On the news lately has been how WordPress blogs have been used to infect Macs.  On the wordpress side of the blog site ( we had an interesting event the other day.

We started getting reports from bloggers and readers that Eset,MSE and other virus engines kept alerting of a malicious javascript on the site.

Did multiple scans, did a Windows Online forensic analysis and found no malicious code actually “on” the box.  What I did find was that it appeared that plug ins on the site appeared to be calling javascripts.  It even appeared that possible googleapis were involved.  We rebuilt the WordPress side, leaving off all googleanalytics plug ins.  And making sure that all timthumbs on the site were updated.  Several themes from paid sites I downloaded still had vulnerable timthumb files in there.

But bottom line I’m not feeling warm and fuzzy.  I put in a url blocker to block any .class urls called into the blog to ensure that if there’s any plug ins had any malcious javascript they would be blocked.  But the site had the latest wordpress.  Bottom line, I’m not feeling warm and fuzzy that one can really secure a wordpress site.  So be careful when surfing… EVEN on this web site.

In the 2008 era of backups I’ve not seen that the reregistering of DLLs helps.  What does help is merely listing the VSS writers and looking deep into the log flles and seeing what it’s complaining about.  Spotted this blog post that may also provide more info when you are trying to debug VSS backup issues.

How to: VSS Tracing – Ask the Core Team – Site Home – TechNet Blogs:

The Microsoft SMB Parallax | Looks Cloudy:
“It seems that MS heads are just in the Clouds. Feels (and sounds) like they are only listening to a small subset of partners and are not listening to any other feedback, especially from clients (end users), through their partners. Very sad. Feels like they have their eyes and ears covered.”

I hate it when Vlad blogs a post that is spot on with what I see others feel.  When he touches a nerve he tends to spear it with a knife and make it bleed a bit.   And I’m not convinced Microsoft is actually even listening to partners, unless those partners are by the names of Dell and Geek squad. 

I also don’t like it when I’m told that I have no choice.  I do think they are choices, but as someone said the other day, we’ve all gotten soft and lazy and flabby and not exercised our muscles to devise our own solutions.

So how about we start talking about some of those options — Kerio ( ) is one is another.  Thoughts?

Ouch.  Well I can guess who will be getting that competency.  Larger firms and Geek Squads.

What are the requirements to earn the Microsoft Partner Network Small Business Competency? – Microsoft SMS&P Partner Community Blog – By Eric Ligman – Site Home – MSDN Blogs:

$1850 a year?  And requiring the Office 365 exam when nearly every partner I hear doesn’t like Microsoft billing their clients direct?

Man, I could be wrong but but nearly every SMB partner I know will consider this to be a slap in their face and only for the big partners.

More details:

Why you should care about the Small Business competency:
Details on the Microsoft Partner Network Small Business Competency announced – Microsoft SMS&P Partner Community Blog – By Eric Ligman – Site Home – MSDN Blogs:

In case this hits anyone…..

MS12-017: Vulnerability in DNS Server could allow denial of service: March 13, 2012:
After you install this security update, the DNS Server service may not start, or you may receive an access violation error message shortly after the service starts, or after the operating system starts.

This issue may occur if DNS is configured to have a CNAME and a SOA record that both exist for the “@” record. The “@” record identifies the root of a DNS zone. This can frequently be identified in the DNS Manager as a record with the “(same as parent folder)” name. The SOA and NS records are allowed in this folder. RFC 2181 describes name uniqueness checks for CNAME records. According to RFC 2181, the CNAME may not exist in the “same as parent folder” (“@”) of a zone.

To avoid this issue, identify and remove the “@” CNAME record that is causing the issue from the misconfigured zone before you install security update 2647170

I have a standalone godaddy hosted wordpress blog for the smbtnfresno group and my goodness is it a spam catcher.  Lately I’ve noted that is also a spam maker as well as it’s now a place where drugs are advertised on the back end of this site.

Nice, huh!