upvote

points

by carlosjobim2 days ago |
comments
upvoteby ndsipa_pomu1 days ago|
[-]
How would you know if the transfers were interfered with? Do you take checksums of the files you upload and then check that the files apparently uploaded are the same?

Also, how do you know that there isn't someone performing a MITM (man in the middle) attack? FTP has no mechanism that I know of to verify that you're connecting to the server that you think you are.

It may well be that you're not a sizeable target and that no-one is interested in hacking your site, but that's just luck and not an endorsement of unencrypted FTP.

reply
upvoteby carlosjobim1 days ago|
parent|
[-]
How would you know that your neighbours aren't secretly spying together on you and interfering with your life in ways you don't notice?

We have to put a limit to paranoia. If things work correctly for decades and there are no signs of foul play after endless real world usage, it's safe to say nobody is hacking our FTP.

It's different if you're a bank or the KGB or the CIA.

> It may well be that you're not a sizeable target and that no-one is interested in hacking your site, but that's just luck and not an endorsement of unencrypted FTP.

Do you drive an armored car?

reply
upvoteby DANmode16 hours ago|
parent|
next
[-]
Do you drive a doorless car?

A frame-less one?

reply
upvoteby carlosjobim1 hours ago|
parent|
[-]
Yes, and it only has two wheels.
reply
upvoteby ndsipa_pomu1 days ago|
parent|
prev|
[-]
Needing an armored car or protection from neighbours is specifically to guard against proximity based exploits and those are very unlikely threats to most people. FTP interception can be easily performed from anywhere in the world with a little bit of DNS poisoning and then perform a MITM attack (or even just alter the data in transit from a malicious wifi hotspot).

It costs approximately zero to use encryption and protect against the FTP exploits, so why continue to use FTP? There's literally no advantage and several possible disadvantages. Just relying on not being hacked before seems a foolish stance to me.

reply
upvoteby carlosjobim1 days ago|
parent|
[-]
If it's so easily done, then most FTP websites would be hacked every week. But hundreds of millions of people have FTP websites and never get hacked in decades.

I challenge you to select any FTP website of your choosing and make a tiny change to prove that you've hacked it and let me know here.

reply