二维码 无锡不锈钢网

Marshal Webb: Security and the BlockChain

Mars tribe ·



Security is improving or getting worse for BlockChain based companies.

Marshal Webb: Security and the BlockChain

Time:10 PM (Beijing Time) , July 5  10 PM(ET) /7 PM(PST) , July 5

Groups:Mars Finance Global Family

Marshal Webb:Path Network CTO

Vivi Lin:Mars Finance Global Partner ,General Manager of Mars Finance International Wechat Community 

Steven(Tianyuan) Wei:Finance in Miami university ,Co-founder of Sharp Eye Capital,Invest and Incubate high-quality overseas projects,Media,Exchange,Mine

a "real-world" Blockchain powered project

Vivi:welcome!!how are you and where are you haha.

Marshal Webb:Thanks everyone 

Steven:Haha, how are you.

Marshal Webb:doing quite well, very glad to be here this morning, (this evening Beijing time).

Vivi:how about we let Marshal make an opening first,give us a bit of an intro and overview.haha

Steven:give us a bit of an intro and overview at first.

Marshal Webb: Marshal Webb, 25, Chief Technology Officer. I'm the Chief Technology Officer of Path Network. "Information security expert and three-time award winner of government sponsored bug bounties, Marshal has been involved in the crypto space since bitcoin’s inception in 2010. Featured on Reuters, VICE, Ars Technica, Politico, CNBC and many other publications for his work in security, Marshal was recently thanked by both Microsoft and Valve Software for uncovering critical vulnerabilities in their products. Marshal co-founded BackConnect, Inc. a successful information security startup which protects a number of publicly traded companies and core internet services."

Vivi:Great to have you here,I mean for the topic,could you give us an overview of where you stand,on blockchain and security,it is a very big topic.

Marshal Webb: My background is primarily in information security. I started college at the age of 12, and I was a hacker with Lulz-Security which was a famous international hacking group in the west. A lot of the same problems and lessons learned in the early days of information security on the internet at large seem to apply to the early days of blockchain tech.

Vivi:wow where did you go for college?at the age of 12!!

Marshal Webb:Thank you, I attended Miami University, Oxford. 

Vivi:in Miami?or Oxford in the UK? 

Marshal Webb:Oxford, Ohio 

Steven:Perfect,Question 1: "Path is an interesting concept. What are your thoughts on tokenised incentives for crowd-sourced distributed computing?"

Marshal Webb:Thanks.I think that Path not only an excellent example of commercial use case for Blockchain technology, but also a fantastic way to make applications of this field more accessible for the average user. Because our ElectronJS based mining client can run on any device, a laptop, phone, tablet for example, this make it really accessible for the every day user who might not be familiar with Blockchain oriented computing at all, and introduces them to earning tokens for completion of work. This means that with Path Network, even people who aren't computer savvy may have a vector for participating in a "real-world" Blockchain powered project. 

Steven:Ok.Question 2: "You have a strong background in network security. How do network attack vectors circumvent the security of the blockchain?"Interesting question.

Vivi:Marshal Webb cool! in the right direction to bring more people to blockchain.

Marshal Webb:Good question! I recently did a presentation at BTA Beijing in March this year, and then less than a month later some of the attacks that I warned the Blockchain community happened, in April, Amazon Web Services had a number of its IP addresses "stolen" in what is known as a BGP Hijack - malicious hackers used these stolen AWS IP addresses to confuse DNS servers across the world and redirect traffic from the real webserver of to a server that they controlled - and as a result, hundreds of thousands of USD worth of Ether was stolen from innocent people. A more sinister use case could be a similar attack directly against mining pool servers, where hackers could essentially hijack entire mining farms.

These types of attacks are common on the public internet and have been known about since the 1990s. Unfortunately, there hasn't been a great solution to either solve these problems or provide intelligence and analytics around their occurences.

Steven:Entire mining farms?

Marshal Webb:Yes. This was a huge motivation for me to start Path because at my last company, a successful Managed Security Services Provider called BackConnect, I faced these issues and became frustrated when dealing with Carriers and ISPs, and so the project Path was born as a solution to these problems and others. Currently, no other product on the market can provide the extensive network data that we can.

Vivi:How could we prevent these kinds of risks then,what exactly that you do that others can't?

Marshal Webb:That's a great question. The solution is to proactively monitor internet routing at scale. We have a "last mile" network visibility that has never been attempted before. By having our Blockchain powered application installed on commodity devices (Computers, Cell-Phones) around the world, we are able to develop a picture of how data flows through the internet.

Vivi:so it is like connecting the whole world by monitoring the commudity devices?you could turn into the big brother yourself?

Marshal Webb:Haha, yes exactly.  A third party to help monitor critical services and enterprise networks worldwide. When data is "diverted" (maliciously or otherwise) we are able to see the change in the "Path" that the network traffic takes.

When these diversions or outages occur, we are able to alert our enterprise clients if their networks are affected.

Vivi:to physically implementing these monitoring is quite a big project, how are you going to make it happen?

Steven:agree, it is big project.

Marshal Webb:excellent question. Our advantage is that instead of paying for servers at datacenters, we use "average" electronic devices in homes all across the world. Currently we do this by incentivizing adoption of our program through "mining" of our Path Token.

This creates a situation where we can offer higher resolution, and higher quality data at an operating cost that is far below our competitors in this space.

It's similar to the "AirBNB" approach of using existing homes vs building hotels.

we are all familiar with the result of BTC-e 

Steven:Question 3: "Some cryptocurrencies - such as Bitcoin or Monero - have no intrinsic value, while other currencies like Ether and tokens like Path can be viewed as promissory notes for computational resources. How do you think these types of currencies compare as holders of value or an investment vehicle?"

