Full Disclosure: Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

["Joey Mengele" <joey.mengele () hushmail com>]

Andrew,

On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer 
<andfarm () gmail com> wrote:
> On 21 Apr 08, at 12:43, Valdis.Kletnieks () vt edu wrote:
> > On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
> > > Exactly, I was talking about the RFC that supersedes that
> > > particular RFC.
> > 0959 File Transfer Protocol. J. Postel, J. Reynolds. October 
> 1985.
> >     (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by  
> > RFC2228,
> >     RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)
> There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", 
> which  
> might look superficially like encryption to the untrained eye.  
> However, it appears that most modern FTP clients (and many FTP  
> servers, in fact) don't support it. Also, it's not encrypted.
So are you trying to suggest compression is not as secure as 
encryption? Have you even *read* the RFC in question?

J

--
Fly cheap!  Click here for great airfare deals.
http://tagline.hushmail.com/fc/Ioyw6h4eRrBGYJ3UscagEYUIwguU1xscZkRVAR3AhaA2OI83ydDnAE/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/