Related Topics: PC Security Journal, Security Journal, Open Source Journal, MySQL Journal

Blog Feed Post

Was FTP Behind the WikiLeaks Breach?

Isn’t it time to consider a better way to manage your company’s file transfer security?

November and December were difficult months for IT security.

WikiLeaks began on Sunday November 28th publishing 251,287 leaked United States embassy cables, the largest set of confidential documents ever to be released into the public domain. How do security officials believe these documents were originally retrieved by the alleged source, Pfc. Bradley Manning? Many security professionals are wondering if FTP was the software mechanism used.

Also in the news was the security breach at the popular publication Gawker.com. Over the weekend of December 11, Gawker discovered that 1.2 million accounts were compromised, the infrastructure breached, and access to MySQL databases raided. Gawker internal FTP credentials were listed as a part of the breach.

Gawker’s problems prompted Social Networking giant LinkedIn to reset the passwords of all users that had Gawker.com accounts, for fear of contamination by hackers who had gained Gawker profile information.

Smaller national headlines of other breaches included the theft of an undisclosed number of email addresses, birth-dates, and other information by a contractor working for McDonalds.

Also, it was reported that a mailing list was pilfered from the drugstore giant Walgreens. In addition, a leak of law enforcement data was reported by a Mesa County, Colorado.

Finally, a popular Open Source FTP server software application, ProFTPD version 1.3.3c, was distributed containing a malicious backdoor that permits hackers to access FTP credentials. It is thought the attackers took advantage of an un-patched security flaw in the FTP daemon to gain access to the server and exchange distribution files.

What do these various breaches have in common? The threats may be too diverse to slip into a single category, but the likely culprit is the use of powerful native FTP, without proper, secure management. Once a doorway is left open, native unmanaged FTP access can wreak havoc in any organization.

It doesn’t have to be this way. Using a managed secure file server like Linoma Software’s GoAnywhere Services – which has granular permissions and security controls, along with detailed audit logs and alerts – IT can monitor and better secure and control its data resources.

Regardless of how your organization or your trusted business partners are configured to exchange data, isn’t it time to consider a better way to manage your company’s file transfer security?

Related Blog Post: Are You Confident Your FTP Credentials are Secure?

Read the original blog entry...

More Stories By Dirk Zwart

Born in Canada and calling Nebraska home, Dirk primarily writes on the Technical side of the IT realm. Having written for years at Gateway Computer and as part of other large IT organizations, Dirk happily writes for Linoma Software. When not writing children's stories or stage scripts, you'll find Dirk out back in the vegetable garden or building yet another server for reasons unknown. Follow Dirk on Twitter, Facebook, or LinkedIn.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.