Jump to content

Filezilla Warning!


klikster

Recommended Posts

I don't see any issue here. If you use FTP you are sending your account credentials *in the clear* over the network. It's far more likely that your credentials will get picked up that way than off your machine.

Much better to use SFTP with key-based authentication if you can.

Link to comment
Share on other sites

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

Link to comment
Share on other sites

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

I had pretty much the same reaction, Traxster. I had recently read some report about Filezilla's new features and decided to try it. "Untried" it right away.

Link to comment
Share on other sites

Well why use FTP at all then? It's totally insecure.

That is about transmission of unencrypted data (including passwords), which can be intercepted if someone is sniffing packets to and from your computer (a bit like someone listening in on your telephone calls).

This thread is more to do with passwords being stored on the user's computer by FileZilla in a text file that can be easily be opened and seen without very little effort by anyone or any program (including viruses or trojans).

Yes, SFTP or FTPS is more secure than FTP due to encryption of the data stream, but if someone is intent on continuing to use FileZilla, at least they should remove the saved passwords.

Link to comment
Share on other sites

I know what its about. The point is that our browsers, email clients and other software don't securely store passwords either, so why single out this as an "exploit" in Filezilla? It would be a lot fairer to have said 'don't store *any* passwords on your computer'.

Unless you explicitly encrypt stored passwords with a separate key or password that isn't accessible on the system, they are vulnerable.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...