News for 2010

Context Launches Blog - Insights from the Experts

Context is launching a blog designed to put readers in direct touch with expert opinion on important topics in the world of information security.


Simon Clow premieres “Smartphones in the Enterprise” White Paper at CrestCon

We are pleased to announce that Simon Clow, a principal consultant often involved in the development of cutting edge consultancy services at Context, is presenting at CrestCon 2010. He will be sharing the findings of his recent research, conducted in conjunction with Graham Murphy (one of our senior security consultants and general mobile communications guru) into the use of Smartphones in the Enterprise.

In this talk, Simon will be covering the implications of extending the enterprise security boundary to include smartphones. As well as discussing the general security considerations and best practice guidelines to Smartphone integration, he will be covering device specific vulnerabilities from the market leading products selected for assessment.


Context confirms membership of RMDG

Context Information Security is pleased to announce its membership of the Risk Management Delivery Group (RMDG), a partnership programme established by the UK’s Centre for the Protection of National Infrastructure (CPNI) aimed at creating strong and dynamic links with leading UK consultancies.


More Context consultants join security industry elite

Another four Context consultants have now completed one or more of the certification programmes run by the Council of Registered Ethical Security Testers (CREST), so join a long list of CREST-certified experts working at the company.

Context is one of only four UK companies employing individuals to have completed each of the three CREST certification processes: CREST Application Certification, CREST Infrastructure Certification and the examination to become CREST Registered Testers.


Context adds four Lead Auditors to our resource pool

Context is delighted to announce four newly certified ISO 27001 Lead Auditors , bringing a wealth of experience in this field to Context and our clients. Following Context’s sucessful ISO/IEC 27001 accreditation for the whole business; Jason Dewar, David Kierznowski, Simon Clow and Rob Marr have all completed BSI’s comprehensive training to explore the in-depth business implications of the International Standard for Information Security Management. This is a positive step towards being able to offer our clients a greater level of expertise and security service.


Context Information Security Ltd achieves certification to ISO/IEC 27001:2005

Context has now successfully completed the ISO/IEC27001:2005 certification process, having been assessed by BSI and found to be compliant with the internationally recognized standard for Information Technology and Information Security Management. We selected BSI as they are a UKAS (United Kingdom Accreditation Service) accredited certification body. We felt that achieving certification through such a body provided the best way to benchmark ourselves for position and progress amongst our peers in the industry. Context is currently one of the very few companies operating in the Information Security arena to have adopted, and been successfully certified in, ISO/IEC 27001:2005.


Letting the CAT out of the bag

Context’s Principal Security Consultant Michael Jordon is hitting the road in September to demonstrate the qualities of the Context Application Tool (CAT).


Context discovers Citrix vulnerability

Context has identified a previously unknown vulnerability in the widely used Citrix ICA Client. Our consultant Michael Jordon has discovered that the Citrix Presentation Server Client (as tested on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This creates a theoretical opportunity for an attacker to carry out remote exploitation of any client device upon which the client has been installed.

An attacker would be a in a position to execute arbitrary code on the client device if a user can be lured into connecting to a server controlled by the attacker. This could happen if the user visited a malicious website or opened an untrusted email attachment. This issue has affected Windows, Windows Mobile, Linux and Solaris clients. The ICA client for Java, and the Citrix Receivers for iPhone/iPad and Android are not affected.


Gain a new understanding of secure development with Michael Jordon

Security guru and Context consultant Michael Jordon will be among speakers presenting to delegates at the International Secure Systems Development (ISSD) Conference.

Michael will be sharing his expertise on the development of testing tools for secure development, examining the importance of such tools and outlining best practice in development processes. He will also be demonstrating some of the tools Context uses (including the Context App Tool) Elsewhere at the conference other member's of Context's team will be available to discuss individual secure development requirements with attendees.


Context releases CAT Beta 4

Context Information Security is pleased to announce the release of Context App Tool (CAT) Beta 4. The latest version of CAT includes a new Clickjacking tester which displays framed and unframed versions of websites next to each other, enabling testing for frame busting code such as ‘X-Frame-Options’ headers or JavaScript that disables web pages. New columns for page caching and auto-completion tests are also included.


Paul Stone is speaking at Black Hat Europe 2010

We are pleased to announce that one of our consultants, Paul Stone, is a speaker at Black Hat Europe 2010. He will be sharing the findings of his research into Next Generation Clickjacking, covering everything from the basics to newly-developed techniques, as well as demonstrating a new tool that enables easy creation of multi-step Clickjacking attacks.


© Copyright 2013 Context Information Security