Take a Tour

x Close

Take a Tour
Blog Feature Subscribe
Martin Horan

By: Martin Horan on February 19th, 2014

Print/Save as PDF

WHAT IS NIST? THE COMPLETE GUIDE TO THE NIST CYBERSECURITY FRAMEWORK

Explore this comprehensive guide on how the NIST Cybersecurity Framework can be applied to your organization.

New York Times, attacked with leaked FTP credentials

Articles

Some organizations are apparently still using the venerable FTP protocol for moving files around. Credentials for more than 7,000 FTP servers are being traded between nefarious types and used to break into servers including those of The New York Times. The access has been used to plant malicious PHP files and HTML in a bid to backdoor servers and redirect people to malicious sites.

According to security firm Hold Security, the FTP servers and credentials range from small personal sites to large multinational corporations. Where the list came from, and who put it together, is unknown.

The credentials themselves are a mix of anonymous and default accounts, with passwords ranging from simple to complex. This is suggestive that some, at least, have been acquired through phishing or client-side malware rather than guessing or brute-force password cracking. Given that FTP passes the credentials unencrypted, there are many exciting ways that the information could have been taken: passive sniffing of traffic at a café hotspot would do the trick, for example. This is one of the reasons that use of the protocol has largely fallen out of favor.

For some of the victim organizations, FTP is a legacy relic. UNICEF was among those with leaked credentials. A spokesperson for the humanitarian organization told IDG that the FTP server was part of a system that was no longer being used and has accordingly been disabled.

About Martin Horan

Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.

Related Articles

Articles

Restriction Protocols You Need for Compliant File Sharing

August 22, 2018

Do you live in fear of a getting hit with non-compliance fine? If so, you’re not alone. Many business owners know the risks associated with failing to comply with applicable government regulations, like HIPAA, ITAR, PCI-DSS, GLBA, or SOX. And you know how easily government fines could put your company at risk, especially since they can skyrocket to thousands or even millions of dollars; amounts that many companies are unable to pay out of pocket. This doesn’t even include the potential for lost business, damage to your reputation, or in the most negligent of cases, jail time.

Read More >

Articles

When to Use SFTP

August 15, 2018

Do you need to transfer a file, but you’re unsure of the best way to share it with the intended recipient? While you may have an understanding of the difference between FTP and SFTP, it can be tricky to apply that knowledge to your real-world file transfers and choosing a file transfer solution. You might be asking yourself when to use FTP, when to use SFTP, or if there’s really a difference at all. Continue reading to learn when to use SFTP and how using this option helps your business.

Read More >

Articles

How to Choose the Right FTP Host

August 1, 2018

Choosing the right FTP host is a tall task for any business. When you started the search process, you probably realized how many options there were to choose from.

Read More >