As I am sure some know, the popular open source program for FTPing, FileZilla, has been found to be doing the super smart move of storing all saved credentials for your saved FTP servers in a handy .xml file.
This is absolutely disgusting design, with the rich support developers have today such as help sites and massive archives on their choice of programming language, one would expect FileZilla developers to be able to find a way to efficiently protect user's data and to be understanding of basic computer security and how storing passwords locally is about as sensible as writing your PIN code on the back of your credit card.
Eww, I have horrible comma splicing today.
Anyway, excusing my horrible grammar, I decided to test how simple it was to locate the login data of someone. Not only was the answer to this question was "extremely simple" but also, the FileZilla site gave me an exact directory(on both Linux and Windows)
This is by design, it is the task of the operating system to protect your private data.
This is the
It is your responsibility to keep your operating system secure, I cannot say that is not the case, but bundling this to be the reason behind their own incompetence is ridiculous.
The truth of the matter is that while, yes, you should try and keep your operating system as secure as possible. FileZilla are doing what would be equivalent to Microsoft not patching the recent LNK vulnerability because you let them down by getting infected with malware using it.
Not acceptable, FileZilla.
No comments:
Post a Comment