Why is it that companies continue to FTP? sFTP is freely available as are commercial solutions. Why is it that security companies (some mentioned below and others not (who by the way I know us FTP in the clear)) think they can get away with using an insecure protocol? Does that make you feel warm and fuzzy knowing that they take these chances while professing to be highly secure and sell the best products? Friends don't let Friends use FTP but for security and retail companies, it is okey dokey (wonder how this impacts their PCI status?).
"Security researchers are tracking a Trojan that has swiped as many as 88,000 FTP credentials for organizations such as Symantec, McAfee, Amazon, Cisco and the Bank of America. According to researchers at Prevx, the compromises are part of an operation that has been in business for more than two years."
http://www.prevx.com/ftplogons.asp
