Context Accredited for Government Cyber Incident Response Scheme
one of the first companies to be certified by CESG, as an approved supplier of Cyber
Incident Response services to UK organisations that have suffered attacks from
the most sophisticated criminal or state-sponsored threat actors. The Cyber
Incident Response scheme provides the public sector, the UK’s critical national
infrastructure and private sector companies that impact on the country’s
‘economic well-being’, with access to Government-accredited suppliers delivering
the highest levels of experience, ability and integrity.
Congratulations to James Forshaw
Congratulations to Context’s James Forshaw for
coming up with a new exploitation technique to win Microsoft’s first ever
$100,000 bounty! James already has had
success with design level bugs he found during the IE11
Preview Bug Bounty, and Microsoft are thrilled to announce that he
continues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the details
of this new mitigation bypass technique until they address it, they are excited
that they will be able to use these insights to better protect customers by
proactively including defenses against these advanced techniques within future
releases of their products. This knowledge helps Microsoft to make individual
vulnerabilities less useful when attackers try to use them against customers.
Context: one of the first to be CPA accredited
Context is proud to be one of the first CPA accredited
labs under the 2013 CESG Commercial Product Assurance (CPA) scheme.
CPA is essentially a certificated accreditation process for
products to be used by government, public sector and any industries requiring
UK government accredited networks. CPA certification enables product vendors to
sell their products into government and public sector departments, the wider
public sector and associated industry for use in communications networks
requiring IS2 and IS3 accreditation.
Having completed our first CPA certification in September 2013, Context is thrilled to have gained the full accreditation and is excited about all future opportunities
in this field. This is an exciting and economical alternative to previous
schemes such as Common Criteria, and this is an important added measure to
ensuring the security of UK government infrastructures.
More information on CPA can be found here.
The Forger's Art: Exploiting XML Digital Signature Implementations
On the 13th September, Principal Security Consultant James
Forshaw presented on “The Forger's Art: Exploiting XML Digital
Signature Implementations” at the 44CON Security Conference in London.
Paul Stone is speaking at Black Hat USA 2013
Research - 24th July 2013
On the 31st July, Senior Consultant Paul Stone will be presenting “Pixel Perfect Timing Attacks with HTML 5” at the Black Hat USA security conference in Las Vegas. He will describe some new attacks against the latest generation of web browsers which can compromise the security and privacy of users.
After the presentation Context will make available full details of the research with the release of a whitepaper. This is the second year in a row that Context has been invited to present our novel security research to the global security community.
UPDATE - 01 August 2013 - Paul's whitepaper is now available to view in our research section.