Thoughts on CyberSecurity, Blockchain and AntiAbuse
With the conclusion of the @utopian-io's Anti-Abuse pilot, there has been talk about the way forward with that project and I am excited about what I am hearing.
The topic of cybersecurity as it pertains to blockchain is being discussed. There has been a number of phishing attacks on Steem so there is certainly a need for greater awareness on the topic in addition to the moderation side of anti-abuse.
Below is a quick infographic on how to ensure that whatever front end you are using is legitimate such as steemit.com, busy.org, steempeak.com etc. This graphic is for Google Chrome but the process should be more or less similar on other browsers. Just look for the shield. 🛡️
One of the methods that a phishing attack can be conducted is redirecting users to a malicious copy of a legitimate site intended to steal your credentials. Verifying the certificate presented by the website is essential to ensure you are protected.
Don't get caught by the Man-In-the-Middle! Check your certs!
As a cybersecurity professional often working with mostly centralized and proprietary systems, I am VERY interested in how the principles and methodologies may apply to decentralized / open source systems.
I am familiar with the process of safeguarding sensitive systems, performing security audits, observing industry standards and applicable regulatory frameworks such as HIPAA or COSO. There is a lot of ground to cover when it comes to securing systems and it should be no different for those servicing blockchain technology.
Working towards establishing chain-agnostic standards for the certification of blockchain systems could behoove us. Furthermore, this can be especially critical for mainstream adoption and FUD resilience. This is particularly relevant in light of the present BCH fork controversy and hashing war. The publication of protocols and contingencies in the event of the common threats such as a 51% attack for any chain would build confidence. This is not only in the code but also the competence of the node operators to take appropriate action.
We have observed attacks on coins with a the PoW mechanism. It is not enough in and of itself to thwart sophisticated attacks by bad actors with resources. I am not an expert in this area by any stretch but consider the question:
Do we want our networks to be subject to the whims of any capricious whale(s) with the ability to gain hashing superiority? I think not.
What about other consensus algorithms?
I currently hold coins in PoW, PoS, and dPoS that I have acquired in small increments during my journey of learning about cryptocurrency. All have their strengths and weaknesses but I have not conducted detailed technical analysis.
No, I'm not talking about looking at red and green lines on a chart which I find to be the something akin to cryptocurrency soothsaying. Yes, I am skeptical of crypto market technical analysis as a "science" but see it more as a sort of smoke and mirrors. I digress.
Auditing these algorithms and systems operating on these networks whether they be clients or nodes is paramount. We need to explore all facets of the networks to be proactive. I am excited for more details to arise how we may contribute to this coming project and even serve broader blockchain community. We have a lot of bright minds on this chain so I am looking forward to the insight and learning more. Also, as a Certified Information Systems Security Professional, I may even be able to knock out some of my continued professional education hours.
Two birds, One stone. Anyone?
Do you have any thoughts on the topic?
Thoughtful comments will be upvoted.
As much as I would like to keep the information we share private. I don't think today in our ever changing world it is a possibility.
I trust that you will agree with me that they only way we can keep our lives and communications private would be to live in caves and communicate by beating on rocks.
This one issue of keeping our important information a secret is the the most important task in the future of the "internet of things".
Things are moving at such a rapid pace most are not considering the implications of the ever encroaching spy networks(governments) and cyber criminals that want our data.
If we can create the team a folks that can overcome this obstacle. Do the job to help everyone keep the data only in the hands of those who they want to have it. We will have accomplished a greater task than the guy who built the first transistor at Texas Instruments.
This is the most important issue in cyber security that exists. Most tools for encryption and data storage today have back doors built into them to make it easy for that data to be extracted. That is the first obstacle we have to overcome!
So, you touched on the confidentiality corner of the CIA Triad which is very important and you bring to mind the question of whether of not we can trust VPN service providers to ensure it.
Perhaps, open source VPN software would be a good idea. If there is transparency with the code, I doubt we would have to worry about anybody trying to sneak in a backdoor.
On the topic of data storage, there are blockchain projects that intend to answer that but scaling is an issue. I am most familiar with SiaCoin and the idea is you have data distributed across up to 21 hosts and the data can ONLY be accessed with your private key. Also, due to the distributed nature of the data, I believe it is fault tolerant as long as 7 of those 21 stay online.
I currently accept the risk of using OneDrive which was bundled with MS Office but I may consider giving renting from the SiaCoin network a try. It's still not a fully mature project but David Vorick and team have high ambitions. Looking forward to seeing it develop.
Maybe you're looking at hiding information the wrong way mate. Perhaps the trick is to let them have the majority of the information but hide its context.
Simple example. 8746352237 I am sure is someone's bank account number which I've just shown to the world, I could probably give you more details, but without one particular key detail. Its useless to you.
We need to pick and choose carefully what we protect and what doesn't really matter. I truly think this is the way forward in regards personal information security.
Potato. Potato. POTATO!
Personally I wouldn't spread yourself too thinly. Your expertise is in system- level security. Chasing spammers, abusers and bad actors requires less specialist knowledge.
You should put your expertise to its best use in my opinion for the betterment of the blockchain.
The story of my life, @nathen007. 😉
Currently, my job requires me to have and develop an incredibly broad range of skills which is both good and bad. It's stressful and I would be relieved to be able to specialize. My career has had an emphasis on system side (a bit of networking in there too) but my aspiration is to develop.
It has actually been my desire to code when I joined the military but I somehow ended up on the sysadmin / netadmin side of the house due to my desired MOS being phased out. My recruiter wasn't 100% forthcoming but I am a firm believer that things happen for a reason. Perhaps, those experiences can helpful as a learn the ropes to develop so to speak.
As for chasing spammers and such, that would be a tough one for me to break. It's like teaching a dog not to chase a squirrel. You're right, though. I probably ought to limit the amount of time I spend manually locating abuse and focus perhaps on developing better tools to assist others.
@steemflagrewards is a good start but I also would like to complete the vision of @flagawhale (project for community members to address whale abuse without fear of reprisal using a dedicated flagging account with aggregated SP) before maybe turning things over to the community to focus on other areas.
That's why you have dummies like me who carry out those grunt work.
Not going to fool me, Leonis. We already know you have talent. Also, we know the work of the grunt is very important. Maybe in the future we can work on having more bots working in the trenches instead.
And that's how SKYNET begins. :P
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
Hi, @anthonyadavisii!
You just got a 6.35% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Hi @anthonyadavisii!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 4.509 which ranks you at #1915 across all Steem accounts.
Your rank has dropped 9 places in the last three days (old rank 1906).
In our last Algorithmic Curation Round, consisting of 252 contributions, your post is ranked at #19.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Congratulations,
you just received a 12.72% upvote from @steemhq - Community Bot!
Wanna join and receive free upvotes yourself?
Vote for
steemhq.witnesson Steemit or directly on SteemConnect and join the Community Witness.This service was brought to you by SteemHQ.com