Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)



Joey, are you certain that you're looking at RFC 959? There is no 4.3.3
section in RFC 959.

- G


----- Original Message -----
From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
To: <joey.mengele@xxxxxxxxxxxx>; <valdis.kletnieks@xxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Friday, April 18, 2008 4:26 PM
Subject: Re: [Full-disclosure] Security issue in Filezilla
3.0.9.2:passwordsare stored in plain text (sitemanager.xml)


Valdis,

On Fri, 18 Apr 2008 16:24:13 -0400 Valdis.Kletnieks@xxxxxx wrote:

3.4.3. COMPRESSED MODE

There are three kinds of information to be sent: regular
data,
sent in a byte string; compressed data, consisting of
replications or filler; and control information, sent in
a
two-byte escape sequence. If n>0 bytes (up to 127) of
regular
data are sent, these n bytes are preceded by a byte with
the
left-most bit set to 0 and the right-most 7 bits
containing the
number n.

If you think run-length-encoding compression is security, you're
even less
clued than I thought.

My mistake, I meant 4.3.3.

J

--
Click here for the latest quotes on bankruptcy refinancing!
http://tagline.hushmail.com/fc/Ioyw6h4fRnroSLsvHrCYtJ9JDLtdNw4IP7N4gbgWgeI5CYmB23TeUw/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/