|
Authored by: Anonymous on Thursday, November 08 2012 @ 01:02 AM EST |
Who cares? The username and password were sent using
email, and you can bet that the email was not encrypted.
[ Reply to This | Parent | # ]
|
|
Authored by: tknarr on Thursday, November 08 2012 @ 02:55 AM EST |
That depends. FTP is unencrypted, surely (although there are encrypted
versions). But the main vulnerability is to network snooping/sniffing, which is
something that requires either physical access to one of the terminal networks
or a high degree of technical sophistication to compromise one of the transit
networks and filter the traffic to get only the relevant flows. And if someone
has access to one of the terminal networks, they probably don't need to snoop on
traffic to get the data. At the same time, FTP's one of the few protocols that
allows for authenticated upload of data (and related things like ownership and
permissions at the receiving end) without needing to be a command-line
user.
It's got it's problems, but for the most part it's "good enough"
against anything short of a specifically-targeted attack. [ Reply to This | Parent | # ]
|
|
Authored by: macrorodent on Thursday, November 08 2012 @ 04:41 AM EST |
I confess to having used and even set up FTP servers in company intranet for
moving files, simply because it is the lowest common denominator. Even Windows
comes with bundled FTP software, and has done so for a long time. Alternatives
would requires special software to be installed, always a hurdle.
For this
reason FTP is unlikely to go away anytime soon. At least not until you can
convince Microsoft to bundle ssh... [ Reply to This | Parent | # ]
|
|
|
|
|