CommunitiesEcosystem
Search
Login
Signup
Write a post
Switch dark

RECAP: Ask-Me-Anything - Week #2 : Security on the Blockchain - @precise

57
7 years ago
in#witness-category


Part of my endeavors as a witness is to support a growing community - @steemph - I organize a weekly AMA (Ask-Me-Anything) for the purpose of sharing, imparting knowledge and educating the community.

Week #2 is about security... and here's the recap.

Questions
          
Answers by @precise
Screen Shot 2017-10-31 at 8.31.18 AM.pngYes, @samstonehill 's account
was a victim of phishing attacks.
It's easy to recover an account,
and it can be done by the creator of
your account. in most cases
(and you can check it at steemd.com)
the account @steem is the creator.
whoever controls that account can recover your
account provided you still have your old password.
Screen Shot 2017-10-31 at 8.33.16 AM.pngScreen Shot 2017-10-31 at 8.33.26 AM.pngFirstly, your password generates
all the keys.The posting
key is all you need if you just
want to login, post, upvote or comment.
You would need your private key
if you want to do transactions like
transfer SBD/STEEM, vote for a witness
or change your profile info
Screen Shot 2017-10-31 at 8.33.33 AM.pngScreen Shot 2017-10-31 at 8.33.41 AM.pngThe best (as far as I know) is
to actively check your account
activity through block explorers
like steemd.com or steemdb.com
Screen Shot 2017-10-31 at 8.33.50 AM.pngIf the functions of those sites
are limited to posting, upvoting or
commenting it's fairly safe to just
send your posting key but always check
the integrity of those sites.
Screen Shot 2017-10-31 at 8.33.57 AM.pngMost of them (if not all) are not affiliated
with steemit (as far as i know)
. Some of these tools are created
by witnesses or developers who
want to contributed or give
value to the community.
Screen Shot 2017-10-31 at 8.34.16 AM.pngScreen Shot 2017-10-31 at 8.34.19 AM.pngYes. Always be vigilant
to were you input your credentials
and if you are not sure always
just use your POSTING KEY and if it's
too good to be true, then it probably is!
Screen Shot 2017-10-31 at 8.34.25 AM.pngScreen Shot 2017-10-31 at 8.34.29 AM.pngSomewhere you have access to and offline.
Screen Shot 2017-10-31 at 8.34.36 AM.pngLet's face it, the more money
involve the more bad guys exist
to steal them away from us.
Most of us here are crypto investors
and it's important that we should be
conscious of our security. Before
systems were vulnerable meaning,
hackers target servers, computers to hack
accounts but now, the most common attacks
are targeting the human vulnerability.
Screen Shot 2017-10-31 at 8.34.44 AM.pngI'd say STEEM is fairly secure
by design again attributing
this to how the keys and their
functions are compartmentalized. In
order to attack the STEEM blockchain
you'll have to destroy all
the witness nodes and all STEEM
nodes (not necessarily run by
witnesses but stores all transactions)
Screen Shot 2017-10-31 at 8.34.55 AM.pngIF you are referring to steemit.com ,
a lot of users report the same
experience and personally I think
steemitdev are doing a lot of
feature upgrades and infrastructure upgrades
(i could be wrong). saying that,
there are millions of reasons why this
would happen not necessarily connected
to security.
Screen Shot 2017-10-31 at 8.35.00 AM.pngIt's a good practice to change
your password regularly.
Screen Shot 2017-10-31 at 8.35.06 AM.pngit's not that hard to find ip
address especially for public
accessible servers. It's possible
to locate the IP address of a witness
server but it would need a very
tricky craft to do so.
Screen Shot 2017-10-31 at 8.35.33 AM.pngCorrect!
Screen Shot 2017-10-31 at 8.35.47 AM.pngAt some point YES, a lot
of malware can easily be
embedded ot whatever you download from
unknown sources in the internet.
Screen Shot 2017-10-31 at 8.35.54 AM.pngThere are a lot and the list
can go on and on. It's a
good practice to think before you click
and always remember if it's too
good to be true, then it probably is!
Screen Shot 2017-10-31 at 8.36.04 AM.pngScreen Shot 2017-10-31 at 8.36.28 AM.pngThere is no limit and we can't
say exactly as of now how many
nodes are there for the STEEM blockchain
Screen Shot 2017-10-31 at 8.36.59 AM.pngI'd say if the exchange has
a good reputation then it's fairly safe
but always be cautious. remember what
happened to MtGox. Don't place all your
coins in one place.
Screen Shot 2017-10-31 at 8.37.51 AM.pngExercise due diligence if you
want to invest on ICO's or
cryptocurrencies. Find out who
are behind them and if they
have an established reputation in the community.
Screen Shot 2017-10-31 at 8.38.16 AM.pngScreen Shot 2017-10-31 at 8.38.36 AM.pngprecise.tips:8080 is not my witness
node. It's my spare server where I
host a condenser version of steemit
(a mirror site or clone). It would be
counter-intuitive for me to host
a security consciousness and be
sharing a malicious site. but saying
that I always say to be cautious and only
use your posting key if you don't
know the site's owner.
Screen Shot 2017-10-31 at 8.39.26 AM.pngScreen Shot 2017-10-31 at 8.39.29 AM.png
Screen Shot 2017-10-31 at 8.39.38 AM.pngYes
Screen Shot 2017-10-31 at 8.39.46 AM.pngBe careful of what you download
especially from unknown sites and
be cautious of the softwares you install or run
in your machines. Only download or
install from known sources.
Screen Shot 2017-10-31 at 8.39.57 AM.pngYou would only need your
password if you want to generate all your keys
especially if you don't know them
or lost them (somehow) For
financial transactions (if you are referring to
SBD/STEEM transfers) you can use
your private key instead.
again do not use your password

See you all on the next Ask-Me-Anything session on Wednesdays at 7-9pm (GMT+8)

I am a witness and I aim to give value to the STEEM blockchain in any way I can.
If you think I deserve your witness vote, cast it here https://steemit.com/~witnesses

Photo credits

witness-categorywitness-updatesecuritysteempheducation
7 years ago
precise57
via steemit
$ 0.31
15
H2
H3
H4
3 columns
2 columns
1 column
4 Comments