People are greater threats to security than software, more often than not......
Yep.. and the thing is - most if not all DoD employees (military, civilian, contractor) have to go through annual "training" regarding network security (and other things; active shooter; human trafficking; sexual assault/harrassment; etc.) so that things like this don't happen. Guess the people in charge of the FTP server skipped those.
^ _ ^
During my web development studies my professor performed risk assessments for the DoD.
He told us he had several layers of security: at the gate to the base, another to the building, another to certain sections of the building, and others.
But when he got to the server room...
The door was propped open. "We have so many people requiring access, it's easier to leave the door open."
Makes sense to me [laughs].