Simon Clow presents at CRESTCon
Simon presented on ‘Exploiting hardware management subsystems' (aka "iLO, iLO, it’s off to work we go!") at CRESTCon on the 19th March 2014.
Modern computing systems implement a variety of remotely accessible, instrumented management interfaces. As professional penetration testers it is important to understand the native capabilities of such interfaces, the security consideration of offering access and the techniques used to interact with and exploit the interface.
Context is recognised for Best Security Company
We’re excited to announce our nomination for Best Security Company at the SC Magazine Awards 2014.
These awards honour professionals working to secure enterprises of all sizes and the vendors that deliver innovative security technologies.
Expert judges have been drawn from the senior ranks of the information security...
Context present on targeted attacks at Securing the Law Firm event
Stuart McKenzie, one of our Senior Consultants presented on 'targeted attacks and the legal sector' at Securing the Law Firm on the 29th January.
Context Accredited for Government Cyber Incident Response Scheme
Context is one of the first companies to be certified by CESG, as an approved supplier of Cyber Incident Response services to UK organisations that have suffered attacks from the most sophisticated criminal or state-sponsored threat actors. The Cyber Incident Response scheme provides the public sector, the UK’s critical national infrastructure and private sector companies that impact on the country’s ‘economic well-being’, with access to Government-accredited suppliers delivering the highest levels of experience, ability and integrity.
Congratulations to James Forshaw
Congratulations to Context’s James Forshaw for coming up with a new exploitation technique to win Microsoft’s first ever $100,000 bounty! James already has had success with design level bugs he found during the IE11 Preview Bug Bounty, and Microsoft are thrilled to announce that he continues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the details of this new mitigation bypass technique until they address it, they are excited that they will be able to use these insights to better protect customers by proactively including defenses against these advanced techniques within future releases of their products. This knowledge helps Microsoft to make individual vulnerabilities less useful when attackers try to use them against customers.
Context: one of the first to be CPA accredited
Context is proud to be one of the first CPA accredited labs under the 2013 CESG Commercial Product Assurance (CPA) scheme.
CPA is essentially a certificated accreditation process for
products to be used by government, public sector and any industries requiring
UK government accredited networks. CPA certification enables product vendors to
sell their products into government and public sector departments, the wider
public sector and associated industry for use in communications networks
requiring IS2 and IS3 accreditation.
Having completed our first CPA certification in September 2013, Context is thrilled to have gained the full accreditation and is excited about all future opportunities in this field. This is an exciting and economical alternative to previous schemes such as Common Criteria, and this is an important added measure to ensuring the security of UK government infrastructures.
More information on CPA can be found here.
The Forger's Art: Exploiting XML Digital Signature Implementations
On the 13th September, Principal Security Consultant James Forshaw presented on “The Forger's Art: Exploiting XML Digital Signature Implementations” at the 44CON Security Conference in London.
Paul Stone is speaking at Black Hat USA 2013
Research - 24th July 2013
On the 31st July, Senior Consultant Paul Stone will be presenting “Pixel Perfect Timing Attacks with HTML 5” at the Black Hat USA security conference in Las Vegas. He will describe some new attacks against the latest generation of web browsers which can compromise the security and privacy of users.
After the presentation Context will make available full details of the research with the release of a whitepaper. This is the second year in a row that Context has been invited to present our novel security research to the global security community.
UPDATE - 01 August 2013 - Paul's whitepaper is now available to view in our research section.
Context approved for CESG Tailored Assurance Service
13th March 2013
Context is one of only three companies to be approved to provide consultancy and testing services for the CESG Tailored Assurance Service (CTAS). CTAS is designed to provide assurance for a wide range of Government, MOD, Critical National Infrastructure (CNI) and public sector organisations engaged in the procurement of IT systems, products and services. This could range from software, web applications and internal networks to mobile devices, cloud services and wireless systems.
“This is another major Government accreditation for Context and is a further endorsement of our expertise and testing services to help protect mission-critical applications and architectures,” said Alex Church, CTO at Context Information Security.
Context selected for new Government ‘Cyber Incident Response’ scheme
5th November 2012
Context Information Security is one of the first four companies to be certified in a new Government scheme announced today that will help UK organisations respond effectively to the increase in cyber security attacks. The ‘Cyber Incident Response’ scheme launched by CESG, the Information Assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing assistance to other parts of the private sector.
Read more about Context Response Services here.
Context presents ‘Breaking .NET Through Serialization’ at Black Hat USA:
Context presents ‘Breaking .NET Through Serialization’ at Black Hat USA:
Serialization vulnerabilities can lead to data disclosure or remote code execution warns Context in white paper published today.
At this week’s Black Hat USA conference in Las Vegas, one of Context’s Principal Consultants, James Forshaw, will be presenting details of vulnerabilities discovered in the .NET framework that allow malicious remote code execution from within the .NET framework. James' white paper, ‘Breaking .NET Through Serialization’ is also available for download.
White Paper: Tablets in the Enterprise – A Hard Pill to Swallow
In this white paper, Context principal consultant, Jonathan Roach, investigates the security failings in three of the most popular tablets, raising concerns for organisations looking to introduce BYOD (Bring Your Own Device). During the research the Samsung Galaxy Tab was found to have serious weaknesses that make it difficult to recommend for use in the enterprise. And while the iPad and Blackberry PlayBook performed better, both still have security problems including desktop software that does not encrypt backups by default.
Blog: SAP Parameter Injection - No Space for Arguments
This latest blog post, Context’s Michael Jordan details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated perspective. This vulnerability was patched in May 2012 and at the request of SAP, Context have delayed the publication of the details by 3 months. As we believe the vulnerability and the technique used to exploit it are technically interesting, we thought we would go into more depth than a typical advisory normally would.
Read the detailed blog post here.
Context Highlights Weaknesses in VMware Protocol
Updated version of Canape featured at Ruxcon in live attacks.
Alex Chapman, a Senior Security Consultant at Context Information Security, will be demonstrating weaknesses in the VMware ESXi binary protocol at this week’s Ruxcon, Australia’s leading computer security conference in Melbourne. By using the latest version of Canape, Context’s powerful protocol analysis tool, Chapman will present various live attack scenarios against vulnerabilities in the VMware protocol.
Exploit Packs, Zeus and Ransomware
In the latest blog post from the malware series, Context consultant Mark Nicholls looks at a recent development in the Zeus Trojan and an increasing trend in the use of exploit packs and Ransomware. The new blog focuses on both the increasingly popular Blackhole Exploit Kit and a recent feature addition to Zeus that leads to users being held to ransom.
Read the detailed blog post here.
Microsoft Releases Patch following Context Warning of Vulnerabilities in .NET
Microsoft has today released a patch for all available .NET frameworks to fix vulnerabilities identified by a researcher at Context Information Security. These vulnerabilities could allow malicious remote code execution from within .NET applications. The risks relate to the use of "serialization" techniques; a fundamental feature of .NET applications that allows data or objects to be easily transferred and stored. They range from the disclosure of information to full remote code execution - whether they are accessible remotely or contained within trusted sandboxes deployed within technologies such as XBAP or ClickOnce.
The patch makes changes to the workings of the serialization framework to mitigate some of the original design decisions that were taken during the development of the first version of .NET. This required a substantial amount of effort on Microsoft's part to fix the problem without introducing compatibility issues. Context first made Microsoft aware of the .NET vulnerabilities last March and has been working with them since then to help fix the issues.
Dirty Disks Raise New Questions About Cloud Security
Research by Context Information Security has identified potentially significant flaws in the implementation of Cloud infrastructure services offered by some providers, which could be putting their clients’ data at risk. By exploiting the vulnerability, which revolves around data separation, Context consultants were able to gain access to some data left on other service users’ ‘dirty disks’, including fragments of customer databases and elements of system information that could, in combination with other data, allow an attacker to take control of other hosted servers.
Context tested four providers and found that two of them, VPS.NET and Rackspace, were not always securely separating virtual servers or nodes through shared hard disk and network resources. In line with Context’s responsible disclosure procedures, we immediately informed both providers of its findings. Rackspace worked closely with Context to identify and fix the potential vulnerability, which was found among some users of its now-legacy platform for Linux Cloud Servers. Rackspace reports that it knows of no instance in which any customer’s data was seen or exploited in any way by any unauthorized party. Context has tested Rackspace’s current cloud platform as well as its new Next Generation Cloud computing solution based on OpenStack, and has been able to confirm that the security vulnerability has been resolved. But other providers might be vulnerable if they use popular hypervisor software, and implement it in the way that Rackspace did before its recent remediation efforts.
Context Release New Whitepaper: Crouching Tiger, Hidden Dragon, Stolen Data
Media reports show that targeted cyber attacks against government and commerce have been ongoing since at least 2003 and possibly some time before that. By far the largest sponsor of these attacks is the Chinese state. This is not a new problem; it is espionage with a different methodology.
Context has extensive experience of detecting and investigating targeted attacks and working with clients to help protect their data.
Context Blog Provides Simple Fix to Protect Internet and Intranet Sites
Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker's malicious webpage to read information about the content and structure of the framed pages. The attack bypasses browser security restrictions that are meant to prevent webpages directly reading the contents of 3rd party sites loaded in frames.
Context Serves Up New CANAPE Security Assessment Tool at Black Hat Europe
Context Information Security has been presenting its latest Windows security assessment tool at Black Hat Europe this week in Amsterdam. CANAPE extends the functionality of existing web application testing tools such as CAT, Burp or Fiddler in order to analyse complex network protocols.
"Testing and exploiting binary network protocols can be both complex and time consuming," says Michael Jordon, Research and Development Manager at Context. "In most cases, custom software needs to be developed to proxy, parse and manipulate the traffic; but CANAPE provides a simple user interface that facilitates the capture and replaying of binary network traffic, whilst delivering a powerful framework to develop parsers and fuzzers."
Context Releases Whitepaper - Web Application Vulnerability Statistics Report 2010-2011
Two thirds of web applications tested by security consultants at Context Information Security in 2011 were found to be at risk from cross-site scripting and nearly one in five applications risked attacks by experienced SQL injections, according to the new Context Web Application Vulnerability report published today. The research also found that web applications developed for government, financial services and law and insurance sectors had the greatest increase in vulnerabilities. The findings come from penetration tests carried out on almost 600 hundred custom-built web applications. In total, Context discovered some 8,000 vulnerabilities, reflecting an increase in the average number of different security issues affecting each application from 12.5 to 13.5 between 2010 and 2011.
Mark Raeburn and Alex Church present at BlueHat - Redmond, USA
Last month Context’s C.E.O, Mark Raeburn and Technical Director, Alex Church were invited to present at the BlueHat conference in Redmond as trusted experts in the area of ‘Targeted Attacks on Enterprise Networks’.
The conference brings together Microsoft developers and executives with key security programme partners and members of the security research community. Its principle aim is to help protect Microsoft’s customers by sharing information on current and emerging security threats, addressing security issues and concerns in Microsoft products and services.
Oasis Network – Putting Security Research into Context
Context invite you to our next Oasis Network; a series of presentations showcasing our recent research efforts in areas ranging from economic espionage to Cloud security.
Save the date: Thursday 1st March 2012 from 3:30pm until 8pm at Shoreditch House, East London.
Please see the following link for further details: Oasis Network.
Apache releases security advisory following discovery of back door threat by Context researchers
Apache released an advisory on Wednesday 5th October 2011 to all of its customers following the identification by Context’s researchers of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and have published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. The blog also provides advice to mitigate the risks: http://www.contextis.com/research/blog/server-technologies-reverse-proxy-bypass/
Context Application Tool (CAT) Version 1.0 Released
Context Information Security is pleased to announce the release of its latest version of the globally esteemed CAT. Context is proud to be leading the way by developing the world’s leading Application Testing tool available to everyone for FREE. Security is a key component of any organisation, and Context is delighted to facilitate the movement towards a more secure business world.
More security problems for WebGL
Researchers at Context Information Security who exposed security flaws in WebGL last month have identified further concerns about early implementations of the new technology that allows web pages to draw fast 3D graphics to deliver a much richer experience to web users. In one example, a vulnerability in the Mozilla Firefox browser made it possible for malicious web pages to capture any screenshot from a target PC – including the user’s desktop, other web pages or applications. By revealing that none of the current implementations comply with WebGL conformance standards, Context also raises serious questions for Khronos, the consortium which has drawn up the WebGL specification and conformance tests.
Context uncover security flaws in new WebGL technology put PCs and data at risk
Context researchers have uncovered serious security flaws in the new WebGL technology that creates 3D graphics in a browser with the same speed and detail as hardware-accelerated PC games and applications. Context says that design level security issues give potentially malicious web pages low level access to graphics cards that could provide a ‘back door’ for hackers and compromise data stored on internet-connected machines.
WebGL is currently supported on Linux, OSX and Windows operating systems, using Firefox 4, Safari and Google Chrome browsers. In addition to desktops and notebooks, WebGL is also being adopted for use in other devices including smart phones and is rapidly increasing in popularity.
Context introduces new Cloud Security Assessment Service
In parallel with the release of our whitepaper “Cloud Computing – Assessing Cloud Node Security”, Context is pleased to announce the introduction of our new Cloud Security Assessment Service. As a result of the increasing popularity of Cloud computing, more and more Context clients have requested our support in helping to determine and improve the security posture of their Cloud-based systems.
Our new Cloud Security Assessment Service analyses the security of the client’s Cloud system from three different perspectives. Initially, we perform a security assessment of the Cloud system from an external, Internet-facing perspective. This involves the use of classic network infrastructure and application penetration testing methodologies. Due to the shared nature of the Cloud environment, we also assess system security from the perspective of a neighbouring, malicious node. This assessment includes network-based attacks and exploitation of shared resources in an attempt to gain access to the target system. Finally, Context conducts an audit of the security protection enforced on the node in order to prevent it from being compromised. This includes a node hardening assessment, a review of virtualisation security, an analysis of how the node is remotely administered and a review of the external and internal network infrastructure security related to the node.
Context Releases Whitepaper - Assessing Cloud Node Security
Cloud computing has become one of the buzzwords of the moment. The potential benefits offered by the Cloud make it an attractive business proposal to many organisations. But how secure is the Cloud and to what extent are its benefits tainted by the potential security risks?
In order to provide our client base with a better understanding of the technical security issues associated with Cloud computing, Context has undertaken a study of four major Cloud providers.
Context Information Security opens Australian Office
Context is delighted to announce the opening of our new office in Melbourne, Victoria on 1st February 2011.
Context Launches Blog - Insights from the Experts
Context is launching a blog designed to put readers in direct touch with expert opinion on important topics in the world of information security.
Simon Clow premieres “Smartphones in the Enterprise” White Paper at CrestCon
We are pleased to announce that Simon Clow, a principal consultant often involved in the development of cutting edge consultancy services at Context, is presenting at CrestCon 2010. He will be sharing the findings of his recent research, conducted in conjunction with Graham Murphy (one of our senior security consultants and general mobile communications guru) into the use of Smartphones in the Enterprise.
In this talk, Simon will be covering the implications of extending the enterprise security boundary to include smartphones. As well as discussing the general security considerations and best practice guidelines to Smartphone integration, he will be covering device specific vulnerabilities from the market leading products selected for assessment.
Context confirms membership of RMDG
Context Information Security is pleased to announce its membership of the Risk Management Delivery Group (RMDG), a partnership programme established by the UK’s Centre for the Protection of National Infrastructure (CPNI) aimed at creating strong and dynamic links with leading UK consultancies.
More Context consultants join security industry elite
Another four Context consultants have now completed one or more of the certification programmes run by the Council of Registered Ethical Security Testers (CREST), so join a long list of CREST-certified experts working at the company.
Context is one of only four UK companies employing individuals to have completed each of the three CREST certification processes: CREST Application Certification, CREST Infrastructure Certification and the examination to become CREST Registered Testers.
Context adds four Lead Auditors to our resource pool
Context is delighted to announce four newly certified ISO 27001 Lead Auditors , bringing a wealth of experience in this field to Context and our clients. Following Context’s sucessful ISO/IEC 27001 accreditation for the whole business; Jason Dewar, David Kierznowski, Simon Clow and Rob Marr have all completed BSI’s comprehensive training to explore the in-depth business implications of the International Standard for Information Security Management. This is a positive step towards being able to offer our clients a greater level of expertise and security service.
Context Information Security Ltd achieves certification to ISO/IEC 27001:2005
Context has now successfully completed the ISO/IEC27001:2005 certification process, having been assessed by BSI and found to be compliant with the internationally recognized standard for Information Technology and Information Security Management. We selected BSI as they are a UKAS (United Kingdom Accreditation Service) accredited certification body. We felt that achieving certification through such a body provided the best way to benchmark ourselves for position and progress amongst our peers in the industry. Context is currently one of the very few companies operating in the Information Security arena to have adopted, and been successfully certified in, ISO/IEC 27001:2005.
Letting the CAT out of the bag
Context’s Principal Security Consultant Michael Jordon is hitting the road in September to demonstrate the qualities of the Context Application Tool (CAT).
Context discovers Citrix vulnerability
Context has identified a previously unknown vulnerability in the widely used Citrix ICA Client. Our consultant Michael Jordon has discovered that the Citrix Presentation Server Client (as tested on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This creates a theoretical opportunity for an attacker to carry out remote exploitation of any client device upon which the client has been installed.
An attacker would be a in a position to execute arbitrary code on the client device if a user can be lured into connecting to a server controlled by the attacker. This could happen if the user visited a malicious website or opened an untrusted email attachment. This issue has affected Windows, Windows Mobile, Linux and Solaris clients. The ICA client for Java, and the Citrix Receivers for iPhone/iPad and Android are not affected.
Gain a new understanding of secure development with Michael Jordon
Security guru and Context consultant Michael Jordon will be among speakers presenting to delegates at the International Secure Systems Development (ISSD) Conference.
Michael will be sharing his expertise on the development of testing tools for secure development, examining the importance of such tools and outlining best practice in development processes. He will also be demonstrating some of the tools Context uses (including the Context App Tool) Elsewhere at the conference other member's of Context's team will be available to discuss individual secure development requirements with attendees.
Context releases CAT Beta 4
Paul Stone is speaking at Black Hat Europe 2010
We are pleased to announce that one of our consultants, Paul Stone, is a speaker at Black Hat Europe 2010. He will be sharing the findings of his research into Next Generation Clickjacking, covering everything from the basics to newly-developed techniques, as well as demonstrating a new tool that enables easy creation of multi-step Clickjacking attacks.
Context expands offices in Cheltenham
Context Information Security is continuing to expand its operations, and the company is delighted to announce the opening of a new office in Cheltenham. The new facility will help Context cater for a growing demand for its services from clients based in the surrounding area.
Context expands offices in Dusseldorf, Germany
Context Information Security has announced further expansion and the opening of a new office in Dusseldorf, Germany to help serve our growing client base in mainland Europe.