* Nick FitzGerald (nick@VIRUS-L.DEMON.CO.UK) [01/05/00 12:14]: > This means that stealing of tree.dat not only allows the thief access > via CuteFTP to any 'secrets' that may be recorded in that file, but > they can also be easily decoded for other uses. The v3.x releases of > CuteFTP store this data in smdata.dat (the virus does not look for > that file) but it has a very similar appearing structure to tree.dat > and uses the same 'encryption' of stored passwords. This is a moot point anyways. Anyone who can grab your tree.dat or smdata.dat can have your passwords even if they were to be strongly encrypted. One would only have to download and install their own copy of cuteftp, stick the associated .dat file in it's path, run cuteftp, and hit connect. Your local machine or another on your network could easily run a sniffer and grab your plain text passwords as your client connects. If you don't want to tip off the admin of a remote site that you have one of their users passwords, than just replace the real servers IP with an ftp server you control. -bk
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:06 PDT