November 21, 2008
Severity: High
17 November, 2008
Summary:
§ This vulnerability affects: Firebox X Edge 10.2.3 (and earlier versions)
§ How an attacker exploits it: By entering a specially crafted username into the authentication page, or by manually visiting a specific URL
§ Impact: A remote attacker can authenticate to your Edge without valid login credentials, in some cases gaining VPN access to your network
§ What to do: Install 10.2.4 immediately
Exposure:
In order for you to verify that your users really are who they claim to be, the Firebox X Edge supports various types of user authentication. With user authentication configured, you can create URL filtering or VPN policies that permit or deny data traffic based on who someone is, rather than based on the IP address they come from. You also utilize user authentication when setting up mobile VPN access to your network. The Edge provides a secure HTTPS web page that allows your users to authenticate to your Edge.
Unfortunately, the web-based authentication pages running on the Edge suffer from various authentication bypass vulnerabilities, some due to lack of input validation in the web application. By entering a specially crafted username into the authentication page, or by manually visiting a specific URL, an anonymous attacker can successfully authenticate to your Edge without valid login credentials.
When an attacker exploits this authentication bypass vulnerability, he essentially authenticates as a non-existent, “null” user. Any policies you’ve created using your real user accounts will not apply to this “null” user. By default, the “null” user gains no additional privileges to your Edge, or on your network.
However, the Edge ships with a pre-supplied user group called “default.” In its factory configuration, the “default” user group does not have any privileges that matter. But any settings you apply to the default user group will affect all of your Edge’s users, including the non-existent, “null” user. For instance, if you allow the “default” user group access to your Edge via Mobile SSL VPN, then an attacker could exploit this vulnerability to gain SSL VPN access to your network, even though the attacker doesn’t have valid login credentials. If you’ve given any privilege to the “default” user group, then this authentication bypass vulnerability poses a critical risk to your network
Solution Path:
Firebox X Edge System Software 10.2.4 fixes this vulnerability. You should download and install this new software update immediately.
FAQ:
Are any of WatchGuard’s other products affected?
No. To our knowledge, this authentication bypass vulnerability does not affect any other WatchGuard products. While the Firebox X Core and Peak devices use a similar authentication process, they do not suffer from this vulnerability.
What exactly is the vulnerability?
This is an authentication bypass vulnerability. If a remote attacker has access to your Firebox X Edge’s web-based authentication page, he can successfully authenticate to your Edge without valid user credentials. If you’ve configured the Edge’s “default” user group to allow SSL VPN access, any anonymous attacker could leverage this vulnerability to gain unauthorized access to your internal network. The authentication bypass vulnerability is present in Firebox X Edge devices running System Software version 10.2.3 and earlier. The authentication bypass flaw is NOT present in Firebox X Core and Peak class devices.
How serious is the vulnerability?
It is very serious. Depending on your configuration, successful exploitation could allow a remote, anonymous attacker unrestricted access to your protected network through a VPN tunnel. While the attacker would not gain control of the Firebox via this vulnerability, he could leverage his VPN access to directly attack your internal computers, unfettered from the Edge’s firewall policies.
Other than installing the hotfix, is there a workaround?
Yes. An attacker can only leverage this vulnerability if you’ve added additional privileges to your Edge’s “default” user group, or created any policies using the “default” user group. As long as you haven’t allowed any VPN access for the “default” user group, an attacker exploiting this authentication bypass vulnerability gains no additional access to your network.
To see whether or not you’ve added any privilege to the “default” user group, go to your Edge’s web-based management pages and click Firebox Users. Scroll down to Local Group Accounts and edit the “default” group account. Make sure to uncheck all the VPN settings, and ensure that you haven’t given the “default” user group administrative access to the Edge. If you previously relied on the “default” user group to give all your users VPN access, you can either create a new group comprised of your individual users and grant that group VPN access, or, you can add the VPN access to each user account manually.
Where can I go to get the hotfix?
The hotfix is currently available via the software download center on WatchGuard’s web site, labeled as Edge 10.2.4.
How was this vulnerability discovered?
This vulnerability was discovered by Thomas Martinkewitz and confidentially reported to WatchGuard. We thank Mr. Martinkewitz for working with us to keep our customers secure.
Do you have any indication that this vulnerability is being exploited in the wild?
No, at this time we have no indication that the vulnerability is being exploited in the wild.
Leave a Comment » | 
Bardissi Enterprises, Business Computer Support, Computer Security, Microsoft, Network Infrastructure, Non-Profit Technology, Watchguard | Tagged: Bardissi Enterprises, Bardissi Enterprises LLC, Computer Security, Firebox X Edge, Firebox X Edge 10.2.3, network Security, User Authentication Bypass, Watchguard, WatchGuard Live Security | 
Permalink
Posted by bardissi
November 13, 2008
- Service Pack 1 adds comprehensive redundancy options to AltiGen’s Flagship Product -Fremont, CA – November 11, 2008 – AltiGen® Communications, Inc. (NASDAQ: ATGN), a leading provider of VoIP business telephone systems and unified communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, announces the availability of Service Pack 1 for AltiGen’s MAX Communications Server 6.0 VoIP unified communications platform.
MAX Communicator Server (MAXCS) 6.0 Service Pack 1 offers many improvements on existing features while adding new features. New features include:
- New server redundancy options with “hot standby support” for mission critical environments
- 802.1q support for VLANs for increased Quality of Service
- New single T1/PRI/E1access board for the MAX1000 and MAX1000R servers
- Enhanced Microsoft Office Communications Server 2007 support
“With our flexible, software based unified communications solution AltiGen is uniquely positioned to provide our customers with value-add feature enhancements during the product’s life cycle without the need for traditional “forklift” upgrades commonly required of older, legacy phone systems,” said Jimmin Yao, vice president of product management. “AltiGen’s software based softswitch architecture gives IT departments the flexibility to deploy the features they need as soon as they become available while simultaneously increasing the AltiGen product’s return on investment while lower their company’s total cost of ownership.”
The MAX Communications Server (MAXCS) 6.0 is AltiGen’s next generation full-featured VoIP phone system and unified communications solution designed for businesses with support for up to 5,000 users. To increase scalability, the new VoIP switching architecture of MAXCS 6.0 utilizes standard Intel® based servers to handle all VoIP voice processing.
MAX Communications Server 6.0 key features and benefits include the following:
- Native Microsoft Exchange Server 2007 integration for a complete unified messaging solution
- New software based distributed softswitch architecture with support for 1,000 users on a single server
- New .NET based desktop telephony client with enhanced call control features
- Integration with Microsoft Office Communicator to deliver rich presence management
- Expanded meet-me conference bridge with scheduling application supporting 120 participants
“As AltiGen moves further upstream in the market, our ability to continually add and improve upon our products core capabilities is critical to meeting the demands of our customers,” said AltiGen President Jeremiah Fleming. “With the increased scalability available from a software based softswitch and the new redundancy and QoS features available in MAXCS Service Pack 1, AltiGen is well positioned to compete and sell into larger opportunities.”
Availability
MAX Communications Server Service Pack 1 is now generally available and can be obtain by contacting your local Authorized AltiGen Partner.
About AltiGen Communications
AltiGen Communications, Inc. (NASDAQ: ATGN) is a leading provider of VoIP business phone systems and Microsoft-based Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers. AltiGen’s scalable, integrated, and easy to manage all-in-one unified communications solutions enable an array of applications like standards based SIP VoIP phones and servers, unified messaging, voicemail, call recording, conferencing, call activity reporting and mobility solutions that leverage both the Internet and the public telephone network to take advantage of the convergence of voice and data communications. AltiGen’s systems are designed with an open architecture and are built on an industry standard platform. This adherence to widely used standards allows products to integrate with and leverage the existing technology investment of partners and customers. For more information, call 1-888-ALTIGEN or visit the web site at www.altigen.com.
Safe Harbor Statement
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, including, without limitation, statements regarding the continued market acceptance of our Voice over IP telephone systems, AltiGen’s successful introduction of our new MAX Communications Server 6.0 and the scalability of the soft switch architecture in the market place. These statements reflect management’s current expectation. However, actual results could differ materially as a result of unknown risks and uncertainties, including but not limited to, risks related to AltiGen’s limited operating history. For a more detailed description of these and other risks and uncertainties affecting AltiGen’s performance, please refer to AltiGen’s Annual Report on Form 10-K for the fiscal year ended September 30, 2007 and all subsequent current reports on Form 8-K and quarterly reports on Form 10-Q. All forward-looking statements in this press release are based on information available to AltiGen as of the date hereof and AltiGen assumes no obligation to update these forward-looking statements.
Leave a Comment » | 
Altigen, Bardissi Enterprises, Business Computer Support, Business Phone Solutions, Cisco, Computer Security, Hosted VoIP, IT Equipment Leasing, Internet Telephony Magazine, Microsoft, Microsoft Exchange 2003, Microsoft Exchange 2007, Microsoft Exchange 2007 Voice Integration, Microsoft Office 2003, Microsoft Office Communications Server 2007, Microsoft SQL Server 2005, Microsoft Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Network Infrastructure, Non-Profit Technology, Non-Profits, Office 2007, PBX, PBX Systems, Phone System, Telephone Systems, VoIP Phone, iPhone | Tagged: 2008 Microsoft Worldwide Partner Conference, Airport Business Complex, Allentown, Altigen, AltiGen 802.1q support, Altigen Communications, AltiGen Max Communications Server 6.0, ALtiGen MAX1000, AltiGen MAX1000R, AltiGen Pennsylvania, Altigen Philadelphia, AltiGen Phone System, AltiGen QoS, AltiGen T1/PRI/E1 board, AltiGen VLAN, AtiGen Softswitch, Bardissi Enterprises, Bardissi Enterprises LLC, business telephone Allentown PA, business telephone DE, business telephone Delaware, business telephone Harrisburg PA, business telephone Lancaster PA, business telephone New Jersey, business telephone NJ, business telephone NYC, business telephone Philadelphia, business telephone systems, call center phone system Allentown PA, call center phone system DE, call center phone system Delaware, call center phone system Harrisburg PA, call center phone system Lancaster PA, call center phone system New Jersey, call center phone system NJ, call center phone system NY, call center phone system NYC, call center phone system Philadelphia, call recording Allentown PA, call recording DE, call recording Delaware, call recording Harrisburg PA, call recording Lancaster PA, call recording New Jersey, call recording NJ, call recording NY, call recording NYC, call recording Philadelphia, call tracking phone system DE, call tracking phone system Delaware, call tracking phone system Harrisburg PA, call tracking phone system Lancaster PA, call tracking phone system New Jersey, call tracking phone system NJ, call tracking phone system NY, call tracking phone system NYC, call tracking phone system Philadelphia, DE, Delaware, Harrisburg PA, hosted phone system Allentown PA, hosted phone system DE, hosted phone system Delaware, hosted phone system Harrisburg PA, hosted phone system Lancaster PA, hosted phone system New Jersey, hosted phone system NJ, hosted phone system Philadelphia, hosted voip Allentown PA, hosted voip DE, hosted voip Delaware, hosted voip Harrisburg PA, hosted voip Lancaster PA, hosted voip New Jersey, hosted voip NJ, hosted voip Philadelphia, hosted voip York PA, Integration with Microsoft Office Communicator, ip pbx Allentown PA, ip pbx DE, ip pbx Delaware, ip pbx Harrisburg PA, ip pbx Lancaster PA, ip pbx New Jersey, ip pbx NJ, ip pbx Philadelphia, Lancaster PA, MAX Communications Server 6.0 VoIP, MAX Communications Server 6.0 VoIP unified communicatio, MAX Communicator Server, MAXCS, MAXCS 6.0, Microsoft exchange phone system DE, Microsoft exchange phone system Delaware, Microsoft exchange phone system Harrisburg PA, Microsoft exchange phone system Lancaster PA, Microsoft exchange phone system New Jersey, Microsoft exchange phone system NJ, Microsoft exchange phone system NY, Microsoft exchange phone system NYC, Microsoft exchange phone system Philadelphia, Microsoft Exchange Server 2007 IP PBX plug-in, Microsoft Office Communications Server 2007, Microsoft phone system DE, Microsoft phone system Delaware, Microsoft phone system Harrisburg PA, Microsoft phone system Lancaster PA, Microsoft phone system New Jersey, Microsoft phone system NJ, Microsoft phone system NY, Microsoft phone system NYC, Microsoft phone system Philadelphia, multi branch phone system Allentown PA, multi branch phone system DE, multi branch phone system Delaware, multi branch phone system Harrisburg PA, multi branch phone system Lancaster PA, multi branch phone system New Jersey, multi branch phone system NJ, multi branch phone system NY, multi branch phone system NYC, multi branch phone system Philadelphia, Native Microsoft Exchange Server 2007 integration, New Jersey, New York, NJ, NY, NYC, PA, PBX, pbx Allentown PA, pbx DE, pbx Delaware, pbx Harrisburg PA, pbx Lancaster PA, pbx New Jersey, pbx NJ, pbx Philadelphia, pbx York PA, Pennsylvania, Philadelphia, Phone System, Phone System Allentown PA, phone system call monitoring DE, phone system call monitoring Delaware, phone system call monitoring Harrisburg PA, phone system call monitoring Lancaster PA, phone system call monitoring New Jersey, phone system call monitoring NJ, phone system call monitoring NY, phone system call monitoring NYC, phone system call monitoring Philadelphia, phone system conference calls DE, phone system conference calls Delaware, phone system conference calls Harrisburg PA, phone system conference calls Lancaster PA, phone system conference calls New Jersey, phone system conference calls NJ, phone system conference calls NY, phone system conference calls NYC, phone system conference calls Philadelphia, Phone System DE, Phone System Delaware, Phone System Harrisburg PA, Phone System Lancaster PA, Phone System New Jersey, Phone System NJ, Phone System