lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Apr 2008 15:10:56 -0400 From: "Joey Mengele" <joey.mengele@...hmail.com> To: full-disclosure@...ts.grok.org.uk, techie.micheal@...il.com Subject: Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Michael, On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham <techie.micheal@...il.com> wrote: >But, but, feet are tasty. > Uhhh ? >I can't believe people are commenting in here not knowing that FTP >is >plaintext. Any infosec 101 book will tell you this. Along with >telnet. Most 'infosec 101' books also tell you buffer overflows, XSS and other such shit cause problems, yet people post that here all day. >Don't use them, use the secure alternatives, such as FTPS or SFTP >(which is indeed a subprocess of SSH, look at sshd.conf if you >don't >believe me, nevermind that it was already covered) and SSH in >place of >telnet. Those protocols are specifically meant to replace their >insecure counterparts. > You can't tell me what to do. >Here's a few references on this "discovery." > >http://forum.filezilla- >project.org/viewtopic.php?f=2&t=5906&p=20285&hilit=xml+plaintext#p2 >0285 >http://forum.filezilla- >project.org/viewtopic.php?f=4&t=1328&p=4660&hilit=xml+plaintext#p46 >60 > http://www.bufferoverflow.com http://www.google.net http://lololololol.info >If you don't want your passwords stored in this manner, remember >your >passwords or use a password manager. > Stop telling me what to do. You are wrong anyway, suck my foot old man. J -- Fly in style. Click here for information on private jets. http://tagline.hushmail.com/fc/Ioyw6h4eR3JbzP6haQwUcBJWOV4NawQKJfp6PNWZTthbNJpHNeION6/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists