back to article Security researchers believe mass exploitation attempts against WS_FTP have begun

Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Software's WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for eight separate vulnerabilities in …

  1. Jou (Mxyzptlk) Silver badge

    "No active attempts"

    "Progress Software said" of course. Because indeed, they don't see or notice them. Quite a stretchy assumption to jump to "no active attempts".

  2. Lee D Silver badge

    "Security researchers believe mass exploitation attempts against WS_FTP have begun"

    Everyone still living in the 1990's very worried.

    1. Anonymous Coward
      Anonymous Coward

      yeah, are people seriously still using FTP in 2023? what's up with SSH / SCP, I thought we'd moved to that like more than 20 years ago?

      1. Phil O'Sophical Silver badge

        AFAIK, WS-FTP is an implementation of SFTP, with SSL under the covers.

      2. Jou (Mxyzptlk) Silver badge

        SFTP is SSH-FTP. Of course it is still used, there is no reason not to.

        But that is somewhat off-topic: WS_FTP is available since 1991, which is "Lee D" point (just guessing). I didn't know it is still in use before that news popped up.

        1. Anonymous Coward
          Anonymous Coward

          > WS_FTP is available since 1991

          SSL dates from 1994 and SSH from 1995. So what? Both have been updated since then.

          1. Jou (Mxyzptlk) Silver badge

            I never implied they weren't. I haven't heard about ws_ftp for more than 15 years, used it over 20 years ago myself in some installations.

        2. jake Silver badge

          "WS_FTP is available since 1991"

          WS_FTP was originally written in 1993.

          Windows Sockets was first seriously proposed in late 1991 (at Interop in San Jose). It was later known as Winsock (thus WS_FTP), and wasn't available until mid '92, but it wasn't really usable until early '93 ... although I (as a Berkeley networking guy) could easily make a case for the thing not really being ready for Prime Time until early '94 when ver. 2 came out.

      3. jake Silver badge

        "are people seriously still using FTP in 2023?"

        Yes.

        1. Sudosu Bronze badge

          Let me fax you some examples.

          1. Jou (Mxyzptlk) Silver badge

            Let me use coal on stone to send you some examples. If you are on the same continent.

      4. rcxb Silver badge

        are people seriously still using FTP in 2023? what's up with SSH / SCP

        You may be shocked to learn that Alphabet Inc doesn't just go around selling alphanumeric characters, Amazon.com has nothing to do with the rain forest or river, Twitter.com will not sell you any birds, Facebook offers neither books or faces, etc.

        WS_FTP also, strangely enough, supports more than just the "FTP" protocol. Since at least 2010, they have offered SFTP support:

        https://www.serverwatch.com/servers/getting-started-with-ipswitchs-ftp-server-ws_ftp-server-7-5/

    2. jake Silver badge

      "Everyone still living in the 1990's very worried."

      I think you'll find that many large corporations and governments use WS_FTP all the time. If you absolutely have to use software from Redmond and you need that kind of thing, WS-FTP is probably the best mass-market solution.

      No, I don't use it; I have better solutions.

  3. Crypto Monad Silver badge

    "We are disappointed in how quickly third parties released a proof of concept"

    "...because the bad guys are all stupid, and wouldn't have been able to work it out for themselves."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like