[isalist] Re: File Sharing on the internet
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Jul 2006 07:49:13 -0700
http://www.ISAserver.org
-------------------------------------------------------
Glenn, I am a very small business and would cringe and hate myself for
pushing a client away.
I would run away from this one.
John T
eServices For You
"Seek, and ye shall find!"
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Glenn P. JOHNSTON
> Sent: Thursday, July 13, 2006 3:00 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: File Sharing on the internet
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Oh Boy, I am dropping this one like a hot potato.
>
> Based on my comments earlier that it's stupid to open the SQL to the
> internet, They want to start something against the software developer
> and not pay him
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of John T (Lists)
> Sent: Thursday, 13 July 2006 18:07
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: File Sharing on the internet
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Sorry I did not see this earlier Glenn.
>
> Why do they want white papers telling them this is a bad idea when they
> already have the proof in front of them in the form of a comprised
> server?
>
> Simply go aGoogling for SQL attack will turn up plenty of information.
>
> http://www.gcn.com/print/22_4/21214-1.html
> http://www.securitydocs.com/library/3587
>
> I mean, the list is long.
>
>
> John T
> eServices For You
>
> "Seek, and ye shall find!"
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of
> > Glenn P. JOHNSTON
> > Sent: Wednesday, July 12, 2006 10:46 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] File Sharing on the internet
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Hi,
> >
> > A company I do support work for on 'Dial a techie' basis, has had a
> contractor write
> > some software that needs to access a database on the companies server.
>
> > He
> rolled
> > this out onto the 28 sales pc's last week.
> >
> > He has just opened port 1433TCP and 1434UDP on the firewall to allow
> > SQL
> based
> > authentications from client PC's out on the internet to access the
> server.
> It appears
> > that someone has already hacked into the DB, some tables are empty,
> > others corrupted, SQL logs show a lot of connections, far more so than
>
> > can be
> explained by
> > legitimate connections.
> >
> > This of course is a very bad idea, but the company wants some details
> > and
> white
> > papers or the like that details why. This has all blown up in the last
> hour and a half,
> > and I need some thing to get back to them with tomorrow.
> >
> > If anyone has any suggestions of white papers etc that might be
> appropriate, they
> > would be much appreciated.
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
