If I use ftp or telnet by accident, to what extent is my password unsafe?

When you say, on the bash shell, I am assuming this shell is running on the computer at the locations you mention. If you have SSH to some other host and ran ftp/telnet then these answers are irrelevant.

can my coworker see it?

Maybe, if your are both connected to a hub, if you are on a switch and he hasn't done anything evil like arp poisoning he can't see it.

can my neighbor see it if i work at home (if not using wireless)?

It depends on what type of ISP you are using, but probably not.

can someone working at a data center along the way see it?

Yes

can someone working at a university data center see it? (if it is on the route)

Yes

if i use it on a wireless WEP network, it maybe be viewable for anyone who broke the WEP network key by monitoring 1GB of data?

Anyone on the network can see it. A wireless network works like a hub. Everyone on the network sees everything.

if i use Starbucks, Pete's Cafe, or McDonald's wireless, and usually they are not WEP or WPA encrypted, can the person setting up the network there possibly see it?

Yes.

can someone working at a company along the way that has T1 or T3 see it?

Anyone who has access to a router connecting any of the links between your computer and the server could see your traffic, the type of the link doesn't matter.


Anyone with the ability to sniff the traffic between you and the site that you have connected to can potentially read your ftp password, or any data that travels unencrypted.

So, realistically, all scenarios above will be possible, with the following notes:

1) Your co-worker would either have to be able to tap into your external network, or be able to convince the local switches to send him your traffic - very possible if they have admin rights to the switch.

2) If you are using cable with your ISP, then yes - your neighbour could sniff your external traffic. If not, then they would need some serious kit to sniff your local network - very unlikely.

3-5) Totally possible.

If you are concerned about people reading your passwords, I would recommend using secure protocols: SSH/SFTP/SCP instead of telnet/FTP.


To simplify this, just think of it this way.

A protocol that operates across an insecure channel (TCP/IP), needs to implement it's own layer of security.

Now, if there exists someone that can listen in on the conversation, anywhere between the two end-points (server/client), then they can see your communication if they so desire.

You can't stop them seeing it, but you can make it difficult for them to make any sense of it - and the only way to do that is by encrypting it - and that's why telnet, ftp should be replaced with ssh, sftp, etc.

You can enforce this by simply not having any telnet servers - if that's an option for you.

Note: You also don't get much added security by using a switch, despite what some people think, because IP-spoofing, ARP-poisoning etc are not difficult tasks.