Perkiomen Valley Academy and Bardissi Enterprises, LLC enhances the educational environment

THE MERCURY, Friday, November 17, 2006: Perkiomen Valley Academy Day Treatment Program, of Frederick, Pennsylvania, an alternative school for at-risk youth, was the recent recipient of a grant from the St. Paul Travelers Foundation of St. Paul, Minnesota. This grant was provided to local St. Paul Travelers employees to improve technology within the school for use by administrators, educators and students. The school was provided with both a wired and wireless network infrastructure including high-speed access to the internet, refurbished personal computers, and new, large capacity printers by Bardissi Enterprises, LLC of Hatfield, Pennsylvania the premier information technology service and support company offering affordable and quality service for personal and business computer needs.

Perkiomen Valley Academy staff have already noted an increased demand among students for use of the new technology that Bardissi Enterprises not only supplied, but also installed and configured to meet the academies educational needs and specifications for the preparation of special projects requiring internet research, interest in mastery of personal computer skills, and completion of an SAT preparation course for those students planning for post-secondary education.

The schools computer lab, with space for six to seven students at a time, now runs non-stop throughout the day to meet student demand. Students that are meeting program requirements are allowed extra opportunities to utilize the computer lab as an elective during their school day.

Patricia Murray, the Director of the academy, stated that, “The staff and students at Perkiomen Valley Academy are both thrilled and grateful to have been given the opportunity to have the new computer and software technology to include the computer and network technical expertise of Bardissi Enterprises as a result of the St. Paul Travelers grant. This entire situation will assist the academy in continuing to provide the highest quality education and social development for our current students and those students who will attend the academy in the future.”

George Bardissi, president of Bardissi Enterprises, was more than pleased to lend the companies computer and network technical expertise to the academy. “It is both a pleasure and a privileged to work with the Perkiomen Valley Academy”. “Bardissi Enterprises looks forward to the continued relationship with the academy and its confidence in our technical expertise and ability to keep them moving forward in the ever changing world of the Information Highway with the most current and advanced hardware and software available.

Patricia Murray, Director, and Nancy Limbeck, Assistant Director of PVA accept a new laptop computer from David W. Hill, Regional Executive for St. Paul Travelers Insurance, and
George Bardissi, President, Bardissi Enterprises, LLC.

Hatfield Borough Moves Into The Realm of Managed Information Technology Support and Service With Bardissi Enterprisess

THE REPORTER, Wednesday, December 6, 2006

The Borough of Hatfield has contracted with Bardissi Enterprises, LLC for the provision of Managed Information Technology Support and Service. Bardissi Enterprises, LLC is a local full service Information Technology Service and Support company located in Hatfield, specializing in Managed IT support and service to both home and business computer users. They also specialize in Security Solutions, Business Phone Solutions, Product Sales & Solutions, Web Solutions, Audio Visual Solutions and Liquidation & recycling Solutions. “In contracting with Bardissi Enterprises, The Borough of Hatfield will no longer have to deal with high hourly IT service and support charges. Instead, they will now have a set, yearly budgeted figure for their computer and network service and support needs. This will give them greater budgetary control and increased cost savings as well as the fact that service will be immediate since Bardissi Enterprises is local”, states George Bardissi, President of Bardissi Enterprises. Robert E. Ihlein, Borough Manager/Secretary of The Borough of Hatfield stated, “We are looking forward to having a top notch Information Technology firm, such as Bardissi Enterprises, to support us. Just like private businesses, the Borough depends heavily on its computers and network to perform critical municipal business functions.”

President of Bardissi Enterprises, George Bardissi and Borough Manager/Secretary, Robert E. Ihlein

Outlook Express Has Worst of Four Flaws in Windows

Severity: Medium12 December, 2006

Summary:

Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components that ship with it. The worst flaw resides in Outlook Express. By enticing one of your users to a Web site and persuading them to open an address book file, an attacker could exploit the flaw to execute code and potentially gain complete control of that user’s PC. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for December and expand the “Affected Software and Download Location” section. If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network immediately.

Exposure:

Microsoft’s four security bulletins describe vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summaries below list the vulnerabilities from highest to lowest severity.

MS06-076: Buffer Overflow in Outlook Express

A function that Outlook Express (OE) uses to handle Windows Address Book (.WAB) files suffers from a buffer overflow vulnerability. By persuading one of your users to download and open a malicious .WAB file, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If the user has local administrative privileges, the attacker would gain complete control of the user’s machine. In order to entice your users to download this kind of malicious file, an attacker might host it on a Web site. However, for this exploit to succeed, your users would have to interact with the file by opening it in OE. While this flaw poses a serious threat to OE users, most businesses elect to use the full version of Outlook that ships with Office. “Full” Outlook users (in contrast with Outlook Express users) are not susceptible to this flaw.
Microsoft rating: Important.

MS06-074: Buffer Overflow in SNMP Service

The Simple Network Management Protocol (SNMP) allows administrators to remotely manage network devices. Windows ships with an SNMP service. Unfortunately, the service suffers from a buffer overflow vulnerability. By sending a specially crafted SNMP message, an attacker could exploit the flaw to gain complete control of your computer. However, Windows doesn’t install the SNMP service by default. Furthermore, most administrators don’t allow SNMP through their firewall. Unless you’ve specifically installed the SNMP service, and allow SNMP packets through your firewall, you probably don’t have to worry about this issue.
Microsoft rating: Important.

MS06-077: RIS Writable Path Vulnerability

The Remote Installation Service (RIS) allows Windows Setup to initiate over a network. Unfortunately, the RIS Trivial File Transfer Protocol (TFTP) server that ships with Windows 2000 allows anonymous users to arbitrarily write files anywhere on a Windows file system. This flaw could allow an attacker to overwrite important operating system files or to upload malicious executables to locations where Windows will automatically execute them. However, several factors reduce the severity of this flaw. First, the attacker needs valid login credentials in order to exploit this flaw. Second, Windows 2000 doesn’t install the RIS TFTP server by default. Third, most administrators don’t allow TFTP access through their firewall. Therefore, this flaw primarily poses an internal threat, if any threat at all.
Microsoft rating: Important.

MS06-075: Local Elevation of Privilege Vulnerability in Windows

According to Microsoft, the Client/Server Run-time Subsystem (CSRSS.EXE) is an essential subsystem “responsible for console windows, creating and/or deleting threads.” This subsystem suffers from a local elevation of privilege vulnerability involving its “improper processing and management of file manifests.” If an attacker can log in to one of your systems using valid credentials, and then run a specially crafted program, she can exploit this flaw to gain complete control of that system. But in our view, if attackers can log in to your system and run arbitrary programs, you already have much bigger problems on your hands.
Microsoft rating: Important.

Solution Path

Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Note: Microsoft no longer officially supports Windows NT 4.0, Windows 98 or ME. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.

MS06-076:

• Outlook Express 5.5
• Outlook Express 6.0
  • Microsoft no longer supports 98, ME, or XP SP1
  • For Windows 2000
  • For Windows XP SP2
  • For Windows XP x64
  • For Windows 2003
  • For Windows 2003 Itanium
  • For Windows 2003 x64

MS06-074:

• 2000
• XP
• XP x64
• Server 2003
• Server 2003 Itanium Edition
• Server 2003 x64

MS06-077:

• 2000

MS06-075:

• XP
• Server 2003
• Server 2003 Itanium Edition