lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Oct 2010 01:24:27 +0200 From: Adnan Vatandas <adnan.vatandas@...glemail.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Filezilla's silent caching of user's credentials > Stop logging into your FTP server from a public terminal with Filezilla. It's about a program insecurely and permanently storing user credentials without informing the user about this - in many cases certainly uncalled - behaviour. This issue is not about public terminals or users uploading their backup files to indexed, publicly readable web shares. Argumenting that the issue was about "someone gaining access to the file" is not valid. There's code in a program silently writing highly sensitive information to places where they are not wanted and not expected by most users - proven by all the recentservers.xml files on Google. -- Adnan Vatandas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists