Re: Filezilla a security risk
On Fri, 29 Jun 2012 01:26:08 +0200, Denis Witt wrote:
>> If your account is hosed, well, go to their second argument: "2. don't
>> get the malware in the first place" ;-)
>
> Great Argument, btw. Oh, I got an Airbag on my car, get rid of the
> brakes please. I don't need them anymore.
- The engineer has to decide *what* to add and *what* to remove.
- The manufacturer has to decide is it wants to sell *that kind* of car.
- The customer has to decide if he/she wants to buy *that* car.
There are many things to watch in the chain. And yes, brakes -as we know
today- do become obsolete sooner or later, such is life.
> The ONLY reason why Linux based systems hasn't got such a problem with
> malware is that there are not enough Desktop machines to make this a
> good target. Often enough there are security holes which allow you to
> take control over the entire machine. And that's fine as it is complex
> software.
True, but what's your point here?
Should my Debian system becomes cracked or infected by any kind of treat
I would worry more about my usual files and not the settings for
Filezilla. I mean, nothing new here, security is a "multi-edged" sword.
> But if you can easily add some more security layers without loosing too
> much performance and/or usability you should always do that.
Maybe... but you'll get a false impression of protection that can be even
more nocive as you'll relax your security notion.
> Storing unhashed and unsalted or unencrypted passwords is simply stupid.
> Ask the guys at last.fm. ;)
Again, there are files in my servers (e.g., ssl keys) and also my Mutt
configuration file (that holds my e-mail account password) which are
stored in cleartext. So...? Do you want us to remove the ethernet
cord? ;-)
Greetings,
--
Camaleón
Reply to: