On Wed, Oct 13, 2010 at 2:33 PM, Mutiny <mut...@kevinbeardsucks.com> wrote: > The issue is that someone gained access to that file. You sharing your > drives over the internet with read privileges? You have other > vulnerable software being leveraged to read that file? Would you prefer > they MD5'd it? It sounds like your issue is that your password is > stored. I mean, they moved your encrypted password from passwd to > shadow for a reason, but that doesn't change the fact that it's stored > and if someone doesn't need access to shadow or passwd, they shouldn't > have it. > > Stop logging into your FTP server from a public terminal with Filezilla.
Rubbish. The passwords should be encoded so-as to avoid trivial searching. End of story. It takes 10 minutes to do from a development point of view, and there is no excuse. -- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
