i still see people using ftp or telnet for work instead of sftp and ssh. is it true that using ftp or telnet can let people see the password quite easily? Who can actually see it?
Update: for example, if i am not using Wireless… which i heard can be breakable if it is WEP when 1GB traffic is sent or received … so if not using Wireless, and I am using either DSL, Cable Internet like Comcast, or AT&T’s U-verse’s fiber optics, then who can read it? Can my neighbor, or joe at the data center at a nearby company or university read it? Or joe at a big hosting company or data center that happens to be some where between California and Chicago if I am ftp’ing from California to Chicago?
Update 2: so maybe it is good to alias ftp=’echo use sftp!!’ on the bash too
To answer briefly, anyone on the path of the packets from your pc to the server.
In some cases (insecure networks, wireless networks, and so on) many more persons.
That’s because the password will travel in plain text.
You can see more about packet sniffing at http://en.wikipedia.org/wiki/Packet_capture.
Also check http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security_problems