Intelligent agreement flaw 100, bourse is atttacked often, area of only half an year piece catenary safety incident exceeds 2 billion dollar with respect to the loss, actually, bit money is mixed area piece catenary from be born to rise momently then, accompanying human test, hacker of white hat Or, different choice can bring different zoology environment.
Origin | Author of storm finance and economics | Forsythia suspensa
Home is top class and at present safe talent year income can be amounted to 1 million, but major person follows do " black produce " income photograph of the hacker is compared still is day of poor ground not, almost the white hat with every higher level, had gotten come from black the temptation that produce, but most person refused.
These days, an American that is called John Maikefei was immersed in a trouble.
When July, he rolls out Bitfi of purse of money of a bit, alleging is the hardware purse of the first indestructible, announce who can defeat solution this purse, will reward 100 thousand U.S. dollor.
Be less than a week, bitfi purse by person breach, however Michael humble begins palter. On August 31, another hacker announced the more detail of painful hammer Bitfi. Michael humble is confused, say " my department can make comprehensive outgiving to all problems, include money reward to pay program, time is in next week. Time is in next week..
Michael poors shabby-genteel, because his interest is too large,be, the Michael humble that he is global widely known kills the father of poisonous software, michael him humble ever still entered into an election contest with the stage with Telangpu American president, the second is hit now face, want resistance of risk one's life for certain.
Nevertheless we also can see, the security can care of area piece catenary, the purse that design of company of so big card comes out also can be defeated to solve easily. Actually, bit money is mixed area piece catenary from be born to rise momently then, it is the fat in hacker eye all the time, bourse is attacked again and again, intelligent agreement flaw 100. As the area piece catenary applies a purpose to increase, all the more of problem of safety of area piece catenary is pressing.
Loss of incident of safety of area piece catenary exceeded 2 billion dollar first half of the year 2018
White hat collects safe academy BCSEC is a dedicated area piece the orgnaization of catenary safety zoology, father is inspector general of department of 360 websites safety before Zhao Wu. Bai Maohui released trends of pair of safety of area piece catenary recently evaluate a report, can see from inside report chart, 2017 to 2018, problem of safety of area piece catenary is steep add.
Chart shows, to this year till August, area piece catenary has caused the loss of more than 2 billion dollar in the whole world. Be in among them item of area piece catenary is the hottest the loss is maximum April, exceed 1.1 billion dollar.
And will look from the drop that suffers attack easily, trade platform and intelligent agreement are atttacked the most easily.
Arrive from intelligent agreement code audit, arrive again from node consolidate sink a test, safe problem is perplexing practitioner all the time.
Bai Maohui combines father Deng Huan to say, the main reason that at present area piece catenary suffers attack easily is professional qualified personnel of area piece chain is too little, more business start off before the others, what safe when designing business detail considers is not perfect, and the technology of project backside is not sound, produce a large number of flaw.
At present " the ability that the whole world is engaged in doing intelligent contract audit thousands of person, the whole world that can make audit of fair catenary safety truly does not exceed 100 people. " he discloses. Meanwhile, the whole world has orgnaization of catenary of more than 10000 area piece, this limited person with ability arrives dispersedly in each orgnaization is an utterly inadequate method in dealing with a severe situation.
Accordingly, at present industry of area piece chain needs a large number of safe staff. What network security company is located in whole Internet is the most topmost, at present the whole nation does the company of safety of area piece catenary to have 56 only, the whole world also is not worth a hunderd schools.
"Essential busy come nevertheless. " Deng Huan says, "The intelligent agreement of manufacturer had flaw, need issues new contract, do map processing next. Sit to be killed in order to wait for otherwise, because be on catenary,cannot change. Because be on catenary,cannot change..
Be in at present domain of safety of area piece catenary, what still also do not have occurrence maturity is safe kind of product, more it is to rely on the kind that serves at provide security artificially.
But, although invited a company to do safety, the domain that personnel of every company technology is good at is different also, cannot defend to what the project undertakes 360 degrees, should appear only a serious problem with respect to enough smash is whole network of area piece catenary. Want hundred ground to enclothe each rothole, need as far as possible much group has put heads together so as to get better result. To majority company, invite so much group not actual.
The center that there had been and so on of HackerOne, filling day on market at present changes flaw platform, these platform joined white hat (network safety investigator) with Internet manufacturer, pay cost to collect the means of flaw through the manufacturer, arouse white hat to help the enterprise discovers and the enthusiasm of repair flaw.
But platform is changed to go up in the center, have dictatorship to flaw by platform and manufacturer, white hat cannot ensure his rights and interests, the privacy of manufacturer and white hat is divulged easily also, and the platform that the center changes also can be closed to stop by influence orgnaization random.
Be based on this, bai Maohui combines another safe company to send aegis science and technology, initiated a community that the name is DVP, DVP full name is Decentralized Vulnerability Platform (go to a center changing flaw platform) , union is current the character of area piece catenary comes compose builds to let manufacturer and bridge of white hat connective, white hat of the whole world can refer flaw on platform, each manufacturer but proper motion claim, manufacturer also can be on platform offer a reward.
"Flaw digs mine namely. " Introduction Deng Huan, the manufacturer needs to specify the asset limits of safe audit and level of offer a reward, stock cash pledge agreement; white hat to be able to refer area piece catenary in DVP platform relevant flaw and minatory information, examine flaw examine and verify and claim plan at any time, corresponding award can be won after be being used.
To ensure the just sex of whole technological process, DVP platform can have flaw news fair key is added close, manufacturer of area piece catenary can be decoded through illicit key get report content detailed information. Should affirm this flaw is not had after be being used by accident, offer a reward rewards the address of the person that will infiltrate this flaw is referred automatically.
For the promotive plan of money of convenient and different number, DVP prepares to make a fictitious integral system is (be similar to a card) . Before zoology is formed formally, at present DVP platform rewards the ETH of certain amount in the light of the white hat that discovers flaw.
A month discovers 1200 many flaw
DVP platform operation after period of time, deng Huan discovers flaw is too much amazedly, "Like bolt. " he is described.
Platform at the line on July 24, 2018, there are more than 10000 white hats on platform at present. Up to on August 20, get 1231 hole that white hat offers in all. Among them, flaw highs in 252, tall danger flaw 399, serious flaw 1, involve 509 projects firm.
Flaw basically comes from the project such as bourse, purse, fair catenary, there is no lack of among them aether lane, only catenary such famous area piece catenary platform.
Even if be net of tiger of bit king bourse, money such famous platform, also put in a lot of risks extremely tall flaw.
Deng Huan expresses, serious flaw can be brought about commonly refuse service, direct get information of systematic attributive, serious level to divulge, can cause severe pecuniary loss. Tall danger flaw is visit of exceed one's authority more, the user identity information in business of key of can direct purloin, high risk logic designs blemish. First the bourse of the Hei Bangzhong of exposure all is put in capital loss risk, embezzle distort risk, privacy divulges a risk.
He still discloses, a lot of bourse flaw are long after the bulletin not repair. Among them the risk ranks the bit king of the 2nd, only, its trade clinch a deal the forehead can amount to 160 million RMB, in addition, the platform such as Coin88 cannot be contacted more completely, also cannot undertake to its flaw is reported, the risk is great for this pair of investor.
The safe question with area piece the biggest chain comes from human nature
Although technology of area piece catenary is faced with a variety of menace now, but on the algorithmic safety that developer went to much energy investment to compare ground floor, at present technology of area piece catenary looks still is hard shake.
Pass close the safe incident of paragraph of time, deng Huan discovers safe problem actually more and more incline to at level of user, platform, the safe problem of area piece catenary is already outspread arrived the problem such as safety of traditional network security, infrastructure, mobile information, among them the most apparent is problem of social engineering attack, seriousness exceeded technical charge even.
Social engineering is atttacked, it is the weakness of sex of hacker benefit choose and employ persons and habit, cover the crucial news that takes people, seek profit then. The first hacker of world Kevin? Mitenike is in " beguiling art " in Ceng Di arrives, factitious element just is safe soft costal region.
A lot of companies throw heavy gold on information safety, the cause that causes data finally to divulge is in however person itself. To the hacker, permeate broken solution remotely to obtain data through the network, the likelihood is most troublesome method. And the blame technology that obtains information through the means that human communicating permeates a medium effective however, and efficiency is very tall.
This year when March, staff of company of science and technology of Internet of Beijing Haidian Ou Mou uses a post to facilitate, through using administrator attributive purloin money of 100 bit of this company.
It is this year likewise in March, xi'an Zhang Mou lost on 100 million yuan fictitious money, 3 crime suspect ever was staff member of company of science and technology of domestic famous network.
Advantage of the conventional phrases when interview, post, play the part of professional adviser to give computer long-range hand, even badger game, make the instrument that social engineering atttacks likely. Imperceptible perhaps, you give opposite party the photograph transmit that took him illicit key.
A flock of what kind of people is white hat after all?
In mental view of a lot of people, white hat is very mysterious group, actually they are only a flock of passion of the technology extremely guest. Father Zhao fierce of Bai Maohui ever was " a list of names posted up in Chinese hacker a list of names posted up " go up the character of a list of names posted up, now is more than 10000 white hats " be the first eldest brother " . Him Deng Huan is more the kind that carries self-study entered information safety field.
In last few years, as a result of network safety incident frequency is sent, white hat people the land that had use force, but be oppugned easily also. Before a few months, when the 360 flaw that discover EOS, BM says the behavior of 360 is to creating panic. And when common white hat refers flaw to the manufacturer, also can be oppugned for money. Actually most circumstance falls, white hat people seeking loophole is to the level raises in practice.
Home is top class and at present safe talent year income can be amounted to 1 million, but major person follows do " black produce " income photograph of the hacker is compared still is day of poor ground not, almost the white hat with every higher level, had gotten come from black the temptation that produce, but most person refused.
To this, safe expert ever also expressed inside another course of study, "The value of safe white hat all the time since be underestimated badly, take the move and ability, profit that yields not to match. And the white hat of redound far outclass that hacker attack gets. Discover a safe flaw when technical personnel, may more person is willing to choose to seek profit for oneself when the hacker, is not the white hat that safeguards justice. And without safety, why to talk about area piece catenary? Why to talk about area piece catenary??
So, how to reflect the value of white hat better, no matter be returned to the manufacturer,be to white him hat for crucial. Expect DVP platform can use the technology such as area piece catenary to improve the relation between white hat and manufacturer, future forms the community of safe modes of life and relation to their environment of a true autonomy.
