Verizon Removes FTP Access For Security... Well, Security Of Its Revenue At Least

from the lame dept

It's really amazing that companies don't recognize that taking away features to charge for them almost never goes over well. Adding features that can be charged for will work, but removing features that were free and widely used is rarely a good idea. It appears that Verizon is still learning that lesson. The company apparently provides some hosting space for all of its customers, and until recently allowed subscribers to access that space via FTP. However, it recently announced that it was doing away with FTP access and instead, users were now forced to make use of Verizon's own clunky web tools interface. That's quite a nuisance for some users.

But where this gets more interesting is that it appears Verizon is simply lying about the reasons why. The company is telling users it's for "security" reasons. But... while it's discontinuing FTP for its regular subscribers, those who pay up for a higher level hosting plan (starting at $5.95 per month) seem to still be able to use FTP. In other words, it's only a security problem if you're not paying -- suggesting that the "security" is more about Verizon's revenue than the security of your content. And while it's true that unencrypted FTP can have some security issues (mainly on untrusted networks), there are ways to deal with that with secure, encrypted FTP offerings.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Spaceboy (profile), Aug 30th, 2011 @ 8:12am

    So my question to Verizon is -

    What is different about the FTP access your paying customers get when compared to those you just cut off for 'security reasons'? What upgrades did you make to your FTP system that warrant cutting people off and charging for them? What specific security threats were you unable to counter that forced this decision?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    MondoGordo, Aug 30th, 2011 @ 8:18am

    Verizon is still learning that lesson.

    Say rather NOT learning that lesson.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Gumnos (profile), Aug 30th, 2011 @ 8:30am

    They just don't detail the type of security issue...

    it's for their financial security

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ven, Aug 30th, 2011 @ 8:49am

    One nit pick

    In today's world all networks should be considered untrusted. Even if your laptop says that it's connected to your home wireless network you may not be. I say shame on any hosting company that is allowing any administrative access over an unencrypted link.

    I wonder if Verizon is allowing paying customers a migration period to a new solution while free customers have just be cut off?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 30th, 2011 @ 8:52am

    Who are they to claim their proprietary tools are safer than the widely known and used FTP protocol (which can be secured through SSL/TLS)? Can we have access to their "secure tools" code? Most likely not.

    But it's easy to lie to your customers when:
    - Most don't know any better
    - Most don't have an alternative provider to sign up with (even though there are tons of cheaper hosts out there)

    They simply feed of the ignorance of their "newb" users to make more money. Anyone with half a brain would just move to a 5$/month host, not like there's a shortage of those out there.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Aug 30th, 2011 @ 8:52am

    FTP is a real security problem

    The fact that Verizon still allows it for some users gives lie to their own reasons, however...

    FTP is a true security problem, and removing it is the Right Thing To Do. Forcing users to use a web interface instead is totally bogus. SCP gives all the functionality of FTP without the security problems.

    Verizon seems a bit confused about this issue, but the issue is very real. Anyone running servers should not, under any circumstances, have an internet-facing FTP server.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 30th, 2011 @ 8:53am

      Re: FTP is a real security problem

      Sorry, but SCP implies SSH. SCP = FTP over SSH. THAT is a major security issue.

      FTP with SSL/TLS is perfectly secure.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Aug 30th, 2011 @ 8:57am

        Re: Re: FTP is a real security problem

        Umm, what's the difference at the machine level? SCP is essentially FTP w/SSL+TLS.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 30th, 2011 @ 9:00am

          Re: Re: Re: FTP is a real security problem

          Usually, web hosts do not allow SSH to anyone. A good host would only allow SSH from given IPs, and not allow it globally, which makes SCP a problem.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Aug 30th, 2011 @ 9:16am

            Re: Re: Re: Re: FTP is a real security problem

            ...web hosts...


            We're not talking dedicated web-hosting here. Instead, this is space Verizon is providing “for all of its customers”.

            It's just a little convenience so you don't have to run Apache at home.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Aug 30th, 2011 @ 9:22am

              Re: Re: Re: Re: Re: FTP is a real security problem

              No. It's web hosting only. Verizon filter port 80 to force you to use their hosting. Google it.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, Aug 30th, 2011 @ 9:37am

                Re: Re: Re: Re: Re: Re: FTP is a real security problem

                Verizon filter port 80 to force you to use their hosting.

                And this is advertised as “Internet service”? Why on earth do you blockheads put with this?

                Maybe you should all just pay for “Facebook access” and then go and live inside a happy walled-garden community with your “Friends”.

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, Aug 30th, 2011 @ 9:39am

                  Re: Re: Re: Re: Re: Re: Re: FTP is a real security problem

                  Haha. Agreed. But lots of people use Verizon because there's no alternative where they live. So as I said before, move over to a 5$ host and you'll get better service.

                   

                  reply to this | link to this | view in chronology ]

              •  
                icon
                Chronno S. Trigger (profile), Aug 30th, 2011 @ 10:16am

                Re: Re: Re: Re: Re: Re: FTP is a real security problem

                I have Verizon residential and they don't block my port 80. That's how I transfer files from home to work if I don't have a day's notice. Verizon doesn't block any of my ports. HTTP, HTTPS, FTP, RDT, they're all open and working.

                 

                reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 30th, 2011 @ 9:06am

        Re: Re: FTP is a real security problem

        ...SSH....


        Dude, I have a shell account with my provider. They run Debian.

        You mean you don't? How much are you paying?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 30th, 2011 @ 9:20am

          Re: Re: Re: FTP is a real security problem

          Just because some hosts offer it doesn't mean they all do. Google "shared hosting SSH access" and see how many offer it. Only the newb ones do, or the ones with extremely good system administrators that actually monitor the servers. Not Verizon's case, obviously.

          That being said, I work for 3 web hosting companies. None of them offer SSH access for shared accounts. You want SSH? Get a VPS. There's no point in offering SSH access. It requires more work from your employees and down the line, it's a security issue.

          My ISP used to offer free hosting with SSH, 10+ years ago. As soon as it was abused, they killed it. If you don't keep you systems up to date and well protected (and even if you do) there are still tons of escalation exploits that don't get patched. You can lose your system faster than you enabled SSH.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Aug 30th, 2011 @ 11:31am

            Re: Re: Re: Re: FTP is a real security problem

            I would never pay a dime for a shared host that didn't offer SSH. Sorry, but I have better things to do than to push and pull files to make minor edits - I'll stick with vi over SSH kthanks. I also have cron jobs on other servers that access content on shared hosts over SSH using public key authentication.

            Maybe no ssh is fine for the web design folks and other computer illiterate, but the rest of us need terminal access.

            Furthermore, I don't think laziness or incompetence are particularly good reasons for not allowing user SSH access.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 30th, 2011 @ 11:14am

        Re: Re: FTP is a real security problem

        Umm, no, SCP/SFTP are not simply FTP over SSH. They are an entirely different protocol designed from the ground up with security in mind. I would trust SCP/SFTP over FTPS (FTP w/SSL) any day of the week.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Lawrence D'Oliveiro, Aug 30th, 2011 @ 5:49pm

        Re: SCP = FTP over SSH!?

        No it isn’t. SCP has nothing to do with FTP. It lets you do secure copying of files over SSH.

        SSH also offers SFTP, which gives you FTP-style directory-browsing and upload/download functions, but since it runs over SSH, it 1) only needs one open port (port 22), and 2) is far more secure.

        FTP over SSL/TLS is a complicated fudge that is more trouble than it’s worth.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Aug 30th, 2011 @ 8:54am

      Re: FTP is a real security problem

      A nod to the AC above: yes, you can also secure FTP through SSL, and that's acceptable from a security perspective. It's a bit clunky, though, so it's not the first option to cross my mind.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 30th, 2011 @ 8:58am

        Re: Re: FTP is a real security problem

        Honestly, I've been running servers for a long time. FTP with TLS has always been my first choice. However, there are basic rules to follow. Change the default port, disable all administrative privileges, and make sure e very account is chroot'ed. Also have scripts parse your logs and firewall repeat offenders. But I guess a big hosting company with lots of resources can't be bothered securing their systems if they can make extra money out of the whole thing.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 30th, 2011 @ 9:26am

    ...and people are still going to subscribe to them so all is good in verizon's reich

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    vastrightwing, Aug 30th, 2011 @ 10:07am

    Money grab

    They've sucked up the $0.20 (that's twenty cents or 20/100 of a dollar, since we all know about Verizon math) text messaging revenue, so they need a new source of revenue. This is about all the customers using IP cameras out there which upload images to a FTP site. Now what are these people going to do? Pay Verizon more in order to continue.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 30th, 2011 @ 10:18am

    Your premise about taking away free features is flawed. Look at Nexflix streaming, text messaging and banking services as just 3 very profitable models of how it's a good idea to hook the suckers on a free service, then shaft 'em later. People just capitulate and pay up.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 30th, 2011 @ 11:33am

      Re:

      There is a breaking point. Look at all the articles on here about cable service cancellation.

      It's just a given though that most telecom business models are not customer focused. The problem is really competition. Somewhere along the line it was okay to create monopolies subsidized by tax payer money.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 30th, 2011 @ 11:54am

      Re:

      Netflix streaming was FREE? When was that? I've always had to pay for my Netflix to stream anything!

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Moshe Feder (profile), Aug 30th, 2011 @ 10:47am

    Typical

    As a Verizon customer, this is disappointing but not surprising.

    When Andrew Cuomo was NY State attorney general, he raised his political profile by scare mongering about child porn on Usenet. The result was that Verizon dropped not just for the offending news groups but all support for NNTP. Did they cut their price to compensate for dropping this long-standing service?

    What do you think?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 30th, 2011 @ 2:39pm

    Wow can you be more of an ass hat hater. There is a major security risk leaving grandma and the other little 12 year old working on bieber fansite pages having ftp access. Verizon doesn't need these completely clueless consumers who are using coffee cup ftp on malware infected pc flooding their network with random ftp traffic and causing a DoS. If you want decent hosted you should never look at your ISP in the first place. Go somewhere like bluehost or here is an even mroe novel concept, rent a server somewhere.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 30th, 2011 @ 3:29pm

    I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links (even though they charge an arm and a leg for data). It looks like proxy server access will soon be almost essential to get full access to the internet, not just in China.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lawrence D'Oliveiro, Aug 30th, 2011 @ 10:40pm

      Re: I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links ...

      Did you try “PASV” mode?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 31st, 2011 @ 3:55pm

    My issue with this is that Verizon uses HTTP, not HTTPS, on any log-in pages, administrative pages or other pages, which is just as insecure as the FTP they are claiming is too insecure to support.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This