[isalist] Re: File Sharing on the internet

  • From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Jul 2006 01:07:13 -0700

http://www.ISAserver.org
-------------------------------------------------------

Sorry I did not see this earlier Glenn.

Why do they want white papers telling them this is a bad idea when they
already have the proof in front of them in the form of a comprised server?

Simply go aGoogling for SQL attack will turn up plenty of information.

http://www.gcn.com/print/22_4/21214-1.html
http://www.securitydocs.com/library/3587

I mean, the list is long.


John T
eServices For You

"Seek, and ye shall find!"


> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Glenn P. JOHNSTON
> Sent: Wednesday, July 12, 2006 10:46 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] File Sharing on the internet
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Hi,
> 
> A company I do support work for on 'Dial a techie' basis,  has had a
contractor write
> some software that needs to access a database on the companies server. He
rolled
> this out onto the 28 sales pc's last week.
> 
> He has just opened port 1433TCP and 1434UDP on the firewall to allow SQL
based
> authentications from client PC's out on the internet to access the server.
It appears
> that someone has already hacked into the DB, some tables are empty, others
> corrupted, SQL logs show a lot of connections, far more so than can be
explained by
> legitimate connections.
> 
> This of course is a very bad idea, but the company wants some details and
white
> papers or the like that details why. This has all blown up in the last
hour and a half,
> and I need some thing to get back to them with tomorrow.
> 
> If anyone has any suggestions of white papers etc that might be
appropriate, they
> would be much appreciated.
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2006