Mark Raeburn and Alex Church present at BlueHat - Redmond, USA
Last month Context’s C.E.O, Mark Raeburn and Technical Director, Alex Church were invited to present at the BlueHat conference in Redmond as trusted experts in the area of ‘Targeted Attacks on Enterprise Networks’.
The conference brings together Microsoft developers and executives with key security programme partners and members of the security research community. Its principle aim is to help protect Microsoft’s customers by sharing information on current and emerging security threats, addressing security issues and concerns in Microsoft products and services.
Oasis Network – Putting Security Research into Context
Context invite you to our next Oasis Network; a series of presentations showcasing our recent research efforts in areas ranging from economic espionage to Cloud security.
Save the date: Thursday 1st March 2012 from 3:30pm until 8pm at Shoreditch House, East London.
Please see the following link for further details: Oasis Network.
Apache releases security advisory following discovery of back door threat by Context researchers
Apache released an advisory on Wednesday 5th October 2011 to all of its customers following the identification by Context’s researchers of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and have published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. The blog also provides advice to mitigate the risks: http://www.contextis.com/research/blog/server-technologies-reverse-proxy-bypass/
Context Application Tool (CAT) Version 1.0 Released
Context Information Security is pleased to announce the release of its latest version of the globally esteemed CAT. Context is proud to be leading the way by developing the world’s leading Application Testing tool available to everyone for FREE. Security is a key component of any organisation, and Context is delighted to facilitate the movement towards a more secure business world.
More security problems for WebGL
Researchers at Context Information Security who exposed security flaws in WebGL last month have identified further concerns about early implementations of the new technology that allows web pages to draw fast 3D graphics to deliver a much richer experience to web users. In one example, a vulnerability in the Mozilla Firefox browser made it possible for malicious web pages to capture any screenshot from a target PC – including the user’s desktop, other web pages or applications. By revealing that none of the current implementations comply with WebGL conformance standards, Context also raises serious questions for Khronos, the consortium which has drawn up the WebGL specification and conformance tests.
Context uncover security flaws in new WebGL technology put PCs and data at risk
Context researchers have uncovered serious security flaws in the new WebGL technology that creates 3D graphics in a browser with the same speed and detail as hardware-accelerated PC games and applications. Context says that design level security issues give potentially malicious web pages low level access to graphics cards that could provide a ‘back door’ for hackers and compromise data stored on internet-connected machines.
WebGL is currently supported on Linux, OSX and Windows operating systems, using Firefox 4, Safari and Google Chrome browsers. In addition to desktops and notebooks, WebGL is also being adopted for use in other devices including smart phones and is rapidly increasing in popularity.
Context introduces new Cloud Security Assessment Service
In parallel with the release of our whitepaper “Cloud Computing – Assessing Cloud Node Security”, Context is pleased to announce the introduction of our new Cloud Security Assessment Service. As a result of the increasing popularity of Cloud computing, more and more Context clients have requested our support in helping to determine and improve the security posture of their Cloud-based systems.
Our new Cloud Security Assessment Service analyses the security of the client’s Cloud system from three different perspectives. Initially, we perform a security assessment of the Cloud system from an external, Internet-facing perspective. This involves the use of classic network infrastructure and application penetration testing methodologies. Due to the shared nature of the Cloud environment, we also assess system security from the perspective of a neighbouring, malicious node. This assessment includes network-based attacks and exploitation of shared resources in an attempt to gain access to the target system. Finally, Context conducts an audit of the security protection enforced on the node in order to prevent it from being compromised. This includes a node hardening assessment, a review of virtualisation security, an analysis of how the node is remotely administered and a review of the external and internal network infrastructure security related to the node.
Context Releases Whitepaper - Assessing Cloud Node Security
Cloud computing has become one of the buzzwords of the moment. The potential benefits offered by the Cloud make it an attractive business proposal to many organisations. But how secure is the Cloud and to what extent are its benefits tainted by the potential security risks?
In order to provide our client base with a better understanding of the technical security issues associated with Cloud computing, Context has undertaken a study of four major Cloud providers.
Context Information Security opens Australian Office
Context is delighted to announce the opening of our new office in Melbourne, Victoria on 1st February 2011.