Having had a client who was recently compromised by an exploit like this I would not recommend Filezilla to anyone who is not paranoid about security. (Leaving aside the fact that standard FTP transmits credentials in clear text...) The fine folks who manage Filezilla don't believe in encrypting or hiding its saved site settings.
--Malware Infects Files and Steals FTP Credentials (July 15, 2013) File-infection malware that spreads through drive-by downloads also has the capacity to steal file transfer protocol (FTP) credentials from the FileZilla FTC client. The malware, a variant of EXPIRO, exploits known Java vulnerabilities to infect users' computers. The Java flaws were patched in June 2012 and March 2013. The majority of infections appear to be in the US. This particular variant searches for .exe files on local, removable, and networked drives, and injects malicious code into those files. http://www.computerworld.com/s/article/9240795/Unusual_file_infecting_malware_steals_FTP_credentials?taxonomyId=17 http://www.infosecurity-magazine.com/view/33453/expiro-file-infector-variant-presents-unusual-threat-combo -- rk -----Original Message----- From: ProfoxTech [mailto:[email protected]] On Behalf Of Ted Roche Sent: Friday, July 12, 2013 2:40 PM To: [email protected] Subject: Re: How to use libssh in Foxpro applications? On Fri, Jul 12, 2013 at 12:21 PM, Andrew Stirling <[email protected]>wrote: > > FTPSPut(cSource, cDestinationURL[, cProgressCallback[, > cTraceCallback]]) This function provides the ability to upload a file > to an FTP site that provides FTP over Secure Sockets Layer (SSL) Confusing as it sounds, File Transfer Protocol (FTP) over Secure Sockets Layer (SSL) is FTPS, while Secure File Transfer Protocol (SFTP) is a different file transfer protocol that uses Secure Shell (ssh) as the encryption mechanism. FTPS is NOT == SFTP. IIRC, FileZilla is a good one for both protocols. Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/DF1EEF11E586A64FB54A97F22A8BD04422842641FB@ACKBWDDQH1.artfact.local ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
