Microsoft Releases Patch Following Context’s Warning of Vulnerabilities in .NET that Could Allow Data
Disclosure or Remote Code Execution

Microsoft has today released a patch for all available .NET frameworks to fix vulnerabilities identified by a researcher at Context Information Security. These vulnerabilities could allow malicious remote code execution from within .NET applications. The risks relate to the use of "serialization" techniques; a fundamental feature of .NET applications that allows data or objects to be easily transferred and stored. They range from the disclosure of information to full remote code execution - whether they are accessible remotely or contained within trusted sandboxes deployed within technologies such as XBAP or ClickOnce.

More information can be found here

Dirty Disks Raise New Questions About Cloud Security:
Rackspace resolves issues but other cloud providers still pose risks for customers

Research by Context Information Security has identified potentially significant flaws in the implementation of Cloud infrastructure services offered by some providers, which could be putting their clients’ data at risk. By exploiting the vulnerability, which revolves around data separation, Context consultants were able to gain access to some data left on other service users’ ‘dirty disks’, including fragments of customer databases and elements of system information that could, in combination with other data, allow an attacker to take control of other hosted servers ¹.

Read the detailed blog post here.          More information can be found here

Context Serves Up New CANAPE Security Assessment Tool at Black Hat Europe

Context Information Security has been presenting its latest Windows security assessment tool at Black Hat Europe this week in Amsterdam. CANAPE extends the functionality of existing web application testing tools such as CAT, Burp or Fiddler in order to analyse complex network protocols.

More information can be found here

Download CANAPE here.

Context Release New Binary Network Protocol Testing Tool CANAPE:

Testing and exploiting binary network protocols can be both complex and time consuming. More often than not, custom software needs to be developed to proxy, parse and manipulate the traffic. CANAPE is a new Windows tool we are releasing at Blackhat Europe which takes the existing paradigm of Web Application testing tools (such as CAT, Burp or Fiddler) and applies that to any network protocol. CANAPE provides a user interface that facilitates the capture and replaying of binary network traffic, whilst providing a framework to develop parsers and fuzzers.

More information can be found here

Download CANAPE here.

Context Blog Provides Simple Fix to Protect Internet and Intranet Sites

Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker's malicious webpage to read information about the content and structure of the framed pages.

More information can be found here

Read the detailed blog post here.

Dirty Disks Raise New Questions About Cloud Security:

During our research last year into Cloud Node security we identified a security vulnerability affecting some customers at Rackspace and at VPS.NET, which were two out of the four providers we tested. Subsequent research found that VPS.NET’s service based on OnApp technology used by over 250 other providers, some of whom may share the same vulnerability. While Rackspace know of no instance of customer data being compromised through this vulnerability, they asked us to delay publication of its findings until Rackspace engineers could fully remediate the vulnerability and secure their customers. Rackspace recently completed those remediation efforts, and worked with us to publish our full findings, in hopes that they are helpful to other Cloud hosting providers and their customers.

Read the detailed blog post here.

App - Framesniffing against SharePoint and LinkedIn

Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker's malicious webpage to read information about the content and structure of the framed pages. The attack bypasses browser security restrictions that are meant to prevent webpages directly reading the contents of 3rd party sites loaded in frames.

More information

WhitePaper: Web Application Vulnerability Statistics 2010-2011

Over the past two years Context have been amassing statistics on a range of IT security activities based on the output of real-world IT security consultation engagements. One of the most common activities performed during this period has been web application penetration tests. This whitepaper will provide a unique insight into the state of web application security, presenting penetration test analysis from a dataset containing nearly eight thousand confirmed vulnerabilities found in almost six hundred pre-release web applications during the period January 2010 and December 2011.

More information

Malware 2 - From Infection to Persistence

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation techniques to exploit issues in Adobe PDF reader to download an executable from a known malicious URL. In this post I will look at how the malware sample persists on the infected host using stealth, anti-debugging and common userland hooking and rootkit techniques.

Read the detailed blog post here

HTTPS BEAST Attack

A number of our clients have asked for advice regarding the HTTPS BEAST attack. This blog is intended to give a more realistic overview of what the attack means to those who are concerned with the effect that it may have on their web applications, and answer some of the questions received.

BEAST is short for Browser Exploit Against SSL/TLS. This vulnerability is an attack against the confidentiality of a HTTPS connection in a negligible amount of time. That is, it provides a way to extract the unencrypted plaintext from an encrypted session.

Read the detailed blog post here