13 Jul
2008
13 Jul
'08
4:59 p.m.
On 14/07/2008, at 9:44 PM, Steve Holdoway wrote:
On Mon, 14 Jul 2008 19:16:13 +1200 Glen Eustace
wrote: OK, vector identified.
The password for the site was cracked, then the site was downloaded, modified and then uploaded again. This happened concurrently from two sources.
My pet hate is all these designers who just must have ftp access. Don't they realise that the ftp password is transferred in clear text over the internet? sftp is no big deal to set up either end.
Secure FTP doesn't save people who have poorly chosen passwords, which I imagine is what happened in this case, and is in my opinion a much more likely to be exploited problem than unencrypted FTP. -- Nathan Ward