So you've logged into your favourite FTP server with your personal name and login password. Since you're the only person who knows your password, there's no chance that someone else can access your files, right?


You may already know that anyone can snatch the files you send back and forth, but there's something else even worse waiting for the unsuspecting user.

1. Load up your telnet client

2. Connect to the FTP server using the FTP port of the server(either 20 or 21). With telnet for Windows, just type 'ftp' where it says port

3. There will be a login line such as:

host-a Microsoft FTP Service (Version 5.0).

Now remember, at this point, all communication between your computer and the FTP server is in plaintext, meaning anyone can eavesdrop on you.

Tell the server your user name as follows:
user core10k{ENTER}

Don't type {ENTER}, just press the enter key.

The server will respond with something like: 331 Password required for core10k.

So far so good, the malicious eavesdropper doesn't have any information that isn't freely available.

Now here's the kicker. It's time to authenticate. How is this done? That's right, you send your password, in plaintext, for anyone to view.

pass fuzzystuff52{ENTER}

FTP sends the password as plaintext instead of using a more secure one-way encryption algorithm like MD5

What does this mean for you? The eavesdropper just got your password. Now they can log in as you!

God forbid you use that password for any other logins.

Moral of the story: use public key encryption, but even then, watch your back for the Men in Black. There is no such thing as security.