You are viewing a single comment's thread from:

RE: EOS BP Security Statement

in #eos3 years ago (edited)

The vulnerability you are pointing to is in the net_api plugin, not in the EOS-BIOS software.

I'd rather see a transparent, consensus oriented, well orchestrated launch, than one obscured by a VPN system among a group of BP's.
I've never been an advocate of "Security by Obscurity" especially when BP's are suppose to act with complete transparency.

But I would wait to see EOS Canada's debunking of this issue before making further comments.

Sort:  

The plugin in question in fact had some dependancies at the time of announcement though. A time when they were only days away from launch.

The Ghostbusters/ Trinity group had serious concerns that this could slow down the launch of the chain ultimately - which ended up actually happening. Now the Ghostbusters/Trinity group are the CORE group launching the chain.

That says everything you really need to know about all this.

End of story.

why I am not surprised. first thing they have to do is to behave like professionals and act securely. bps must realise they are not 'talking' to the community only, nor the other bps; they are talking to their future hackers. bring down the youtube videos sharing screens and commands please and stop being careless. if you care about the community be secure. and if you care more, be more secure. you'll never tweet, share your name or your email because that would be insecure. and you would reset your router each day like a pro.

Relying on hackers not knowing how to hack your system (also known as "security by obscurity"), doesn't work. You can safely assume hackers to know and understand your system well. Hence you can not hope for hackers not attacking your system.
What this group have published is nothing secret but standard functionality.
Besides these concerns were raised in smaller group conversations for some time now but no actions were taken to remedy security concerns.
And while marketing was winning technical side of this argument - we had to make these facts known to a wider community while keeping in mind it may make some people unhappy.
Ultimately our goal is successful launch of EOS Blockchain and a duty to EOS token holders.