Reply to post: Re: unsecured FTP is officially dead

Pinging admins: Here comes your packet of networking news

Lee D Silver badge

Re: unsecured FTP is officially dead

Literally, you're basing your internal security on "nobody uses brass doorhandles any more, everyone uses these modern chrome things".

It takes a fraction of a second for something that COULD traverse SMB connections to test an FTP port and follow that too. A virus that isn't modular is a real amateur show. The proper ones test and have things akin to Metasploit modules that literally use the techniques that you are revealing yourself vulnerable to.

Though someone might traverse an SMB network with a given credential, the chances of having write access over random shares as anonymous user with any kind of useful data should be infinitesimal. But the chances of being able to sniff a plain-text FTP credential are... well... it's barely a handful of lines of code to do so. Sure there are SMB exploits just the same, but FTP is a really, really dumb idea.

Especially when ANYTHING that actually is worth the money will support SSH2 for encrypted file transfer with full public-key authentication.

You're like the people who say they "run Mac because there are less viruses". It's a nonsense. It's the PC equivalent of painting your car blue, because blue cars get broken into less often. It's not "security". It's "theatre".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020