Verizon Removes FTP Access For Security… Well, Security Of Its Revenue At Least
from the lame dept
It’s really amazing that companies don’t recognize that taking away features to charge for them almost never goes over well. Adding features that can be charged for will work, but removing features that were free and widely used is rarely a good idea. It appears that Verizon is still learning that lesson. The company apparently provides some hosting space for all of its customers, and until recently allowed subscribers to access that space via FTP. However, it recently announced that it was doing away with FTP access and instead, users were now forced to make use of Verizon’s own clunky web tools interface. That’s quite a nuisance for some users.
But where this gets more interesting is that it appears Verizon is simply lying about the reasons why. The company is telling users it’s for “security” reasons. But… while it’s discontinuing FTP for its regular subscribers, those who pay up for a higher level hosting plan (starting at $5.95 per month) seem to still be able to use FTP. In other words, it’s only a security problem if you’re not paying — suggesting that the “security” is more about Verizon’s revenue than the security of your content. And while it’s true that unencrypted FTP can have some security issues (mainly on untrusted networks), there are ways to deal with that with secure, encrypted FTP offerings.
Comments on “Verizon Removes FTP Access For Security… Well, Security Of Its Revenue At Least”
So my question to Verizon is –
What is different about the FTP access your paying customers get when compared to those you just cut off for ‘security reasons’? What upgrades did you make to your FTP system that warrant cutting people off and charging for them? What specific security threats were you unable to counter that forced this decision?
Re: Upgrades
I imaging it’s some sort of expensive non-reusable “FTP Condom” which allows interface with only a tiny possibility of passing a computer virus.
Obviously these “FTP Condoms” are too pricey to just let anybody use–but for paying customers the cost is justified,
;-P
Re: Re: Upgrades
Bunch of freetarding consensual FTP’ers!
Re: Re:
Really, your “question” is three overarching rhetorical questions offered by the post?
Re: Re: Re:
That word. I do not think it means what you think it means.
Verizon is still learning that lesson.
Say rather NOT learning that lesson.
They just don't detail the type of security issue...
it’s for their financial security
One nit pick
In today’s world all networks should be considered untrusted. Even if your laptop says that it’s connected to your home wireless network you may not be. I say shame on any hosting company that is allowing any administrative access over an unencrypted link.
I wonder if Verizon is allowing paying customers a migration period to a new solution while free customers have just be cut off?
Who are they to claim their proprietary tools are safer than the widely known and used FTP protocol (which can be secured through SSL/TLS)? Can we have access to their “secure tools” code? Most likely not.
But it’s easy to lie to your customers when:
– Most don’t know any better
– Most don’t have an alternative provider to sign up with (even though there are tons of cheaper hosts out there)
They simply feed of the ignorance of their “newb” users to make more money. Anyone with half a brain would just move to a 5$/month host, not like there’s a shortage of those out there.
FTP is a real security problem
The fact that Verizon still allows it for some users gives lie to their own reasons, however…
FTP is a true security problem, and removing it is the Right Thing To Do. Forcing users to use a web interface instead is totally bogus. SCP gives all the functionality of FTP without the security problems.
Verizon seems a bit confused about this issue, but the issue is very real. Anyone running servers should not, under any circumstances, have an internet-facing FTP server.
Re: FTP is a real security problem
Sorry, but SCP implies SSH. SCP = FTP over SSH. THAT is a major security issue.
FTP with SSL/TLS is perfectly secure.
Re: Re: FTP is a real security problem
Umm, what’s the difference at the machine level? SCP is essentially FTP w/SSL+TLS.
Re: Re: Re: FTP is a real security problem
Usually, web hosts do not allow SSH to anyone. A good host would only allow SSH from given IPs, and not allow it globally, which makes SCP a problem.
Re: Re: Re:2 FTP is a real security problem
We’re not talking dedicated web-hosting here. Instead, this is space Verizon is providing ?for all of its customers?.
It’s just a little convenience so you don’t have to run Apache at home.
Re: Re: Re:3 FTP is a real security problem
No. It’s web hosting only. Verizon filter port 80 to force you to use their hosting. Google it.
Re: Re: Re:4 FTP is a real security problem
And this is advertised as ?Internet service?? Why on earth do you blockheads put with this?
Maybe you should all just pay for ?Facebook access? and then go and live inside a happy walled-garden community with your ?Friends?.
Re: Re: Re:5 FTP is a real security problem
Haha. Agreed. But lots of people use Verizon because there’s no alternative where they live. So as I said before, move over to a 5$ host and you’ll get better service.
Re: Re: Re:4 FTP is a real security problem
I have Verizon residential and they don’t block my port 80. That’s how I transfer files from home to work if I don’t have a day’s notice. Verizon doesn’t block any of my ports. HTTP, HTTPS, FTP, RDT, they’re all open and working.
Re: Re: FTP is a real security problem
Dude, I have a shell account with my provider. They run Debian.
You mean you don’t? How much are you paying?
Re: Re: Re: FTP is a real security problem
Just because some hosts offer it doesn’t mean they all do. Google “shared hosting SSH access” and see how many offer it. Only the newb ones do, or the ones with extremely good system administrators that actually monitor the servers. Not Verizon’s case, obviously.
That being said, I work for 3 web hosting companies. None of them offer SSH access for shared accounts. You want SSH? Get a VPS. There’s no point in offering SSH access. It requires more work from your employees and down the line, it’s a security issue.
My ISP used to offer free hosting with SSH, 10+ years ago. As soon as it was abused, they killed it. If you don’t keep you systems up to date and well protected (and even if you do) there are still tons of escalation exploits that don’t get patched. You can lose your system faster than you enabled SSH.
Re: Re: Re:2 FTP is a real security problem
I would never pay a dime for a shared host that didn’t offer SSH. Sorry, but I have better things to do than to push and pull files to make minor edits – I’ll stick with vi over SSH kthanks. I also have cron jobs on other servers that access content on shared hosts over SSH using public key authentication.
Maybe no ssh is fine for the web design folks and other computer illiterate, but the rest of us need terminal access.
Furthermore, I don’t think laziness or incompetence are particularly good reasons for not allowing user SSH access.
Re: Re: FTP is a real security problem
Umm, no, SCP/SFTP are not simply FTP over SSH. They are an entirely different protocol designed from the ground up with security in mind. I would trust SCP/SFTP over FTPS (FTP w/SSL) any day of the week.
Re: Re: SCP = FTP over SSH!?
No it isn?t. SCP has nothing to do with FTP. It lets you do secure copying of files over SSH.
SSH also offers SFTP, which gives you FTP-style directory-browsing and upload/download functions, but since it runs over SSH, it 1) only needs one open port (port 22), and 2) is far more secure.
FTP over SSL/TLS is a complicated fudge that is more trouble than it?s worth.
Re: FTP is a real security problem
A nod to the AC above: yes, you can also secure FTP through SSL, and that’s acceptable from a security perspective. It’s a bit clunky, though, so it’s not the first option to cross my mind.
Re: Re: FTP is a real security problem
Honestly, I’ve been running servers for a long time. FTP with TLS has always been my first choice. However, there are basic rules to follow. Change the default port, disable all administrative privileges, and make sure e very account is chroot’ed. Also have scripts parse your logs and firewall repeat offenders. But I guess a big hosting company with lots of resources can’t be bothered securing their systems if they can make extra money out of the whole thing.
…and people are still going to subscribe to them so all is good in verizon’s reich
Money grab
They’ve sucked up the $0.20 (that’s twenty cents or 20/100 of a dollar, since we all know about Verizon math) text messaging revenue, so they need a new source of revenue. This is about all the customers using IP cameras out there which upload images to a FTP site. Now what are these people going to do? Pay Verizon more in order to continue.
Your premise about taking away free features is flawed. Look at Nexflix streaming, text messaging and banking services as just 3 very profitable models of how it’s a good idea to hook the suckers on a free service, then shaft ’em later. People just capitulate and pay up.
Re: Re:
There is a breaking point. Look at all the articles on here about cable service cancellation.
It’s just a given though that most telecom business models are not customer focused. The problem is really competition. Somewhere along the line it was okay to create monopolies subsidized by tax payer money.
Re: Re:
Netflix streaming was FREE? When was that? I’ve always had to pay for my Netflix to stream anything!
Typical
As a Verizon customer, this is disappointing but not surprising.
When Andrew Cuomo was NY State attorney general, he raised his political profile by scare mongering about child porn on Usenet. The result was that Verizon dropped not just for the offending news groups but all support for NNTP. Did they cut their price to compensate for dropping this long-standing service?
What do you think?
Wow can you be more of an ass hat hater. There is a major security risk leaving grandma and the other little 12 year old working on bieber fansite pages having ftp access. Verizon doesn’t need these completely clueless consumers who are using coffee cup ftp on malware infected pc flooding their network with random ftp traffic and causing a DoS. If you want decent hosted you should never look at your ISP in the first place. Go somewhere like bluehost or here is an even mroe novel concept, rent a server somewhere.
I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links (even though they charge an arm and a leg for data). It looks like proxy server access will soon be almost essential to get full access to the internet, not just in China.
Re: I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links ...
Did you try ?PASV? mode?
My issue with this is that Verizon uses HTTP, not HTTPS, on any log-in pages, administrative pages or other pages, which is just as insecure as the FTP they are claiming is too insecure to support.