Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

[EMAIL PROTECTED] schrieb: On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said: So are you trying to suggest compression is not as secure as encryption? Have you even *read* the RFC in question? The design goal of most compression algorithms is that *anybody* can take the compressed data

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

2008/4/22 Joey Mengele [EMAIL PROTECTED]: Valdis, On Mon, 21 Apr 2008 22:53:55 -0400 [EMAIL PROTECTED] wrote: On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said: So are you trying to suggest compression is not as secure as encryption? Have you even *read* the RFC in question?

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis, On Mon, 21 Apr 2008 22:53:55 -0400 [EMAIL PROTECTED] wrote: On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said: So are you trying to suggest compression is not as secure as encryption? Have you even *read* the RFC in question? The design goal of most compression algorithms is that

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

But, but, feet are tasty. I can't believe people are commenting in here not knowing that FTP is plaintext. Any infosec 101 book will tell you this. Along with telnet. Don't use them, use the secure alternatives, such as FTPS or SFTP (which is indeed a subprocess of SSH, look at sshd.conf if you

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis, On Mon, 21 Apr 2008 12:57:12 -0400 [EMAIL PROTECTED] wrote: On Mon, 21 Apr 2008 12:04:41 EDT, Joey Mengele said: I think you are mistaken. Perhaps you have an outdated version of the document in question? No, it is you that is sadly mistaken. IETF RFCs are not versioned. If

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Michael, On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham [EMAIL PROTECTED] wrote: But, but, feet are tasty. Uhhh ? I can't believe people are commenting in here not knowing that FTP is plaintext. Any infosec 101 book will tell you this. Along with telnet. Most 'infosec 101' books

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Micheal Cottingham [EMAIL PROTECTED] wrote: techie.michael .. enough said, go back to geek squad and stay off the list ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said: Exactly, I was talking about the RFC that supersedes that particular RFC. 0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985. (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228, RFC2640, RFC2773,

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis, On Mon, 21 Apr 2008 15:43:57 -0400 [EMAIL PROTECTED] wrote: On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said: Exactly, I was talking about the RFC that supersedes that particular RFC. 0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985. (Format: TXT=147316

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

On Mon, 21 Apr 2008 15:46:42 EDT, Joey Mengele said: I don't have time to hold your hand through this, Otherwise known as you're trying to weasel your way out of having to admit that you didn't have a clue what you were talking about. some of

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

On Mon, 21 Apr 2008 14:21:21 PDT, Andrew Farmer said: There is a 3.4.3 in RFC 959 which discusses a COMPRESSED MODE, which might look superficially like encryption to the untrained eye. You obviously tuned in late. ;) When 3.4.3 was pointed out to Joey, he claimed he meant 4.4.3, and

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Funny. Except I never worked for Geek Squad. Nor do I want to. And I'll stay on this list if I so choose, ktnxbai. On Mon, Apr 21, 2008 at 3:25 PM, reepex [EMAIL PROTECTED] wrote: Micheal Cottingham [EMAIL PROTECTED] wrote: techie.michael .. enough said, go back to geek squad and stay off the

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Andrew, On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer [EMAIL PROTECTED] wrote: On 21 Apr 08, at 12:43, [EMAIL PROTECTED] wrote: On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said: Exactly, I was talking about the RFC that supersedes that particular RFC. 0959 File Transfer Protocol. J.

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said: So are you trying to suggest compression is not as secure as encryption? Have you even *read* the RFC in question? The design goal of most compression algorithms is that *anybody* can take the compressed data and get back the original. The

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis, On Fri, 18 Apr 2008 16:24:13 -0400 [EMAIL PROTECTED] wrote: 3.4.3. COMPRESSED MODE There are three kinds of information to be sent: regular data, sent