Blockchain Myths: The Semantics of Hacking (feat. recommended resource: Maurice Kenny)
Hi all,
A colleague recently launched his long-anticipated YouTube channel, offering education and counsel to enterprise and commercial interests as they pertain to blockchain solutions. Maurice Kenny has proven himself a unique professional in the space - he clearly understands this stuff and how impactful it can be for businesses and the diverse array of applications therein.
Here is the first episode of his new podcast:
I thought this episode was a very pragmatic and concise introduction to some of the most outstanding misconceptions about blockchain architectures. Maurice touches on something very few individuals account for: the nature of hacking. There's a sort of semantic disconnect when discussing hacking, particularly in business or the media. What is largely determinant in assessing a system's vulnerability is the nature of exploits thereof. For example, we often hear about the "major security issues" of a blockchain such as 51% attacks, or account takeovers.
Maurice notes the impracticality of a 51% attack while doing his due diligence by acknowledging that it is a possibility that must be accounted for. We see an inverse correlation between a 51% attack and the scalability of the given network (or more specific and low-level, the number of nodes and the ease of operating them). The more nodes, the more complex (and therefore impractical) a forced hard-fork. This is intriguing when we consider things such as block size, alternative data structures, segregated witness, et cetera.
Second, Maurice makes mention of "hacking" incidents that have occurred, namely those causing great concern among analysts, economists, and reporters whose expertise in blockchain technologies is largely peripheral. Accounts are often compromised due to a lack of education about private key management and cryptographic security measures. Something as simple as two-factor authentication can comprise the difference between a compromised wallet and a secured wallet. My point is that many of the "hacks" we have seen are not exploits of intrinsic system vulnerabilities, but of sociological vulnerabilities spawned by the complex nature of these systems.
If a technology is complex and without accessible resources for proper usage, users will inevitably fall victim to tactics such as phishing, social-engineering, and corporeal theft (like an unlocked mobile phone running the Binance app being stolen from one's person). A lot of the system vulnerabilities called "hacks" are really just people mismanaging their information - and this is a symptom of the purveyors of those systems. I'm getting at something about which I've been long-impassioned: educating the layman on the proper usage of technologies such as wallet softwares.
In the context of business/enterprise interests, this semantic oversight can cause unnecessary panic. However, the onus does not rest upon the users, but us. Again, as purveyors of this technology, and moreover as champions of its adoption, we have a responsibility to educate others about best practices in this emergent space. I've said this many, many times and I will forever stand by it (it's probably my mantra by now).
Many in the crypto space blame the ignorance of media outlets or laggard, demurring "experts" who love to hate these technologies...and I understand this; I'm not always immune to this sentiment, either. But how do you combat disinformation? You educate people, and you do it using empirical, data-driven research and intelligence that is born from pragmatism as opposed to idealism. We don't need to be crypto-ideologues or zealots to challenge misinformation; we merely need to offer qualitatively sound information. And we need to make this tech more inviting and accessible to everyone. In short, zealotry is alienating. Let's stick to the facts.
Anyway, I commend Maurice for pointing this out far more concisely than I just did. But hey, I wanted to rant and this is a blog. I suppose that's what such a medium is for. Be sure to check out Maurice Kenny.
Until next time,
Matthew
A colleague recently launched his long-anticipated YouTube channel, offering education and counsel to enterprise and commercial interests as they pertain to blockchain solutions. Maurice Kenny has proven himself a unique professional in the space - he clearly understands this stuff and how impactful it can be for businesses and the diverse array of applications therein.
Here is the first episode of his new podcast:
I thought this episode was a very pragmatic and concise introduction to some of the most outstanding misconceptions about blockchain architectures. Maurice touches on something very few individuals account for: the nature of hacking. There's a sort of semantic disconnect when discussing hacking, particularly in business or the media. What is largely determinant in assessing a system's vulnerability is the nature of exploits thereof. For example, we often hear about the "major security issues" of a blockchain such as 51% attacks, or account takeovers.
Maurice notes the impracticality of a 51% attack while doing his due diligence by acknowledging that it is a possibility that must be accounted for. We see an inverse correlation between a 51% attack and the scalability of the given network (or more specific and low-level, the number of nodes and the ease of operating them). The more nodes, the more complex (and therefore impractical) a forced hard-fork. This is intriguing when we consider things such as block size, alternative data structures, segregated witness, et cetera.
Second, Maurice makes mention of "hacking" incidents that have occurred, namely those causing great concern among analysts, economists, and reporters whose expertise in blockchain technologies is largely peripheral. Accounts are often compromised due to a lack of education about private key management and cryptographic security measures. Something as simple as two-factor authentication can comprise the difference between a compromised wallet and a secured wallet. My point is that many of the "hacks" we have seen are not exploits of intrinsic system vulnerabilities, but of sociological vulnerabilities spawned by the complex nature of these systems.
If a technology is complex and without accessible resources for proper usage, users will inevitably fall victim to tactics such as phishing, social-engineering, and corporeal theft (like an unlocked mobile phone running the Binance app being stolen from one's person). A lot of the system vulnerabilities called "hacks" are really just people mismanaging their information - and this is a symptom of the purveyors of those systems. I'm getting at something about which I've been long-impassioned: educating the layman on the proper usage of technologies such as wallet softwares.
In the context of business/enterprise interests, this semantic oversight can cause unnecessary panic. However, the onus does not rest upon the users, but us. Again, as purveyors of this technology, and moreover as champions of its adoption, we have a responsibility to educate others about best practices in this emergent space. I've said this many, many times and I will forever stand by it (it's probably my mantra by now).
Many in the crypto space blame the ignorance of media outlets or laggard, demurring "experts" who love to hate these technologies...and I understand this; I'm not always immune to this sentiment, either. But how do you combat disinformation? You educate people, and you do it using empirical, data-driven research and intelligence that is born from pragmatism as opposed to idealism. We don't need to be crypto-ideologues or zealots to challenge misinformation; we merely need to offer qualitatively sound information. And we need to make this tech more inviting and accessible to everyone. In short, zealotry is alienating. Let's stick to the facts.
Anyway, I commend Maurice for pointing this out far more concisely than I just did. But hey, I wanted to rant and this is a blog. I suppose that's what such a medium is for. Be sure to check out Maurice Kenny.
Until next time,
Matthew
Comments
Post a Comment