On Tue, Jul 16, 2013 at 3:02 PM, Richard Kaye <[email protected]> wrote:
> Having had a client who was recently compromised by an exploit like this I > would not recommend Filezilla to anyone who is not paranoid about > security. (Leaving aside the fact that standard FTP transmits credentials > in clear text...) The fine folks who manage Filezilla don't believe in > encrypting or hiding its saved site settings. > Well, that's unacceptable. I just checked the FileZilla FAQ and searched the ~/.filezilla folder on my local machine, and there are passwords in plain text. The "Site Manager" feature is the problem. I've cleared out the sites in which I'd saved a password, and will enter passwords manually from now on. Thanks for the heads-up! -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CACW6n4uWUj2Jm8_qvTT0uppTu0Qy0j2cTd4d6d=84_0+vky...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
