FTP - file transfer protocol - is the most commonly used method for moving files around Web. Now Steve Frank, a founder and developer for Mac software company Panic, has come out and recommended that people stop using FTP.

I wrote about this (see If hackers don’t get you, maybe Google will) after my other blog, StorageMojo, was hacked. I’m glad to see a vendor of FTP software - I use their fine product Transmit - jump on board with a strong recommendation.

Why? Here are a couple of the best reasons he gives.

* Unless totaled over a secure socket, FTP is 100% insecure. Your password, and the contents of all your files are sent in the clear, free to be examined or captured by any network hop between you and your server. . . .
* FTP is not friendly with firewalls. Because it constantly needs to establish new connections, this has led us to “passive mode” which might as well be black magic as far as most people are concerned. Briefly, passive mode means the client initiates data connections to the server, rather than the default where the server makes connections to the client (yes, really). Worse still, data connections occur on varying high port numbers (usually 49152 - 65335) which means since Edmonds would have to open over 16,000 ports in the firewall, almost defeating the purpose of a firewall in the first place. It’s a mess, and it’s really hard to understand.


FTP: untrustworthy file transfer | Storage Bits | ZDNet.com (http://blogs.zdnet.com/storage/?p=344)

Thanks for this very interesting information.
I always thought that FTP is one of the most secure transfers...
I would have never dreamed that it might be insecure :shockkk!:

By the way, does anybody know what the scene uses? FTP or SFTP?

I always thought that FTP is one of the most secure transfers...
I would have never dreamed that it might be insecure :shockkk!:

me too, i have always been told ftp is the best protocol to download big files because it's been designed to be reliable at doing so...

and it takes a lot of time to browse a directory or ask to download a file in low-bandwidth connections :frown:

Well, you can still use FTPS or FTPES if the server supports it.

@Manas
I guess the scene will most likely use FXP over SSL.

There are two types of 'sftp'.

Session initialisation & Directory listing over SSH (data connection unencrypted) Secure File Transfer Protocol (http://en.wikipedia.org/wiki/File_Transfer_Protocol#FTP_over_SSH)
everything encrypted SSH file transfer protocol (http://en.wikipedia.org/wiki/SSH_file_transfer_protocol) (don't mistake it with scp (http://en.wikipedia.org/wiki/Secure_Copy))

hohoo !! used to hang out with those private FTPs for large EDM groups such as Visace & WEB since lots of unreleased stuff are flowing out there !! however,those FTP are fast & easy to handly,still they might be carrying some bugs since (if im not wrong) they are built upon single PCs (FTP owner) or larger server (forum/site related server) !! anyway,sad to know they already been used in a fresh hack incident :confused2: