Re: Information Security?
Michael Lorrey (retroman@together.net)
Sun, 15 Nov 1998 08:45:43 -0500
Harvey Newstrom wrote:
> Speaking of hacking... Is anyone else on this list working or
> interested in working in the field of Information Security? I would be
> interested to discuss this topic.
Always interested. Here's an opener: security of FTP site access and
transfers.
I figured out the other day how WS_FTP encrypts its passwords in its INI
file, which is rather weak and a major weakness for anyone using this FTP
client to transfer files. Essentially, the encryption works like this: each
letter of the password is converted to its hexadecimal value. Then one hex
digit is added to the letters hex value based on its position in the
password, starting with 0 for the letter in the first position.
So, while you may only FTP encrypted files to an FTP site, by using a weak
password encryption like this a hacker could easily sniff out your password
and then use the FTP site with impunity in YOUR name.
>
> --
> Harvey Newstrom <mailto:harv@gate.net>
> Author, Engineer, Entrepreneur, <http://www.gate.net/~harv>
> Consultant, Researcher, Scientist. <ldap//certserver.pgp.com>