The Fornetix team wants to congratulate Kian Bradley, client developer, after he earned first place in the cryptocurrency capture the flag (C3TF) at this year’s BSidesNoVA hacking conference. The competition focused on real world challenges related to crypto currencies such as smart contract exploits, forensics, wallet exploits, and more issues unique to this growing industry.
After his win, Kian described the security risks of cryptocurrency and the steps being taken to mitigate them:
“Cryptocurrency is a rather unique domain within modern computing,” says Kian. “We now have ways to programmatically transfer money in a completely untrusted environment. This enables an interesting new paradigm of computing – it is possible to create financial contracts written in code instead of legal language.
Unfortunately, this also opens up a whole new class of software vulnerabilities. Contracts that perform payments will execute exactly how they’re written; that means any bugs in the code are now bugs in the contract. C3TF is geared towards finding exploits in cryptocurrency contract code.
In the Solidity contract programming language, there are plenty of ways to make mistakes. These can range from obvious bugs like forgetting to mark functions as ‘private’, to much more insidious ones such as failing to account for integer overflow; or relying on security-through-obscurity, simply hoping that no one will reverse engineer the contract and find a backdoor. C3TF was a great way to explore these bugs in a safe environment. The competition is set up in a way where everyone is working on a test network, trying to find bugs in simulated contracts rather than ones with real money behind them.”
The second annual BSidesNoVA conference was held February 23-24th in Herndon, VA and featured talks from numerous industry thought leaders, security workshops, competitions, and networking. The community-driven events hosted by BSides seek to promote an intimate atmosphere that encourages close collaboration among participants as they discuss the “next big things” in the cybersecurity world.
“Fornetix provides an environment where people excited about the overall security industry can share ideas and thrive,” says Jon Mentzell, VP of Product Development at Fornetix.
“We have regular discussions between teams on the concepts that make cryptography work at scale. Everything from PGP (Pretty Good Privacy) certificates to blockchain concepts are discussed freely as opportunities to learn. Fornetix encourages participation in the security industry as a central tenant of “learning is doing.” By actively participating in events such as Security BSides, the entire cyber-security community is able to gain the knowledge necessary to stay ahead of potential threats.”
Fornetix® VaultCore™ is a groundbreaking cybersecurity solution designed to unleash encryption’s full potential by simplifying key management. Fornetix empowers organizations to build a data security strategy with encryption as the strong foundation. Safeguard sensitive information with a system backed by granular policy tools, user access controls, and powerful automation. VaultCore is a scalable and flexible solution that can manage hundreds of millions of encryption keys while integrating seamlessly with existing technology investments.
Note: This entry has been edited to reflect the ‘Key Orchestration’ solution name becoming ‘VaultCore’