http://www.ISAserver.org ------------------------------------------------------- Yep. Sending business away is a bad thing, but I had no interesting in taking sides in a "he said, she said, I thought, you mean what" exercise. At first the Company was pissed that after 4 years, I am refusing to get involved in the stoush with the developer, and I thought the phone call I made yesterday where I told them "No thanks" was the last I'd hear from them.. But today, received a call, "Please come and fix this for us, you know our systems, and we have been happy with your service. We'll keep it to keeping our systems running, and fixing the problem". The other stuff is in the hands of our lawyer. So you never know do you, you just never know................................ -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of John T (Lists) Sent: Friday, 14 July 2006 00:49 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: File Sharing on the internet http://www.ISAserver.org ------------------------------------------------------- Glenn, I am a very small business and would cringe and hate myself for pushing a client away. I would run away from this one. John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > Glenn P. JOHNSTON > Sent: Thursday, July 13, 2006 3:00 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: File Sharing on the internet > > http://www.ISAserver.org > ------------------------------------------------------- > > Oh Boy, I am dropping this one like a hot potato. > > Based on my comments earlier that it's stupid to open the SQL to the > internet, They want to start something against the software developer > and not pay him > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of John T (Lists) > Sent: Thursday, 13 July 2006 18:07 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: File Sharing on the internet > > http://www.ISAserver.org > ------------------------------------------------------- > > Sorry I did not see this earlier Glenn. > > Why do they want white papers telling them this is a bad idea when > they already have the proof in front of them in the form of a > comprised server? > > Simply go aGoogling for SQL attack will turn up plenty of information. > > http://www.gcn.com/print/22_4/21214-1.html > http://www.securitydocs.com/library/3587 > > I mean, the list is long. > > > John T > eServices For You > > "Seek, and ye shall find!" > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of > > Glenn P. JOHNSTON > > Sent: Wednesday, July 12, 2006 10:46 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] File Sharing on the internet > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Hi, > > > > A company I do support work for on 'Dial a techie' basis, has had a > contractor write > > some software that needs to access a database on the companies server. > > > He > rolled > > this out onto the 28 sales pc's last week. > > > > He has just opened port 1433TCP and 1434UDP on the firewall to allow > > SQL > based > > authentications from client PC's out on the internet to access the > server. > It appears > > that someone has already hacked into the DB, some tables are empty, > > others corrupted, SQL logs show a lot of connections, far more so > > than > > > can be > explained by > > legitimate connections. > > > > This of course is a very bad idea, but the company wants some > > details and > white > > papers or the like that details why. This has all blown up in the > > last > hour and a half, > > and I need some thing to get back to them with tomorrow. > > > > If anyone has any suggestions of white papers etc that might be > appropriate, they > > would be much appreciated. > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx