Jump to content

Filezilla Warning!

klikster

By klikster
in IT and Computers

 Share

Recommended Posts

Crushdepth Ruby Member

Crushdepth

Posted
Posted

I don't see any issue here. If you use FTP you are sending your account credentials *in the clear* over the network. It's far more likely that your credentials will get picked up that way than off your machine.

Much better to use SFTP with key-based authentication if you can.

Traxster Silver Member

Traxster

Posted
Posted

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

klikster Platinum Member

klikster

Posted
  • Author
Posted

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

I had pretty much the same reaction, Traxster. I had recently read some report about Filezilla's new features and decided to try it. "Untried" it right away.

Crushdepth Ruby Member

Crushdepth

Posted
Posted

Filezilla is an excellent FTP client, no need to avoid it. You can clear saved password in the quick connect bar, if you're worried about it.

Quite likely that your browser and email client are storing unencrypted passwords as well.

hyperdimension Platinum Member

hyperdimension

Posted
Posted

FileZilla stores passwords in plain text on your computer. Anyone (or any program or trojan or virus) that knows where to look can read these unencrypted files and retrieve all your saved usernames and passwords.

So the message is: DO NOT SAVE PASSWORDS IN FILEZILLA.

hyperdimension Platinum Member

hyperdimension

Posted
Posted

Well why use FTP at all then? It's totally insecure.

That is about transmission of unencrypted data (including passwords), which can be intercepted if someone is sniffing packets to and from your computer (a bit like someone listening in on your telephone calls).

This thread is more to do with passwords being stored on the user's computer by FileZilla in a text file that can be easily be opened and seen without very little effort by anyone or any program (including viruses or trojans).

Yes, SFTP or FTPS is more secure than FTP due to encryption of the data stream, but if someone is intent on continuing to use FileZilla, at least they should remove the saved passwords.

Crushdepth Ruby Member

Crushdepth

Posted
Posted

I know what its about. The point is that our browsers, email clients and other software don't securely store passwords either, so why single out this as an "exploit" in Filezilla? It would be a lot fairer to have said 'don't store *any* passwords on your computer'.

Unless you explicitly encrypt stored passwords with a separate key or password that isn't accessible on the system, they are vulnerable.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.



ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...