The NJMVC is the first government agency in New Jersey to use pen tablet PCs

The Background:

The New Jersey Motor Vehicle Commission (NJMVC) aims to be the model for excellence in motor vehicle services.

Long waits and slow service are never fun, but many customers have come to accept it as a fact of life when visiting their local motor vehicle departments around the country.

In 2003, the NJMVC began overhauling its operations and image in an effort to better serve customers. One critical tool it’s using to improve the customer experience is tablet PCs from Motion Computing. The point-of-entry service made possible by tablet PCs has made a major impact on the way the Commission serves customers.

The Challenge:

The NJMVC made the decision to deploy the tablets in three areas: driver license renewal, new driver licensing, and vehicle inspections.

For years, customers waited in line for hours, only to find out that they didn’t have the appropriate identification. Following the enactment of New Jersey’s Motor Vehicle Security and Customer Service Act in 2003, the newly created Motor Vehicle Commission began requiring new and renewing drivers to produce six points of identification in order to obtain a digital driver license. Rather than wasting customers’ time by making them wait in line, the NJMVC wanted to help people as soon as they walked through the door. They imagined an electronic, handheld device used to check identification and fill out preliminary forms that would save each driver time and improve the overall experience.

The NJMVC’s IT team first explored PDAs, but the functionality of these devices was limited. Laptops also were evaluated, but they lacked agility and didn’t have the handwriting recognition capabilities necessary to fill out forms. Tablet PCs emerged as the most appropriate solution. After reviewing various devices, Motion Computing’s ultra-mobile, pen-and-ink enabled tablet PCs emerged as the right fit for the NJMVC.

“Once we decided that tablets were the most beneficial solution, all signs pointed to Motion Computing as the tablet PC provider of choice,” says Woody Sisco, NJMVC’s management information systems coordinator.

The NJMVC began implementing Motion’s tablet PCs and soon realized that they would be useful in other areas of the organization - particularly with the mobile workforces of Inspection Services and Driver Testing examiners, who evaluate first-time drivers.

The Solution:

In early 2004, the commission designated greeters at each of its agencies and equipped them with Motion M1400 tablet PCs, 200 tablets in total. In the fall of 2006, they purchased approximately 300 LE1600 tablet PCs, and will eventually upgrade all of the M1400s currently in use. The tablet’s mobility enabled greeters to provide customer service beyond the counter, significantly expediting the customer’s Motor Vehicle Commission experience.

While drivers wait in line to be served at the counter, greeters review and verify identification documents. Customers can ask questions, find out what forms they need to fill out, and take care of preliminary issues, all while they wait. The NJMVC purchased extended batteries that enable greeters to go most of the day without having to swap out the batteries every few hours.

The Division of Inspection Services is responsible for evaluations at inspection stations, as well as mobile inspections of charter and school buses and taxi cab fleets. They use Formulizer software that is ink-enabled and uses Optical Character Recognition (OCR) to transfer handwriting to searchable text. The software creates a back-end database that is searchable and quite useful for statistical reporting. The inspectors can search all content entered in the form fields and save forms with “ink” intact and in text format.

Driver Testing examiners now score new drivers’ parallel parking and left-hand turning skills with the help of the tablets. The minute the test car is put into park, scores are entered directly into the system and the newly-minted driver just has to pick up his/her provisional license. There is no additional paperwork to fill out.

The Results:

The tablets have been fully deployed by greeters working in motor vehicle agencies and are in the process of being implemented by the vehicle inspection personnel and Driver Testing examiners who will be moving to a paperless environment. According to Sisco, “the applicability for vehicle inspections and Driver Testing examiners was obvious. We knew the tablets would be an incredible tool for them and couldn’t wait to get them in their hands.”

The Motion tablet’s View Anywhere® Display, which allows for easy viewing in any light, is especially useful to the vehicle inspectors, who are often working outdoors to conduct inspections. The View Anywhere feature eliminates glare on the screens and allows for viewing at any angle. They’ve also recently begun using the pen-and-ink tool to conduct evaluations via customized online forms.

A mobile workforce, the Enhanced Inspections Group has incorporated CDMA wireless technology, which allows them to send and receive e-mails instantly while in the field. They also use the tablet to take pictures during site investigations, and take notes directly on top of the image.

Sisco says the purchase of the Motion tablets was “very easy to justify.”

Severity: Medium

11 September, 2007

Summary:

Today, Microsoft released a bulletin describing an important security vulnerability affecting MSN Messenger and Windows Live Messenger. By enticing one of your users into accepting a malicious webcam invite, an attacker could exploit this vulnerability to potentially gain complete control of that user’s computer. If you use MSN Messenger or Windows Live Messenger in your network, you should download, test, and deploy the latest version as soon as possible.

Exposure:

Microsoft’s security bulletin describes a vulnerability affecting MSN Messenger 6.2, 7.0, 7.5, and Windows Live Messenger 8.0. The flaw stems from a heap buffer overflow vulnerability in the code used to handle webcam and video chat sessions. We mentioned this vulnerability in an August Wire post, but Microsoft hadn’t patched it at that time. If an attacker can entice one of your users into accepting a specially crafted webcam invite, she can exploit this flaw to execute code on the user’s computer, with that user’s privileges. As always, if your users have local administrative privileges, attackers could exploit this vulnerability to gain complete control of their machines.

Solution Path

Microsoft has released new versions of MSN Messenger and Windows Live Messenger to fix this vulnerability. If you use either of these instant messaging clients, download and deploy the latest version of Messenger as soon as you can.

• MSN Messenger 7.0.0820
• Windows Live Messenger 8.5

WatchGuard does not recommend the use of normal (insecure, unencrypted) Instant Messenger clients. If your organization does not require MSN Messenger, but users keep sneaking it in, check the Workarounds section of Microsoft’s bulletin for techniques you can use to block all Messenger traffic. In our experience, these workarounds are not 100 percent effective, but they might prove useful enough to discourage your unauthorized Messenger users.

For All WatchGuard Users:

If you allow MSN Messenger connections through your firewall, this flaw affects you and we recommend you download, test and install the patch above. However, you can also configure your WatchGuard Firebox to deny MSN Messenger traffic and thereby mitigate the risk of this vulnerability. For more details on blocking MSN Messenger traffic with your Firebox, read this FAQ.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS07-054

Fremont, CA – August 27, 2007 - AltiGen Communications, Inc. (Nasdaq: ATGN), a leading provider of next generation IP-PBX phone systems, today announced it plans to present at the Kaufman Brothers 10th Annual Investor Conference at the W Hotel in New York City on September 6, 2007 at 9:10 a.m. ET. Presenting from management will be Jeremiah Fleming, president and COO and Phil McDermott, chief financial officer.

A live webcast of management’s presentation will be accessible from the company’s website: www.altigen.com. In addition, a replay of the webcast will be available.

About AltiGen Communications
AltiGen Communications, Inc. (Nasdaq: ATGN) is a leading manufacturer of VoIP telephony solutions. AltiGen designs, manufactures and markets advanced, IP-PBX telephone systems and IP call centers that leverage both the Internet and the public telephone network. These products enable an array of applications that take advantage of the convergence of voice and data communications to achieve superior business results. AltiGen Communications products are available from independent authorized resellers and strategic partners. AltiGen’s AltiServâ„¢ family of telephony solutions has been recognized for excellence with more than 40 industry awards since 1996. Focused on the small to mid sized and multi-site businesses, AltiGen customers benefit from integrated solutions that protect their existing investments, while providing new ways to be more competitive, productive and to save money.

For more information, call 1-888-ALTIGEN or visit the Website at www.altigen.com

Severity: Medium

11 September, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows 2000 PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for September and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s two security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity. (Note: As we published this alert, Microsoft was having difficulty keeping some of these links active. The bulletins were appearing and disappearing. We trust the problem will be resolved.)

MS07-051: Microsoft Agent Remote Code Execution Vulnerability in Win2K

Microsoft Agent is a Windows software component providing user interactions to help people learn how to use their computer. If you recall the irritating animated paperclip character, Clippy, in Microsoft Office, that Office agent is similar to the Microsoft Agents available in Windows.

The Agent component that ships with Windows 2000 suffers from an unspecified vulnerability involving the way it handles certain specially crafted URLs. By tricking one of your users into visiting a malicious web page, an attacker can exploit this vulnerability to execute code on your user’s computer, inheriting your user’s privileges. If your user has local administrator privileges, the attacker gains full control of the computer. Despite the severity of this vulnerability, it only affects Windows 2000 users. If you do not use 2000 in your network, you have nothing to worry about.
Microsoft rating: Critical.

MS07-053: Window Service for UNIX Vulnerability

Window Service for UNIX and Subsystem for UNIX-based Applications are optional components that provide interoperability services for integrating Windows with existing UNIX-based environments. Windows does not install these services by default. However, they ship on some versions of the Windows installation disc.

Microsoft warns that some files installed by Services for UNIX run with overly-permissive privileges. A local attacker with valid Windows login credentials could exploit these misconfigured files to gain elevated privileges on a Windows machine that runs the UNIX services. Microsoft doesn’t specify the exact level of privileges the attacker would gain. However, we assume the attacker would gain SYSTEM privileges since the alert statest, “administrative users are not less impacted then guest users.” This means the attack yields greater than administrative privileges. However, since this vulnerability relies on components that few administrators use, and requires that the attacker already have valid login credentials, we consider it a low risk.
Microsoft rating: Important.

Solution Path

Microsoft has released patches for Windows to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s Product Life-Cycle here.

MS07-051:

• 2000

MS07-053:

• Windows 2000
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
• Windows XP
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
• Server 2003
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
  • Subsystem for UNIX-based Applications
• Server 2003 x64
  • Subsystem for UNIX-based Applications
• Windows Vista
  • Subsystem for UNIX-based Applications
• Windows Vista x64
  • Subsystem for UNIX-based Applications

For All WatchGuard Users:

Attackers could exploit MS07-051 via normal HTTP traffic, which you must allow for your users to browse the web. Attackers can only exploit MS07-053 in a local (internal) attack that does not pass through the firewall. Because of the diversity of attack scenarios these vulnerabilities present, your best defense is to apply the patches above.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS07-051
• Microsoft Security Bulletin MS07-053