> Stop logging into your FTP server from a public terminal with Filezilla.
It's about a program insecurely and permanently storing user credentials without informing the user about this - in many cases certainly uncalled - behaviour. This issue is not about public terminals or users uploading their backup files to indexed, publicly readable web shares. Argumenting that the issue was about "someone gaining access to the file" is not valid. There's code in a program silently writing highly sensitive information to places where they are not wanted and not expected by most users - proven by all the recentservers.xml files on Google. -- Adnan Vatandas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
