--
Fly cheap!  Click here for great airfare deals.
http://tagline.hushmail.com/fc/Ioyw6h4eRrBGYJ3UscagEYUIwguU1xscZkRVAR3AhaA2OI83ydDnAE/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] [DoS] Firefox 3 beta 5 on Ubuntu 7.10 (hangs the OS), Not Shadowgamers
Next by Date:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Previous by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]