Re: ftp programs

Discussion in 'HTML' started by Gus Richter, Feb 13, 2013.

  1. Gus Richter

    Gus Richter Guest

    On 2/13/2013 5:10 AM, Tim W wrote:
    > What are the alternatives to Filezilla?
    >
    > The requirements are that it should work on my WinXP desktop, and
    > securely store logins to a modest number of sites. I quite like to drag
    > and drop but I could change.
    >
    > I remember years ago a 'Cuteftp' which I will look at. Don't know the
    > names of any others.



    <http://lmgtfy.com/?q=ftp+client>

    --
    Gus
    Gus Richter, Feb 13, 2013
    #1
    1. Advertising

  2. Gus Richter

    Tim W Guest

    On 13/02/2013 11:35, Gus Richter wrote:
    > On 2/13/2013 5:10 AM, Tim W wrote:
    >> What are the alternatives to Filezilla?
    >>
    >> The requirements are that it should work on my WinXP desktop, and
    >> securely store logins to a modest number of sites. I quite like to drag
    >> and drop but I could change.
    >>
    >> I remember years ago a 'Cuteftp' which I will look at. Don't know the
    >> names of any others.

    >
    >
    > <http://lmgtfy.com/?q=ftp+client>
    >


    Gus, if you don't know the value of discussion and human interaction
    then usenet isn't really for you. But you do of course because you are
    here, and a regular here. So I take it I didn't make it clear what was
    bothering me about ftp which meant I couldn't just google it and choose
    any old program.

    I hear a rumour that Filezilla has some security issues. I don't know
    too much about security and stuff so I hesitated to come here with a
    post that say "Filezilla Nightmare!" because it may not be so. I was
    hoping to get some advice. googling "secure ftp" obviously gives you
    irrelevant results. Finding an up-to-date balanced evaluation of the
    issues and the programs is not so easy as your response suggests.

    Briefly aiui Filezilla stores all the site logins you enter into Site
    Manager unencrypted in an xml file. In theory a trojan can then very
    easily read the logins. It seems bizarrely unlikely that a criminal
    mastermind would want to target the one in 100,000 computers that have
    Filezilla installed and in use but rumours have reached my ears that
    small time web desi
    Tim W, Feb 13, 2013
    #2
    1. Advertising

  3. Gus Richter

    Tim W Guest

    On 13/02/2013 12:03, Tim W wrote:
    > On 13/02/2013 11:35, Gus Richter wrote:
    >> On 2/13/2013 5:10 AM, Tim W wrote:
    >>> What are the alternatives to Filezilla?
    >>>
    >>> The requirements are that it should work on my WinXP desktop, and
    >>> securely store logins to a modest number of sites. I quite like to drag
    >>> and drop but I could change.
    >>>
    >>> I remember years ago a 'Cuteftp' which I will look at. Don't know the
    >>> names of any others.

    >>
    >>
    >> <http://lmgtfy.com/?q=ftp+client>
    >>

    >
    > Gus, if you don't know the value of discussion and human interaction
    > then usenet isn't really for you. But you do of course because you are
    > here, and a regular here. So I take it I didn't make it clear what was
    > bothering me about ftp which meant I couldn't just google it and choose
    > any old program.
    >
    > I hear a rumour that Filezilla has some security issues. I don't know
    > too much about security and stuff so I hesitated to come here with a
    > post that say "Filezilla Nightmare!" because it may not be so. I was
    > hoping to get some advice. googling "secure ftp" obviously gives you
    > irrelevant results. Finding an up-to-date balanced evaluation of the
    > issues and the programs is not so easy as your response suggests.
    >
    > Briefly aiui Filezilla stores all the site logins you enter into Site
    > Manager unencrypted in an xml file. In theory a trojan can then very
    > easily read the logins. It seems bizarrely unlikely that a criminal
    > mastermind would want to target the one in 100,000 computers that have
    > Filezilla installed and in use but rumours have reached my ears that
    > small time web desi


    I also need a new news reader and a new news server

    Tim W
    Tim W, Feb 13, 2013
    #3
  4. Gus Richter

    Tim W Guest

    On 13/02/2013 11:35, Gus Richter wrote:
    > On 2/13/2013 5:10 AM, Tim W wrote:
    >> What are the alternatives to Filezilla?
    >>
    >> The requirements are that it should work on my WinXP desktop, and
    >> securely store logins to a modest number of sites. I quite like to drag
    >> and drop but I could change.
    >>
    >> I remember years ago a 'Cuteftp' which I will look at. Don't know the
    >> names of any others.

