Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)



Joey, are you certain that you're looking at RFC 959? There is no 4.3.3
section in RFC 959.

- G


----- Original Message -----
From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
To: <joey.mengele@xxxxxxxxxxxx>; <valdis.kletnieks@xxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Friday, April 18, 2008 4:26 PM
Subject: Re: [Full-disclosure] Security issue in Filezilla
3.0.9.2:passwordsare stored in plain text (sitemanager.xml)


Valdis,

On Fri, 18 Apr 2008 16:24:13 -0400 Valdis.Kletnieks@xxxxxx wrote:

3.4.3. COMPRESSED MODE

There are three kinds of information to be sent: regular
data,
sent in a byte string; compressed data, consisting of
replications or filler; and control information, sent in
a
two-byte escape sequence. If n>0 bytes (up to 127) of
regular
data are sent, these n bytes are preceded by a byte with
the
left-most bit set to 0 and the right-most 7 bits
containing the
number n.

If you think run-length-encoding compression is security, you're
even less
clued than I thought.

My mistake, I meant 4.3.3.

J

--
Click here for the latest quotes on bankruptcy refinancing!
http://tagline.hushmail.com/fc/Ioyw6h4fRnroSLsvHrCYtJ9JDLtdNw4IP7N4gbgWgeI5CYmB23TeUw/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] What the f*** is going on?
    ... Web app security is beginners' security -- surely everyone knows that? ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Google vulnerabilities with PoC
    ... Certified Application Security Specialists: http://www.asscert.com/ ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] What the f*** is going on?
    ... Web app security is beginners' security -- surely everyone knows that? ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
    ... Does that mean that Google and Co are attacking the researcher? ... [Full-disclosure] Google vulnerabilities with PoC ... Certified Application Security Specialists: ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Maybe I should give a nlon-flaming answer Re: [Full-disclosure] Looking for a job in Orang
    ... Well if you are in California there is General Assitance and couch surfing until you find a job. ... My boss at the time gave me an advance and took me shopping and bought me clothes.;) I never could understgand the clothes thing, but I didn't understand the security holes in much of the stuff at the time and how tgo fix them. ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - ...
    (Full-Disclosure)