ie8 fix
madison

Threat Chaos

Richard Stiennon
Home / News & Blogs / Threat Chaos

Only 8,700 insecure ftp servers?

By | February 27, 2008, 3:51pm PST

Summary: According to ComputerWorld coverage Finjan is publicizing a source in Hong Kong they have discovered that offers to sell access to hacked ftp servers. The idea is that a malware purveyor or phisher would want ftp access with admin credentials so they can quickly and easily upload there wares to the web sites served by [...]

According to ComputerWorld coverage Finjan is publicizing a source in Hong Kong they have discovered that offers to sell access to hacked ftp servers. The idea is that a malware purveyor or phisher would want ftp access with admin credentials so they can quickly and easily upload there wares to the web sites served by the ftp service.

Larry Dignan thinks this may be the first “Hacking as a Service” example but he is way off. There have been sites in the past that allowed you to execute a “ping of death” against any site, or a ping storm or whatever, just type in the IP or URL and watch what happens. So nothing new there. The “new” is the financial model. Selling access piecemeal. Kind of Hacking 2.0.

The simple warning to administrators: Use ftp over secure shell (SSH) to update your servers. Yes, use the advanced authentication techniques.

Only 8,700 out of 65,000,000 active web servers? That is a good percentage.

Update:  Stiennon’s blog has moved to here

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Threat Chaos”

Topics

Idea, FTP Server, Server, FTP, Security, Richard Stiennon

Disclosure

Richard

http://blogs.zdnet.com/threatchaos/?page_id=455

Biography

Richard

A former ZDNet blogger, Richard Stiennon is an industry consultant. Most recently he was Chief Marketing Officer for Fortinet, Inc., the largest privately held security vendor. prior to that he was Chief Research Analyst at IT-Harvest. And before creating IT-Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution.

Previously, Richard was VP Research at Gartner, Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine. His speaking engagements have included conferences and meetings throughout North and South America, Hawaii, Tokyo, Tel Aviv, Istanbul, Milan, Munich, Hannover, Madrid, London, and Cannes.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
1
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
Anybody who uses ftp...
D T Schmitz 27th Feb 2008
...should be given fifty lashes with a wet noodle.

Secure Shell offers sftp. Use it for God's sake! wink

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix