Only 8,700 insecure ftp servers?

Only 8,700 insecure ftp servers?

Summary: According to ComputerWorld coverage Finjan is publicizing a source in Hong Kong they have discovered that offers to sell access to hacked ftp servers. The idea is that a malware purveyor or phisher would want ftp access with admin credentials so they can quickly and easily upload there wares to the web sites served by the ftp service.

SHARE:
TOPICS: Servers, Security
1

According to ComputerWorld coverage Finjan is publicizing a source in Hong Kong they have discovered that offers to sell access to hacked ftp servers. The idea is that a malware purveyor or phisher would want ftp access with admin credentials so they can quickly and easily upload there wares to the web sites served by the ftp service.

Larry Dignan thinks this may be the first "Hacking as a Service" example but he is way off. There have been sites in the past that allowed you to execute a "ping of death" against any site, or a ping storm or whatever, just type in the IP or URL and watch what happens. So nothing new there. The "new" is the financial model. Selling access piecemeal. Kind of Hacking 2.0.

The simple warning to administrators: Use ftp over secure shell (SSH) to update your servers. Yes, use the advanced authentication techniques.

Only 8,700 out of 65,000,000 active web servers? That is a good percentage.

Update:  Stiennon's blog has moved to here

Topics: Servers, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Anybody who uses ftp...

    ...should be given fifty lashes with a wet noodle.

    Secure Shell offers sftp. Use it for God's sake! ;)
    D T Schmitz