Philadelphia, Phone System York PA, SIP, SIP phone system Allentown PA, SIP phone system DE, SIP phone system Delaware, SIP phone system Harrisburg PA, SIP phone system Lancaster PA, SIP phone system New Jersey, SIP phone system NJ, SIP phone system NY, SIP phone system NYC, SIP phone system Philadelphia, SIP Trunking Allentown PA, SIP Trunking DE, SIP Trunking Delaware, SIP Trunking Harrisburg PA, SIP Trunking Lancaster PA, SIP Trunking New Jersey, SIP Trunking NJ, SIP Trunking NY, SIP Trunking NYC, SIP Trunking Philadelphia, supervise phone calls Allentown PA, supervise phone calls DE, supervise phone calls Delaware, supervise phone calls Harrisburg PA, supervise phone calls Lancaster PA, supervise phone calls New Jersey, supervise phone calls NJ, supervise phone calls NY, supervise phone calls NYC, supervise phone calls Philadelphia, telephone system Allentown PA, telephone system DE, telephone system Delaware, telephone system Harrisburg PA, telephone system Lancaster PA, telephone system New Jersey, telephone system NJ, telephone system Philadelphia, telephone system York PA, unified communications, unified communications solutions, voicemail to email phone system DE, voicemail to email phone system Delaware, voicemail to email phone system Harrisburg PA, voicemail to email phone system Lancaster PA, voicemail to email phone system New Jersey, voicemail to email phone system NJ, voicemail to email phone system NY, voicemail to email phone system NYC, voicemail to email phone system Philadelphia, VoIP, voip Allentown PA, VoIP business telephone systems, voip DE, voip Delaware, voip Harrisburg PA, VoIP hot standby support, voip Lancaster PA, voip New Jersey, voip NJ, voip pbx Allentown PA, voip pbx DE, voip pbx Delaware, voip pbx Harrisburg PA, voip pbx LancasterPA, voip pbx New Jersey, voip pbx NJ, voip pbx Philadelphia, voip pbx York PA, voip Philadelphia, VoIP Phone, VoIP telephone systems, VoIP unified communications, voip York PA, York PA | 
Permalink
Posted by bardissi
November 12, 2008
Severity: High
11 November, 2008
Summary:
§ These vulnerabilities affect: All current versions of Windows, and many versions of Office
§ How an attacker exploits them: Multiple vectors of attack, including enticing a victim to a malicious web site
§ Impact: Various; in the worst case, attacker can gain complete control of your Windows computer
§ What to do: Install the appropriate Microsoft patches immediately
Exposure:
Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components that ship with it. Some of the vulnerabilities also affect Office and Office-related products. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities in order of severity, worst first.
MS08-069: Three XML Core Services Vulnerabilities
Microsoft’s XML Core Services (MSXML) provide a high degree of support for XML standards in Windows. Though the XML Core Services do not ship with all versions of Windows, they ship with a variety of popular Microsoft products and software updates, including some versions of Office and Internet Explorer. You’re likely to find the XML Core Services on most of your Windows workstations. (For further details on which products include the XML Core Services, scroll to the bottom of the Microsoft Knowledge Base article, “List of Microsoft XML Parser versions.”)
Microsoft’s bulletin describes three vulnerabilities that affect MSXML. The worst vulnerability involves memory corruption, arising from MSXML poorly handling specially crafted XML content. By enticing one of your users to a malicious web site, an attacker could leverage this vulnerability to execute code on that user’s computer, with that user’s privileges. If that user has local administrative rights, the attacker could gain complete control of the user’s machine. The two remaining MSXML flaws include a less severe Cross-Site Scripting vulnerability, and an Information Disclosure flaw.
Microsoft rating: Critical.
MS08-068: SMB Credential-Reflection Vulnerability
Server Message Block (SMB) is a protocol Windows uses for network file sharing. By default, Windows SMB suffers from something called a “credential-reflection vulnerability” when handling NT LAN Manager (NTLM) credentials. In credential-reflection attacks, an attacker somehow captures a victim’s login credentials, which are typically sent as hash values. In most cases, the attacker captures these credentials by sniffing network traffic or enticing a user to log into malicious servers which record the login. Once the attacker captures the hashed credentials, they replay those login credentials in order to log into some system with the victim’s privileges. Microsoft SMB ships with some credential-reflection protection mechanisms. However, Windows does not enable them by default. By enticing one of your users to log in to a malicious SMB server, an attacker could leverage this lack of protection to capture that user’s NTLM login credentials, and gain access to that user’s computer. If the user has local administrative privileges, the attacker gains full control of the user’s machine. However, most administrators do not allow SMB traffic (ports 135 and 445) to pass beyond their perimeter, out to the Internet. Therefore, this flaw primarily poses an internal threat.
Microsoft rating: Important.
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
MS08-069:
§ 2000
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ XP SP2
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ XP SP3
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ XP x64
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2003
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2003 Itanium Edition
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2003 x64
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Vista
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Vista x64
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2008
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2008 Itanium Edition
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Server 2008 x64
§ XML Core Services 3.0
§ XML Core Services 4.0
§ XML Core Services 6.0
§ Office
§ Office 2003
§ Word Viewer 2003
§ 2007 Office System
§ Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
§ Microsoft Expression Web and Expression Web 2
§ Office Sharepoint Server 2007
§ Office Sharepoint Server 2007 64-bit Edition
§ Office Groove Server 2007
Note: Due to the confusing array of possible combinations of MSXML, you may want to let Windows Update find the appropriate patch automatically.
MS08-068:
§ For Windows 2000
§ For Windows XP
§ For Windows XP x64
§ For Windows Server 2003
§ For Windows Server 2003 x64
§ For Windows Server 2003 Itanium
§ For Windows Vista
§ For Windows Vista x64
§ For Windows Server 2008
§ For Windows Server 2008 x64
§ For Windows Server 2008 Itanium
For All WatchGuard Users:
WatchGuard Fireboxes reduce the risks presented by one of these vulnerabilities. By default, your Firebox blocks the ports necessary to launch the SMB attack described above. However, attackers could also exploit the SMB attack locally, without passing traffic through your firewall. Furthermore, attackers could exploit the XML vulnerabilities using normal HTTP traffic, which you must allow for your users to browse the web. For those reasons, we urge you to apply Microsoft’s patches.
Status:
Microsoft has released patches correcting these issues.
References:
§ Microsoft Security Bulletin MS08-068
Microsoft Security Bulletin MS08-069
Leave a Comment » | 
Business Computer Support, Computer Security, Home Computer Support, Microsoft, Microsoft Access 2003, Microsoft Exchange 2003, Microsoft Exchange 2007, Microsoft Office 2003, Microsoft RPC, Microsoft SQL Server 2008, Microsoft Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Word, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows Media Player, Windows NT, Windows Server 2003, Windows Vista, Windows XP | Tagged: Add new tag, and PowerPoint 2007 File Formats, Bardissi Enterprises, Bardissi Enterprises LLC, Excel, 2007 Office System, For Windows Server 2003 Itanium, For Windows Server 2003 x64, For Windows Server 2008, For Windows Server 2008 Itanium, For Windows Server 2008 x64, For Windows Vista, For Windows Vista x64, For Windows XP, For Windows XP x64, Microsoft Expression Web and Expression Web 2, Microsoft Office Compatibility Pack for Word, Office 2003, Office Groove Server 2007, Office Sharepoint Server 2007 64-bit Edition, Word Viewer 2003, XML Core Services 3.0, XML Core Services 4.0, MS08-068, MS08-069, Office Sharepoint Server 2007, SMB Credential-Reflection Vulnerability, Three XML Core Services Vulnerabilities, Watchguard, WatchGuard Live Security, Windows 2000, Windows Server 2003, XML Core Services 6.0 | 
Permalink
Posted by bardissi
November 6, 2008
November 2008
The Visiting Angels of Jenkintown, Pennsylvania have contracted with Bardissi Enterprises for the provision of Managed Information Technology Solutions as well as upgrading their current phone system to Hosted VoIP Phone System
Visiting Angels of Jenkintown, Pennsylvania have secured the services of Bardissi Enterprises, LLC for the provision of an Hosted VoIP Phone System and Managed Information Technology Solutions. Visiting Angels is the nation’s leading, nationally respected network of non-medical, private duty home care agencies providing senior care, elder care, personal care, respite care and companion care to help the elderly and adults continue to live in their homes across America. The Jenkintown Visiting Angels provide services to Eastern Montgomery County.
We are pleased to have been chosen by Visiting Angels for the provision of their phone system and all of their future Information Technology needs. With the creation of this partnership, between our companies, Bardissi Enterprises will continue to advance Visiting Angels growth, in the area of Information Technology and the way in which its applications will help the company to move effectively in establishing a stronger and more pronounced presence in its area of business expertise, states George Bardissi, President of Bardissi Enterprises, LLC.
Bardissi Enterprises is a Managed Information Technology Solutions Company providing service to small and medium sized companies and homes in Hatfield, Montgomery County, Bucks County, Philadelphia and the Tri-State area.
Leave a Comment » | Business Computer Support, VoIP Phone | Tagged: Bardissi Enterprises, Hosted VoIP, Jenkintown, Managed Network Support Contract, PA, Visiting Angels, VoIP | Permalink
Posted by bardissi
November 6, 2008
November 2008
Castleway Properties, LLC of Lester, Pennsylvania has contracted with Bardissi Enterprises for the provision of Managed Information Technology Solutions service and support.
Castleway Properties, LLC has secured the services of Bardissi Enterprises, LLC for all of its Information Technology needs. Bardissi Enterprises, LLC has completely upgraded the company’s computer network infrastructure to include the upgrade of its IT hardware and their phone system which has now been upgraded to the new AltiGen Voice over IP technology.
Bardissi Enterprises, LLC is pleased to be partnered with Castleway Properties, LLC and to have the opportunity to assist them in making the information technology upgrades that will transform their inner office operations and help them to run smoother giving the company new and increased functionality that will provide a competitive edge which will advance their ability to secure a greater market share in their field of commercial property leasing and building operations at Airport Business Complex with over 2 million square feet of industrial property located in Lester, PA, stated George Bardissi, President of Bardissi Enterprises, LLC.
We look forward to increasing Castleway Properties educational and technical advancement in the realm of information technology and its future benefits to the company and its growth, stated Andino R. Ward, VP of Marketing and Operations for Bardissi Enterprises, LLC.
Bardissi Enterprises is a Managed Information Technology Solutions Company providing service to small and medium sized companies and homes in Hatfield, Montgomery County, Bucks County, Philadelphia and the Tri-State area.
Leave a Comment » | Business Computer Support, Microsoft, Network Infrastructure, VoIP Phone, Watchguard | Tagged: 2008 Microsoft Worldwide Partner Conference, Airport Business Complex, Allentown, Altigen, Altigen Communications, AltiGen Max Communications Server 6.0, AltiGen Pennsylvania, Altigen Philadelphia, AltiGen Phone System, Bardissi Enterprises, Bardissi Enterprises LLC, business telephone Allentown PA, business telephone DE, business telephone Delaware, business telephone Harrisburg PA, business telephone Lancaster PA, business telephone New Jersey, business telephone NJ, business telephone NYC, business telephone Philadelphia, call center phone system Allentown PA, call center phone system DE, call center phone system Delaware, call center phone system Harrisburg PA, call center phone system Lancaster PA, call center phone system New Jersey, call center phone system NJ, call center phone system NY, call center phone system NYC, call center phone system Philadelphia, call recording Allentown PA, call recording DE, call recording Delaware, call recording Harrisburg PA, call recording Lancaster PA, call recording New Jersey, call recording NJ, call recording NY, call recording NYC, call recording Philadelphia, call tracking phone system DE, call tracking phone system Delaware, call tracking phone system Harrisburg PA, call tracking phone system Lancaster PA, call tracking phone system New Jersey, call tracking phone system NJ, call tracking phone system NY, call tracking phone system NYC, call tracking phone system Philadelphia, Castleway Properties, DE, Delaware, Harrisburg PA, hosted phone system Allentown PA, hosted phone system DE, hosted phone system Delaware, hosted phone system Harrisburg PA, hosted phone system Lancaster PA, hosted phone system New Jersey, hosted phone system NJ, hosted phone system Philadelphia, hosted voip Allentown PA, hosted voip DE, hosted voip Delaware, hosted voip Harrisburg PA, hosted voip Lancaster PA, hosted voip New Jersey, hosted voip NJ, hosted voip Philadelphia, hosted voip York PA, Integration with Microsoft Office Communicator, ip pbx Allentown PA, ip pbx DE, ip pbx Delaware, ip pbx Harrisburg PA, ip pbx Lancaster PA, ip pbx New Jersey, ip pbx NJ, ip pbx Philadelphia, Lancaster PA, MAXCS, Microsoft exchange phone system DE, Microsoft exchange phone system Delaware, Microsoft exchange phone system Harrisburg PA, Microsoft exchange phone system Lancaster PA, Microsoft exchange phone system New Jersey, Microsoft exchange phone system NJ, Microsoft exchange phone system NY, Microsoft exchange phone system NYC, Microsoft exchange phone system Philadelphia, Microsoft Exchange Server 2007 IP PBX plug-in, Microsoft phone system DE, Microsoft phone system Delaware, Microsoft phone system Harrisburg PA, Microsoft phone system Lancaster PA, Microsoft phone system New Jersey, Microsoft phone system NJ, Microsoft phone system NY, Microsoft phone system NYC, Microsoft phone system Philadelphia, multi branch phone system Allentown PA, multi branch phone system DE, multi branch phone system Delaware, multi branch phone system Harrisburg PA, multi branch phone system Lancaster PA, multi branch phone system New Jersey, multi branch phone system NJ, multi branch phone system NY, multi branch phone system NYC, multi branch phone system Philadelphia, Native Microsoft Exchange Server 2007 integration, New Jersey, New York, NJ, NY, NYC, PA, PBX, pbx Allentown PA, pbx DE, pbx Delaware, pbx Harrisburg PA, pbx Lancaster PA, pbx New Jersey, pbx NJ, pbx Philadelphia, pbx York PA, Pennsylvania, Philadelphia, Phone System, Phone System Allentown PA, phone system call monitoring DE, phone system call monitoring Delaware, phone system call monitoring Harrisburg PA, phone system call monitoring Lancaster PA, phone system call monitoring New Jersey, phone system call monitoring NJ, phone system call monitoring NY, phone system call monitoring NYC, phone system call monitoring Philadelphia, phone system conference calls DE, phone system conference calls Delaware, phone system conference calls Harrisburg PA, phone system conference calls Lancaster PA, phone system conference calls New Jersey, phone system conference calls NJ, phone system conference calls NY, phone system conference calls NYC, phone system conference calls Philadelphia, Phone System DE, Phone System Delaware, Phone System Harrisburg PA, Phone System Lancaster PA, Phone System New Jersey, Phone System NJ, Phone System Philadelphia, Phone System York PA, SIP, SIP phone system Allentown PA, SIP phone system DE, SIP phone system Delaware, SIP phone system Harrisburg PA, SIP phone system Lancaster PA, SIP phone system New Jersey, SIP phone system NJ, SIP phone system NY, SIP phone system NYC, SIP phone system Philadelphia, SIP Trunking Allentown PA, SIP Trunking DE, SIP Trunking Delaware, SIP Trunking Harrisburg PA, SIP Trunking Lancaster PA, SIP Trunking New Jersey, SIP Trunking NJ, SIP Trunking NY, SIP Trunking NYC, SIP Trunking Philadelphia, supervise phone calls Allentown PA, supervise phone calls DE, supervise phone calls Delaware, supervise phone calls Harrisburg PA, supervise phone calls Lancaster PA, supervise phone calls New Jersey, supervise phone calls NJ, supervise phone calls NY, supervise phone calls NYC, supervise phone calls Philadelphia, telephone system Allentown PA, telephone system DE, telephone system Delaware, telephone system Harrisburg PA, telephone system Lancaster PA, telephone system New Jersey, telephone system NJ, telephone system Philadelphia, telephone system York PA, voicemail to email phone system DE, voicemail to email phone system Delaware, voicemail to email phone system Harrisburg PA, voicemail to email phone system Lancaster PA, voicemail to email phone system New Jersey, voicemail to email phone system NJ, voicemail to email phone system NY, voicemail to email phone system NYC, voicemail to email phone system Philadelphia, VoIP, voip Allentown PA, voip DE, voip Delaware, voip Harrisburg PA, voip Lancaster PA, voip New Jersey, voip NJ, voip pbx Allentown PA, voip pbx DE, voip pbx Delaware, voip pbx Harrisburg PA, voip pbx LancasterPA, voip pbx New Jersey, voip pbx NJ, voip pbx Philadelphia, voip pbx York PA, voip Philadelphia, VoIP Phone, voip York PA, York PA | Permalink
Posted by bardissi
November 4, 2008
Severity: High
23 October, 2008
Summary:
§ These vulnerabilities affect: All current versions of Windows
§ How an attacker exploits them: By sending specially crafted network traffic
§ Impact: Attacker gains complete control of your Windows computer
§ What to do: Install the appropriate Microsoft patches immediately
Exposure:
Today, Microsoft released a security bulletin urgent enough to warrant publication before next month’s regular Patch Day. The bulletin describes a very serious vulnerability in one of the core networking components that ships with all current versions of Windows. The vulnerability lies within the Server service; a main Windows component responsible for many of the operating system’s networking capabilities, such as network file sharing and printing. According to Microsoft, the Server service suffers from an unspecified flaw involving how it handles Remote Procedure Call (RPC) requests. By sending a specially crafted network packet, a remote attacker could exploit this flaw to gain complete control of your Windows computers. In most cases, even an anonymous, unauthenticated attacker could exploit this vulnerability. Due to security restrictions in Microsoft’s newer products, in order to exploit this flaw against Windows Vista and Server 2008 computers, attackers would need valid Windows login credentials.
This flaw poses a critical risk to most Windows users, because attackers love to exploit these kinds of core networking flaws in massive automated attacks. Microsoft says the flaw is already being exploited in the wild, in targeted attacks. We expect to see this flaw exploited in a worm or bot client in the near future. Now that we’ve said that, though, attackers need access to TCP ports 139 and 445 in order to leverage this vulnerability. Most administrators block these ports by default at their firewall. As long as you haven’t specifically allowed Windows networking through your firewall, you don’t have to worry about external attackers exploiting this flaw. But if a bot client (or some other type of malware) sneaks onto one of your internal machines, it could easy exploit this flaw to infect the rest of your network. We give our strongest recommendation that you patch this vulnerability immediately.
Solution Path:
Microsoft has released Windows patches to correct this vulnerability. You should download, test, and deploy the appropriate patches throughout your network immediately.
MS08-067:
§ For Windows 2000
§ For Windows XP
§ For Windows XP x64
§ For Windows Server 2003
§ For Windows Server 2003 x64
§ For Windows Server 2003 Itanium
§ For Windows Vista
§ For Windows Vista x64
§ For Windows Server 2008
§ For Windows Server 2008 x64
§ For Windows Server 2008 Itanium
For All WatchGuard Users:
WatchGuard Fireboxes, by default, block the ports necessary to leverage this vulnerability (TCP ports 139 and 445). As long as you haven’t specifically added a policy to allow these ports, external attackers cannot exploit this vulnerability against your internal computers. However, we still recommend patching immediately to avoid the possibility of an internal attack.
Status:
Microsoft has released patches correcting this issue.
References:
§ Microsoft Security Bulletin MS08-067
Leave a Comment » | Business Computer Support, Computer Security, Microsoft, Network Infrastructure, Non-Profit Technology, Watchguard, Windows Server 2003 | Tagged: Bardissi Enterprises, MS08-067:, WatchGuard LiveSecurity, Windows Server | Permalink
Posted by bardissi
November 4, 2008
Severity: Medium
4 November, 2008
Summary:
§ This vulnerability affects: Adobe Reader and Acrobat 8.1.2 and earlier, on Windows, Mac, *nix computers
§ How an attacker exploits it: Multiple vectors of attack, including enticing your users into viewing a maliciously crafted PDF document
§ Impact: Various results; in the worst case, an attacker can execute code on your computer, potentially gaining control of it
§ What to do: Upgrade to Acrobat Reader 9 (or 8.1.3) or Acrobat 8.1.3
Exposure:
In a security bulletin released today, Adobe warns of “critical vulnerabilities” in Reader and Acrobat 8.1.2 (and all earlier versions) on all platforms that can run them. Adobe does not describe these vulnerabilities in much detail. They only describe the flaws as multiple input validation vulnerabilities, a privilege escalation flaw, and a Denial of Service (DoS) vulnerability. They warn that attackers could exploit many of the input validation flaws to remotely execute code on your computer. However, they do not detail how an attacker might exploit these flaws.
Security research company Secunia discovered at least one of these critical vulnerabilities, which they describe in much more detail. According to Secunia’s alert, Reader and Acrobat suffer from a boundary error when parsing certain types of content found within a PDF document. By tricking one of your users into downloading and viewing a PDF document, an attacker could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. If you give your users local administrative privileges, an attacker could exploit this flaw to gain complete control of your user’s computer.
We assume that an attacker would trigger many of the input validation flaws in the same way as the Secunia flaw described above; by enticing your users into downloading and viewing a malicious PDF document. However, some of the vulnerabilities also involve Adobe Reader’s Download Manager. It remains unclear how an attacker might trigger these Download Manager flaws.
Solution Path
Adobe Reader 9 and Acrobat 8.1.3 fix these vulnerabilities. Administrators should download, test, and deploy these updates as soon as possible.
§ Adobe Reader 9 (if you can’t upgrade to 9, Reader 8.1.3 also fixes these issues)
§ Adobe Acrobat 8.1.3
§ For Windows
§ For Mac
§ Adobe Acrobat 3D 8.1.3 for Windows
For All WatchGuard Users:
Although many of WatchGuard’s Firebox models can block incoming PDF files, most administrators prefer to allow these file types for business purposes. You should update to Adobe Reader 9 or Acrobat 8.1.3 instead.
If you want to block PDF documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .pdf files by file extension:
§ Firebox X Edge running 10.x
§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 17.4MB / QuickTime, 11.8MB
§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 32MB / QuickTime, 28.6MB
§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 17.6MB / QuickTime, 16.5MB
§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 12.2MB / QuickTime, 9.1MB
§ Firebox X Core and X Peak running Fireware 10.x
§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 25.2MB / QuickTime, 9.1MB
§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 38.2MB / QuickTime, 10.7MB
§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 23.2MB / QuickTime, 10.1MB
§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 25.6MB / QuickTime, 9.0MB
Status:
Adobe released Reader 9 (and 8.1.3) and Acrobat 8.1.3 to correct these issues.
References:
§ Adobe Security Bulletin
§ Secunia Adobe Reader/Acrobat advisory
Leave a Comment » | Adobe, Business Computer Support, Computer Security, Home Computer Support, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard | Tagged: Acrobat Holes, Adobe Reader, Bardissi Enterprises, Malicious PDFs Exploit, PDF, WatchGuard Live Security | Permalink
Posted by bardissi
