Re: Information Security?

Michael Lorrey (retroman@together.net)
Sun, 15 Nov 1998 08:45:43 -0500

Harvey Newstrom wrote:

> Speaking of hacking... Is anyone else on this list working or
> interested in working in the field of Information Security? I would be
> interested to discuss this topic.

Always interested. Here's an opener: security of FTP site access and transfers.

I figured out the other day how WS_FTP encrypts its passwords in its INI file, which is rather weak and a major weakness for anyone using this FTP client to transfer files. Essentially, the encryption works like this: each letter of the password is converted to its hexadecimal value. Then one hex digit is added to the letters hex value based on its position in the password, starting with 0 for the letter in the first position.

So, while you may only FTP encrypted files to an FTP site, by using a weak password encryption like this a hacker could easily sniff out your password and then use the FTP site with impunity in YOUR name.

>
> --
> Harvey Newstrom <mailto:harv@gate.net>
> Author, Engineer, Entrepreneur, <http://www.gate.net/~harv>
> Consultant, Researcher, Scientist. <ldap//certserver.pgp.com>