Monthly Archives: July 2010

You are browsing the site archives by month.

Cleaning up a mess

Kurplop.


Oh #$%!.


Karrrrrreeeennnnn!!! I need your help!  Quickly!


Last week I dropped about a quart of high gloss white paint on the door, the steps, the cement, the ladder, the rose bush, the me.  All over the place.


And as it went kurplop on the pavement from the ladder that I was on, I was looking at the mess on the pavement and thinking I’d never clean up the mess.



It was all over the cement.  All over the bricks.  All over the rose trellis.  All over everything.  How in the world was I going to get it cleaned up?


I ran to get paper towels, my sister ran to get the hose and between the two of us we cleaned up the mess and got rid of the disaster. 


So why am I blogging about a painting disaster that got cleaned up?  Because the same is true in technology.  When you have a disaster you need someone else to help.  Someone else to be calm.  To help with the decisions.  Even if that “someone” is someone in the forums (see www.sbsforum.info or someone in your local smb partner group that you know you can lean on and call, or Jeff Middleton of www.sbsmigration.com to bounce migration messes off of,  have someone with a more calm head to deal with the mess you just made.


Because just like me on the ladder when you kurplop, you’ll need someone to help you see that messes are fixable.

Fully patched is in the eye of the beholder

At Blackhat you can read between the lines that “fully patched” doesn’t mean you are fully secure.  At any point in time there are any number of updates that vendors are working on.  Some of them are being worked on with a security researcher, some are being worked on because someone found a vuln and it’s popping up in the wild.


These days the bad stuff isn’t just IE.  Isn’t just active X, isn’t just adobe, isn’t just quicktime, isn’t just flash, isn’t just rogue a/v coming in through bad links in google. 


These days I’m using stuff like opendns and blocking urls.  I’m making sure we’re not running as admin. 


But if you say on any given day that “Hey I’m fully patched, I’m secure”…. guess again…

KBs of interest for SBS 2008

SBS 2008 | Configure Server backup | The wizard cannot retrieve backup settings:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2001010

SBS2008: WSUS 3.0 Self-update is not working, getting Event ID 13042:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2000598

Slow Connectivity for Outlook Anywhere and Sites that use the SBS Web Applications App Pool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2000859

System State backup using Windows Server Backup fails with error: System writer is not found in the backup:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009272

Backups fails with VSS Event ID 12292 and 11 on Windows Server 2008 and Windows Server 2008 R2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009513

No VSS writers are listed when you run vssadmin list writers on Windows Server 2008:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009533

SBS2008: No mail flow, Getting Event ID: 10003, Error: The type initializer for ‘Microsoft.Mapi.ExRpcPerf’ threw an exception:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2013890

RWW Returns Error “There is a problem in Remote Web Workplace. A logon error occurred: The data that the server returned is not valid..”:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2022997

SBS2008: Cannot browse OWA, Server Error in ‘/owa’ Application:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2024306

Some old KBs in there but some I don’t remember…

Remote Web Workplace connect to computer feature may be slow to redraw the screen:

Remote Web Workplace connect to computer feature may be slow to redraw the screen:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2011807

Adding that to the SBS 2008 build doc


Remote Web Workplace connect to client computer feature may display black bars:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2011825


 

We’re screwed

It’s the annual Blackhat event where you listen to presentations and my takeaway is “we’re screwed”.


I’m listening to the cloud security thread and my first takeaway is that we’re pretty much plopping our premise server brainmindset up into the cloud and we are not reinventing the security we need.  Especially in the SMB world.  We need more identity management and PKI and in SMB we freak over how often BPOS passwords require you to change them (and as an aside that’s adjustable — all you need to do is open a trouble ticket and ask them to change that).  We’re looking to move our existing applications to the cloud and not designing them and building them for the cloud.


We keep hearing the headlines about how cheaper it is, how better it is and no one is asking us if we’ve pulled out a threat model and looked to what risks we’re going to face and what changes we need to do.


Don’t worry this excessive paranoia will wear off a bit and I’ll go back to normal paranoia by next week.  But for now I’m sharpening my Dixon Ticonderoga and will be using a No. 2 pencil rather than a computer until I feel safe again.

So I’m listening to the presentation by Tavis Ormandy and Julien Tinnes

So I’m listening to the presentation by  Tavis Ormandy and Julien Tinnes and they are discussing kernel bugs and how the attack surface is growing in general and even in systems that have been designed with security in mind.


One thing I thought interesting was the fact that their deck has the google logo all over it.



The other interesting item to note was the number of kernel bugs still under investigation:



Remember that after the blow up over Tavis’ release of a zero day done “on his free time” other security researchers jumped on the zero day band wagon… MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.”


http://news.softpedia.com/news/Upset-Security-Researchers-Start-Releasing-Microsoft-0Days-146251.shtml


Okay so I was giving Tavis the benefit of the doubt that he was doing this on “his free time”, but not now.  If this was truly on his free time, you’d not put your company logo on the slide deck.  If you’ve ever seen a presentation of mine done in the SMB space I do not put my real firm’s logo on that deck.  This blog is on my free time and thusly speaking gigs I get as a result do not have my firm’s logo on it.


So at least for those particular upcoming kernel bugs that he’s pointing out there… dude…that is not on your personal time.  You are google finding flaws in Windows and Linux kernels because Chrome’s sandboxing depends more on the security of the kernel.

I got sucked in

I got sucked in…. no not to an iPad but to a Kindle.


http://www.amazon.com/gp/product/B003FSUDM4/ref=kinw_dp_gy


Amazon just dropped the prices down to a price tag that I can relate to (better than the iPad price tag for sure)


Don’t want the 3g — check out this price tag — http://www.amazon.com/Kindle-Wireless-Reading-Display-Graphite/dp/B002Y27P3M/ref=amb_link_353169942_2?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-10&pf_rd_r=17N2ZWYPY36CYE3T1F4Y&pf_rd_t=201&pf_rd_p=1270979502&pf_rd_i=B002FQJT3Q

Crypt32 8 events continuously reported on Windows Server 2003, Windows Server 2003 R2, or Windows XP:

Crypt32 8 events continuously reported on Windows Server 2003, Windows Server 2003 R2, or Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2253680&sd=rss&spid=10394


Okay so … I’m not sure I like the resolution to ignore or untick the update root cert solution.  I’ve seen this on my servers that have no antivirus (ones that I just deployed), I’ve seen this on ones where the only firewall is the MS firewall so there’s nothing third party on them.


So now what?  Ignore and hang loose looks like still the best plan of action. 

‘Configure Internet Mail’ wizard crashes on SBS 2008:

‘Configure Internet Mail’ wizard crashes on SBS 2008:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2020759


“This issue can occur if the Windows SBS Internet Send connector is not associated with the correct Hub Transport server”

Okay so I wonder who or what is doing that?

Do your checklists have similar info?

What’s fascinating about these consulting engagement KBs is not really that MS is offering consulting engagements in the first place but that they give a framework of what to do and what Microsoft will do.


Check out the posts and see if YOUR checklists have the same info.


Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating Exchange Data from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275538
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating Folder Redirected Shares from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275550
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Hosting POP3/IMAP4 Clients:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275616
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migrating SharePoint (CompanyWeb) Data from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275764
Microsoft Advisory Services Engagement Scenario – Windows Small Business Server 2008 – Migration Source Server Retirement and Environment Health Check:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275779