One unlucky developer had his files hacked into because he was making use of the FileZilla FTP client, which stored passwords in clear text. Because of that, the hacker has now created a new client, the FileZilla FTP Secure, which would be able to keep all the data encrypted and will also feature a master password for everything.
The developer was forced to put the issue into his own hands and launched the FileZilla Secure, a fork of the FileZilla 3.18.0 client, which makes it possible for users to get encryption on the disk. The developer is mostly known on Reddit where he goes by the name of fzss and dns4lyfe.
The developer noted that as he was surfing the web, he had accessed a web page whereby one of the browsers exploits had almost instantaneously installed one of the malware on his device. The malware then went on to collect all the sensitive files which included his FileZilla passwords and unfortunately, they were all stored in cleartext on the disk.
The developer also said that after getting the passwords, the unknown face behind the malware used all the passwords and his credentials. After that, in one single day, the developers’ sites were now all infected with malware and as a result, Google now blacklisted all of his previous work.
He then spent a week cleaning up his accounts and removing the malware infection, but as he looked around. He saw that other users were also complaining about the FileZilla plaintext password weakness. The complaints were made by various site admins and it dated back to as far back as 2007. Users have been complaining about it for 9 years but the developers at FileZilla had apparently refused to issue any secure updates and had even advised users to not store any sensitive information on the client so as to not to be hacked and for them to remain secure.
As a result, the hacked developer was pushed into action and as a result after a few months, the app was ready for testing, and now it is ready for mass distribution. The developer also said that he intended to input the FileZilla Secure into the FileZilla client which is currently using the 184.108.40.206 version at the moment.
Various other applications such as Firefox and Google Chrome also make use of a master password or encryption which protects any user data which is stored on a disk. This information is often the target of many hackers and cyber attackers.
The FileZilla Secure app is available for download on its webpage on the Mac, Linux and Windows platform. The source code is also available for scrutiny and the app is available on an open source license.