| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Apr 2008 16:16:59 -0400 From: "Joey Mengele" <joey.mengele@...hmail.com> To: joey.mengele@...hmail.com, valdis.kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Valids, On Fri, 18 Apr 2008 16:10:41 -0400 Valdis.Kletnieks@...edu wrote: >On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said: >> I disagree, read the RFC. There are plenty of more secure FTP >> clients such as the OpenSSH.com groups proactive secure Secure >FTP >> (sftp) implementation of FTP. > >Right, except that SFTP isn't the RFC959 protocol that lives on >ports 20/21, >it's an entirely different protocol layered on top of the OpenSSH >on port 22. > >If you actually *do* "read the RFC", RFC959, section 4.1.1 says: > Then how do you explain the security offered by section 3.4.3 of RFC959? Or did you just skip over that... J -- Own your own business. Click here to start making money owning your own franchise. http://tagline.hushmail.com/fc/Ioyw6h4fPmWsA2fzSQ6klsvwitr5lyEN7uWRbhg5RUfeRgV7wM17Gg/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists