Re: Information Security?

From: Michael Lorrey (retroman@together.net)
Date: Sun Nov 15 1998 - 06:45:43 MST


Harvey Newstrom wrote:

> Speaking of hacking... Is anyone else on this list working or
> interested in working in the field of Information Security? I would be
> interested to discuss this topic.

Always interested. Here's an opener: security of FTP site access and
transfers.

I figured out the other day how WS_FTP encrypts its passwords in its INI
file, which is rather weak and a major weakness for anyone using this FTP
client to transfer files. Essentially, the encryption works like this: each
letter of the password is converted to its hexadecimal value. Then one hex
digit is added to the letters hex value based on its position in the
password, starting with 0 for the letter in the first position.

So, while you may only FTP encrypted files to an FTP site, by using a weak
password encryption like this a hacker could easily sniff out your password
and then use the FTP site with impunity in YOUR name.

>
> --
> Harvey Newstrom <mailto:harv@gate.net>
> Author, Engineer, Entrepreneur, <http://www.gate.net/~harv>
> Consultant, Researcher, Scientist. <ldap//certserver.pgp.com>



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 14:49:47 MST