Oh #$%!.

Karrrrrreeeennnnn!!! I need your help!  Quickly!

Last week I dropped about a quart of high gloss white paint on the door, the steps, the cement, the ladder, the rose bush, the me.  All over the place.

And as it went kurplop on the pavement from the ladder that I was on, I was looking at the mess on the pavement and thinking I’d never clean up the mess.

It was all over the cement.  All over the bricks.  All over the rose trellis.  All over everything.  How in the world was I going to get it cleaned up?

I ran to get paper towels, my sister ran to get the hose and between the two of us we cleaned up the mess and got rid of the disaster. 

So why am I blogging about a painting disaster that got cleaned up?  Because the same is true in technology.  When you have a disaster you need someone else to help.  Someone else to be calm.  To help with the decisions.  Even if that “someone” is someone in the forums (see www.sbsforum.info or someone in your local smb partner group that you know you can lean on and call, or Jeff Middleton of www.sbsmigration.com to bounce migration messes off of,  have someone with a more calm head to deal with the mess you just made.

Because just like me on the ladder when you kurplop, you’ll need someone to help you see that messes are fixable.

At Blackhat you can read between the lines that “fully patched” doesn’t mean you are fully secure.  At any point in time there are any number of updates that vendors are working on.  Some of them are being worked on with a security researcher, some are being worked on because someone found a vuln and it’s popping up in the wild.

These days the bad stuff isn’t just IE.  Isn’t just active X, isn’t just adobe, isn’t just quicktime, isn’t just flash, isn’t just rogue a/v coming in through bad links in google. 

These days I’m using stuff like opendns and blocking urls.  I’m making sure we’re not running as admin. 

But if you say on any given day that “Hey I’m fully patched, I’m secure”…. guess again…

SBS 2008 | Configure Server backup | The wizard cannot retrieve backup settings:

SBS2008: WSUS 3.0 Self-update is not working, getting Event ID 13042:

Slow Connectivity for Outlook Anywhere and Sites that use the SBS Web Applications App Pool:

System State backup using Windows Server Backup fails with error: System writer is not found in the backup:

Backups fails with VSS Event ID 12292 and 11 on Windows Server 2008 and Windows Server 2008 R2:

No VSS writers are listed when you run vssadmin list writers on Windows Server 2008:

SBS2008: No mail flow, Getting Event ID: 10003, Error: The type initializer for ‘Microsoft.Mapi.ExRpcPerf’ threw an exception:

RWW Returns Error “There is a problem in Remote Web Workplace. A logon error occurred: The data that the server returned is not valid..”:

SBS2008: Cannot browse OWA, Server Error in ‘/owa’ Application:

Some old KBs in there but some I don’t remember…

It’s the annual Blackhat event where you listen to presentations and my takeaway is “we’re screwed”.

I’m listening to the cloud security thread and my first takeaway is that we’re pretty much plopping our premise server brainmindset up into the cloud and we are not reinventing the security we need.  Especially in the SMB world.  We need more identity management and PKI and in SMB we freak over how often BPOS passwords require you to change them (and as an aside that’s adjustable — all you need to do is open a trouble ticket and ask them to change that).  We’re looking to move our existing applications to the cloud and not designing them and building them for the cloud.

We keep hearing the headlines about how cheaper it is, how better it is and no one is asking us if we’ve pulled out a threat model and looked to what risks we’re going to face and what changes we need to do.

Don’t worry this excessive paranoia will wear off a bit and I’ll go back to normal paranoia by next week.  But for now I’m sharpening my Dixon Ticonderoga and will be using a No. 2 pencil rather than a computer until I feel safe again.

So I’m listening to the presentation by  Tavis Ormandy and Julien Tinnes and they are discussing kernel bugs and how the attack surface is growing in general and even in systems that have been designed with security in mind.

One thing I thought interesting was the fact that their deck has the google logo all over it.

The other interesting item to note was the number of kernel bugs still under investigation:

Remember that after the blow up over Tavis’ release of a zero day done “on his free time” other security researchers jumped on the zero day band wagon… MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.”


Okay so I was giving Tavis the benefit of the doubt that he was doing this on “his free time”, but not now.  If this was truly on his free time, you’d not put your company logo on the slide deck.  If you’ve ever seen a presentation of mine done in the SMB space I do not put my real firm’s logo on that deck.  This blog is on my free time and thusly speaking gigs I get as a result do not have my firm’s logo on it.

So at least for those particular upcoming kernel bugs that he’s pointing out there… dude…that is not on your personal time.  You are google finding flaws in Windows and Linux kernels because Chrome’s sandboxing depends more on the security of the kernel.

I got sucked in…. no not to an iPad but to a Kindle.


Amazon just dropped the prices down to a price tag that I can relate to (better than the iPad price tag for sure)

Don’t want the 3g — check out this price tag — http://www.amazon.com/Kindle-Wireless-Reading-Display-Graphite/dp/B002Y27P3M/ref=amb_link_353169942_2?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-10&pf_rd_r=17N2ZWYPY36CYE3T1F4Y&pf_rd_t=201&pf_rd_p=1270979502&pf_rd_i=B002FQJT3Q

Crypt32 8 events continuously reported on Windows Server 2003, Windows Server 2003 R2, or Windows XP:

Okay so … I’m not sure I like the resolution to ignore or untick the update root cert solution.  I’ve seen this on my servers that have no antivirus (ones that I just deployed), I’ve seen this on ones where the only firewall is the MS firewall so there’s nothing third party on them.

So now what?  Ignore and hang loose looks like still the best plan of action. 

What’s fascinating about these consulting engagement KBs is not really that MS is offering consulting engagements in the first place but that they give a framework of what to do and what Microsoft will do.

Check out the posts and see if YOUR checklists have the same info.

Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating Exchange Data from SBS 2003:
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating Folder Redirected Shares from SBS 2003:
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Hosting POP3/IMAP4 Clients:
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating SharePoint (CompanyWeb) Data from SBS 2003:
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migration Source Server Retirement and Environment Health Check: