Editor: the king artful
On July 30, Facebook in the latest quarterly report to remind investors, they may not be due to many factors as scheduled in 2020 launched Libra digital currency, is the biggest resistance regulation,
And that most worries the regulator is Facebook faces a series of security problems, how to ensure the safety of users' privacy, how to prevent invasion of criminals...
Safety is the top issue facing the industry development, but there is no such thing as absolute security, only by making it more secure technology,
Wave surges, mud and sand flow together, in recent years, trading platform inside job, exchange of hacker attack, user account stolen, private key lost security events such as emerge in endlessly,
White hat link block chain security according to the report, released 2018 annual losses caused by block chain security vulnerabilities billions of dollars, at present, nearly 80% of the attack damage is based on the business level caused by the attack, the loss they present a index rising trend since 2017, by the end of the first quarter of 2018, the exposed security event has caused the loss of $810 million,
Attack can be roughly divided into four types of security incidents: consensus mechanism, intelligent contracts, trading platform and the user itself, the attacker main choose relatively weak data layer, network layer, layer consensus, extension layer and business layer to carry on the attack,
Block chain security and the traditional Internet security, has both generality, and have individual character, both the intersection, there are also differences,
Mozi safety lab CEO MiaoZhiQiu tell zinc block chain link, block chain security is not a new security category, it USES a lot of the traditional technology,
So, block chain between security and traditional security, most of the overlap, small block chain technology is unique characteristics,
From the underlying code for, traditional security and safety of chain blocks the same, but the above application layer security, security block chain with its own characteristics, such as the mechanism of consensus, make Internet centralized single point of attack, chain into blocks of widespread attacks,
If someone to attack a bank on the net, the Internet is to invade a computer server, net address, change the database,
In block chain, consensus mechanism is tampered with at least more than 51% of the nodes, because all nodes on a piece of code program, if the program itself has a loophole, can tamper with the large area of the node,
It is a typical event won't release the BEC, exploit, a large number of super hair, lead to BEC zero moment, the equivalent of an ant tripped and fell, an elephant
Quick to enter, rushed out
Chain security company number and the block is closely relative to the development of chain industry, from 2017 to early 2018, block chain industry in hot stage, project to do a lot of people crowded come in, increasing demand for safety, so many blocks conveniently, chain security company mainly has three categories:
Is a traditional security industry transformation over security services, such as know the yu, white hat link;
Another is the new power of safety strap, because of the block chain led to a new demand also joined the new scene, such as the chengdu chain Ann;
Then there is the Internet security giants, such as 360,
Their early opened for safety research situation, with the security services, security development cut into the market, services are mainly concentrated in the audit contract, exchange security, wallet safe, chain security, black is produced, threat warning, and other fields,
Similar to the development of the Internet security, security block chain early holes is relatively less, but as the technology matures, the growth of the business scenario, security incidents will also increase gradually,
With the transfer of business hotspot, which technology to use, the more security company the direction of the research will change accordingly,
In 2018, the etheric fang, led intelligent contracts is the focus, many people go to the research of intelligent contracts,
White hat, co-founder, director of security Deng Huan tell zinc links, "intelligent contract is very simple, like the etheric, hundreds of lines of code to write an application, issue a scrip, some project issued tokens, based on a template to change a few parameters, as long as there is something wrong with the template, several kinds of tokens are problems,"
As the breakthrough point is more and more deep, Revelations to design concept, a lot of chain business logic problems, first of all in the contract or economic model design will exist loophole, being used, moreover, the underlying security issues will also increase gradually,
Players more, nature will produce bubbles, know gen yu CTO and COO Yang Jilong told zinc links, in good times, there are a large number of malicious competition, such as, contract audit service and even the price war, leading to the value of security products and services is very cheap, in addition, cut chives project very much, "some of the so-called security demand may not care about their safety, but just want to send money to buy a security endorsement",
Bubble within a year were to pop, in 2018, digital currency from the beginning of total market capitalization of $488.9 billion, fell to $108.1 billion on December 13, decreased by 77.89%,
Block chain industry began to shrink, people pay less and less, only five or six players head on the market, some new safety entrepreneurial teams have disappeared, most of the security company also reduced the corresponding input or consider transformation,
Slowly, the people who come in that chain block to the development of the ecosystem, and practical application, there is still a long way to go, do not do the practical work of the team, can't make a profit in the short term, if the actual projects, such as financial, traceability, etc., may in the short term can't rapid fall to the ground, requires a relatively long time, some people are backed out,
Deng Huan tell zinc links, the phenomenon is, many block chain companies quickly to enter, and a quick exit, the industry must be business first, market hold up just can have security requirements, otherwise, the project party can't feed yourself, security companies can't survive, more
Less attention, slow development of block chain security
Recently, money stolen 7000 BTC events, Deng Huan thinks, bigger problems at present stage, is on the low importance attached to the security industry, and even head enterprises is not exceptional also, let alone the small and medium-sized enterprises, the problem is more, in such an environment, block chain security company's development is very slow,
In the process of business ground, Yang Jilong also encounter these difficulties,
Before the first, market regulation, unclear, the company made a lot of things are feeling the stones across the river, as the beginning of the year "block chain information service for the record management approach", in the regulatory or need to actively communicate with regulators,
Second, market volatility is too big, from the beginning of 2018 dollar price is at a record high, to the collective unity for the winter at the end of 2018, most of the block chain practitioners should, lead to some projects do half stopped,
Third, there is no unified standard, not like a mature technology, has a complete specification reference, each block chain security team to put forward from the viewpoint of their understanding of security, to help clients with the services, to ensure the quality of service,
In order to solve this problem, know gen yu lian block chain upstream and downstream industry chain as well as the relevant regulatory authorities, combined with their experience and accumulation, and puts forward some security evaluation criteria, such as "smart contract audit Checklist" and hardware wallet rating standards, at the same time also involved in the relevant industry standards, but, after all, block chain security start time is shorter, also need to continuously improve in practice,
Slow fog technology partner and product owner and tell zinc rich links, in the chain of blocks in circles, less number of users, when you launch a number of products and applications, really come into contact with the user is not much, plus some users threshold is higher, need some background knowledge, lead to can not get a lot of user feedback, the valid data of feasibility to less, products have no way to gain quick recognition,
Chengdu chain Ann Yang xia told zinc links, founder of the current block less ecological chain, the user's focus is on the business logic, the attention to security is not enough, should draw lessons from the traditional information system construction, strengthen the industry's safety education, using the latest security concept, namely synchronous business system and security system construction, synchronization, synchronization operation,
Yang xia thinks, security products currently focuses on the solution to the problem of some point, need with the floor of block chain technology and scale of application of synchronous development, gradually formed block chain industry of the whole ecological security solutions,
Build community, to build ecological safety
When fraudulent bubbles, consensus is cleared after the block chain technology will be more accord with human nature, there will be more innovative companies and good people to join in, jointly build a healthier block ecological chain,
At present, chain blocks 5 players head are respectively in the field of security shield, white hat and know the yu, slow fog technology, chengdu chain,
In the face of difficulties block chain security, they also chose different development direction,
Gen yu sent shield, you know, slow fog with chengdu chain Ann, wants to be a block chain of ecological security,
Send shield hole mining capacity in a line level, its r&d centers in silicon valley, Jeff says, head of vulnerability monitoring covering the bottom chain, exchange, digital wallets, smart block ecological chain of each link such as contract, continuous discovered and named by the BEC, SMT, EDU and other intelligent major security breach contract,
Yang Jilong to zinc link know gen yu mainly cloud security protection + professional block chain service as the core, to solve the underlying infrastructure to application layer security problems facing in intelligent contract and DApp,
Know gen yu has the advantage that coverage is wide, from node, chains, intelligent contracts, DApp application, basic full cover to block chain wallet safe,
As the earliest Chinese ecological security company, focused on the block chain slow fog technology specialty is actual combat capability is strong, has a more than ten years line network security defense combat team,
Its security solutions include: security audit, security adviser, defenses, threat intelligence (BTI), vulnerability bounty supporting services and related security products, such as
In addition to the world famous chain such as COINS, etheric lane, slow fog are particularly deep etheric fang and EOS ecological and surrounding DApp security defence, security audit and defense of hundreds of well-known smart contracts,
Ann's goal is to build chengdu chain block industry chain of the whole ecological security solutions that cover the chain platform, exchange, wallet, a user block chain industry such as participants,
Company established a comprehensive middle block chain safety oriented data, provide the upper security products is rich, accurate data support and cooperation with countries block chain loophole sharing platform and set up its own threat intelligence community to build the library, to provide intelligence support for other security products,
White hat thinking is cut into the community, in the field of traditional security, white hat link to support a lot of government regulators security project; In the field of security block chain, white hat link established the DVP decentralized platform, to do in traditional security vulnerabilities community ideas into the block security industry chain, to provide legal channels, security personnel and project docking party submit bug - security personnel, project according to the level of vulnerability to the reward,
, platform has identified 4000 + loophole, involve the exchange, and chain and intelligent contract various aspects, better known D network exchange, etheric fang male chain was discovered by the DVP white hat, such as a serious problem, recently, white hat link is in communication with regulators, establish industry standard safety of chain blocks,
Rev tell zinc rich link, the future block chain attack-defense confrontation in the field of security will be worse, as more large-scale users to enter, there will be more assets on the block chain, the attacker will keep staring at the exchange platform, such as purse, there will be many more similar hardware vault of means to ensure the safety of the huge assets,
In addition, with the male chain of underlying design is more and more perfect, the underlying foundation of the problem will be less and less, in the operation of the intelligent contracts will be more and more security, can avoid overflow and so on the basis of the problem, the regular holes will be less and less, will focus on the business logic, application scenarios,
Technology is often the second, that is a lot of problems in the management and system, process, MiaoZhiQiu said that security circles have a saying that three points seven technical management, too dependent on technology, not the mind, just keep the machine, finally can't really solve the problem,
In the end, the steadfast let fall block chain technology application, to solve practical problems, is the most important thing,
CodePudding user response:
Really very useful