[Tips: Install 360 Total Security to prevent CryptoMiner attacks]
Regarding the recent EOS vulnerability discovered by 360, an interview with press was hosted in the afternoon of 29th. In this interview, more questions about this incident were answered:
Q. Is this vulnerability only in EOS or are there other BlockChain, DPOS and BP projects affected?
A. This vulnerability is only in EOS. But similar flaw may affect other projects.
Q. How long have these vulnerabilities been in EOS?
A. It should have been there at the beginning of EOS, at least for one year. It’s been half month since we discovered the flaw. Due to the responsibility to users, we choose to announce the flaw before EOS goes online.
Q. Is there any real influence?
A. No, we contacted the EOS management as soon as we could to fix the problem.
Q. Why did 360 start to invest in the security of BlockChain?
A. We’ve been dedicating our effort in the field of blockchain security, including wallet, mining pool since this year. We’re also closely monitoring other crypto currencies.
Q. How is EOS vulnerability compared to traditional cyber threat?
A. Though blockchain is new, it faces not only the traditional security risk but also new challenges, such as privacy and DoS. It requires even more secure defense and practices.
Q. Why didn’t 360 announce the vulnerability in the first place?
A. Discovering vulnerabilities is complicated. It takes at least one week to prove that these vulnerabilities can be really abused. We found a series of security issues this time and had been preparing submission to EOS management. This time we just announced the most severe security problems and vulnerabilities.
Q. Aside from EOS, do other wallets have vulnerabilities?
A. We’ve tested at least 20 wallets and found 80% of them contain vulnerabilities. We had submitted our finding to Monero before. We will submit our finding regarding Ethereum in a few days.
Q. How many people in 360 are dedicated in BlockChain security?
A. There are more then ten people working on BlockChain security.