News for 2012

Context selected for new Government ‘Cyber Incident Response’ scheme

5th November 2012

Context Information Security is one of the first four companies to be certified in a new Government scheme announced today that will help UK organisations respond effectively to the increase in cyber security attacks. The ‘Cyber Incident Response’ scheme launched by CESG, the Information Assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), is aimed primarily at the public sector and the UK’s critical national infrastructure as well as providing assistance to other parts of the private sector.

Read more about Context Response Services here.

Read more...

Context presents ‘Breaking .NET Through Serialization’ at Black Hat USA:

Context presents ‘Breaking .NET Through Serialization’ at Black Hat USA:

Serialization vulnerabilities can lead to data disclosure or remote code execution warns Context in white paper published today.

At this week’s Black Hat USA conference in Las Vegas, one of Context’s Principal Consultants, James Forshaw, will be presenting details of vulnerabilities discovered in the .NET framework that allow malicious remote code execution from within the .NET framework. James' white paper, ‘Breaking .NET Through Serialization’ is also available for download.

Read more...

White Paper: Tablets in the Enterprise – A Hard Pill to Swallow

In this white paper, Context principal consultant, Jonathan Roach, investigates the security failings in three of the most popular tablets, raising concerns for organisations looking to introduce BYOD (Bring Your Own Device). During the research the Samsung Galaxy Tab was found to have serious weaknesses that make it difficult to recommend for use in the enterprise. And while the iPad and Blackberry PlayBook performed better, both still have security problems including desktop software that does not encrypt backups by default.

More information can be found here. Read the whitepaper here

Read more...

Blog: SAP Parameter Injection - No Space for Arguments

This latest blog post, Context’s Michael Jordan details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated perspective. This vulnerability was patched in May 2012 and at the request of SAP, Context have delayed the publication of the details by 3 months. As we believe the vulnerability and the technique used to exploit it are technically interesting, we thought we would go into more depth than a typical advisory normally would.

Read the detailed blog post here.

Read more...

Context Highlights Weaknesses in VMware Protocol

Updated version of Canape featured at Ruxcon in live attacks.

Alex Chapman, a Senior Security Consultant at Context Information Security, will be demonstrating weaknesses in the VMware ESXi binary protocol at this week’s Ruxcon, Australia’s leading computer security conference in Melbourne. By using the latest version of Canape, Context’s powerful protocol analysis tool, Chapman will present various live attack scenarios against vulnerabilities in the VMware protocol.

Read more...

Exploit Packs, Zeus and Ransomware

In the latest blog post from the malware series, Context consultant Mark Nicholls looks at a recent development in the Zeus Trojan and an increasing trend in the use of exploit packs and Ransomware. The new blog focuses on both the increasingly popular Blackhole Exploit Kit and a recent feature addition to Zeus that leads to users being held to ransom.

Read the detailed blog post here.

Microsoft Releases Patch following Context Warning of Vulnerabilities in .NET

Microsoft has today released a patch for all available .NET frameworks to fix vulnerabilities identified by a researcher at Context Information Security. These vulnerabilities could allow malicious remote code execution from within .NET applications. The risks relate to the use of "serialization" techniques; a fundamental feature of .NET applications that allows data or objects to be easily transferred and stored. They range from the disclosure of information to full remote code execution - whether they are accessible remotely or contained within trusted sandboxes deployed within technologies such as XBAP or ClickOnce.

The patch makes changes to the workings of the serialization framework to mitigate some of the original design decisions that were taken during the development of the first version of .NET. This required a substantial amount of effort on Microsoft's part to fix the problem without introducing compatibility issues. Context first made Microsoft aware of the .NET vulnerabilities last March and has been working with them since then to help fix the issues.

Read more...

Dirty Disks Raise New Questions About Cloud Security

Research by Context Information Security has identified potentially significant flaws in the implementation of Cloud infrastructure services offered by some providers, which could be putting their clients’ data at risk. By exploiting the vulnerability, which revolves around data separation, Context consultants were able to gain access to some data left on other service users’ ‘dirty disks’, including fragments of customer databases and elements of system information that could, in combination with other data, allow an attacker to take control of other hosted servers.

Context tested four providers and found that two of them, VPS.NET and Rackspace, were not always securely separating virtual servers or nodes through shared hard disk and network resources. In line with Context’s responsible disclosure procedures, we immediately informed both providers of its findings. Rackspace worked closely with Context to identify and fix the potential vulnerability, which was found among some users of its now-legacy platform for Linux Cloud Servers. Rackspace reports that it knows of no instance in which any customer’s data was seen or exploited in any way by any unauthorized party. Context has tested Rackspace’s current cloud platform as well as its new Next Generation Cloud computing solution based on OpenStack, and has been able to confirm that the security vulnerability has been resolved. But other providers might be vulnerable if they use popular hypervisor software, and implement it in the way that Rackspace did before its recent remediation efforts.

Read more...

Context Release New Whitepaper: Crouching Tiger, Hidden Dragon, Stolen Data

Media reports show that targeted cyber attacks against government and commerce have been ongoing since at least 2003 and possibly some time before that. By far the largest sponsor of these attacks is the Chinese state. This is not a new problem; it is espionage with a different methodology.

Context has extensive experience of detecting and investigating targeted attacks and working with clients to help protect their data.

Read more...

Context Blog Provides Simple Fix to Protect Internet and Intranet Sites

Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker's malicious webpage to read information about the content and structure of the framed pages. The attack bypasses browser security restrictions that are meant to prevent webpages directly reading the contents of 3rd party sites loaded in frames.

Read more...

Context Serves Up New CANAPE Security Assessment Tool at Black Hat Europe

Context Information Security has been presenting its latest Windows security assessment tool at Black Hat Europe this week in Amsterdam. CANAPE extends the functionality of existing web application testing tools such as CAT, Burp or Fiddler in order to analyse complex network protocols.

"Testing and exploiting binary network protocols can be both complex and time consuming," says Michael Jordon, Research and Development Manager at Context. "In most cases, custom software needs to be developed to proxy, parse and manipulate the traffic; but CANAPE provides a simple user interface that facilitates the capture and replaying of binary network traffic, whilst delivering a powerful framework to develop parsers and fuzzers."

Read more...

Context Releases Whitepaper - Web Application Vulnerability Statistics Report 2010-2011

Two thirds of web applications tested by security consultants at Context Information Security in 2011 were found to be at risk from cross-site scripting and nearly one in five applications risked attacks by experienced SQL injections, according to the new Context Web Application Vulnerability report published today. The research also found that web applications developed for government, financial services and law and insurance sectors had the greatest increase in vulnerabilities. The findings come from penetration tests carried out on almost 600 hundred custom-built web applications. In total, Context discovered some 8,000 vulnerabilities, reflecting an increase in the average number of different security issues affecting each application from 12.5 to 13.5 between 2010 and 2011.

Read more...


© Copyright 2013 Context Information Security