    >
    >
    > <http://lmgtfy.com/?q=ftp+client>
    >


    Gus, if you don't know the value of discussion and human interaction
    then usenet isn't really for you. But you do of course because you are
    here, and a regular here. So I take it I didn't make it clear what was
    bothering me about ftp which meant I couldn't just google it and choose
    any old program.

    I hear a rumour that Filezilla has some security issues. I don't know
    too much about security and stuff so I hesitated to come here with a
    post that say "Filezilla Nightmare!" because it may not be so. I was
    hoping to get some advice. googling "secure ftp" obviously gives you
    irrelevant results. Finding an up-to-date balanced evaluation of the
    issues and the programs is not so easy as your response suggests.

    Briefly aiui Filezilla stores all the site logins you enter into Site
    Manager unencrypted in an xml file. In theory a trojan can then very
    easily read the logins. It seems bizarrely unlikely that a criminal
    mastermind would want to target the one in 100,000 computers that have
    Filezilla installed and in use but rumours have reached my ears that
    small time web designers like me sometimes wake up to find all their
    sites and all their clients sites selling viagra phishing for visa
    numbers. That's a scary prospect. So if there is an ftp program that is
    as good I will use it.

    Do you have anything useful to say?

    Tim W
    Tim W, Feb 13, 2013
    #4
  5. 2013-02-13 14:05, Tim W wrote:

    > I also need a new news reader and a new news server


    I need some more money, a little better health, and a less irritating
    and frustrating world around me.

    But I don't think I'll ask for them at alt.html. It's not really a
    catchall consultance bureau, as you seem to be thinking.

    Guess what is the "plonk" sound that you just heard?

    --
    Yucca, http://www.cs.tut.fi/~jkorpela/
    Jukka K. Korpela, Feb 13, 2013
    #5
  6. Gus Richter

    Tim W Guest

    On 13/02/2013 12:11, Jukka K. Korpela wrote:
    > 2013-02-13 14:05, Tim W wrote:
    >
    >> I also need a new news reader and a new news server

    >
    > I need some more money, a little better health, and a less irritating
    > and frustrating world around me.
    >
    > But I don't think I'll ask for them at alt.html. It's not really a
    > catchall consultance bureau, as you seem to be thinking.
    >
    > Guess what is the "plonk" sound that you just heard?
    >


    I remember now why I stopped reading this group. Actually why I don't
    come to newsgroups much any more.

    Tim W
    Tim W, Feb 13, 2013
    #6
  7. Tim W wrote:
    >
    > I hear a rumour that Filezilla has some security issues. I don't know
    > too much about security and stuff so I hesitated to come here with a
    > post that say "Filezilla Nightmare!" because it may not be so. I was
    > hoping to get some advice. googling "secure ftp" obviously gives you
    > irrelevant results. Finding an up-to-date balanced evaluation of the
    > issues and the programs is not so easy as your response suggests.


    Then don't use a password. I don't I use a public/private key.

    From my sitemanager.xml
    ....
    <Pass></Pass>


    <http://wiki.filezilla-project.org/Howto#SFTP_using_SSH2:_Key_based_authentication>

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Feb 13, 2013
    #7
  8. Gus Richter

    Doug Miller Guest

    Tim W <> wrote in news:kffvar$ak$:

    > Briefly aiui Filezilla stores all the site logins you enter into Site
    > Manager unencrypted in an xml file. In theory a trojan can then very
    > easily read the logins. It seems bizarrely unlikely that a criminal
    > mastermind would want to target the one in 100,000 computers that have
    > Filezilla installed and in use but rumours have reached my ears that
    > small time web designers like me sometimes wake up to find all their
    > sites and all their clients sites selling viagra phishing for visa
    > numbers. That's a scary prospect. So if there is an ftp program that is
    > as good I will use it.


    If that happens, it's much more likely due to insecure coding of something on the web server,
    rather than someone hacking your PC to get the passwords. When a flaw in any of the
    common content management systems is found, automated tools quickly discover sites which
    use that CMS and attempt to exploit the flaw.
    Doug Miller, Feb 13, 2013
    #8
  9. Gus Richter

    Tim W Guest

    On 13/02/2013 17:00, Doug Miller wrote:
    > Tim W <> wrote in news:kffvar$ak$:
    >
    >> Briefly aiui Filezilla stores all the site logins you enter into Site
    >> Manager unencrypted in an xml file. In theory a trojan can then very
    >> easily read the logins. It seems bizarrely unlikely that a criminal
    >> mastermind would want to target the one in 100,000 computers that have
    >> Filezilla installed and in use but rumours have reached my ears that
    >> small time web designers like me sometimes wake up to find all their
    >> sites and all their clients sites selling viagra & phishing for visa
    >> numbers. That's a scary prospect. So if there is an ftp program that is
    >> as good I will use it.

    >
    > If that happens, it's much more likely due to insecure coding of something on the web server,
    > rather than someone hacking your PC to get the passwords. When a flaw in any of the
    > common content management systems is found, automated tools quickly discover sites which
    > use that CMS and attempt to exploit the flaw.
    >


    'If that happens' is to the point. I think it's all too easy to say 'I
    don't understand how my site has been hacked - they must have obtained
    the ftp login' But what do I know? Only that it seems crazy to have all
    those passwords on my pc in unencrypted text.

    Tim W
    Tim W, Feb 13, 2013
    #9
  10. Gus Richter

    Doug Miller Guest

    Tim W <> wrote in news:kfgivd$bf2$:

    > 'If that happens' is to the point. I think it's all too easy to say 'I
    > don't understand how my site has been hacked - they must have obtained
    > the ftp login' But what do I know? Only that it seems crazy to have all
    > those passwords on my pc in unencrypted text.


    I'll grant that -- but if your PC is secure, what does it matter? Nobody can get at those
    passwords anyway.

    And if your PC is not secure -- again, what does it matter? You have much more important
    things to worry about, including the possibility of a keylogger program that "phones home" with
    your userID and password the next time you log in to your bank account online. Anybody
    planting a trojan on your PC is *not* going to be looking for ftp passwords to steal, when
    stealing credit card and bank account numbers is far more profitable, and far more likely to
    succeed.
    Doug Miller, Feb 13, 2013
    #10
  11. Gus Richter

    Gus Richter Guest

    On 2/13/2013 7:03 AM, Tim W wrote:
    > On 13/02/2013 11:35, Gus Richter wrote:
    >> On 2/13/2013 5:10 AM, Tim W wrote:
    >>> What are the alternatives to Filezilla?
    >>>
    >>> The requirements are that it should work on my WinXP desktop, and
    >>> securely store logins to a modest number of sites. I quite like to drag
    >>> and drop but I could change.
    >>>
    >>> I remember years ago a 'Cuteftp' which I will look at. Don't know the
    >>> names of any others.

    >>
    >>
    >> <http://lmgtfy.com/?q=ftp+client>
    >>

    >
    > Gus, if you don't know the value of discussion and human interaction
    > then usenet isn't really for you. But you do of course because you are
    > here, and a regular here. So I take it I didn't make it clear what was
    > bothering me about ftp which meant I couldn't just google it and choose
    > any old program.


    You didn't make it clear, in fact you didn't mention it at all.
    I helped you to Google for "alternatives to Filezilla" as you requested.
    It upset you that I could not read your mind?

    --
    Gus
    Gus Richter, Feb 13, 2013
    #11
  12. Gus Richter

    Tim W Guest

    On 13/02/2013 20:00, Gus Richter wrote:
    > On 2/13/2013 7:03 AM, Tim W wrote:
    >> On 13/02/2013 11:35, Gus Richter wrote:
    >>> On 2/13/2013 5:10 AM, Tim W wrote:
    >>>> What are the alternatives to Filezilla?
    >>>>
    >>>> The requirements are that it should work on my WinXP desktop, and
    >>>> securely store logins to a modest number of sites. I quite like to drag
    >>>> and drop but I could change.
    >>>>
    >>>> I remember years ago a 'Cuteftp' which I will look at. Don't know the
    >>>> names of any others.
    >>>
    >>>
    >>> <http://lmgtfy.com/?q=ftp+client>
    >>>

    >>
    >> Gus, if you don't know the value of discussion and human interaction
    >> then usenet isn't really for you. But you do of course because you are
    >> here, and a regular here. So I take it I didn't make it clear what was
    >> bothering me about ftp which meant I couldn't just google it and choose
    >> any old program.

    >
    > You didn't make it clear, in fact you didn't mention it at all.
    > I helped you to Google for "alternatives to Filezilla" as you requested.
    > It upset you that I could not read your mind?
    >


    I have been knocking about this world too long to be easily upset by
    anything any more, so rest assured that no offense is taken or intended

    tim w
    Tim W, Feb 13, 2013
    #12
  13. Gus Richter

    Tim W Guest

    On 13/02/2013 18:34, Doug Miller wrote:
    > Tim W <> wrote in news:kfgivd$bf2$:
    >
    >> 'If that happens' is to the point. I think it's all too easy to say 'I
    >> don't understand how my site has been hacked - they must have obtained
    >> the ftp login' But what do I know? Only that it seems crazy to have all
    >> those passwords on my pc in unencrypted text.

    > I'll grant that -- but if your PC is secure, what does it matter? Nobody can get at those
    > passwords anyway.
    >
    > And if your PC is not secure -- again, what does it matter? You have much more important
    > things to worry about, including the possibility of a keylogger program that "phones home" with
    > your userID and password the next time you log in to your bank account online. Anybody
    > planting a trojan on your PC is *not* going to be looking for ftp passwords to steal, when
    > stealing credit card and bank account numbers is far more profitable, and far more likely to
    > succeed.


    I'll grant that too - that the whole scenario of trojans looking for
    passwords is a barely believable but the scale of the potential damage
    worries me, and who knows what they will think up next? I couldn't
    predict it and I am not going to try. Better just to make sure
    everything is tied down or locked up.

    Tim W
    Tim W, Feb 13, 2013
    #13
  14. Gus Richter

    Tim W Guest

    On 13/02/2013 17:00, Doug Miller wrote:
    > Tim W <> wrote in news:kffvar$ak$:
    >
    >> Briefly aiui Filezilla stores all the site logins you enter into Site
    >> Manager unencrypted in an xml file. In theory a trojan can then very
    >> easily read the logins. It seems bizarrely unlikely that a criminal
    >> mastermind would want to target the one in 100,000 computers that have
    >> Filezilla installed and in use but rumours have reached my ears that
    >> small time web designers like me sometimes wake up to find all their
    >> sites and all their clients sites selling viagra phishing for visa
    >> numbers. That's a scary prospect. So if there is an ftp program that is
    >> as good I will use it.

    >
    > If that happens, it's much more likely due to insecure coding of something on the web server,
    > rather than someone hacking your PC to get the passwords. When a flaw in any of the
    > common content management systems is found, automated tools quickly discover sites which
    > use that CMS and attempt to exploit the flaw.
    >


    If wikipedia is to be believed:
    http://en.wikipedia.org/wiki/Gumblar
    http://en.wikipedia.org/wiki/Zenux
    Such things do happen after all.

    Tim W
    Tim W, Feb 14, 2013
    #14
  15. Tim W wrote:

    > If wikipedia is to be believed:
    > http://en.wikipedia.org/wiki/Gumblar
    > http://en.wikipedia.org/wiki/Zenux
    > Such things do happen after all.


    I repeat then *don't* use a password. Setup a private key for ssh/sftp
    and then no password is transmitted or stored in some settings file to
    be compromised. Then you could continue to used what you are already
    using Filezilla and do not have to hunt for anything else.


    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Feb 14, 2013
    #15
  16. Gus Richter

    Tim W Guest

    On 14/02/2013 14:46, Jonathan N. Little wrote:
    > Tim W wrote:
    >
    >> If wikipedia is to be believed:
    >> http://en.wikipedia.org/wiki/Gumblar
    >> http://en.wikipedia.org/wiki/Zenux
    >> Such things do happen after all.

