Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

From: "Garrett M. Groff" <groffg@xxxxxxxxxxxxx>
Date: Fri, 18 Apr 2008 16:58:07 -0400

Joey, are you certain that you're looking at RFC 959? There is no 4.3.3
section in RFC 959.

- G

----- Original Message -----
From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
To: <joey.mengele@xxxxxxxxxxxx>; <valdis.kletnieks@xxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Friday, April 18, 2008 4:26 PM
Subject: Re: [Full-disclosure] Security issue in Filezilla
3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

Valdis,

On Fri, 18 Apr 2008 16:24:13 -0400 Valdis.Kletnieks@xxxxxx wrote:

3.4.3. COMPRESSED MODE

There are three kinds of information to be sent: regular
data,
sent in a byte string; compressed data, consisting of
replications or filler; and control information, sent in
a
two-byte escape sequence. If n>0 bytes (up to 127) of
regular
data are sent, these n bytes are preceded by a byte with
the
left-most bit set to 0 and the right-most 7 bits
containing the
number n.

If you think run-length-encoding compression is security, you're
even less
clued than I thought.

My mistake, I meant 4.3.3.

J

--
Click here for the latest quotes on bankruptcy refinancing!
http://tagline.hushmail.com/fc/Ioyw6h4fRnroSLsvHrCYtJ9JDLtdNw4IP7N4gbgWgeI5CYmB23TeUw/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
  - From: Joey Mengele

Prev by Date: Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
Next by Date: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries
Previous by thread: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
Next by thread: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] What the f*** is going on?
... Web app security is beginners' security -- surely everyone knows that? ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] What the f*** is going on?
... Web app security is beginners' security -- surely everyone knows that? ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Maybe I should give a nlon-flaming answer Re: [Full-disclosure] Looking for a job in Orang
... Well if you are in California there is General Assitance and couch surfing until you find a job. ... My boss at the time gave me an advance and took me shopping and bought me clothes.;) I never could understgand the clothes thing, but I didn't understand the security holes in much of the stuff at the time and how tgo fix them. ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - ...
(Full-Disclosure)
Re: [Full-disclosure] AntiAntiSec / Endgame
... They think that by spreading "fear" exploits and other security ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)