Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
From: "Garrett M. Groff" <groffg () gmgdesign com>
Date: Tue, 22 Apr 2008 13:02:34 -0400


The topic write-ups for data compression and cryptography (go to that page 
in lieu of "encryption") are reasonably good. You can then branch to other 
sources for the sake of verification via cross referencing. That should help 
to elucidate the substantial difference between encrypting data and 
compressing data.

As far as Wikipedia being a scholarly source, I'd say that scholars will 
choose many sources, Wikipedia among them. Someone [citation needed!] once 
commented about Wikipedia that it has 10 times the information as an 
encyclopedia volume but with a 10% reduction in accuracy. Indeed, one would 
be wise to cross reference any information gleaned from Wikipedia that is to 
be used for anything more substantial than satisfying mere curiosity. But 
using Wikipedia as an initial resource doesn't seem like a bad idea to me.

Coming back to the topic at hand, I hope that this will wrap up your concern 
over the perceived weakness in FileZilla (which, as it turns out, is simply 
an innate weakness of using FTP).

- G

Thanks for the tip Groff, but the Wikipedia Project is not a
scholarly source. I have also read about certain attacks that allow
people to inject arbitrary information/misinformation into
Wikipedia Project articles. For now I will just stick to what I


Fly cheap!  Click here for great airfare deals.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]