Although more and more people are participating in the blockchain industry, because many people have never been in touch with the blockchain before, and have no relevant security knowledge, security awareness is weak, which makes it easy for attackers You can drill when you have time. In the field of blockchain security, there are several phenomena that allow everyone to realize the problem at a close distance.
The world of public chain has its own financial attributes, and there are money (coins) everywhere;
This world has not yet been endorsed by the state, unlike a bank, if something goes wrong, the national power will fix it;
If the coin is stolen, it is difficult to trace the source. As long as the attacker is a little serious, you can't find him.
Deeply speaking, in the world of this industry, the private key is the identity. Whoever gets the private key can obtain the wealth in it. In this world, regardless of the original holder of the private key, this is not something the world needs to think about.
Of course, the future will be different. We have already seen this in the EOS ecosystem. The special consensus mechanism in it can freeze or even return the lost wealth. Those who are interested can learn about ECAF and the 21 super nodes in the EOS ecosystem. . In fact, before EOS, there were exchanges' KYC and AML (anti-money laundering) mechanisms to carry out this kind of risk confrontation, as well as the BTI (blockchain threat intelligence) that we later launched. AML is an important module of BTI. These are all trying to find some sense of security in this world.
In addition to financial attributes, another attribute of blockchain that has been mentioned a lot is "decentralization", which seems to make it very difficult to try to make some kind of decision in it. But the world is subtle and changeable. The hard ones are not necessarily hard. Wise decisions will still get the general support of the community. As long as it looks really right, a hard fork is the big deal, and the community should split. Split.
We feel a lot of beauty in this world, and we also feel the dark side of human nature. In addition to a large number of technological and economic innovations, there are also a large number of political struggles that are much more primitive than the centralized world.
This world has its own "constitution" and its own governance mechanism. In the eyes of an attacker, I might even think that the coins I obtained with code vulnerabilities (such as a smart contract vulnerabilities) discovered by my skills, why say I am illegal? If the code is the law, my behavior should be recognized instead. It is me who promoted your efforts to strengthen the quality and safety of the code.
From a security perspective, this world is such a world, a world that is seriously insecure. Security is a must in this world.
It's all because people admire freedom extremely, in order to break the shackles of control and try to build a decentralized world that is not controlled by the government, but freedom is never equal to anarchism.
| The security of this world can be simply divided into two types:
The security attack and defense of the traditional system and the security attack and defense of the blockchain itself. For traditional security personnel, the threshold that needs to be broken is the security offense and defense of the blockchain itself, but the security offense and defense of the traditional system cannot be ignored, and it is often very important in many cases. These two types are one, otherwise the security of this world cannot be done well. It can be seen from this that to do a good job in the security of this world, the current threshold is indeed very high, but we feel that the future world will be as convenient as the current Web world, so imperceptible, so naturally, at that time, big Most security personnel only need to focus on business-level security, and others have teams with clear division of labor to focus on solutions.
| Similarly, hackers (attackers) in this world are also divided into two types:
Hackers of the traditional system and hackers of the blockchain's own system. It can be roughly understood like this: As long as the attacks in this world are specifically related to blockchain technology, such as: smart contract vulnerabilities, fake recharge, double spending, 51%, etc., most of them are related to the blockchain itself. The personnel have moved some evil thoughts. These people are hackers of the blockchain's own system. All of these can be roughly regarded as the behavior of hackers in the traditional system, such as phishing, business loopholes, Trojan horse implantation, social engineering, etc.
From the perspective of security, the traditional system and the blockchain itself are both important. The dike of a thousand miles collapsed in an ant nest, which is no exaggeration in the blockchain world.
Blockchain technology does not exist independently, so all aspects of security need to be covered. Cloud computing, big data, artificial intelligence and other technical resources are required courses.
This article is from the Internet, if there is any infringement, please contact to delete