Re: This is why you *don't* want HTTPS
"/goes back to mumbling about the days when ftp was the primary interface used on the internet. My current ftp client is 150kB. That's a whole lot easier to audit than Chromium, Firefox and by a massive long-shot, IE. "Pretty" is causing massive security issues."
The issue the article describes, and one that FTP can fall into, as well as SMTP, POP3, NNTP, and just about ANY plaintext protocol, is that a malcontent can MITM the connection and alter the contents in transit. In FTP's case, the file transfers and directory listings can be poisoned. And it would be indistinguishable on your end, meaning you have no way to know you're not REALLY getting the stuff you asked for.
Biting the hand that feeds IT