Marshal Webb:absolutely! Fortunately the cost of maintaining our platform alongside the raw telemetry aggregation & analytics generation (Handled with Kafka on AWS) is tiny compared to the upside of operating a traditional network of monitoring servers around the world. Our distributed approach grants us a huge advantage while increasing the granularity of the monitoring. (much larger number of nodes)

Steven:Question 4: "We've seen a lot of recent attacks on exchanges. Why do these attacks seem to keep occuring?"It’s so important question 

Marshal Webb:Cryptocurrency has always been a motivator for cybercriminals, and there are a few aspects to why we see these attacks. Whilst it's not impossible to trace transactions, depending on the currencies involved it can potentially be more difficult than following bank trails. Additionally, it's a pretty well known fact that the security budget for securing a bank is far greater than securing an exchange pretty much across the board, so these crypto "cyber heists" could be considered easier to perform than robbing a traditional bank. Security is hard, and ever evolving. New threats and vulnerabilities are identified on a daily basis - and that's why one of the main reasons behind the Path teams background consists of some well known computer hackers and security professionals and even an FBI agent whom specialised in cybercrime for 8 years. We take security extremely seriously, and want to tackle this issue head-on to protect our own uses.

there were still major exchanges online with public facing infrastructure vulnerable to trivial vectors like SQL-i as recently as 2014.

As web applications have hardened up, attackers have simply turned to other methods such as socialing domain registrars, hijacking phones (sim swaps) and fooling datacenters to subvert exchanges.

Steven:Question 5: "Do you feel security is improving or getting worse for BlockChain based companies?"

Marshal Webb:Security Researchers and Whitehats serve the majority of cybercrime to DHS/Interpol/FBI on a silver plate. However, only a fraction of these cases are pursued and prosecuted at the discretion of LE

Vivi:it is interesting how you managed to get  former FBI guys to work with you now

Marshal Webb:the CEO was actually one of the agents who pursued me during my time as a hacker with LulzSecurity.

At the time he was providing intelligence to Infragard, a famous private sector intelligence company in the west.

Vivi:that's like a movie!!catch me if you can

Marshal Webb:Steven Wei I feel the landscape is changing! Although traditional attack vectors are maturing and being actively hardened against, I feel that a lot of exchanges operate with little difference to e-commerce websites. They have not reached the level of maturity necessary for the role they play today in guiding the community. How many exchanges operate a SOC or have a full staff of security engineers on 24x7 alert? It's a scary thought. 

Steven:Question 6: "In your experience as a hacker, how do you feel your background shapes your view cryptocurrency?"

Marshal Webb:Security Operations Center, very similar to a NOC (network operations center) most Telcos and large enterprise operate both

Years ago, Bitcoin was primarily used for purchasing illicit substances on services such as The Silk Road, and beyond that was used in underground hacking communities for the sale of services such as DDoS attacks, renting out botnets, selling stolen credit cards and the like. The fact that today I can order a Pizza, use an ATM or even buy a car or real estate from entities that accept Bitcoin or altcoins is quite honestly pretty amazing. I'm not here to argue whether Bitcoin, Ethereum or whatever cryptocurrency will be around forever but one thing is for certain - it looks like Blockchain technology is here to stay. Some of core members of our team have experience in developing Blockchain solutions for Enterprise sized organisations, for example, something that a few years ago was very unlikely to happen and I think that's amazing. 

Steven:Question 7: "What are some of your own predictions for the future of distributed networked platforms, such as Ether, EOS and ONT?"

Marshal Webb:Thanks,We hit on this a bit earlier, but just to reiterate I feel platforms that have a redeemable application will continue to provide the most utility moving forward 

Vivi:could you elaborate a bit more on redeemable applications?

Steven:how about eth? Vitalik Buterin is one year younger than you

Marshal Webb:Sure, as the founder of a "value" (utility) oriented token im partial to other projects that inherently offer a utility. I feel computing networks like Ether and EOS with redeemable resources have the most to offer in this space, technology wise. 

You've done something uncommon in this space

Steven:Question 8: "As the creator of an token offering, what do you feel is the most important aspect when deciding on a BlockChain?"

Marshal Webb:I think the first question a founder really needs to ask themselves is "does my application / business model warrant implementing a blockchain?". The PATH paradigm made complete sense to leverage the ERC-20 token standard and run atop Ethereum mainnet. There are countless ICO projects who may have had a great idea initially, but somewhere down the line lost track of their original vision and focused too much on either building their own or leveraging another blockchain, resulting in a lack of a quality product.

Steven:Question 9: "You've done something uncommon in this space which is host a token offering in the United States. What are some of the regulatory hurdles you've faced?"

Marshal Webb:This is a great question. When I hired Matt and EJ, aside from having profound respect for them as professionals I thought that their experience with organisations like Deloitte and the FBI would provide unique insight working in highly regulated environments and that experience has shown to be invaluable. We have really tackled compliance and risk issues head on, with a very early aim of becoming fully compliant with the SEC. EJ helped develop the PCI-DSS payment standard which led to global credit card processing online

Steven:Question 10: "2018 has seen a drastic rise in the amount of damage caused by security breaches impacting exchanges and crypto companies. What are the next big attacks you think we will see on BlockChain based tech?"Last question 

Marshal Webb:to answer yours, I think we will see more routing attacks like the one against AWS/MyEtherWallet earlier this year. Before SSL was added to Stratum, people were hitting mining pools with BGP hijacks. I think we will see more against exchanges / pools again, except as a DoS vector to make it easier to reach 51% on small volume cryptos

关键字: 英文版 PATH