Browse by Tags

All Tags » General Security » FTP (RSS)

Bye bye, IPv4!

OK, so IPv4 is probably right to be acting like the old man in Monty Python and the Holy Grail, and screaming “I’m not dead yet!”, but we certainly shouldn’t hold out any hope that it’ll be getting any better. Clonk it on the head as soon as possible...
Posted by Alun Jones | with no comments

Texas Imperial Software DefCon 18 challenge

I rarely write about my business on the blog here, and perhaps I should do so some more. I mentioned in the post earlier today of how I’d “hacked” my badge (“hacked” in the sense of “that’s not programming, that’s...

My take on the SSL MITM Attacks – part 3 – the FTPS attacks

[Note - for previous parts in this series, see Part 1 and Part 2 .] FTP, and FTP over SSL, are my specialist subject, having written one of the first FTP servers for Windows to support FTP over SSL (and the first standalone FTP server for Windows!) Rescorla...

How FTP Data Connections Work Part 2 (OR: Fun With Port 20)

As we mentioned in the 1st part of this series , FTP is a more complex protocol than many, using one control connection and one data connection. A recap of the first post… In typical Stream Mode operation, a new data connection is opened and closed for...

How FTP Data Connections Work Part 1 (OR: Don’t Open Port 20 in your Firewall!)

This will be the first of a couple of articles on FTP, as I’ve been asked to post this information in an easy-to-read format in a public place where it can be referred to. I think my expertise in developing and supporting WFTPD and WFTPD Pro allow me...

FTP - Untrustworthy? I Don't Think So!

Lately, as if writers all draw from the same shrinking paddling-pool of ideas, I've noticed a batch of stories about how unsafe, unsecure and untrustworthy is FTP. SC Magazine says so. First it was an article in the print version of SC Magazine ,...

Vista's Secret Windows Firewall hole

First, the good news - it's not a flaw in the operation of Windows Firewall on Windows Vista. It's a design feature, it makes sense, and it fits in with the principle that the firewall should keep out unsolicited traffic. It's not really a...

"FTPS" document finally makes it to RFC status.

News I've been waiting for for years - the document formally known as draft-murray-auth-ftp-ssl-16.txt has finally been released by the RFC editor as RFC 4217 - “ Securing FTP with TLS ” What exactly does this mean? Technically, not very much - FTPS has...
Posted by Alun Jones | 1 comment(s)
Filed under: ,