On Du, 08 iul 12, 19:31:48, rjc wrote:
>
> I had been on this list [0] on and off for quite a while now and have
> noticed that certain individuals find it hard to simply "be wrong" [1]
> and will argue their case just to have "the final word".
>
> [0] in a minute I will be corrected that it is a
On Sun, 08 Jul 2012 20:09:41 +0200, Slavko wrote:
> Dňa Sun, 8 Jul 2012 16:10:27 + (UTC) Camaleón
> napísal:
(...)
>> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
>> happens is that it was updated to use starttls extension and the older
>> RFC was deprecated (but s
On Sun, 08 Jul 2012 19:48:44 +0200, Markus Schönhaber wrote:
> 08.07.2012 19:10, Camaleón:
>
>> On Sun, 08 Jul 2012 18:51:59 +0200, Markus Schönhaber wrote:
(...)
>>> For some definition of "purpose", maybe [1] Stating that 587/tcp was
>>> smtps is simply wrong, because it implies encryption on
On Sun, Jul 08, 2012 at 06:48:44PM BST, Markus Schönhaber wrote:
> Yeah.
> Your statement that 587/tcp was smtps is simply wrong. I just corrected
> your wrong statement - nothing more. Why you feel the need to go to a
> great length to convince someone (whoever that might be) that your wrong
> sta
Ahoj,
Dňa Sun, 8 Jul 2012 16:10:27 + (UTC) Camaleón
napísal:
> The "why" is not in your first message but in your second post:
>
> "if smtps is standardized, then why i see this:"
Oh, yes. My misunderstand, i am sorry.
> >> is not detailed in the RFC (because RFCs are not the place for lo
08.07.2012 19:10, Camaleón:
> On Sun, 08 Jul 2012 18:51:59 +0200, Markus Schönhaber wrote:
>
>> 08.07.2012 17:14, Camaleón:
>>
>>> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
>>>
08.07.2012 13:59, Camaleón:
> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587
On Sun, 08 Jul 2012 18:51:59 +0200, Markus Schönhaber wrote:
> 08.07.2012 17:14, Camaleón:
>
>> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
>>
>>> 08.07.2012 13:59, Camaleón:
>>>
While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use
of
>>>
>>> smtps was d
08.07.2012 17:14, Camaleón:
> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
>
>> 08.07.2012 13:59, Camaleón:
>>
>>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>>
>> smtps was defined as 465/tcp. 587/tcp is message submission which does
>> not provide enc
On Sun, 08 Jul 2012 13:36:32 -0300, Henrique de Moraes Holschuh wrote:
> On Sun, 08 Jul 2012, Camaleón wrote:
>> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
>
> Actually, at least on port 465, it is deprecated with prejudice as it
> has been assigned to something else.
On Sun, 08 Jul 2012, Camaleón wrote:
> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
Actually, at least on port 465, it is deprecated with prejudice as it has
been assigned to something else.
> happens is that it was updated to use starttls extension and the older
> RFC
Le Sun 8/07/2012, Henrique de Moraes Holschuh disait
>
> The same reasoning works for imap and imaps. Fortunately, nobody gave
> up on the 993/tcp imaps port, so it remains assigned to imaps by IANA.
> pop3s never had any starttls alternative, and 995/tcp remains assigned
> to pop3s.
STLS exten
On Sun, 08 Jul 2012, Markus Schönhaber wrote:
> 08.07.2012 13:59, Camaleón:
> > While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>
> smtps was defined as 465/tcp. 587/tcp is message submission which does
> not provide encryption on the transport layer.
Yeah, and 465/tcp use
On Sun, 08 Jul 2012 17:56:21 +0200, Slavko wrote:
> Dňa Sun, 8 Jul 2012 15:33:17 + (UTC) Camaleón
> napísal:
>
>> What Wikipedia explains (and you asked "why") about the "smtps"
>> standard
>
> Reread my initial mail, please. I don't ask "why" in it, but my english
> is poor, then perhaps i
Hi,
Dňa Sun, 8 Jul 2012 15:33:17 + (UTC) Camaleón
napísal:
> What Wikipedia explains (and you asked "why") about the "smtps" standard
Reread my initial mail, please. I don't ask "why" in it, but my english is
poor, then perhaps i wrote it in wrong manner.
> is not detailed in the RFC (bec
On Sun, 08 Jul 2012 17:22:35 +0200, Slavko wrote:
> Dňa Sun, 8 Jul 2012 15:02:11 + (UTC) Camaleón
> napísal:
>
>> > can you please tell me the RFC about SMTPS?
>>
>> http://en.wikipedia.org/wiki/SMTPS
>>
>>
> I never know, that internet standards are controlled by wikipedia. It is
> great
Ahoj,
Dňa Sun, 8 Jul 2012 15:02:11 + (UTC) Camaleón
napísal:
> > can you please tell me the RFC about SMTPS?
>
> http://en.wikipedia.org/wiki/SMTPS
>
I never know, that internet standards are controlled by wikipedia. It is
great, now anybody can create the own standard and nobody need the
On 08/07/12 17:14, Camaleón wrote:
> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
>
>> 08.07.2012 13:59, Camaleón:
>>
>>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>> smtps was defined as 465/tcp. 587/tcp is message submission which does
>> not provide e
On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
> 08.07.2012 13:59, Camaleón:
>
>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>
> smtps was defined as 465/tcp. 587/tcp is message submission which does
> not provide encryption on the transport layer.
They
On Sun, 08 Jul 2012 16:36:20 +0200, Slavko wrote:
> Dňa Sun, 8 Jul 2012 11:59:50 + (UTC) Camaleón
> napísal:
>
>> > By mi search, the standard is SMTP + STARTTLS and not SSL + SMTP.
>
>> There are different implementations, all of them standarized:
>>
>> While imaps (tcp/993), pop3s (tcp/9
08.07.2012 13:59, Camaleón:
> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
smtps was defined as 465/tcp. 587/tcp is message submission which does
not provide encryption on the transport layer.
--
Regards
mks
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.d
Ahoj,
Dňa Sun, 8 Jul 2012 11:59:50 + (UTC) Camaleón
napísal:
> > By mi search, the standard is SMTP + STARTTLS and not SSL + SMTP.
> There are different implementations, all of them standarized:
>
> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
> specific computer
On Sun, 08 Jul 2012 08:55:15 +0200, Slavko wrote:
> Dňa Sun, 8 Jul 2012 00:04:33 -0400 Celejar napísal:
>
>> > I use POP3, smtp *and* SSL. They are not mutually exclusive!!
>>
>> Of course not - SSL just encapsulates the POP3 and SMTP protocols.
>
> on this point i have one question. What abo
Hi,
Dňa Sun, 8 Jul 2012 00:04:33 -0400 Celejar napísal:
> > I use POP3, smtp *and* SSL. They are not mutually exclusive!!
>
> Of course not - SSL just encapsulates the POP3 and SMTP protocols.
on this point i have one question. What about standards in SMTP &
SSL? By mi search, the standard is
On Sat, 7 Jul 2012 21:27:38 +0100
Lisi wrote:
> On Monday 02 July 2012 00:08:52 Celejar wrote:
> > On Fri, 29 Jun 2012 15:13:13 + (UTC)
> >
> > Camaleón wrote:
> > > Anyway, aren't most of us still using plain pop3 and smtp connections
> > > with no message encryption at all? Who are we blam
On Monday 02 July 2012 00:08:52 Celejar wrote:
> On Fri, 29 Jun 2012 15:13:13 + (UTC)
>
> Camaleón wrote:
> > Anyway, aren't most of us still using plain pop3 and smtp connections
> > with no message encryption at all? Who are we blaming? >;-)
>
> We are? I can't speak for anyone else, but all
On Sun, 01 Jul 2012 19:08:52 -0400, Celejar wrote:
> On Fri, 29 Jun 2012 15:13:13 + (UTC) Camaleón
> wrote:
>
>> Anyway, aren't most of us still using plain pop3 and smtp connections
>> with no message encryption at all? Who are we blaming? >;-)
>
> We are? I can't speak for anyone else, bu
I am one of those guilty parties still using the no encryption setting.
Celejar wrote:
>On Fri, 29 Jun 2012 15:13:13 + (UTC)
>Camaleón wrote:
>
>> Anyway, aren't most of us still using plain pop3 and smtp connections
>> with no message encryption at all? Who are we blaming? >;-)
>
>We are?
On Fri, 29 Jun 2012 15:13:13 + (UTC)
Camaleón wrote:
> Anyway, aren't most of us still using plain pop3 and smtp connections
> with no message encryption at all? Who are we blaming? >;-)
We are? I can't speak for anyone else, but all my mail accounts (I
use Gmail and Lavabit) use SSL (ports
On Sat, 30 Jun 2012 13:46:30 +0200, Claudius Hubig wrote:
> Hello Camaleón,
>
> Camaleón wrote:
>> On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote:
>> > I like how MacOS handle this, nearly every application designed for
>> > MacOS is using the built in Keychain. Of course, if the keychain
Hello Camaleón,
Camaleón wrote:
> On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote:
> > I like how MacOS handle this, nearly every application designed for
> > MacOS is using the built in Keychain. Of course, if the keychain tool
> > isn't secure this is a big problem.
>
> That's similar to
On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote:
> Camaleón schrieb:
>
and hey, it's open source! You can hire a programmer, make a fork
("FileZilla-S" for secure) and add all the enhancements you want ;-
>>> Forking a program for a single little feature doesn't make a lot of
>>> s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Camaleón schrieb:
>>> and hey, it's open source! You can hire a programmer, make a
>>> fork ("FileZilla-S" for secure) and add all the enhancements you
>>> want ;-
>> Forking a program for a single little feature doesn't make a lot
>> of sense to me.
On Fri, 29 Jun 2012 21:03:58 +0200, Denis Witt wrote:
(...)
>> and hey, it's open source! You can hire a programmer, make a fork
>> ("FileZilla-S" for secure) and add all the enhancements you want ;-
>
> Forking a program for a single little feature doesn't make a lot of
> sense to me.
If you
On 29/06/12 21:28, Denis Witt wrote:
On 29.06.2012 03:16, Richard Hector wrote:
> If your account is hosed, well, go to their second argument: "2.
> don't get the malware in the first place" ;-)
Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
brakes please. I don't need them
On 30/06/12 02:02, Lisi wrote:
On Friday 29 June 2012 10:28:11 Denis Witt wrote:
I have brakes and drive safely, so an airbag
isn't essential.
And do all the speed louts see you coming and say: "We mustn't overtake on
this blind corner. The driver coming towards me on what is now the same s
On Vi, 29 iun 12, 18:13:11, Denis Witt wrote:
>
> Anyway I think we're going pretty much offtopic. My point is that it
> would be a nice feature for FZ (and other tools) to store passwords
> more secure. And I don't like the attitude of the developers saying
> that it's not their problem if someon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
damn, why can't postbox answer to the list instead of the posters email?
Camaleón schrieb:
> Yes, they can as well as they can also encrypt the current user
> settings from the XML file but they don't want to. Period and full
> stop.
True. Sad, but
On Fri, 29 Jun 2012 18:13:11 +0200, Denis Witt wrote:
> On 29.06.2012 17:13, Camaleón wrote:
>
>>> The point is that software can't be 100% secure. So when possible it
>>> is a good idea to have more than one security layer.
>
>> Even if that extra layer is of no help because you leave your comp
On 29/06/12 17:22, Denis Witt wrote:
> And afterwards I have to unmount the device. This might work rather fine
> on a Linux system but on Windows (and FZ is available for Windows)...
I believe the same thing might be achieved on Windows, using TrueCrypt.
--
Steve Dowe
Warp Universal Limited
ht
On 29.06.2012 17:38, Steve Dowe wrote:
At the same time, with all this talk of passwords stored as plain text
etc, it's not a great hurdle to set up a local, encrypted loopback
device that mounts in your local file system. You could even mount it
at ~/.filezilla, and then run up FZ for the firs
On 29.06.2012 17:13, Camaleón wrote:
The point is that software can't be 100% secure. So when possible it is
a good idea to have more than one security layer.
Even if that extra layer is of no help because you leave your computer
open and accessible to anyone? Then you're wasting your time an
On 29/06/12 16:25, Denis Witt wrote:
> This might not be bulletproof but it gave you some time to detect that
> your machine was compromised and change your passwords.
Maybe not, but what is? :)
At the same time, with all this talk of passwords stored as plain text
etc, it's not a great hurdle t
On 29.06.2012 17:13, Steve Dowe wrote:
Obviously, for FZ, you need two-way encryption/decryption.
But this is also no problem, just create a Master-Password and use
encryption based on that.
If you start FileZilla you have to enter the Master-Password and then
you can connect to all availa
On 29/06/12 15:36, Roger B.A. Klorese wrote:
> My root credentials for my local machine aren't stored in plaintext.
> And if the local machine is compromised, the critical threat is its
> use as a zombie, not any info that's on it. There simply isn't any
> confidential data.
But the reason for tha
On Fri, 29 Jun 2012 16:44:29 +0200, Denis Witt wrote:
> On 29.06.2012 15:56, Camaleón wrote:
>
>>> The ONLY reason why Linux based systems hasn't got such a problem with
>>> malware is that there are not enough Desktop machines to make this a
>>> good target. Often enough there are security holes
On Fri, 29 Jun 2012 15:36:16 +0100, Roger B.A. Klorese wrote:
> On Jun 29, 2012, at 3:19 PM, Camaleón wrote:
>
>> On Fri, 29 Jun 2012 07:00:33 -0700, Roger B.A. Klorese wrote:
>>
>>> On 6/29/12 6:56 AM, Camaleón wrote:
Should my Debian system becomes cracked or infected by any kind of
On 29.06.2012 15:56, Camaleón wrote:
The ONLY reason why Linux based systems hasn't got such a problem with
malware is that there are not enough Desktop machines to make this a
good target. Often enough there are security holes which allow you to
take control over the entire machine. And that's
My root credentials for my local machine aren't stored in plaintext. And if the
local machine is compromised, the critical threat is its use as a zombie, not
any info that's on it. There simply isn't any confidential data.
Sent from my iPhone
On Jun 29, 2012, at 3:19 PM, Camaleón wrote:
> On
On Fri, 29 Jun 2012 07:00:33 -0700, Roger B.A. Klorese wrote:
> On 6/29/12 6:56 AM, Camaleón wrote:
>> Should my Debian system becomes cracked or infected by any kind of
>> treat I would worry more about my usual files and not the settings for
>> Filezilla. I mean, nothing new here, security is a
On Friday 29 June 2012 10:28:11 Denis Witt wrote:
> I have brakes and drive safely, so an airbag
>
> > isn't essential.
And do all the speed louts see you coming and say: "We mustn't overtake on
this blind corner. The driver coming towards me on what is now the same side
of the road as I am on
On 6/29/12 6:56 AM, Camaleón wrote:
Should my Debian system becomes cracked or infected by any kind of
treat I would worry more about my usual files and not the settings for
Filezilla. I mean, nothing new here, security is a "multi-edged" sword.
Really? I'm far more concerned about my credent
On Fri, 29 Jun 2012 01:26:08 +0200, Denis Witt wrote:
>> If your account is hosed, well, go to their second argument: "2. don't
>> get the malware in the first place" ;-)
>
> Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
> brakes please. I don't need them anymore.
- The engi
The posts about how there are other risks from malware and keyloggers
is true enough. I never claimed that avoiding filezilla would make the Windows
system secure. But if you have your doors and windows open, and want
to reduce the chance of theft, then I'd say filezilla is like a patio
door wide
On 06/27/2012 09:26 PM, francis picabia wrote:
> I've just learned Filezilla is a security risk. It stores saved
> passwords and the last used password in a plain text file.
>
> Malware commonly scoops up this info and hacks web sites
> or shell accounts.
>
> The developer refuses to incorporate
On 29.06.2012 03:16, Richard Hector wrote:
> If your account is hosed, well, go to their second argument: "2.
> don't get the malware in the first place" ;-)
Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
brakes please. I don't need them anymore.
That's the wrong way ro
On Vi, 29 iun 12, 13:16:25, Richard Hector wrote:
> On 29/06/12 11:26, Denis Witt wrote:
> >>> If your account is hosed, well, go to their second argument: "2.
> >>> don't get the malware in the first place" ;-)
> >Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
> >brakes pleas
On Thu, Jun 28, 2012 at 04:24:43PM -0300, francis picabia wrote:
> On Thu, Jun 28, 2012 at 12:35 PM, Shane Johnson
> wrote:
>
> >
> > Please remember that FTP by nature is insecure. All it would take is
> > for someone to packet sniff the connection and they would have the
> > user name and pass
On Thu, Jun 28, 2012 at 10:03:19AM +0200, Claudius Hubig wrote:
> Hello francis,
>
> francis picabia wrote:
> > On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
> > wrote:
> > > On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
> > >> I've just learned Filezilla is a security risk. It stores sa
On 29/06/12 11:26, Denis Witt wrote:
> If your account is hosed, well, go to their second argument: "2.
