Chris
Possibly not the best email to send from your employers email server.
It suggests you are using MS servers with IIS and FTP enabled
backending, I would guess "on the same box" to MS SQL.
While you will get some information about the vulnerabilities, most here
would expect you to keep your banks systems patched. What you will get
from this kind of forum is advise on patches to vulnerabilities that
have been disclosed; However, you will not get info on new exploits
(the zero-day type hackers use against the likes of banks) on
non-publicly disclosed vulnerabilities.
Therefore, you will not be able to prevent exploits that MS is still
working to patch. With a disclosure regarding your infrastructure on
such a public forum, you should watch your front facing Sy barriers for
increased attacks aimed specifically at MS architecture. Best give the
IDS/IPS and incident staff a nod too. I recognise you may be double
bluffing, but I will bet you will still get a 100% increase in the MS
exploits thrown at your FW and internet gateways.
As to your question, try secunia.com, www.osvdb.org and good old
www.packetstormsecurity.nl
Steve A
-----Original Message-----
From: chris.dalton@capitalonebank.com
[mailto:chris.dalton@capitalonebank.com]
Sent: 25 July 2006 15:42
To: focus-ms@securityfocus.com
Subject: Co-Hosting SQL with IIS FTP service
Can anyone guide me as to what type of issues with inter-system
dependencies might arise by co hosting IIS FTP service with SQL?
Anyone know of any articles on the exploits?
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
