Jump to content

Filezilla Warning!

klikster

By klikster,
in IT and Computers

 Share

Recommended Posts

Crushdepth

Crushdepth 2274

Posted
Posted

I don't see any issue here. If you use FTP you are sending your account credentials *in the clear* over the network. It's far more likely that your credentials will get picked up that way than off your machine.

Much better to use SFTP with key-based authentication if you can.

Link to post
Share on other sites
Traxster

Traxster 97

Posted
Posted

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

Link to post
Share on other sites
klikster

klikster 426

Posted
  • Author
Posted

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

I had pretty much the same reaction, Traxster. I had recently read some report about Filezilla's new features and decided to try it. "Untried" it right away.

Link to post
Share on other sites
Crushdepth

Crushdepth 2274

Posted
Posted

Filezilla is an excellent FTP client, no need to avoid it. You can clear saved password in the quick connect bar, if you're worried about it.

Quite likely that your browser and email client are storing unencrypted passwords as well.

Link to post
Share on other sites
hyperdimension

hyperdimension 669

Posted
Posted

FileZilla stores passwords in plain text on your computer. Anyone (or any program or trojan or virus) that knows where to look can read these unencrypted files and retrieve all your saved usernames and passwords.

So the message is: DO NOT SAVE PASSWORDS IN FILEZILLA.

Link to post
Share on other sites
hyperdimension

hyperdimension 669

Posted
Posted

Well why use FTP at all then? It's totally insecure.

That is about transmission of unencrypted data (including passwords), which can be intercepted if someone is sniffing packets to and from your computer (a bit like someone listening in on your telephone calls).

This thread is more to do with passwords being stored on the user's computer by FileZilla in a text file that can be easily be opened and seen without very little effort by anyone or any program (including viruses or trojans).

Yes, SFTP or FTPS is more secure than FTP due to encryption of the data stream, but if someone is intent on continuing to use FileZilla, at least they should remove the saved passwords.

Link to post
Share on other sites
Crushdepth

Crushdepth 2274

Posted
Posted

I know what its about. The point is that our browsers, email clients and other software don't securely store passwords either, so why single out this as an "exploit" in Filezilla? It would be a lot fairer to have said 'don't store *any* passwords on your computer'.

Unless you explicitly encrypt stored passwords with a separate key or password that isn't accessible on the system, they are vulnerable.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...