Full Disclosure: Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

["jipe foo" <foojipe () gmail com>]

2008/4/22 Joey Mengele <joey.mengele () hushmail com>:
> Valdis,
>
>
>  On Mon, 21 Apr 2008 22:53:55 -0400 Valdis.Kletnieks () vt edu wrote:
>  >On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
>  >
>  >> So are you trying to suggest compression is not as secure as
>  >> encryption? Have you even *read* the RFC in question?
>  >
>  >The design goal of most compression algorithms is that *anybody*
>  >can take
>  >the compressed data and get back the original.  The design goal of
>  >most
>  >encryption is that *only the intended recipient* can decrypt and
>  >get the
>  >original data back.
>  >
>
>  I think you have your terms mixed up, insert foot here LOLOL. And
>  you didn't answer my question. Have you even *read* the RFC in
>  question? And please, no "you must work at a fast food restaurant"
>  cop outs this time.
Sorry for not joining this incredibly interesting conversation about
the ftp RFC ;-)
but the original post was about the security of the passwords on the support not
on the wire.

So Carl, as the default installation directory is %APPDATA%\FileZilla
and %APPDATA%
is likely to be a subdirectory of the user's %HOMEPATH% (only readable
by the corresponding
user himself), I would like to say... WTF ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/