24 April 2012: Research by Context Information Security has identified potentially significant flaws in the implementation of Cloud infrastructure services offered by some providers, which could be putting their clients’ data at risk. By exploiting the vulnerability, which revolves around data separation, Context consultants were able to gain access to some data left on other [...]
19 March, 2012 – Context Information Security has presented its latest Windows security assessment tool at Black Hat Europe in Amsterdam. CANAPE extends the functionality of existing web application testing tools such as CAT, Burp or Fiddler in order to analyse complex network protocols. Michael Jordon, research and development manager at Context, said, “Testing and [...]
March 14, 2012 – Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that lets remote attackers steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to [...]
Two thirds of web applications tested by security consultants at Context Information Security in 2011 were found to be at risk from cross-site scripting and nearly one in five applications risked attacks by experienced SQL injections, according to the new Context Web Application Vulnerability report.
Increasingly sophisticated financial malware such as the Carberp Trojan is becoming more and more difficult to detect and eliminate, warns researchers at Context Information Security. Designed to steal log-in and account information and harvest credentials for email and social-networking sites, Carberp, like its more well know predecessors Zeus and Spyeye, infects machines through malicious files such as PDFs and Excel documents or drive-by downloads.
The Apache Software Foundation has issued an advisory to all of its customers following the identification by researchers at Context Information Security of a new class of security vulnerability that could let hackers gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies.
Context Information Security, an independent security consultancy specialising in both technical security and information assurance services, who exposed security flaws in WebGL last month, has identified further concerns about early implementations of the new technology that lets web pages draw fast 3D graphics to deliver a much richer experience to web users.