Bardissi Enterprises Blog

Severity: High

17 November, 2008

Summary:

• This vulnerability affects: Firebox X Edge 10.2.3 (and earlier versions)
• How an attacker exploits it: By entering a specially crafted username into the authentication page, or by manually visiting a specific URL
• Impact: A remote attacker can authenticate to your Edge without valid login credentials, in some cases gaining VPN access to your network
• What to do: Install 10.2.4 immediately

Exposure:

In order for you to verify that your users really are who they claim to be, the Firebox X Edge supports various types of user authentication. With user authentication configured, you can create URL filtering or VPN policies that permit or deny data traffic based on who someone is, rather than based on the IP address they come from. You also utilize user authentication when setting up mobile VPN access to your network. The Edge provides a secure HTTPS web page that allows your users to authenticate to your Edge.

SEVERITY: HIGH
28 April, 2009
SUMMARY:

• This vulnerability affects: Adobe Reader and Acrobat 9.1 and earlier, on Windows, Mac, *nix computers
• How an attacker exploits it: By enticing your users into viewing a maliciously crafted PDF document
• Impact: An attacker can execute code on your computer, potentially gaining control of it
• What to do: Implement the workarounds described in the Solutions section of this alert

EXPOSURE:
Yesterday, SecurityFocus released an advisory describing a new zero day Adobe Reader exploit they found in the wild. The Proof of Concept (PoC) exploit — written by some calling himself “Arr1val” — seems to leverage a flaw in the Adobe Reader function called “getAnnots()”. As it turns out, Arr1val released two new zero day exploits. The second exploit leverages another Adobe Reader function called “spell.customDictionaryOpen().” Arr1val’s code suggests he confirmed these flaws using Adobe Reader 9.1 and 8.1.4 for Linux. However, we suspect the flaws may affect all current versions of Reader running on any platform.

Severity: Medium

10 February, 2009

Summary:

This vulnerability affects: All current versions of Visio

How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document

Impact: An attacker can execute code, potentially gaining complete control of your users’ computers

What to do: Deploy the appropriate Visio patch as soon as possible

WatchGuard is pleased to announce the availability of version 10.2.7 of WatchGuard System Manager, Edge, Fireware, and Fireware Pro. This update is a maintenance release and contains a number of enhancements and fixes for critical issues as reported by WatchGuard customers.

Contained in this release are:

• Improvements to configuration save behavior in Fireware
• Improvements to High Availability in Fireware
• An enhancement, adding the ability to create Traffic Management, Policy Scheduling, and QoS actions on Drag and Drop VPN tunnels
• Improvements to Server Load Balancing in Fireware
• Improvements to Mobile VPN with SSL client behavior
• A fix for Firebox (Core) stability issues under certain conditions
• Improvement to SSL VPN user authentication on Edge
• A fix for e-Series BOVPN stability issues under certain conditions
• A fix for an Edge spamBlocker Exception List problem

Join us for a Webinar on October 17 11:00AM – 12:00PM EST

Attend this exciting preview event exclusively for key business decision makers like you. Be one of the first to see how this affordable and integrated server solution helps you protect your business data, and increase your employees’ productivity. See first-hand how Windows Small Business Server 2008 can help to: • Protect your vital business information from loss by automatically backing up the computers and servers in your network, and enabling you to recover accidentally deleted files • Work with existing technology, built on Microsoft best practices, and delivers a comprehensive network solution at an affordable price • Give you highly secure access to business contacts, calendars, e-mail, files, and other important desktop resources from any Internet-connected computer, virtually anywhere at any time, so you can be productive while you’re away from the office or on the road Register Today!

Join us for a Webinar on October 24 11:00 AM – 12:00 PM

Attend this exciting preview event exclusively for key IT and business decision makers like you. Be one of the first to see how this integrated platform, designed and priced specifically for midsize businesses, can propel your company forward by reducing IT complexity and improving business efficiency. See first-hand how Windows Essential Business Server 2008 can help to: • Simplify your daily activities with a Centralized Administration Console that gives you a single point of access to your IT environment • Proactively manage your environment, reduce your IT complexity, and help give you back control of your systems • Increase the predictability and reliability of your systems and reduce typical errors that can occur when standalone products are deployed • Increase productivity by working both in and away from the office with remote access, anti-spam, and anti-virus protection, and improved messaging technologies Register Today!

September, 2008

Northwest Erectors, LLC of Ambler has secured the services of Bardissi Enterprises, LLC for all its Information Technology needs. The company has completely ungraded its network infrastructure to include the upgrade of its IT hardware as well.

With the numerous upgrades that the company has made, they have created an technological environment that will make their inner office operations run smoother and give them new and increased functionality that will provide a competitive edge which will advance their ability to grasp a greater market share in their field of expertise, stated George Bardissi, President of Bardissi Enterprises, LLC.