> don't get the malware in the first place" ;-)
Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
brakes please. I don't need them anymore.
That's the wrong way round. I h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> If your account is hosed, well, go to their second argument: "2.
> don't get the malware in the first place" ;-)
Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
brakes please. I don't need them anymore.
The ONLY reason why Linux
On Thu, 28 Jun 2012 20:48:27 +0200, Stanisław Findeisen wrote:
> On 2012-06-28 16:45, Camaleón wrote:
>>> 1. encryption: that's the file system's job
>>
>> True.
>
> Hm? You mean partition encryption?
What? :-?
> It won't help much if the malware is running with file owner's uid... or
> even
On Thu, Jun 28, 2012 at 12:35 PM, Shane Johnson
wrote:
>
> Please remember that FTP by nature is insecure. All it would take is
> for someone to packet sniff the connection and they would have the
> user name and password to the account as they are transmitted in plain
> text.
Yes, this is all
On 2012-06-28 16:45, Camaleón wrote:
>> 1. encryption: that's the file system's job
>
> True.
Hm? You mean partition encryption?
It won't help much if the malware is running with file owner's uid... or
even if the system is booted at all (if you e.g. encrypt just /home).
--
http://people.eise
On Wed, Jun 27, 2012 at 08:58:39PM -0300, francis picabia wrote:
> On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
> wrote:
> > On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
> >> I've just learned Filezilla is a security risk. It stores saved
> >> passwords and the last used password in a pl
On Thu, Jun 28, 2012 at 9:13 AM, francis picabia wrote:
> On Thu, Jun 28, 2012 at 5:37 AM, Andrei POPESCU
> wrote:
>> On Mi, 27 iun 12, 20:58:39, francis picabia wrote:
>>>
>>> We have to do what ever possible to reduce the size of the target to
>>> the hacker. In this case we advise users to u
On Thu, Jun 28, 2012 at 5:37 AM, Andrei POPESCU
wrote:
> On Mi, 27 iun 12, 20:58:39, francis picabia wrote:
>>
>> We have to do what ever possible to reduce the size of the target to
>> the hacker. In this case we advise users to uninstall Filezilla
>> and use something else. Not all Windows us
On 2012-06-27, francis picabia wrote:
> I've just learned Filezilla is a security risk. It stores saved
> passwords and the last used password in a plain text file.
>
There's an interesting (well, for arbitrary definitions of the word
interesting) discussion of the "problem" here:
http://unshar
On Thu, Jun 28, 2012 at 5:03 AM, Claudius Hubig wrote:
> Your users, your _Windows_ users, are certainly your problem and not
> one that should be discussed on the debian-user ML.
I have a Debian system I administer that was compromised this way.
If the hacker uses two mirrors and shaving cream
On Wed, 27 Jun 2012 16:26:48 -0300, francis picabia wrote:
> I've just learned Filezilla is a security risk. It stores saved
> passwords and the last used password in a plain text file.
In Mutt, for instance, you can face the same situation.
> Malware commonly scoops up this info and hacks web
On Mi, 27 iun 12, 20:58:39, francis picabia wrote:
>
> We have to do what ever possible to reduce the size of the target to
> the hacker. In this case we advise users to uninstall Filezilla
> and use something else. Not all Windows users of FTP tools are IT savvy.
> They need warnings and guida
Hello francis,
francis picabia wrote:
> On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
> wrote:
> > On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
> >> I've just learned Filezilla is a security risk. It stores saved
> >> passwords and the last used password in a plain text file.
> >
> > As
On 06/27/2012 04:58 PM, francis picabia wrote:
On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
wrote:
On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
I've just learned Filezilla is a security risk. It stores saved
passwords and the last used password in a plain text file.
As do many oth
On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
wrote:
> On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
>> I've just learned Filezilla is a security risk. It stores saved
>> passwords and the last used password in a plain text file.
>
> As do many other programs.
Huh. None that I run. Perh
On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
> I've just learned Filezilla is a security risk. It stores saved
> passwords and the last used password in a plain text file.
As do many other programs.
> Malware commonly scoops up this info and hacks web sites
> or shell accounts.
Sure.
> T
I've just learned Filezilla is a security risk. It stores saved
passwords and the last used password in a plain text file.
Malware commonly scoops up this info and hacks web sites
or shell accounts.
The developer refuses to incorporate a solution
such as master password and encryption into filez
75 matches
Mail list logo
