undefined | Better HN

0 pointstyingq4y ago0 comments

Perhaps if it only supported anonymous ftp. That's most of the links that will get broken. For that, there is no real security consideration. What exists is plain text all around with deliberately exposed passwords.

0 comments

II2II4y ago

That is not what Mozilla is claiming:

> The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted.

I don't know how realistic that type of attack is and compromised authentication is likely worse, but both are cases that Mozilla cannot fix since they are inherent to the protocol itself.

tyingqOP4y ago

I guess, but they aren't deprecating http downloads, which have the same problem as anonymous ftp.

II2II4y ago

For the majority of people, the lack of FTP support would go unnoticed so it is easy to depreciate and remove. I wouldn't be surprised if the same happens to HTTP (in general) once a certain threshold has been reached for HTTPS. I also wouldn't be surprised if they start adding warnings about insecure transfer methods for particular file types at a much earlier date.

j / k navigate · click thread line to collapse

0 comments

II2II4y ago

That is not what Mozilla is claiming:

> The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted.

I don't know how realistic that type of attack is and compromised authentication is likely worse, but both are cases that Mozilla cannot fix since they are inherent to the protocol itself.

tyingqOP4y ago

I guess, but they aren't deprecating http downloads, which have the same problem as anonymous ftp.

II2II4y ago

j / k navigate · click thread line to collapse