I need some help. For the past 4 years I have accessed my K drive from home easily going to

ftp://unityid@ftp.ncsu.edu

then typing my password. This doesn't work anymore. Does anyone know why?

I really don't want to install any 3rd party programs.

1/28/2007 3:41:45 PM

Quote :

"Unencrypted authenticated FTP services to be discontinued ITD - Service - Remove Effective Date: Jan 02 On January 4th, 2007 at 3pm, we will be removing the capability to log into ftp.ncsu.edu with your unity username and password over unsecured/unencrypted channels. From that point on, if you wish to make use of authenticated FTP services, you will need to connect via SFTP (secure FTP). The anonymous FTP service at ftp.ncsu.edu for uploads to the incoming directory and anonymous use such as the various mirrors we host will not be affected. There are SFTP clients available for all major operating systems at this point, and most applications like Dreamweaver support SFTP as well. WinSCP (Windows) and FUGU (Mac) are available from help.ncsu.edu. WinSCP: http://help.ncsu.edu/helpcd/Software/winSCP.html Fugu: http://help.ncsu.edu/helpcd/Software/fugu.html To make use of SFTP, you will connect to the same ftp.ncsu.edu address you have always been connecting to."

http://sysnews.ncsu.edu/news/452ea13d

1/28/2007 3:47:27 PM

Ah, great. thanks.

1/28/2007 3:49:50 PM

Quote :

"Major : textile engineering and csc"

You mean to tell me you're a csc guy and you used a totally unsecure ftp for four years sending your UNITY password out in plain unencrypted text? They must not teach common sense security measures in csc, oh wait it was called E115

1/28/2007 9:54:39 PM

^

You're a real funny guy.

Note : sarcasm

1/28/2007 10:03:21 PM

i've never had anything important on my k drive anyway, i just transfered regular documents.

and it never fails someone has to make a smart ass comment!

1/29/2007 12:14:32 AM

shit i've been doing it for 6 years.

because the chance that someone is sniffing my shit is like 1/1000000000000

ill bet however, the 10 or so most common ways to steal everything you ever knew about, WolfAce, you might have taken precautions about 5 or 6.

1/29/2007 12:28:34 AM

I'll bet money WolfAce has logged into something like AIM over non-encrypted wireless - like NCSU Nomad - and sent his usernames and passwords in plain text into the ether for all to read before. Wireless packet sniffing someplace like the library is lots of fun.

1/29/2007 12:56:23 AM

Not that I can recall but I'm sure at some point i used AIM wirelessly. And of course I know those packets can be sniffed, but AIM passwords are just a little less important then a UNITY password controlling all kinds of your university shit.

1/29/2007 2:54:21 AM

Quote :

"They must not teach common sense security measures in csc, oh wait it was called E115"

Did they have Secure FTP as an option 4+ years ago? I don't remember it being there. And they teach plenty of security measures in CSC ... but not everybody necessarily wants to have that as their focus during their undergraduate years. (Whether it should be a focus is another matter of discussion).

And word of advice, don't make generalized statements like that on here. You'll piss a LOT of people off quick.

[Edited on January 29, 2007 at 7:41 AM. Reason : .]

1/29/2007 7:27:29 AM

is there a way to make internet explorer or windows explorer use SFTP?

1/29/2007 10:10:00 AM

No. You must use a third-party secure FTP program. IE does not have it built-in.

1/29/2007 11:03:53 AM

they are one step closer - the final one imho is to start educating people how to secure the user's IMAP login - you can still sniff those in the library and get a few every hour or 2

hypothetically, i could have gotten my CSC333 TA's (abwood - xxcxfzm2) one time while sitting in class - of course he had access to the gradebook - and it would have been sooooooooooo tempting to either change my grade higher or some other kids' grades lower - i wouldn't have ever done it though

1/29/2007 11:10:51 AM

If NCSU started supporting WPA or any flavor of 802.1x, that would be a fantastic start.

I usually just logged in to nomad, then immediately VPNed.

1/29/2007 11:23:49 AM

Quote :

"or any flavor of 802.1x"

como?

1/29/2007 11:28:13 AM

EAP, PEAP, EAP-fast, whatever else is based on that standard

1/29/2007 3:45:48 PM

^isn't that a lot of overhead?

They should, however, block IMAP over wireless. Force people to use SSL webmail.

1/29/2007 4:39:29 PM

^ what if imap mail is being processed thru a client such as outlook or thunderbird.

i assume those programs encrypt logon information unlike plain webmail...is that correct?

1/29/2007 6:57:45 PM

^plain webmail is over SSL (HTTPS) so the login IS encrypted
blocking IMAP would be done by port number before it is bridged/routed onto the wired network

1/29/2007 7:02:10 PM

^ oh i was going off of the statement below...made me think there was SSL webmail and a plain webmail. i just looked though and its all ssl.

Quote :

"They should, however, block IMAP over wireless. Force people to use SSL webmail."

so its the email clients which leave unencrytped imap passwords floating around in the air?

[Edited on January 29, 2007 at 7:27 PM. Reason : ]

1/29/2007 7:17:36 PM

Quote :

"If NCSU started supporting WPA or any flavor of 802.1x, that would be a fantastic start."

You're an alumni ... donate your beer money to a "WPA for NCSU" fund

Any other nonsecure/outdated services NCSU is still running current students should be aware of WolfAce?

1/29/2007 7:26:04 PM

Encrypting wireless at NCSU would be alot of overhead for not that much gain. Wireless encryption generally either sucks or requires keys that would be painful to manage and disseminate. Its better to just use secure protocols over the unencrypted wireless. And they are planning on turning off plain text IMAP sometime later this year and force everyone to use SSL/TLS.

Quote :

"Did they have Secure FTP as an option 4+ years ago?"

Engineering had it setup in early 2003.

1/29/2007 8:37:26 PM

I disagree that forcing secure local services is the right option. Sure, there's some financial overhead to implementing encrypted wireless security- but I'm sure there are a million more wasteful things that the university has funded.

To me, it's a no brainer. It's the responsible thing to do.

1/29/2007 10:03:13 PM

Moving to mostly (or all) secure services is one of our long-term implementation goals. We have to balance ease of access and training users, as well as the availability of freeware and/or low-cost ways to use secured services.

Secure everything is great, but if we turn on security for wireless (for example) without helping users get ready (and have enough lead-time), then we immediately defeat any gains that are to be had. Case in point with the secure FTP implementation... when we turned OFF regular FTP, there were a number of users that screamed bloody murder.

It's not enough to throw money at a problem. If you don't have a way to get technology-illiterate people up to speed (which is much harder to do than you might think, on a campus this large), then money is irrelevant.

1/29/2007 11:02:32 PM

That's a good point.

1/31/2007 3:50:46 PM