[isalist] Re: File Sharing on the internet
- From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Jul 2006 20:00:17 +1000
http://www.ISAserver.org
-------------------------------------------------------
Oh Boy, I am dropping this one like a hot potato.
Based on my comments earlier that it's stupid to open the SQL to the
internet, They want to start something against the software developer
and not pay him
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of John T (Lists)
Sent: Thursday, 13 July 2006 18:07
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: File Sharing on the internet
http://www.ISAserver.org
-------------------------------------------------------
Sorry I did not see this earlier Glenn.
Why do they want white papers telling them this is a bad idea when they
already have the proof in front of them in the form of a comprised
server?
Simply go aGoogling for SQL attack will turn up plenty of information.
http://www.gcn.com/print/22_4/21214-1.html
http://www.securitydocs.com/library/3587
I mean, the list is long.
John T
eServices For You
"Seek, and ye shall find!"
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Glenn P. JOHNSTON
> Sent: Wednesday, July 12, 2006 10:46 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] File Sharing on the internet
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi,
>
> A company I do support work for on 'Dial a techie' basis, has had a
contractor write
> some software that needs to access a database on the companies server.
> He
rolled
> this out onto the 28 sales pc's last week.
>
> He has just opened port 1433TCP and 1434UDP on the firewall to allow
> SQL
based
> authentications from client PC's out on the internet to access the
server.
It appears
> that someone has already hacked into the DB, some tables are empty,
> others corrupted, SQL logs show a lot of connections, far more so than
> can be
explained by
> legitimate connections.
>
> This of course is a very bad idea, but the company wants some details
> and
white
> papers or the like that details why. This has all blown up in the last
hour and a half,
> and I need some thing to get back to them with tomorrow.
>
> If anyone has any suggestions of white papers etc that might be
appropriate, they
> would be much appreciated.
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
