| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Apr 2008 14:38:33 -0400 From: "Garrett M. Groff" <groffg@...design.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Sounds like your mind is made up. Good luck in your search for scholarly wisdom in this matter. - G ----- Original Message ----- From: "Joey Mengele" <joey.mengele@...hmail.com> To: <full-disclosure@...ts.grok.org.uk>; <groffg@...design.com> Sent: Tuesday, April 22, 2008 2:22 PM Subject: Re: [Full-disclosure] Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) > Groffg, > > On Tue, 22 Apr 2008 13:02:34 -0400 "Garrett M. Groff" > <groffg@...design.com> wrote: >>Joey, >> >>The topic write-ups for data compression and cryptography (go to >>that page >>in lieu of "encryption") are reasonably good. You can then branch >>to other >>sources for the sake of verification via cross referencing. That >>should help >>to elucidate the substantial difference between encrypting data >>and >>compressing data. >> > > Reasonably good? Says who? Chairman Mao? > >>As far as Wikipedia being a scholarly source, I'd say that >>scholars will >>choose many sources, Wikipedia among them. Someone [citation >>needed!] once >>commented about Wikipedia that it has 10 times the information as >>an >>encyclopedia volume but with a 10% reduction in accuracy. Indeed, >>one would >>be wise to cross reference any information gleaned from Wikipedia >>that is to >>be used for anything more substantial than satisfying mere >>curiosity. But >>using Wikipedia as an initial resource doesn't seem like a bad >>idea to me. >> > > To you? What is your credibility? > >>Coming back to the topic at hand, I hope that this will wrap up >>your concern >>over the perceived weakness in FileZilla (which, as it turns out, >>is simply >>an innate weakness of using FTP). >> > > > I disagree. The flaw that I have discovered still lies in the > FileZilla implementation of FTP. Until a SCHOLARLY source can > contradict my findings, I do not anticipate anyone on this list or > elsewhere swaying me. Thanks for your time but it is back to the > grill for me. > >>- G > > J > > -- > Click to see huge collection of discounted designer watches. > http://tagline.hushmail.com/fc/Ioyw6h4dibSq5yrXbPCWd043cVzPPIKkKOV8oABuXVAfxcVSTooof1/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists