Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [jipe foo] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date: Wed, 23 Apr 2008 18:26:48 +0200 
2008/4/22 Joey Mengele <joey.mengele@hushmail.com>:

Valdis,


 On Mon, 21 Apr 2008 22:53:55 -0400 Valdis.Kletnieks@vt.edu wrote:
 >On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
 >
 >> So are you trying to suggest compression is not as secure as
 >> encryption? Have you even *read* the RFC in question?
 >
 >The design goal of most compression algorithms is that *anybody*
 >can take
 >the compressed data and get back the original.  The design goal of
 >most
 >encryption is that *only the intended recipient* can decrypt and
 >get the
 >original data back.
 >

 I think you have your terms mixed up, insert foot here LOLOL. And
 you didn't answer my question. Have you even *read* the RFC in
 question? And please, no "you must work at a fast food restaurant"
 cop outs this time.



Sorry for not joining this incredibly interesting conversation about
the ftp RFC ;-)
but the original post was about the security of the passwords on the support not
on the wire.

So Carl, as the default installation directory is %APPDATA%\FileZilla
and %APPDATA%
is likely to be a subdirectory of the user's %HOMEPATH% (only readable
by the corresponding
user himself), I would like to say... WTF ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code, Robert Buchholz
Next by Date:  Re: [Full-disclosure] Misquoted here on FD..., nnp
Previous by Thread:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele
Next by Thread:  [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Mark Crowther
Indexes:  [Date] [Thread] [Top] [All Lists]