FileZilla Security

General technological topics without their own forum go here

FileZilla Security

Post by jadecook on Tue Apr 02, 2013 9:35 pm
([msg=74868]see FileZilla Security[/msg])

While cleaning out my Mac I found this pretty interesting.

Open Terminal and type
Code: Select all
cd .filezilla


Next use this command
Code: Select all
cat recentservers.xml


This should display a complete list of recent server connections, logins, passwords, etc. Does this seem unsecured or am I just freaking out?
User avatar
jadecook
Experienced User
Experienced User
 
Posts: 77
Joined: Fri Aug 17, 2012 2:20 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by fashizzlepop on Tue Apr 02, 2013 11:12 pm
([msg=74870]see Re: FileZilla Security[/msg])

If you wanted it to be secure in the first place, you'd be using SFTP and SSH keys, which wouldn't show up in that list.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by jadecook on Tue Apr 02, 2013 11:35 pm
([msg=74871]see Re: FileZilla Security[/msg])

But is it?
User avatar
jadecook
Experienced User
Experienced User
 
Posts: 77
Joined: Fri Aug 17, 2012 2:20 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by -Ninjex- on Wed Apr 03, 2013 3:32 pm
([msg=74883]see Re: FileZilla Security[/msg])

It looks like a log list of servers recently used from filezilla, but I am not 100% positive.

Basically, you are freaking out over nothing. Since filezilla is used to connect to other servers not your computer.
Seems like a log file of servers you have connected to via filezilla.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1355
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by jadecook on Wed Apr 03, 2013 5:10 pm
([msg=74888]see Re: FileZilla Security[/msg])

Well, I didn't think that having a logfile of passwords and logs was very secure. Even if it was just sitting on my computer. Say someone was to steal my computer, boot Linux, and then read those files. Then I would really be freaking out!
User avatar
jadecook
Experienced User
Experienced User
 
Posts: 77
Joined: Fri Aug 17, 2012 2:20 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by KthProg on Wed Apr 03, 2013 6:17 pm
([msg=74890]see Re: FileZilla Security[/msg])

yeah but thats like the argument that many websites make that you should not carry your password on you or write it down.
The likelihood of your computer being stolen compared to the likelihood of someone simply hacking a database is pretty well out there.

Heres an even better way of looking at it.
Guess what else often stores your passwords and which servers youve been to?
Your internet browser, and i dont see you freaking out about that.

Either way it's interesting and seems like an oversight, but its not that big a security risk.
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by -Ninjex- on Wed Apr 03, 2013 8:21 pm
([msg=74895]see Re: FileZilla Security[/msg])

Go look up what "SAM" Security Account Manager is.

Link for the lazy: http://en.wikipedia.org/wiki/Security_Accounts_Manager

Your computer has to store passwords somewhere, even your login password. It can't just magically say "Oh well, I believe this is his password" without having somewhere to look it up from.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1355
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by jadecook on Thu Apr 04, 2013 12:52 am
([msg=74896]see Re: FileZilla Security[/msg])

Yeah, but atleast the SAM file encrypts them even if it's not that hard to crack. It's just nice to have the thought I guess, and for the Internet password storage I think there should be a better storage method. I guess I just have to design my own OS...
User avatar
jadecook
Experienced User
Experienced User
 
Posts: 77
Joined: Fri Aug 17, 2012 2:20 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by -Ninjex- on Thu Apr 04, 2013 6:33 am
([msg=74899]see Re: FileZilla Security[/msg])

Even designing your own os, would not prevent the fact that the password must be stored somewhere.

Also note that websites do use encryption as well. Mostly MD5, and if you use a good pass phrase as most tell you, your password should not be reversed. MD5 encrypted strings are found via the use of dictionary attacks. This means that having a very diverse password, will highly reduces the possibility that your password will be found/picked up from a dictionary file.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1355
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: FileZilla Security

Post by 3vilp4wn on Thu Apr 04, 2013 11:06 am
([msg=74901]see Re: FileZilla Security[/msg])

-Ninjex- wrote:Even designing your own os, would not prevent the fact that the password must be stored somewhere.


Yes, but you can salt them very very well (linux).
Look for the table labeled "Salts used by various operating systems."
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests