Skip to main content

Hua Li's Library tagged security   View Popular

15 Dec 09

警惕 FileZilla Client 的密码安全问题

  • 今天意外发现 FileZilla 一个严重的安全问题,FTP密码竟然是以明文形式存放在磁盘文件里!



    以下三个文件包含你的FTP密码:

    复制内容到剪贴板代码:

    filezilla.xml - Stores most recent server info including password in plaintext.



    recentservers.xml - Stores all recent server info including password in plaintext.



    sitemanager.xml - Stores all saved sites server info including password in plaintext.

    这些文件通常存放于这些目录下:

    复制内容到剪贴板代码:

    Windows XP/2K: "C:\Documents and Settings\username\Application Data\FileZilla"



    Windows Vista: "C:\Users\username\AppData\Roaming\FileZilla\"



    Linux: "/home/username/.filezilla/"

    真是昏,密码直接以未加密的明文形式存放于 XML 文件的 < Pass>YourPassword</Pass> 内。就是随便用个简单的对称算法甚至 XOR 加密都比赤裸裸的放着强啊!
01 Aug 09

Darik's Boot And Nuke | Hard Drive Disk Wipe

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

www.dban.org/ - Preview

software security

05 Apr 08

织梦内容管理系统(dedecms)挂马记

最后的建议就是彻底关闭会员注册功能,或者会员上传功能

www.gallonwang.com/...dedecms.html - Preview

Security

31 Mar 08

Solidot | 国产软件的隐私问题

看了一下自己机器上的tom-skype,真的发现了contentfilter.exe,而且就在进程列表里。

internet.solidot.org/article.pl - Preview

Security

1 - 20 of 38 Next ›
Showing 20 items per page

Selected Tags

Related Tags

Sponsored Links

Ads by Google

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo