| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimdBL9esPH9XRrUUbkqW7fWX_QnUf_1ZKLmmzAo@mail.gmail.com>
Date: Thu, 14 Oct 2010 10:20:30 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: michaelslists@...il.com
Cc: full-disclosure@...ts.grok.org.uk, Mutiny <mutiny@...inbeardsucks.com>
Subject: Re: Filezilla's silent caching of user's
credentials
> I'm not quite sure I grasp your 'red district' example, perhaps it's a
difference in national slang?
It's no use the criminal is handcuffed if he's not locked up in jail (or on
the way to one) - it's a matter of time for him/her sawing/picking them off.
> I also think that a flame war might be brewing
The objective was to get people like you and Evans to think about it. I
don't care if people like silky
just won't hear any reason, opinion or whatever, on the matter. Ever since
he wrote "there's no discussion", I realized he's a lost case.
----
> exactly how wrong their thought processes are. My post was meant to
> encourage the reader to actually try and re-evalue his position own
> his own and try a little bit of self-education on the matter.
That's some nice encouragement. Kind of reminds me of Windows XP's
connection troubleshooter;
"Please visit the interwebz and we'll help you connect to the internet."
Just because you signed up on FD and have a fancy blog doesn't mean you're
any better.
Really.
I wonder how many under-paid chinese hackers even own a wordpress account -
and we know how they seem to find 0days which we don't find with our fancy
tools.
> the issue.The game now (or at least here, on this list) is to try and
> steer people away from FileZilla if it doesn't change. Anyones opinion
And that is my point exactly. While I'm shouting out loud, let me ask a
question:
How many FD readers are dumb enough to share their harddisks with the world?
None? So what is the problem in using FileZilla personally? I mean, anyone
which
takes security seriously, would be encrypting their drive in the first
place.
On Thu, Oct 14, 2010 at 10:07 AM, silky <michaelslists@...il.com> wrote:
> On Thu, Oct 14, 2010 at 6:51 PM, Chris Evans <scarybeasts@...il.com>
> wrote:
>
> [...]
>
> >> Sorry, but your comments are totally useless here and can't even
> >> really be addressed properly, given their quite ridiculous nature.
> >
> > Well done on behaving in a gentlemanly manner and winning people over
> with
> > your in-depth technical arguments.
>
> Just because someone has managed to sign up to full disclosure and
> send an email doesn't entitle them to have an email from me explaining
> exactly how wrong their thought processes are. My post was meant to
> encourage the reader to actually try and re-evalue his position own
> his own and try a little bit of self-education on the matter.
>
> Like I said to the other guy, I really don't care if you understand
> the issue.The game now (or at least here, on this list) is to try and
> steer people away from FileZilla if it doesn't change. Anyones opinion
> other than the developer on the issue of the nature of stored
> passwords on a local machine is meaningless. If their position is
> *influenced* by yours, then I will comment, otherwise, I don't see the
> point.
>
> --
> silky
>
> http://dnoondt.wordpress.com/
>
> "Every morning when I wake up, I experience an exquisite joy — the joy
> of being this signature."
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists