lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 21 Apr 2008 15:46:42 -0400
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: joey.mengele@...hmail.com, valdis.kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Security issue in Filezilla
	3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis,

On Mon, 21 Apr 2008 15:43:57 -0400 Valdis.Kletnieks@...edu wrote:
>On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>
>> Exactly, I was talking about the RFC that supersedes that 
>> particular RFC. 
>
>0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
>     (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by 
>RFC2228,
>     RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)
>
>RFC2228 is in fact about a security extension to FTP - 
>unfortunately, section
>4 of it does not have any subsections, so there is no 4.4.3.
>
>RFC2640 is about internationalization of FTP, and has sections 
>4.3, 4.3.1,
>and then 5.  No 4.4.3 to be found.
>
>RFC2773 is about encryption using SKIPJACK, but it goes from 4.0 
>to 5.0
>with no intervening 4.4.3.
>
>RFC3659 is about FTP extensions, but unfortunately section 4 is 
>about the
>SIZE extension, and has a 4.4 but no 4.4.3 subsection.
>
>So which RFC were you talking about?
>

I don't have time to hold your hand through this, some of us have 
jobs to do other than posting RFC titles on Internet mailing lists.

>
>Hint: When you find you've dug yourself into a hole, it's usually 
>not a
>good idea to keep digging...
>

I think you have demonstrated this for everyone. Perhaps now we can 
close this thread. Or do you intend to continue your hijack?

J

--
Ultimate Travel Deals - Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dxvWYxGQfH96r7mHhCR9sgijPQtjXzxNBRhQp6ErubcppyA/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