November 28, 2007
Severity: Medium
27 November, 2007
Summary:
Late yesterday, the Mozilla Foundation released an update fixing three security vulnerabilities in Firefox 2.0.0.x, for Windows, Linux, and Macintosh. If one of your Firefox users visits a malicious web page, an attacker could potentially exploit the worst of these vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the computer. If you run Firefox on any platform, you should download and deploy version 2.0.0.10 at your earliest convenience.
Exposure:
Yesterday, the Mozilla Foundation released Firefox 2.0.0.10, fixing three security vulnerabilities in the popular web browser. We summarize the vulnerabilities below:
- Three memory corruption vulnerabilities (2007-38). Firefox suffers from three unspecified crash bugs, which corrupt memory. Mozilla presumes that with enough effort some of these memory corruption flaws could be exploited to run arbitrary code. To exploit these flaws, an attacker would first have to trick one of your users into visiting a maliciously crafted web page. If your user took the bait, the attacker could execute code on that user’s machine, with that user’s privileges. If your user were a local administrator or had root privileges, the attacker would gain total control of the victim’s computer.
- Java archive-handling XSS vulnerability (2007-37). A Java Archive (JAR) file is a package that contains in one, compressed file all the individual components used to make up a Java applet (similar in concept to a ZIP file). In order to support digitally signed web pages, Firefox supports a special “jar:” URI handler so that Firefox can process JAR signatures that have been packaged in a zip archive. A security researcher named Petko D. Petkov (a.k.a. pdp) discovered a Cross-Site Scripting (XSS) vulnerability within Firefox’s JAR handling feature. By enticing one of your users into clicking a specially crafted link, an attacker could exploit this vulnerability to execute code on your user’s computer with the same trust (privileges and permissions) you have given to another (legitimate) web site. This allows the attacker to do anything from stealing your user’s cookies to executing malicious scripts with elevated privileges. If you’d like more detail on this complex attack, check out pdp’s advisories [ 1 / 2 ]. For more general understanding of XSS attacks, see our article, “Anatomy of a Cross-Site Scripting Attack.”
- HTTP-referer spoofing vulnerability (2007-39). Gregory Fleischer discovered a race condition vulnerability that allows attackers to spoof the HTTP-Referer header in a web request. Some web sites check the information in HTTP-Referer headers in order to help protect themselves against Cross-site Request Forgery (CSRF). If an attacker can spoof the HTTP-Referer header, he can defeat this protection mechanism.
Solution Path:
Mozilla has updated Firefox, correcting these security vulnerabilities. If you use Firefox in your network, we recommend that you download and deploy version 2.0.0.10 as soon as possible. Mozilla no longer supports the 1.5.x branch of Firefox. We recommend that 1.5.x users migrate to 2.0.0.10 now.
Note: The latest versions of Firefox 2.0 automatically inform you when a Firefox update is available. We highly recommend you keep this feature enabled so that Firefox receives its updates as soon as Mozilla releases them. To verify you have Firefox configured to automatically check for updates, click Tools => Options => Advanced tab => Update tab. Make sure that “Firefox” is checked under “Automatically check for updates.” In this menu, you can configure Firefox to automatically download and install the update, or to merely inform the user that the update exists.
For All WatchGuard Users:
Some of these attacks arrive as normal-looking HTTP traffic, which you must allow through your firewall if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
The Mozilla Foundation has released Firefox 2.0.0.10, fixing these security issues.
References:
Leave a Comment » | 
Apple, Business Computer Support, Computer Security, Firefox, Home Computer Support, Linux, Mac, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows Server 2003, Windows Vista, Windows XP | 
Permalink
Posted by bardissi
November 27, 2007
New Product, New Name; Now Vista Compatible
WatchGuard is pleased to announce the immediate availability of a successor to our Mobile User VPN client, WatchGuard Mobile VPN with IPSec. This new VPN client includes new features and compatibility with Microsoft Windows Vista, and is also compatible with existing Firebox X Edge, Core, and Peak models, as well as Firebox SOHO 6 and Firebox III models. No upgrade to your Firebox appliance software is needed.
Here are more details about WatchGuard Mobile VPN with IPSec.
Operating System Compatibility: The new client is compatible with all versions of Microsoft Windows Vista (32 and 64 bit), Windows XP (32 bit only), and Windows 2000.
Firebox Compatibility: The new client is configured in exactly the same way as the previous Mobile User VPN (MUVPN) client, so no changes are required on your Firebox to begin using the new client. You also do not need to hand out new configuration profiles (commonly known by their file extension,.wgx) to your users. Only the Mobile VPN client software (and the name) have changed. Please note that this client is designed to connect only to WatchGuard devices. (If you have an urgent need for a Vista-compatible client that connects to non-WatchGuard devices, please contact Technical Support.)
New Name: The official name of the new product is WatchGuard Mobile VPN with IPSec. We changed the name to distinguish it clearly from the previous Mobile User VPN client, and to streamline our product naming conventions for all remote access methods. In future releases of firmware for the Edge, Core and Peak, you will find all remote access grouped under the heading, “WatchGuard Mobile VPN.” Examples are “WatchGuard Mobile VPN with IPSec” and “WatchGuard Mobile VPN with PPTP.”
Does this release pertain to me?
All Users of Microsoft Windows Vista: If you wish to connect remote users to your Firebox-protected network, and your remote users are running any version of Vista, you will need to download, distribute, and have your Vista users install the new Mobile VPN with IPSec package.
If I don’t use Vista, do I still need to upgrade? Short answer: no. If you do not use Microsoft Windows Vista, and are currently using the MUVPN product that we are replacing, you are not forced to upgrade to WatchGuard Mobile VPN with IPSec. We will continue to provide first-level technical support on the previous product. However, if you encounter technical problems with the SafeNet-based MUVPN that we cannot readily resolve, you may be asked to upgrade to Mobile VPN with IPSec, for which we will provide full support.
You may also allow some users to run the previous MUVPN and others to run new Mobile VPN client software, simultaneously, with no changes needed on your Firebox.
How do I get the release?
All customers who have a current LiveSecurity Service subscription and are entitled to Mobile User VPN can obtain this new client without additional charge by downloading the applicable packages from the Software Center web page, which also includes clear installation instructions. As always, if you need support, please enter a support incident online or call our support staff directly:
- U.S. Customers: 877.232.3531
- International Customers: +1.206.613.0456
Authorized WatchGuard Resellers: 206.521.8375
4 Comments | 
Business Computer Support, Computer Security, Microsoft, Network Infrastructure, Non-Profit Technology, Watchguard, Windows Vista | 
Permalink
Posted by bardissi
November 27, 2007
No exploit for OS X…as of yet
Severity: Medium
26 November, 2007
Summary:
Over the long U.S. holiday weekend, a Polish security researcher publicly released exploit code for a zero-day vulnerability that affects Quicktime 7.3 and 7.2 for Windows. By enticing one of your users to a specially crafted web page, or tricking the user into opening a malicious Quicktime file, an attacker could exploit this flaw to execute code on that user’s computer, potentially gaining complete control of it. If you allow Quicktime or iTunes in your network (or suspect that users have installed them), have users either implement the workarounds described in this alert, or remove the applications until Apple releases a patch.
Exposure:
Last Friday, a security researcher named Krystian Kloskowski released Proof-of-Concept (PoC) code that exploits a zero day security vulnerability in the latest versions of Apple Quicktime (7.3 and 7.2) for Windows. The PoC exploits a new buffer overflow vulnerability involving the code that Quicktime uses to handle the Real Time Streaming Protocol (RTSP). This vulnerability is similar to another RTSP-related Quicktime flaw we described in January. By enticing one of your users into visiting a specially crafted web page or RTSP stream, or tricking them into opening a malicious Quicktime media file, an attacker could exploit this flaw to execute code on your user’s computer. A successful attacker inherits the privileges of the victim, so, depending upon what privileges you extend to your users, the attacker could potentially exploit this flaw to gain complete control of the victim computer.
Kloskowski released Proof-of-Concept (PoC) code that exploits this flaw in Quicktime 7.2 and 7.3 for Windows. His original PoC code contained a benign payload. However, other greyhat researchers have already released new exploits [ 1 / 2 ], based on Kloskowski’s original. These new exploits contain more malicious payloads, such as backdoor access. Furthermore, attackers could easily modify these exploits to do just about anything they like. The LiveSecurity team has tested one of the backdoor exploits, and it works well, though it requires you to visit a specially crafted link in order for the exploit to function successfully. So far these exploits specifically target Windows XP and Vista. However, this vulnerability could also affect the OS X versions of Quicktime. We won’t know the full scope of this flaw until Apple responds to the incident.
With no patch, and exploit code widely available, we consider this vulnerability a critical risk for Quicktime and iTunes users (current versions of iTunes also ship with Quicktime). If you use these Apple multimedia products, you should implement the workarounds described in the Solution section of this alert as soon as possible.
Solution Path:
Since Kloskowski released this vulnerability without first informing Apple, Apple hasn’t had time to create and release a fix. If you allow (or suspect that users have installed) Quicktime or iTunes in your network, we recommend you apply the workarounds listed below, until Apple releases a patch.
- Disable the RTSP stream descriptor in Quicktime. In order for your Web browser to handle RTSP streams, you need to enable the RTSP stream descriptor in Quicktime. This RTSP stream descriptor is enabled by default in the Mac version of Quicktime, but not in the Windows version. Disabling the RTSP stream descriptor in Quicktime prevents your Web browser from handling all RTSP media streams. This could protect your users from attacks utilizing malicious RTSP URLs to exploit this vulnerability. However, all videos (whether malicious or legitimate) that use RTSP for streaming, will not be able to stream, so consider whether the extra safety is worth the inconvenience to your organization.
-
- For OS X users: In Quicktime, click on Quicktime Player => Quicktime Preference… => Advanced tab. Click on the Mime Settings… button and maximize the Streaming – Streaming movies menu item. Uncheck the RTSP stream descriptor setting.
- For Windows users: In Quicktime for Windows the RTSP stream descriptor is disabled by default. However, you can verify this setting by clicking Edit => Preferences => Quicktime Preferences… => File Types tab. Maximize the Streaming – Streaming movies menu and verify that the RTSP stream descriptor setting remains unchecked. You can also reach the RSTP stream descriptor by visiting the Quicktime Control Panel and viewing the File Types tab.
Keep in mind, even after disabling the RTSP stream descriptor, an attacker could still exploit this vulnerability using methods other than a maliciously-crafted URL; see the next bullet point.
- Block all Quicktime media content at your gateway. Unfortunately, attackers can also exploit this vulnerability by enticing one of your users into downloading a specially crafted Quicktime media file. Theoretically, an attacker could trigger this attack with just about any media file that Quicktime processes, including .mov, .mp3, .qtl, and .avi files, to name a few. If you block all possible media files at your gateway, you can protect your network from this attack vector. However, this would prevent your users from receiving many legitimate media files as well, so this option suits only the strictest organizations.
- Block outgoing RTSP access. RTSP media streams typically use TCP port 554 to establish their initial connection. If you use your firewall to block outgoing access to TCP port 554, you can mitigate the risk of an attacker enticing your users to a malicious RTSP stream. In fact, all the exploits currently released for this vulnerability require the victim to access TCP port 554. If your users can’t access that port, the current exploits won’t succeed.
For more potential workarounds, see the Solution section of CERT’s Quicktime advisory as well.
When Apple patches Quicktime, we will update this alert.
For All WatchGuard Users:
Many of WatchGuard’s Firebox models allow you to prevent your users from downloading certain media files via the web or emails. If you like, you can temporarily mitigate the risk of this vulnerability by blocking all the media files that Quicktime handles using your Firebox’s HTTP, SMTP, and POP3 proxy services. However, many different media files trigger this vulnerability, and blocking them all also prevents your users from downloading many legitimate media files. Therefore, you may want to rely on the other workarounds described above instead.
All Firebox administrators can prevent their users from accessing RTSP streams by blocking outgoing access to TCP port 554. This could prevent your users from reaching malicious RTSP links that host this sort of attack. Simply create a policy for TCP port 554, and deny all outgoing access through that service. Note that your users will not be able to stream any legitimate media files that use RTSP streams.
Status:
We’ll update you as soon as Apple releases an updated version of Quicktime.
References:
Leave a Comment » | 
Apple, Business Computer Support, Computer Security, Home Computer Support, Non-Profit Technology, Quicktime, Watchguard, iTunes | 
Permalink
Posted by bardissi
November 19, 2007
Severity: Medium
16 November, 2007
Summary:
Today, a Chinese researcher released an advisory warning of a serious, zero day vulnerability affecting Windows Access 2003 (and most likely, earlier versions). By enticing one of your users into opening a malicious MDB file, an attacker can exploit this flaw to execute code on that user’s computer, potentially gaining complete control of the victim’s machine. If you use Microsoft Office 2003 with Access, you should implement the workarounds described in the Solution Path section of this alert until Microsoft releases a patch.
Exposure:
A Chinese security researcher calling himself Cocoruder released a security advisory today, describing a new, unpatched buffer overflow vulnerability in the Microsoft Jet Engine component (msjet40.dll) that Access uses to parse MDB files. By enticing one of your users into opening a maliciously crafted MDB file, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If the victim has local administrative privileges, the attacker could leverage this flaw to gain total control of the victim’s computer.
Cocoruder released this advisory before Microsoft released a patch fixing this issue. According to Cocoruder’s advisory, he contacted Microsoft about the flaw, but he claims Microsoft said they would not fix it. He further claims that in reply to Cocoruder’s vulnerability disclosure, Microsoft wrote to him, “You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files. For more information, please visit http://support.microsoft.com/kb/925330.”
Making matters worse, Cocoruder has released a Proof-of-Concept (PoC) file that exploits this vulnerability, and proves that the flaw works. If you open his PoC file in a vulnerable version of Access, it automatically spawns Windows calculator. The LiveSecurity team has tested this PoC on a lab machine and it worked as advertised. While this particular PoC is benign, blackhat attackers could easily modify the PoC to run just about anything on your machine, instead of merely a calculator. If you use Access, you should consider this zero day flaw a serious risk.
Solution Path:
Microsoft hasn’t patched this zero day vulnerability, and Cocoruder alleges that they do not plan to. For now you have two courses of action. First, remain aware of this vulnerability and the potential hazard that unsolicited .MDB files carry. Second, block .MDB files at your gateway. Your Firebox can help you do this (see below).
For All WatchGuard Firebox Users:
You can configure most WatchGuard Firebox models to block Access Database (.MDB) files at your gateway. Since most organizations typically don’t need to receive Access database files from the outside world, blocking them will not affect most users. If you think your organization might be an exception to that generalization, your best choices are either to call appropriate managers whose teams use Access and inquire whether they must receive MDB files over the Internet; or, it might be more efficient (and safe) to block the filetype using your firewall and see whether anyone complains.
If you want to block .MDB files that arrive via email and the web, follow the links below for instructions:
- Firebox X Edge running 8.5 or later
- Firebox III and X Core running WFS
- Firebox X Core and X Peak running Fireware Pro
Status:
Microsoft has not released a patch for this issue. We will update you if and when they do.
References:
Cocoruder’s Microsoft Jet Engine Security Advisory
1 Comment | Business Computer Support, Computer Security, Home Computer Support, Microsoft, Microsoft Access 2003, Microsoft Office 2003, Non-Profit Technology, Office 2007, Student Computing | Permalink
Posted by bardissi
November 19, 2007
Severity: Medium
16 November, 2007
Summary:
Today, a Chinese researcher released an advisory warning of a serious, zero day vulnerability affecting Windows Access 2003 (and most likely, earlier versions). By enticing one of your users into opening a malicious MDB file, an attacker can exploit this flaw to execute code on that user’s computer, potentially gaining complete control of the victim’s machine. If you use Microsoft Office 2003 with Access, you should implement the workarounds described in the Solution Path section of this alert until Microsoft releases a patch.
Exposure:
A Chinese security researcher calling himself Cocoruder released a security advisory today, describing a new, unpatched buffer overflow vulnerability in the Microsoft Jet Engine component (msjet40.dll) that Access uses to parse MDB files. By enticing one of your users into opening a maliciously crafted MDB file, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If the victim has local administrative privileges, the attacker could leverage this flaw to gain total control of the victim’s computer.
Cocoruder released this advisory before Microsoft released a patch fixing this issue. According to Cocoruder’s advisory, he contacted Microsoft about the flaw, but he claims Microsoft said they would not fix it. He further claims that in reply to Cocoruder’s vulnerability disclosure, Microsoft wrote to him, “You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files. For more information, please visit http://support.microsoft.com/kb/925330.”
Making matters worse, Cocoruder has released a Proof-of-Concept (PoC) file that exploits this vulnerability, and proves that the flaw works. If you open his PoC file in a vulnerable version of Access, it automatically spawns Windows calculator. The LiveSecurity team has tested this PoC on a lab machine and it worked as advertised. While this particular PoC is benign, blackhat attackers could easily modify the PoC to run just about anything on your machine, instead of merely a calculator. If you use Access, you should consider this zero day flaw a serious risk.
Solution Path:
Microsoft hasn’t patched this zero day vulnerability, and Cocoruder alleges that they do not plan to. For now you have two courses of action. First, remain aware of this vulnerability and the potential hazard that unsolicited .MDB files carry. Second, block .MDB files at your gateway. Your Firebox can help you do this (see below).
For All WatchGuard Firebox Users:
You can configure most WatchGuard Firebox models to block Access Database (.MDB) files at your gateway. Since most organizations typically don’t need to receive Access database files from the outside world, blocking them will not affect most users. If you think your organization might be an exception to that generalization, your best choices are either to call appropriate managers whose teams use Access and inquire whether they must receive MDB files over the Internet; or, it might be more efficient (and safe) to block the filetype using your firewall and see whether anyone complains.
If you want to block .MDB files that arrive via email and the web, follow the links below for instructions:
- Firebox X Edge running 8.5 or later
- Firebox III and X Core running WFS
- Firebox X Core and X Peak running Fireware Pro
Status:
Microsoft has not released a patch for this issue. We will update you if and when they do.
References:
Cocoruder’s Microsoft Jet Engine Security Advisory
Leave a Comment » | Business Computer Support, Computer Security, Home Computer Support, Microsoft, Microsoft Access 2003, Microsoft Office 2003, Non-Profit Technology, Office 2007, Student Computing | Permalink
Posted by bardissi
November 19, 2007
AltiGen Communications, Inc. will be issuing a press release announcing our new partnership with Jenne Distributors on Monday, Novemember 19th.“Our agreement with a premier master distributor accelerates our effort to drive revenue through broader distribution,” said AltiGen President and COO Jeremiah Fleming. “Jenne brings a technically knowledgeable inside sales team, a national field sales force, skilled technical support and the ability to offer superior technical training to thousands of resellers via Jenne University, coupled with state-of-the-art distribution and stocking facilities. We are very excited about our relationship and believe it will begin to significantly contribute to revenue in 2008.”
Leave a Comment » | Altigen | Tagged: VoIP, SIP, Altigen, Phone System, Philadelphia, Pennsylvania, New Jersey, New York, Delaware, NYC, Allentown, PA, NJ, NY, DE, PBX, Jenne Distibutors, Phone System Philadelphia, voip Philadelphia, telephone system Philadelphia, pbx Philadelphia, voip pbx Philadelphia, hosted voip Philadelphia, hosted phone system Philadelphia, ip pbx Philadelphia, business telephone Philadelphia, call recording Philadelphia, call center phone system Philadelphia, supervise phone calls Philadelphia, multi branch phone system Philadelphia, SIP Trunking Philadelphia, SIP phone system Philadelphia, phone system call monitoring Philadelphia, call tracking phone system Philadelphia, voicemail to email phone system Philadelphia, Microsoft phone system Philadelphia, Microsoft exchange phone system Philadelphia, phone system conference calls Philadelphia, Phone System New Jersey, voip New Jersey, telephone system New Jersey, pbx New Jersey, voip pbx New Jersey, hosted voip New Jersey, hosted phone system New Jersey, ip pbx New Jersey, business telephone New Jersey, call recording New Jersey, call center phone system New Jersey, supervise phone calls New Jersey, multi branch phone system New Jersey, SIP Trunking New Jersey, SIP phone system New Jersey, phone system call monitoring New Jersey, call tracking phone system New Jersey, voicemail to email phone system New Jersey, Microsoft phone system New Jersey, Microsoft exchange phone system New Jersey, phone system conference calls New Jersey, Phone System Harrisburg PA, voip Harrisburg PA, telephone system Harrisburg PA, pbx Harrisburg PA, voip pbx Harrisburg PA, hosted voip Harrisburg PA, hosted phone system Harrisburg PA, ip pbx Harrisburg PA, business telephone Harrisburg PA, call recording Harrisburg PA, call center phone system Harrisburg PA, supervise phone calls Harrisburg PA, multi branch phone system Harrisburg PA, SIP Trunking Harrisburg PA, SIP phone system Harrisburg PA, phone system call monitoring Harrisburg PA, call tracking phone system Harrisburg PA, voicemail to email phone system Harrisburg PA, Microsoft phone system Harrisburg PA, Microsoft exchange phone system Harrisburg PA, phone system conference calls Harrisburg PA, Phone System Lancaster PA, voip Lancaster PA, telephone system Lancaster PA, pbx Lancaster PA, hosted voip Lancaster PA, hosted phone system Lancaster PA, ip pbx Lancaster PA, business telephone Lancaster PA, call recording Lancaster PA, call center phone system Lancaster PA, supervise phone calls Lancaster PA, multi branch phone system Lancaster PA, SIP Trunking Lancaster PA, SIP phone system Lancaster PA, phone system call monitoring Lancaster PA, call tracking phone system Lancaster PA, voicemail to email phone system Lancaster PA, Microsoft phone system Lancaster PA, Microsoft exchange phone system Lancaster PA, phone system conference calls Lancaster PA, Phone System York PA, voip York PA, telephone system York PA, pbx York PA, voip pbx York PA, hosted voip York PA, hosted phone system York PA, ip pbx York PA, business telephone York PA, call recording York PA, call center phone system York PA, supervise phone calls York PA, multi branch phone system York PA, SIP Trunking York PA, SIP phone system York PA, phone system call monitoring York PA, call tracking phone system York PA, voicemail to email phone system York PA, Microsoft phone system York PA, Microsoft exchange phone system York PA, phone system conference calls York PA, Phone System NYC, voip NYC, telephone system NYC, pbx NYC, voip pbx NYC, hosted voip NYC, hosted phone system NYC, ip pbx NYC, business telephone NYC, call recording NYC, call center phone system NYC, supervise phone calls NYC, multi branch phone system NYC, SIP Trunking NYC, SIP phone system NYC, phone system call monitoring NYC, call tracking phone system NYC, voicemail to email phone system NYC, Microsoft phone system NYC, Microsoft exchange phone system NYC, phone system conference calls NYC, call recording NY, call center phone system NY, supervise phone calls NY, multi branch phone system NY, SIP Trunking NY, SIP phone system NY, phone system call monitoring NY, call tracking phone system NY, voicemail to email phone system NY, Microsoft phone system NY, Microsoft exchange phone system NY, phone system conference calls NY, Phone System NJ, voip NJ, telephone system NJ, pbx NJ, voip pbx NJ, hosted voip NJ, hosted phone system NJ, ip pbx NJ, business telephone NJ, call recording NJ, call center phone system NJ, supervise phone calls NJ, multi branch phone system NJ, SIP Trunking NJ, SIP phone system NJ, phone system call monitoring NJ, call tracking phone system NJ, voicemail to email phone system NJ, Microsoft phone system NJ, Microsoft exchange phone system NJ, phone system conference calls NJ, Phone System DE, voip DE, telephone system DE, pbx DE, voip pbx DE, hosted voip DE, hosted phone system DE, ip pbx DE, business telephone DE, call recording DE, call center phone system DE, supervise phone calls DE, multi branch phone system DE, SIP Trunking DE, SIP phone system DE, phone system call monitoring DE, call tracking phone system DE, voicemail to email phone system DE, Microsoft phone system DE, Microsoft exchange phone system DE, phone system conference calls DE, voip pbx LancasterPA, Phone System Delaware, voip Delaware, telephone system Delaware, pbx Delaware, voip pbx Delaware, hosted voip Delaware, hosted phone system Delaware, ip pbx Delaware, business telephone Delaware, call recording Delaware, call center phone system Delaware, supervise phone calls Delaware, multi branch phone system Delaware, SIP Trunking Delaware, SIP phone system Delaware, phone system call monitoring Delaware, call tracking phone system Delaware, voicemail to email phone system Delaware, Microsoft phone system Delaware, Microsoft exchange phone system Delaware, phone system conference calls Delaware, Phone System Allentown PA, voip Allentown PA, telephone system Allentown PA, pbx Allentown PA, voip pbx Allentown PA, hosted voip Allentown PA, hosted phone system Allentown PA, ip pbx Allentown PA, business telephone Allentown PA, call recording Allentown PA, call center phone system Allentown PA, supervise phone calls Allentown PA, multi branch phone system Allentown PA, SIP Trunking Allentown PA, SIP phone system Allentown PA, Microsoft phone system Allentown PA, Microsoft exchange phone system Allentown PA, phone system conference calls Allentown PA, phone system call monitoring Allentown PA, call tracking phone system Allentown PA, voicemail to email phone system Allentown PA | Permalink
Posted by bardissi
November 16, 2007
I’m pleased to announce that Dell intends to acquire Everdream. This transaction, subject to customary closing conditions, is expected to close during this quarter.
Dell’s interest in Everdream is grounded in our strong track record of serving customers and partners, and our leading, cost-effective, secure on-demand PC desktop, notebook and remote device management services. Dell plans to invest in continued innovation in this area by continuing to expand and build upon Everdream’s portfolio of world-class products and partners. Everdream branded and white label products will continue to be available directly to customers and through partners without disruption.
Your existing Everdream contact(s) will continue to be on point for any issues, and our existing pricing and support model remains intact. You’ll be hearing more from us on our growth in the coming months. In the meantime, a representative from Everdream will be contacting you shortly to answer any questions you may have regarding this next exciting phase in Everdream’s evolution.
As part of Dell, we’ll be in an even stronger position to deliver the great products and services you’ve come to expect from us.
To read the news announcement, please click here.
Best Regards,
Mark Hoffman
Chief Executive Officer
Everdream Corporation
Leave a Comment » | Business Computer Support, Home Computer Support, Network Infrastructure, Non-Profit Technology, everdream | Permalink
Posted by bardissi
November 15, 2007
Welcome to the November edition of the Motion News Network (MNN), the first place to go to get all of your Motion news, updates and information. The MNN is sent out every month. Be on the lookout for Motion News direct from the source!
Product Updates
Lead Time Updates
Hot off the presses- current tablet backlog will be cleared by next week! All new product orders will ship on standard lead times.
• The backlog of aftermarket LE-Series Standard Batteries is expected to be cleared by mid December pending further investigation with supplier.
• Extended Batteries also remain challenged but significant progress is expected in November with backlog expected to be cleared by mid December as well based on current outlook. New orders will be on a six week lead time.
Motion has created a new lead time update page placed within the Motion Partner Portal and updated weekly. Look for the Ship Time link under the Products section.
Intent to End-of-life (EOL) LS800
This alert serves as formal notification that Motion intends to EOL the LS800 platform by January 1, 2008 or while supplies last. The LS800 was introduced in July 2005 and has been a market success for the past two and a half years. Rapid advancements in mobile technology and wireless communications- while good news for new customer deployments, have resulted in shorter than normal product and component lifecycles. Unfortunately, many of the LS800 components have reached end-of-life and thus limit Motion’s ability to continue producing this product.
Supplies of the recently introduced 1.1GHz configurations continue to be available for customer purchase in the U.S., Canada, & select Pacific Rim geographies. Unfortunately, supplies have already been depleted for Western European geographies. Motion thanks all of our partners and customers for their contribution in making the LS800 a successful product.
LS800 Supported Peripherals
• The LS800 Tablet, Pen, & Extended Battery will be supported and serviced for 3 years until December 31, 2010.
• Motion has a limited inventory of Standard Batteries for aftermarket purchase. Once this inventory has been exhausted, only the Extended Battery will be available.
• The MobileDock will continue to be available while supplies last (limited supplies exist, so get your orders in quickly). Service and support for the LS800 MobileDock will continue thru December 31, 2008.
• The LS800 Bump Case will be serviced and supported for 90 days. Additional Bump Cases can be purchased from Elegant Packaging after this time.
Peripheral EOL Update
Motion will end of life the following peripherals by the end of 2007 or while supplies last. However, these products will be available for purchase direct from the supplier listed in parentheses.
SEN-CD386 – Cross Exec Pen (Wacom)
SEN-MSBTUE – Think Outside BT Mouse (iGo)
SEN-SBT5E – Think Outside Stowaway keyboard (iGo)
SEN-NBP-3 – Case Logic Back Pack (Case Logic)
SEN-OK-4040 – RAAK Tech Smart Card Reader (RAAk Technology)
504.400.03 -Motion LE-Series Executive Portfolio (similar product from Elegant Packaging)
Reminder:
Service & Support for discontinued products extends for 1 year beyond the associated tablet’s end-of-life date. As previously communicated the following items are no longer serviced and supported by Motion.
• The M-Series Hardtop Keyboard
• The M-Series FlexDock
The M-Series Battery is currently on backorder until Mid-November.
Leave a Comment » | Business Computer Support, Motion Computing | Permalink
Posted by bardissi
November 14, 2007
Fourth Quarter Revenue Up 15% to $5.2 Million due to Growth in System Sales — Board Approves Share Repurchase Program for Up to $2 Million -
November 14, 2007: 04:05 PM EST
FREMONT, Calif., Nov. 14 /PRNewswire-FirstCall/ — AltiGen Communications, Inc. , a leading provider of VoIP business phone systems and Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers, reported its financial results for the fiscal 2007 fourth quarter and year ended September 30, 2007.
Gilbert Hu, chairman and CEO, stated, “Our record fourth quarter revenue reflects our efforts to accelerate growth and build shareholder value. During 2007, we strengthened management, expanded the sales model, enhanced our products and began executing on our new strategic business plan. As a result, in the fourth quarter, we increased both revenue by 15 percent, compared to the fourth quarter of 2006, and gross profit to 56 percent of revenue, versus 55 percent last year. We are very excited about the upward trend in revenue this quarter, and we believe this solid momentum will continue.”
Jeremiah Fleming, AltiGen’s president and COO, said, “Over the past six months, we placed a significant focus on amplifying our distribution channel. During this time, we doubled our sales organization by adding channel sales, strategic account and telemarketing personnel. We continue to integrate quality value added resellers (VARs) into our team and currently have well over 200 in North America. We recently reached an agreement with a leading North American master distributor of business telephone and computer telephony products, bringing exposure to thousands of resellers. We also released the new 5.1 version of our award-winning IP-PBX, which enables us to support lower cost IP trunking and standard third party endpoints and has resulted in greater scalability. The combination of all these factors with our new automated multi-site enterprise communications manager has positioned us well to capture the growing demand for VoIP and Unified Communications among small, medium and multi-site businesses.”
“In fact, the market’s increasing emphasis on Unified Communications bodes particularly well for AltiGen, as we offer solutions that unify the various aspects of business communications — such as voice, email, fax and messaging — across one or more locations,” Fleming added. “Our single server architecture provides an integrated VoIP business phone system and Unified Communications platform that immediately delivers increased productivity and cost savings. Simultaneously, our software-based system enables companies to implement the features they need now, with the security that they can easily add more features, users and locations as future growth requires.”
Financial Results
Revenue for the fiscal 2007 fourth quarter was $5.2 million, compared to $4.5 million a year ago and $4.2 million in the previous quarter. Operating expenses, including the increased investment in sales and marketing, totaled $3.2 million, compared to $2.4 million in the year ago period. Net loss for the fourth quarter of fiscal 2007 was $144,000, or $0.01 per share, including stock based compensation expense of $186,000. This compares to net income of $136,000, or $0.01 per diluted share, including stock based compensation expense of $174,000 in the same period last year, and a net loss of $526,000, or $0.03 per share, including stock based compensation expense of $161,000 in the previous quarter.
Phil McDermott, AltiGen’s CFO, said, “Although new sales programs take approximately six months to begin to impact revenue, we already began to experience results in the fourth quarter. Revenue from IP telephone sales increased 39 percent and produced a positive impact on our margins. Additionally, sales of our MAX1000 IP-PBX continue to gain traction, increasing seven percent sequentially and 20 percent over last year’s fourth quarter. Also, we drove revenue contribution from larger systems to 19 percent of total systems shipped versus 14 percent last quarter, a 35 percent increase. While revenue was flat for the year, we are optimistic the growth we achieved in the fourth quarter will continue.”
Revenue was $17.9 million for both fiscal 2007 and 2006. Operating expenses, including the increased investment in sales and marketing, totaled $11.2 million, compared to $10.2 million in fiscal 2006. Net loss for fiscal 2007 was $936,000 or $0.06 per share, including stock-based compensation expense of $603,000. This compares to a 2006 net loss of $12,000, or $0.00 per share, including stock-based compensation expense of $801,000.
Stock Repurchase Program
The board authorized a repurchase program of up to $2.0 million of shares of AltiGen’s common stock. Pursuant to the plan, the company will enter into a trading plan with a securities broker and may continue through November 14, 2008.
Earnings Conference Call
AltiGen will conduct a conference call with investment professionals at 2:00 PM Pacific Time (5:00 PM Eastern Time) today, November 14, 2007 to discuss AltiGen’s results of operations for the fourth quarter. Dial (800) 862-9098 (domestic) or (785) 424-1051 (international) to listen to the call. The conference call ID is “7AltiGen.” A telephonic replay will be available approximately one hour after the call through November 16, 2007. To access the replay, dial (402) 220-4948. A live Webcast will be made available at http://www.altigen.com and will also be archived for 90 days at this URL following the call.
About AltiGen Communications
AltiGen Communications, Inc. is a leading provider of VoIP business phone systems and Microsoft-based Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers. AltiGen’s scalable, integrated, and easy to manage all-in-one unified communications solutions enable an array of applications like standards based SIP VoIP phones and servers, unified messaging, voicemail, call recording, conferencing, call activity reporting, and mobility solutions that leverage both the Internet and the public telephone network to take advantage of the convergence of voice and data communications. AltiGen’s systems are designed with an open architecture and are built on an industry standard platform. This adherence to widely-used standards allows our products to integrate with and leverage our partners’ and customers’ existing technology investment. For more information, call 1-888-ALTIGEN or visit the Web site at http://www.altigen.com.
Safe Harbor Statement
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, including, without limitation, statements regarding the continued market acceptance of our Voice over IP telephone systems, our continued growth of the MAX 1000 VoIP phone system, our ability to continue this upward revenue trend, our successful execution of adding new quality value added resellers, including a successful partnership with a leading North American master distributor, and the successful introduction of our new automated multi-site enterprise communications manager. These statements reflect management’s current expectation. However, actual results could differ materially as a result of unknown risks and uncertainties, including but not limited to, risks related to AltiGen’s limited operating history. For a more detailed description of these and other risks and uncertainties affecting AltiGen’s performance, please refer to AltiGen’s Annual Report on Form 10-K for the fiscal year ended September 30, 2006 and all subsequent current reports on Form 8-K and quarterly reports on Form 10-Q. All forward-looking statements in this press release are based on information available to AltiGen as of the date hereof and AltiGen assumes no obligation to update these forward-looking statements.
(Tables Follow) AltiGen Communications, Inc. Condensed Consolidated Statements of Operations (Amounts in thousands, except per share data) (Audited) Fourth Quarter Ended Year Ended September 30 September 30 FY 2007 FY 2006 FY 2007 FY 2006 Net Revenue $5,189 $4,513 $17,888 $17,896 Gross profit 2,929 2,479 9,765 9,814 Research and development 871 886 3,373 3,740 Selling, general & administrative 2,314 1,559 7,774 6,411 Operating profit (loss) (256) 34 (1,382) (337) Interest and other income, net 112 107 457 344 Net income (loss) before tax $(144) $141 $(925) $7 Provision for income tax -- 5 11 19 Net income (loss) after tax (144) 136 (936) (12) Basic and diluted net income (loss) per share $(0.01) $0.01 $(0.06) $(0.00) Weighted average shares outstanding Basic 15,651 15,077 15,363 14,964 Diluted 16,213 15,574 15,960 15,573 Condensed Consolidated Balance Sheets (Amounts in thousands) (Audited) September 30, September 30, 2007 2006 Cash and cash equivalents $8,119 $5,053 Short-term investments 1,788 4,869 Accounts receivable, net 2,656 2,230 Inventories 1,567 1,382 Other current assets 237 123 Net property and equipment 506 681 Other long-term assets 377 306 Total Assets $15,250 $14,644 Current liabilities $2,816 $2,630 Long-term liabilities $89 $177 Stockholders' equity 12,345 11,837 Total Liabilities and Stockholders' Equity $15,250 $14,644
Leave a Comment » | Altigen, Business Computer Support, VoIP Phone | Tagged: VoIP, SIP, Altigen, Phone System, Philadelphia, Pennsylvania, New Jersey, New York, Delaware, NYC, Allentown, PA, NJ, NY, DE, PBX, Phone System Philadelphia, voip Philadelphia, telephone system Philadelphia, pbx Philadelphia, voip pbx Philadelphia, hosted voip Philadelphia, hosted phone system Philadelphia, ip pbx Philadelphia, business telephone Philadelphia, call recording Philadelphia, call center phone system Philadelphia, supervise phone calls Philadelphia, multi branch phone system Philadelphia, SIP Trunking Philadelphia, SIP phone system Philadelphia, phone system call monitoring Philadelphia, call tracking phone system Philadelphia, voicemail to email phone system Philadelphia, Microsoft phone system Philadelphia, Microsoft exchange phone system Philadelphia, phone system conference calls Philadelphia, Phone System New Jersey, voip New Jersey, telephone system New Jersey, pbx New Jersey, voip pbx New Jersey, hosted voip New Jersey, hosted phone system New Jersey, ip pbx New Jersey, business telephone New Jersey, call recording New Jersey, call center phone system New Jersey, supervise phone calls New Jersey, multi branch phone system New Jersey, SIP Trunking New Jersey, SIP phone system New Jersey, phone system call monitoring New Jersey, call tracking phone system New Jersey, voicemail to email phone system New Jersey, Microsoft phone system New Jersey, Microsoft exchange phone system New Jersey, phone system conference calls New Jersey, Phone System Harrisburg PA, voip Harrisburg PA, telephone system Harrisburg PA, pbx Harrisburg PA, voip pbx Harrisburg PA, hosted voip Harrisburg PA, hosted phone system Harrisburg PA, ip pbx Harrisburg PA, business telephone Harrisburg PA, call recording Harrisburg PA, call center phone system Harrisburg PA, supervise phone calls Harrisburg PA, multi branch phone system Harrisburg PA, SIP Trunking Harrisburg PA, SIP phone system Harrisburg PA, phone system call monitoring Harrisburg PA, call tracking phone system Harrisburg PA, voicemail to email phone system Harrisburg PA, Microsoft phone system Harrisburg PA, Microsoft exchange phone system Harrisburg PA, phone system conference calls Harrisburg PA, Phone System Lancaster PA, voip Lancaster PA, telephone system Lancaster PA, pbx Lancaster PA, hosted voip Lancaster PA, hosted phone system Lancaster PA, ip pbx Lancaster PA, business telephone Lancaster PA, call recording Lancaster PA, call center phone system Lancaster PA, supervise phone calls Lancaster PA, multi branch phone system Lancaster PA, SIP Trunking Lancaster PA, SIP phone system Lancaster PA, phone system call monitoring Lancaster PA, call tracking phone system Lancaster PA, voicemail to email phone system Lancaster PA, Microsoft phone system Lancaster PA, Microsoft exchange phone system Lancaster PA, phone system conference calls Lancaster PA, Phone System York PA, voip York PA, telephone system York PA, pbx York PA, voip pbx York PA, hosted voip York PA, hosted phone system York PA, ip pbx York PA, business telephone York PA, call recording York PA, call center phone system York PA, supervise phone calls York PA, multi branch phone system York PA, SIP Trunking York PA, SIP phone system York PA, phone system call monitoring York PA, call tracking phone system York PA, voicemail to email phone system York PA, Microsoft phone system York PA, Microsoft exchange phone system York PA, phone system conference calls York PA, Phone System NYC, voip NYC, telephone system NYC, pbx NYC, voip pbx NYC, hosted voip NYC, hosted phone system NYC, ip pbx NYC, business telephone NYC, call recording NYC, call center phone system NYC, supervise phone calls NYC, multi branch phone system NYC, SIP Trunking NYC, SIP phone system NYC, phone system call monitoring NYC, call tracking phone system NYC, voicemail to email phone system NYC, Microsoft phone system NYC, Microsoft exchange phone system NYC, phone system conference calls NYC, call recording NY, call center phone system NY, supervise phone calls NY, multi branch phone system NY, SIP Trunking NY, SIP phone system NY, phone system call monitoring NY, call tracking phone system NY, voicemail to email phone system NY, Microsoft phone system NY, Microsoft exchange phone system NY, phone system conference calls NY, Phone System NJ, voip NJ, telephone system NJ, pbx NJ, voip pbx NJ, hosted voip NJ, hosted phone system NJ, ip pbx NJ, business telephone NJ, call recording NJ, call center phone system NJ, supervise phone calls NJ, multi branch phone system NJ, SIP Trunking NJ, SIP phone system NJ, phone system call monitoring NJ, call tracking phone system NJ, voicemail to email phone system NJ, Microsoft phone system NJ, Microsoft exchange phone system NJ, phone system conference calls NJ, Phone System DE, voip DE, telephone system DE, pbx DE, voip pbx DE, hosted voip DE, hosted phone system DE, ip pbx DE, business telephone DE, call recording DE, call center phone system DE, supervise phone calls DE, multi branch phone system DE, SIP Trunking DE, SIP phone system DE, phone system call monitoring DE, call tracking phone system DE, voicemail to email phone system DE, Microsoft phone system DE, Microsoft exchange phone system DE, phone system conference calls DE, voip pbx LancasterPA, Phone System Delaware, voip Delaware, telephone system Delaware, pbx Delaware, voip pbx Delaware, hosted voip Delaware, hosted phone system Delaware, ip pbx Delaware, business telephone Delaware, call recording Delaware, call center phone system Delaware, supervise phone calls Delaware, multi branch phone system Delaware, SIP Trunking Delaware, SIP phone system Delaware, phone system call monitoring Delaware, call tracking phone system Delaware, voicemail to email phone system Delaware, Microsoft phone system Delaware, Microsoft exchange phone system Delaware, phone system conference calls Delaware, Phone System Allentown PA, voip Allentown PA, telephone system Allentown PA, pbx Allentown PA, voip pbx Allentown PA, hosted voip Allentown PA, hosted phone system Allentown PA, ip pbx Allentown PA, business telephone Allentown PA, call recording Allentown PA, call center phone system Allentown PA, supervise phone calls Allentown PA, multi branch phone system Allentown PA, SIP Trunking Allentown PA, SIP phone system Allentown PA, Microsoft phone system Allentown PA, Microsoft exchange phone system Allentown PA, phone system conference calls Allentown PA, phone system call monitoring Allentown PA, call tracking phone system Allentown PA, voicemail to email phone system Allentown PA | Permalink
Posted by bardissi
November 14, 2007
Severity: High
14 November, 2007
Summary:
Today, Apple released a security update fixing 39 security issues in software packages that ship as part of OS X, including WebCore, Networking, and BIND. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.10 machines, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Apple’s latest security update corrects vulnerabilities affecting software packages that ship with OS X 10.3.9 and 10.4.10. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
- Five vulnerabilities in Networking. OS X ships with the Networking component, which helps your OS X computers to communicate with other computers on a network. According to Apple, Networking suffers from five security vulnerabilities. Three of the vulnerabilities involve AppleTalk. If you enable AppleTalk, a local attacker could send a maliciously crafted packet and exploit any of these three vulnerabilities to execute code on your user’s machine, with that user’s privileges. Another Networking vulnerability involves IPv6. By sending a specially crafted IPv6 packet, a remote attacker could exploit this vulnerability to execute code on your user’s machine. The final vulnerability involves Networking’s “Node Information Query mechanism.” A remote attacker could take advantage of an unspecified flaw in this mechanism to learn about other hosts on your network.
- Nine vulnerabilities in WebCore. WebCore is the OS X component that helps the operating system handle and display web pages. Apple’s latest security update fixes nine security vulnerabilities in WebCore. All nine vulnerabilities differ technically. However, a remote attacker can exploit the worst of these flaws to execute malicious code on your user’s computers, with that user’s privileges. The attacker would only have to entice your user to a malicious web page in order to trigger this attack.
- Code execution vulnerability in Flash Player plug-in. The Adobe Flash Player plug-in is a component OS X uses to play Flash content typically found on web sites. The Flash Player plug-in suffers from an unspecified input validation vulnerability. By enticing one of your users into viewing maliciously crafted Flash content, a remote attacker could exploit this flaw to execute code on that user’s computer with that user’s privileges.
Apple’s alert includes 24 more flaws, including many more code execution flaws besides the ones described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, a few elevation of privilege flaws, and even some Cross-Site Scripting (XSS) flaws, plus others. Components that this security update patches include:
| Apple Raid |
BIND |
| bzip2 |
CFFTP |
| CFNetworks |
CoreFoundation |
| CoreText |
Kerberos |
| Kernel |
remote_cmds |
| NFS |
NSURL |
| Safari |
SecurityAgent |
| Webkit |
|
Refer to Apple’s alert for more details.
In a separate bulletin, Apple also fixed multiple security vulnerabilities in Safari 3 for Windows BETA. If an attacker can entice a Safari for Windows user into visiting a malicious web site, he can exploit the worst of these flaws to execute attack code on that user’s machine, with the users privileges. For more details, see Apple’s Safari for Windows bulletin. If you use Safari 3 for Windows on your network, install the patch.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.3.9 and 10.4.8. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.
References:
Leave a Comment » | Apple, Business Computer Support, Computer Security, Home Computer Support, Mac, Network Infrastructure, Non-Profit Technology, OS X, Student Computing | Permalink
Posted by bardissi
