TELECOM Digest OnLine - Sorted: FTP is Simple, But Open to Leaks

FTP is Simple, But Open to Leaks

Anick Jesdanun, AP Writer (
Wed, 11 Jul 2007 23:36:08 -0500

By ANICK JESDANUN, AP Internet Writer

The Internet was a mere 19 months old when engineers first developed a
file-sharing system still in wide use today.

Although many of the technologies from those early days eventually
faded away, replaced by newer developments such as the World Wide Web
and search engines, file transfer protocol remains a common way for
distributing larger files and updating Web sites, thanks to its
simplicity and versatility.

"It says remarkably good things about the guys who designed the
Internet," said John Levine, an FTP user for a quarter-century and
co-author of "The Internet for Dummies." "FTP was designed well enough
that there's never been a pressing need to come up with something

Its simplicity, though, also leads to security challenges that simply
weren't imagined back in the Internet's early days.

FTP was first described in a 1971 paper, "A File Transfer Protocol,"
and became canonized as a standard in 1985.

For years, FTP was the primary way to transfer files. Two networked
computers can send files back and forth, regardless of the file type
or the computer's filing and storage system. Each computer would only
need to know this common way of transferring files.

After the Web's development in the early 1990s, its hypertext transfer
protocol, or HTTP, became the standard way to retrieve text and
smaller images over browsers. But FTP has remained the go-to
technology for downloading larger files such as documents, databases
and songs; FTP download capabilities are built into standard browsers.

Standalone FTP software also can let Web developers upload Web pages
onto servers for viewing, something difficult or impossible with

FTP comes with password-protection options, though usernames and
passwords to access files are sent over the Internet unencrypted as
regular text, allowing spies along the way to capture the information.

A bigger problem, though, is FTP's ability to let people log on
anonymously, a capability purposely included to promote file sharing,
but one that can accidentally expose private, sensitive documents.

The username is typically "anonymous" and the password can be
anything, meaning everyone on the Internet has access to your files
and servers that aren't configured correctly. Though anonymous FTP can
be turned off, many older systems come with it automatically on --
and inexperienced or careless users may forget to make the change.

"You're most likely to find an open anonymous server on some
workstation on somebody's desk at a university that's been sitting
there for 10 years," Levine said. "You have to be careful."

Copyright 2007 The Associated Press.

For more news and headlines, please go to:

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Michael Liedtke, AP Business Writer: "AOL to Pay $3 Million, and Reform Cancel Penalties"
Go to Previous message: Mike Baker, AP Writer: "Military Files Left Unprotected Online"
TELECOM Digest: Home Page