On Mi, 27 iun 12, 16:26:48, francis picabia wrote: > I've just learned Filezilla is a security risk. It stores saved > passwords and the last used password in a plain text file.
As do many other programs. > Malware commonly scoops up this info and hacks web sites > or shell accounts. Sure. > The developer refuses to incorporate a solution > such as master password and encryption into filezilla. It's his prerogative to decide what to do with his spare time :) > His responses in numerous bug reports and feature requests are: > > 1. encryption: that's the file system's job > 2. don't get the malware in the first place > > In my opinion, people should avoid filezilla. Once your account has been compromised you must assume that any sensitive or confidential information accessible through that account has been compromised as well. Even if the passwords are stored encrypted on disc, at some point they have to be decrypted anyway, at which point they become vulnerable. Hope this explains, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
signature.asc
Description: Digital signature
