| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080422023153.3C8F411803C@mailserver5.hushmail.com> Date: Mon, 21 Apr 2008 22:31:53 -0400 From: "Joey Mengele" <joey.mengele@...hmail.com> To: valdis.kletnieks@...edu, andfarm@...il.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Andrew, On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer <andfarm@...il.com> wrote: >On 21 Apr 08, at 12:43, Valdis.Kletnieks@...edu wrote: >> On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said: >>> Exactly, I was talking about the RFC that supersedes that >>> particular RFC. >> >> 0959 File Transfer Protocol. J. Postel, J. Reynolds. October >1985. >> (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by >> RFC2228, >> RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD) > >There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", >which >might look superficially like encryption to the untrained eye. >However, it appears that most modern FTP clients (and many FTP >servers, in fact) don't support it. Also, it's not encrypted. > So are you trying to suggest compression is not as secure as encryption? Have you even *read* the RFC in question? J -- Fly cheap! Click here for great airfare deals. http://tagline.hushmail.com/fc/Ioyw6h4eRrBGYJ3UscagEYUIwguU1xscZkRVAR3AhaA2OI83ydDnAE/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists