Go Back   FlashFXP Forums > >

General Discussion Need help? Have a problem? Let us help you. Bug reports and feature requests should be made using the Bug Tracker or Feature Tracker

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 03-02-2006, 01:45 PM   #1
angst
Member
FlashFXP Beta Tester
 
Join Date: Sep 2005
Posts: 33
Default sites.dat relativly unsecure?!

hello. i found i tool from "dfg-crew" from 2002 that can decrypt sites.dat from my ffxp version 3.3.5 b 1110 easily.

thats bad.
angst is offline  
Old 03-02-2006, 02:06 PM   #2
Hetfield
Senior Member
FlashFXP Scripter
 
Join Date: Nov 2002
Posts: 334
Default

It's bad you didn't enable the application password protection if you're afraid of this . When you enable the application protection the sites.dat becomes strongly encrypted.
Hetfield is offline  
Old 03-02-2006, 04:15 PM   #3
angst
Member
FlashFXP Beta Tester
 
Join Date: Sep 2005
Posts: 33
Default

yes sir. that was the deal. thank you!
angst is offline  
Old 03-05-2006, 01:54 PM   #4
ORDL
Junior Member
FlashFXP Registered User
 
Join Date: Jul 2005
Posts: 6
Default

I have also seen FlahFXP "helper applications" that actually transfer your sites and passwords to a third party server. Basically they steal your accounts. You'll want to avoid "helpful" programs like this as well.
ORDL is offline  
Old 03-05-2006, 02:15 PM   #5
angst
Member
FlashFXP Beta Tester
 
Join Date: Sep 2005
Posts: 33
Default

Quote:
Originally Posted by ORDL
I have also seen FlahFXP "helper applications" that actually transfer your sites and passwords to a third party server. Basically they steal your accounts. You'll want to avoid "helpful" programs like this as well.
can you go "in medias res" please and / or prove your statement? as long as its crypted as mentioned above from hetfield, and if there is no "master key" to decrpyt it, what shall happen? and normally a good firewall will give me a message if some application would send my "sites.dat" to some third-party-server. moreover i dont think / hope that ffxp itself will send my sites.dat to their own server. but that discussion is already done, i guess.
angst is offline  
Old 03-05-2006, 03:40 PM   #6
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,831
Default

Quote:
Originally Posted by angst
can you go "in medias res" please and / or prove your statement? as long as its crypted as mentioned above from hetfield, and if there is no "master key" to decrpyt it, what shall happen?
there were a few password decrypting apps for flashfxp that would steal your sites.dat.
but any good antivirus now should detect them.
MxxCon is offline  
Old 03-05-2006, 04:43 PM   #7
angst
Member
FlashFXP Beta Tester
 
Join Date: Sep 2005
Posts: 33
Default

Quote:
Originally Posted by MxxCon
there were a few password decrypting apps for flashfxp that would steal your sites.dat.
but any good antivirus now should detect them.
this decrypting tools can also decrypt a sites.dat that uses "the application protection" where Hetfield was talking about?
angst is offline  
Old 03-05-2006, 05:25 PM   #8
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

The application password protection uses strong encryption, Which basically means the password used for encryption isn't stored anywhere, so an attacker must guess it by brute force. Provided your password can't be found in a dictionary, I figure it would probably take years to decrypt it.
bigstar is offline  
Old 03-05-2006, 08:23 PM   #9
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,831
Default

Quote:
Originally Posted by angst
this decrypting tools can also decrypt a sites.dat that uses "the application protection" where Hetfield was talking about?
no. they were designed for regular "scrambled" passwords. not encrypted sites.dat
MxxCon is offline  
Closed Thread

Tags
1110, 3.3.5, ffxp, sites.dat, version

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:08 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)