360 blockchain security evaluation

1. Security in blockchain comes from some attributes< Mining blocks need to use resources< Br > 2. Each block contains the hash value of the previous block< Br > imagine if the attacker wants to change the chain by changing the transaction five blocks ago. If they tamper with the block, the hash value of the block changes. Then the attacker must change the pointer from the next block to the changed block, and then change the hash value of the next block... This will continue until the end of the chain. This means that the farther the block is behind the chain, the greater the resistance to change. In fact, the attacker has to simulate the hash capability of the whole network up to the front end of the chain. However, when the attacker tries to attack, the chain continues to move forward. If the attacker's hash value is lower than the rest of the chain (< 50%), they will always chase and never proce the longest chain. Therefore, this type of blockchain can resist attacks, where the attacker's hash value is less than 50%< Br > when attackers have 51% hash value, they can rewrite the network history with a list of valid transactions. This is because they can recalculate the hash value of any block sort faster than the rest of the network, so they can ultimately guarantee a longer chain. The main danger of 51% attacks is the possibility of double spending. This simply means that an attacker can buy an item and show that they have paid with any number of confirmations on the blockchain. Once they receive the item, they can reorder the blockchain so that it doesn't include the send transaction and get a refund< Br > even if the attacker has more than 50% hash value, the attacker can only do so much damage. They can't do things like transfer money from the victim's account to their account or print more coins. This is because all transactions are recorded by the account?? Account owners sign, so even if they control the entire network, they cannot forge account signatures.

2. Tencent must be the security leader of the blockchain, with security guaranteed, and refine the public components of the city level blockchain application to meet the landing needs of the trusted blockchain instry in different scenarios.

3.

Recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

In the early morning of May 29, 360 reported this kind of vulnerability to EOS official for the first time, and assisted it to repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these problems are fixed

EOS super node attack: the virtual currency transaction is completely controlled

in the attack, the attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security vulnerability. The attacker then uses the super node to pack the malicious contract into a new block, resulting in the remote control of all nodes in the network (alternative super node, exchange recharge withdrawal node, digital currency wallet server node, etc.)

because the system of the node has been completely controlled, the attacker can "do whatever he wants", such as stealing the key of the EOS super node and controlling the virtual currency transaction of the EOS network; Obtain other financial and privacy data in the participating node system of EOS network, such as digital currency in the exchange, user key stored in the wallet, key user information and privacy data, etc

What's more, an attacker can turn a node in the EOS network into a member of a botnet, launch a network attack, or become a free "miner" to extract other digital currency

source: Science and Technology News

4. It must be Tencent's security leading blockchain, which is really a good platform. At present, it has been implemented in many scenarios, such as social welfare, government data sharing and exchange, electronic access certificate, supply chain traceability, etc.

5. At present, many friends are in asproex (Apollo). The management of their family is composed of blockchain elites, bank executives and blockchain technology teams. They have rich experience in the blockchain instry and can learn more about it.

6.

It was reported on May 29 that recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

the hidden dangers of blockchain network security need to be paid attention to

EOS is a new blockchain platform known as "blockchain 3.0". At present, its token market value is as high as 69 billion yuan, ranking fifth in the global market value

in the blockchain network and digital currency system, nodes, wallets, mines, exchanges and smart contracts all have many attack surfaces. 360 security team has found and exposed several serious security vulnerabilities for digital currency nodes, wallets, mines and smart contracts

this time, the 360 security team found a series of new security vulnerabilities in the smart contract virtual machine of EOS platform, which is a series of unprecedented security risks. No security researchers have found such problems before. This type of security problem not only affects EOS, but also may affect other types of blockchain platforms and virtual currency applications

360 expressed the hope that through the discovery and disclosure of this vulnerability, the blockchain instry and security peers will pay more attention to the security of such issues, and jointly enhance the security of the blockchain network

content source: surging news

7. Virulence

we first upgraded the virus library, and then began to test its anti-virus performance: We used the sampling method to test, and collected a total of 126 virus sample files, including multiple virus types. The result of the test is: a total of 126 virus samples, 360 security guards investigated 118 threats, of which 115 can be cleared, and 3 files cannot be cleared

maybe we can't make an intuitive evaluation just by looking at such data_ So we tested several other anti-virus software at the same time and summarized them:

from the above, we can see that 360 anti-virus can successfully clear 115 virus samples, and the results are OK, but there are still 11 samples that can't be processed, so the anti-virus performance must be further improved; If compared with other software, the processing level of 360 antivirus on virus samples can only be considered as the lower middle level

viewing speed

what is the scanning speed of 360 antivirus? We use it to scan a 1.43gb directory, which contains 283 files. The test result is time-consuming. As a result, you may think that the test time is too long, but some of these files are compressed files. 360 antivirus will perform penetration scanning on them, so the test result time is not abnormal. Similarly, we also compare it with several other antivirus software:

from the above, we can be surprised to find that the speed of 360 antivirus is much slower than other antivirus software, but this is not the case. One thing needs to be explained: because the scanned directory contains compressed files, and 360 antivirus scans compressed files very carefully, Therefore, it takes a long time to detect the virus

in the test, most of the files scanned by other anti-virus software were more than 20000, while the number of 360 anti-virus software reached 72778. However, if you pay attention to the observation, when the number of files is 25000, 360 antivirus takes about 4 minutes, which is more than other antivirus software

memory usage

here, we are surprised to find that 360 antivirus takes very little memory resources, especially when scanning, its memory usage is far less than other antivirus software. This is very praiseworthy, very suitable for users with limited memory resources

from the above evaluation, it can be said that 360 antivirus is a good antivirus software. We can't help asking: did 360 grow up overnight? In fact, it is not a proct developed by Qihoo 360 itself, but uses some functions of BitDefender. Although it only uses some functions, not including the network firewall, but compared with the charging BitDefender security package, the free 360 antivirus has real-time monitoring and virus killing, which is very worthy of use, enough to ensure the daily computer security

comments: it seems that "no good goods for free" can not be used to describe free procts in the future

there is still one step to go: system comprehensive physical examination

360 security guard version 5.0 adds automatic detection settings, which can display the current system vulnerabilities, software vulnerabilities, bad comment plug-ins, system garbage and other situations on the software home page, and can detect all security risks without any manual operation. In addition to providing the above "physical examination report", the new version of 360 security guard also marks the "physical examination index" of the current system with an asterisk, so that we can more intuitively understand the status of the system

for the situation in the physical examination report, we can click the corresponding button function to solve it. This is a good new function, compared with the old version has a great progress, can let us open the software to quickly understand the main security situation of the system. However, there is an imperfection in this function, which makes its ease of use still one step short: since the physical examination has been carried out automatically, we still have to press the button one by one in the face of various medical conditions. Why not provide the "one click solution" function?

8. Very old community, housing quality and living environment are not ideal, appreciation space is not big. Referring to the California Garden in Jiangbei, second-hand houses are hard to sell. If you are studying for your children, you can make a decision after carefully investigating the teaching quality of nearby schools. Prices can be slashed.

9. This should not have been counted. Generally, every household has at least 5 jin of garbage. As long as the number of households can be counted out.