CENSUS was one of the sponsors of FOSSCOMM 2016, the annual two-day conference in Greece that brings together the creators of Free and Open Source Software. During the first day of the conference, CENSUS ran a Capture The Flag competition, while on the second day our Director of Code Auditing services Dimitris Glynos delivered a talk on dealing with the Risk Perspectives of using FOSS.
The Capture the Flag session was based on an Internet of Things theme. The teams had to exploit a smartmeter, pivot to a billing system and from there collect the private key used for signing the electricity bills. The smartmeter hardware was emulated by means of a Linux kernel module while the smartmeter and billing web services were implemented in PHP and Python respectively. The smartmeter, billing and game monitoring systems were all hosted
at GRNET's okeanos virtual machine infrastructure.
The CTF support team and an overview of one of the CTF labs a few moments before the competition.
We are very happy with the response we got from the event; multiple teams from different backgrounds (students, developers, security consultants) participated in the contest and the winning team managed to capture the required
file only 20' before the end of the competition. It was also an exciting game to watch, as different teams led the way at different points in the game.
Members of the winning team of the CTF competition, the captured file and a moment from the award ceremony.
Our presentation on the next day focused on the Risk Perspectives of using FOSS within an organization. Just like with any type of software provided by (or developed with) third parties this comes with certain risks. The goal of this
presentation was to identify ways in which these risks can be minimized and perhaps shine a light on certain risks
that may be characteristic in FOSS development models.
Slides from this talk are now available here.
We would like to thank the organizers and support staff for a great FOSSCOMM 2016 conference.
Material from our previous participations in FOSSCOMM events can be found here.
We're looking forward to FOSSCOMM 2017. There's currently an open call for organizers available here.