It has been said that if we accidentally use ftp instead of sftp, people can act

Question

It has been said that if we accidentally use ftp instead of sftp, people can actually see the login name and password in pure text form, and it is very bad.

But who can actually see it? Will it be operators at large firms only? Can any hobbyist at home with a broadband modem be able to see it?

I think I used ftp accidentally a few times instead of sftp over the past few years and there wasn't any security issue, until recently when I did it 2 months ago and then a couple of weeks ago, somebody seems to have logged into my DreamHost web panel and transferred my domain name to another registrar and then a week or two later, transfer again and tried to sell the domain name.

Explanation / Answer

When you send unencrypted information on the internet anyone with access to the telecommunications lines or the networking equipment that sits on them can potentially read the traffic. That means the internet service providers which the traffic goes over, the telecommunications companies who supply the lines, and the governments who can compel (or pay) these companies to give them this data.

Additionally anyone with administrative access to the web server and the network it's on could also access the data. This would include hackers who have penetrated the systems.

The rest of the world at large has no ability to intercept the traffic. Someone on a DSL line isn't going to be able to see it for example.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.