Search found 9 matches

by ftpper
2013-12-20 10:49
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

There's no trojan.

This is a Day 0 exploit that is able to retrieve arbitrary local files that the user has access to e.g. web browser bug or FTP or HTTP server bug. etc. etc.
by ftpper
2013-12-17 22:20
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

ftanner wrote:Give it up guys....
Clearly I am not aware of any "history" on this issue but I am suggesting a compromise solution that would hopefully involve only small changes to FileZilla and would not involve FileZilla getting into the file or disk encryption business.
by ftpper
2013-12-17 22:13
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

The user is not the problem. Clearly the user is a component of the problem. Assuming that we are even talking about malware, the malware may be introduced by some kind of Day 0 attack that the user could not reasonably have prevented - or the malware may be introduced by user behaviour that the us...
by ftpper
2013-12-17 00:01
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

There's another approach that might work here, with the cooperation of FileZilla. What if the offending configuration is stored on an encrypted "drive"? Then strong encryption can be largely transparent to FileZilla. This approach has something to recommend it since a) every application avoids reinv...
by ftpper
2013-12-16 23:34
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

botg wrote:How is the computer becoming infected in the first place?
It doesn't have to be "infection" i.e. malware. Theft of device is also an issue.
by ftpper
2013-12-16 23:32
Forum: FileZilla Client Support
Topic: Missing password feature now poses a serious security threat
Replies: 22
Views: 14773

Re: Missing password feature now poses a serious security th

If you're updating web sites all day the last thing you need to slow up the day is keying in or copy/pasting login details every time you make an update. Personally I take the approach of never allowing FileZilla (or any similar software) to save passwords. In other words, I prefer the inconvenienc...
by ftpper
2013-12-16 23:22
Forum: FileZilla Client Support
Topic: Timezone offset calculation error
Replies: 17
Views: 13353

Re: Timezone offset calculation error

(I assume that you are implying that if the FTP client sees that the FTP server supports MLSD then the FTP client will use MLSD instead of LIST and will only convert the incoming UTC date/times to the client's local time and will forget about trying to do timezone calculations. It would help to kno...
by ftpper
2013-11-26 10:49
Forum: FileZilla Client Support
Topic: Timezone offset calculation error
Replies: 17
Views: 13353

Re: Timezone offset calculation error

Upgrade to a server that supports MLSD Like everybody else, that is not open to me because I don't control the server. I can ask those who do about that but it's not something that I can magically make happen. So really it comes down to how the FTP client behaves when it sees that the FTP server do...
by ftpper
2013-11-26 04:37
Forum: FileZilla Client Support
Topic: Timezone offset calculation error
Replies: 17
Views: 13353

Re: Timezone offset calculation error

Broken server. It's not as simple as this. My conclusion: Broken RFC. I too experience the problem where the timezone difference calculation gives ridiculous results. Here's why. The FTP client uses the MDTM command to retrieve the mtime of a file in UTC - and this works 100% correctly. However the...