    >
    > I repeat then *don't* use a password. Setup a private key for ssh/sftp
    > and then no password is transmitted or stored in some settings file to
    > be compromised. Then you could continue to used what you are already
    > using Filezilla and do not have to hunt for anything else.
    >
    >

    thanks, that sounds like good advice.

    Tim W
    Tim W, Feb 14, 2013
    #16
  17. Gus Richter

    Doug Miller Guest

    Tim W <> wrote in
    news:kfipfs$esj$:

    > On 13/02/2013 17:00, Doug Miller wrote:
    >> Tim W <> wrote in
    >> news:kffvar$ak$:
    >>
    >>> Briefly aiui Filezilla stores all the site logins you enter
    >>> into Site Manager unencrypted in an xml file. In theory a
    >>> trojan can then very easily read the logins. It seems
    >>> bizarrely unlikely that a criminal mastermind would want to
    >>> target the one in 100,000 computers that have Filezilla
    >>> installed and in use but rumours have reached my ears that
    >>> small time web designers like me sometimes wake up to find all
    >>> their sites and all their clients sites selling viagra
    >>> phishing for visa numbers. That's a scary prospect. So if
    >>> there is an ftp program that is as good I will use it.

    >>
    >> If that happens, it's much more likely due to insecure coding
    >> of something on the web server, rather than someone hacking
    >> your PC to get the passwords. When a flaw in any of the common
    >> content management systems is found, automated tools quickly
    >> discover sites which use that CMS and attempt to exploit the
    >> flaw.
    >>

    >
    > If wikipedia is to be believed:
    > http://en.wikipedia.org/wiki/Gumblar
    > http://en.wikipedia.org/wiki/Zenux
    > Such things do happen after all.


    Note that I did *not* say that they don't happen -- just that
    there are other risks that are both more likely and more
    dangerous.
    Doug Miller, Feb 15, 2013
    #17
  18. Gus Richter

    Tim W Guest

    On 15/02/2013 01:21, Doug Miller wrote:
    > Tim W <> wrote in
    > news:kfipfs$esj$:
    >
    >> On 13/02/2013 17:00, Doug Miller wrote:
    >>> Tim W <> wrote in
    >>> news:kffvar$ak$:
    >>>
    >>>> Briefly aiui Filezilla stores all the site logins you enter
    >>>> into Site Manager unencrypted in an xml file. In theory a
    >>>> trojan can then very easily read the logins. It seems
    >>>> bizarrely unlikely that a criminal mastermind would want to
    >>>> target the one in 100,000 computers that have Filezilla
    >>>> installed and in use but rumours have reached my ears that
    >>>> small time web designers like me sometimes wake up to find all
    >>>> their sites and all their clients sites selling viagra
    >>>> phishing for visa numbers. That's a scary prospect. So if
    >>>> there is an ftp program that is as good I will use it.
    >>>
    >>> If that happens, it's much more likely due to insecure coding
    >>> of something on the web server, rather than someone hacking
    >>> your PC to get the passwords. When a flaw in any of the common
    >>> content management systems is found, automated tools quickly
    >>> discover sites which use that CMS and attempt to exploit the
    >>> flaw.
    >>>

    >>
    >> If wikipedia is to be believed:
    >> http://en.wikipedia.org/wiki/Gumblar
    >> http://en.wikipedia.org/wiki/Zenux
    >> Such things do happen after all.

    >
    > Note that I did *not* say that they don't happen -- just that
    > there are other risks that are both more likely and more
    > dangerous.
    >

    No, it was me who wondered if they were really real.
    Tim W, Feb 15, 2013
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    12
    Views:
    1,605
    Dave Thompson
    Jan 10, 2005
  2. Coca
    Replies:
    7
    Views:
    716
    Aidan Grey
    Aug 24, 2004
  3. Replies:
    18
    Views:
    598
    Dave Thompson
    Jan 10, 2005
  4. lone_eagle
    Replies:
    3
    Views:
    620
    psykeedelik
    May 26, 2009
  5. D. Buck
    Replies:
    2
    Views:
    449
    D. Buck
    Jun 29, 2004
Loading...

Share This Page