Context Accredited for Government Cyber Incident Response Scheme
Context is one of the first companies to be certified by CESG, as an approved supplier of Cyber Incident Response services to UK organisations that have suffered attacks from the most sophisticated criminal or state-sponsored threat actors. The Cyber Incident Response scheme provides the public sector, the UK’s critical national infrastructure and private sector companies that impact on the country’s ‘economic well-being’, with access to Government-accredited suppliers delivering the highest levels of experience, ability and integrity.
Congratulations to James Forshaw
Congratulations to Context’s James Forshaw for coming up with a new exploitation technique to win Microsoft’s first ever $100,000 bounty! James already has had success with design level bugs he found during the IE11 Preview Bug Bounty, and Microsoft are thrilled to announce that he continues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the details of this new mitigation bypass technique until they address it, they are excited that they will be able to use these insights to better protect customers by proactively including defenses against these advanced techniques within future releases of their products. This knowledge helps Microsoft to make individual vulnerabilities less useful when attackers try to use them against customers.
Context: one of the first to be CPA accredited
Context is proud to be one of the first CPA accredited labs under the 2013 CESG Commercial Product Assurance (CPA) scheme.
CPA is essentially a certificated accreditation process for
products to be used by government, public sector and any industries requiring
UK government accredited networks. CPA certification enables product vendors to
sell their products into government and public sector departments, the wider
public sector and associated industry for use in communications networks
requiring IS2 and IS3 accreditation.
Having completed our first CPA certification in September 2013, Context is thrilled to have gained the full accreditation and is excited about all future opportunities in this field. This is an exciting and economical alternative to previous schemes such as Common Criteria, and this is an important added measure to ensuring the security of UK government infrastructures.
More information on CPA can be found here.
The Forger's Art: Exploiting XML Digital Signature Implementations
On the 13th September, Principal Security Consultant James Forshaw presented on “The Forger's Art: Exploiting XML Digital Signature Implementations” at the 44CON Security Conference in London.
Paul Stone is speaking at Black Hat USA 2013
Research - 24th July 2013
On the 31st July, Senior Consultant Paul Stone will be presenting “Pixel Perfect Timing Attacks with HTML 5” at the Black Hat USA security conference in Las Vegas. He will describe some new attacks against the latest generation of web browsers which can compromise the security and privacy of users.
After the presentation Context will make available full details of the research with the release of a whitepaper. This is the second year in a row that Context has been invited to present our novel security research to the global security community.
UPDATE - 01 August 2013 - Paul's whitepaper is now available to view in our research section.
Context approved for CESG Tailored Assurance Service
13th March 2013
Context is one of only three companies to be approved to provide consultancy and testing services for the CESG Tailored Assurance Service (CTAS). CTAS is designed to provide assurance for a wide range of Government, MOD, Critical National Infrastructure (CNI) and public sector organisations engaged in the procurement of IT systems, products and services. This could range from software, web applications and internal networks to mobile devices, cloud services and wireless systems.
“This is another major Government accreditation for Context and is a further endorsement of our expertise and testing services to help protect mission-critical applications and architectures,” said Alex Church, CTO at Context Information Security.