lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 22 Apr 2008 13:02:34 -0400
From: "Garrett M. Groff" <groffg@...design.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Security issue in
	Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Joey,

The topic write-ups for data compression and cryptography (go to that page 
in lieu of "encryption") are reasonably good. You can then branch to other 
sources for the sake of verification via cross referencing. That should help 
to elucidate the substantial difference between encrypting data and 
compressing data.

As far as Wikipedia being a scholarly source, I'd say that scholars will 
choose many sources, Wikipedia among them. Someone [citation needed!] once 
commented about Wikipedia that it has 10 times the information as an 
encyclopedia volume but with a 10% reduction in accuracy. Indeed, one would 
be wise to cross reference any information gleaned from Wikipedia that is to 
be used for anything more substantial than satisfying mere curiosity. But 
using Wikipedia as an initial resource doesn't seem like a bad idea to me.

Coming back to the topic at hand, I hope that this will wrap up your concern 
over the perceived weakness in FileZilla (which, as it turns out, is simply 
an innate weakness of using FTP).

- G


> Thanks for the tip Groff, but the Wikipedia Project is not a
> scholarly source. I have also read about certain attacks that allow
> people to inject arbitrary information/misinformation into
> Wikipedia Project articles. For now I will just stick to what I
> know.
>
> J
>
> --
> Fly cheap!  Click here for great airfare deals.
> http://tagline.hushmail.com/fc/Ioyw6h4eRrA50U2fvNhLtC1Rqe4Bmk17c1z8vswAT20A3fo1ei0Ah5/
>
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