Re: Filezilla a security risk

To: debian-user@lists.debian.org
Subject: Re: Filezilla a security risk
From: Camaleón <noelamac@gmail.com>
Date: Thu, 28 Jun 2012 14:45:12 +0000 (UTC)
Message-id: <[🔎] jshqlo$no$5@dough.gmane.org>
References: <[🔎] CA+AKB6E1FfRCNbV6PimAvdvUfoBKuo7rgLsbaCR_7tgtuZdw5A@mail.gmail.com>

On Wed, 27 Jun 2012 16:26:48 -0300, francis picabia wrote:

> I've just learned Filezilla is a security risk.  It stores saved
> passwords and the last used password in a plain text file.

In Mutt, for instance, you can face the same situation.

> Malware commonly scoops up this info and hacks web sites or shell
> accounts.
> 
> The developer refuses to incorporate a solution such as master password
> and encryption into filezilla.

Yes, it's a well-known "feature" of the Filezilla FTP client.

> His responses in numerous bug reports and feature requests are:
> 
> 1. encryption: that's the file system's job 

True.

> 2. don't get the malware in the first place

Also true.

> In my opinion, people should avoid filezilla.

I use it in my windows box (a plain FTP login sesion is transmitted in 
clear text but despite that, true is that it poses a risk if your 
computer gets infected and your login credentials are stored in clear 
text) but I don't use Filezilla in Debian.

For windows there's another nice application (WinSCP) and for linux 
you're plenty of options :-)

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: Filezilla a security risk
  - From: Stanisław Findeisen <stf.list.debian.user@eisenbits.com>

References:
- Filezilla a security risk
  - From: francis picabia <fpicabia@gmail.com>

Prev by Date: PS2 Keyboard not working after latest update
Next by Date: Re: java alternatives
Previous by thread: Re: Filezilla a security risk
Next by thread: Re: Filezilla a security risk
Index(es):
- Date
- Thread