Why Steemit's website will be hacked again

in #money8 years ago

Steemit is probably one of the most fastest rising cryptos ever to be conceived and has already been featured in mainstream media outlets such as CNBC, The Guardian, Yahoo Finance and the Daily Mail. All of this while still only being in 'beta' mode! It's dramatic rise in both value and fame over the last 10 days and for the reasons outlined above has now made it a target for hackers.

Interestingly enough, I'm pretty sure that your average hacker or your political hacktivists like Anonymous could care less about a website like steemit and would actually be in support of such a disruptive revolutionary idea which speaks to their own ideals of freedom and justice for the people.

So who would want to hack the steemit website then? Who would have the most to gain from disrupting the network? Now I'm not a conspiracy theorist but I'm convinced that there are lot of people perhaps not in the crypto world but more within the corporations who own the mainstream social media networks who now feel threatened by the increasing popularity of steemit. In a few years from now are people really going to be silly enough to continue to use the likes of Facebook, Twitter and Youtube when they're not going to be paid for creating content of value? Why would I watch your video on youtube and leave an insightful comment on your video for nothing when I can get paid to do it on Steemit instead? These are the questions that people using social media will begin to ask themselves and gradually they will begin to leave in droves from these mainstream social media networks and join steemit instead. And I'm convinced that the owners of these sites are well aware of this as well. So why would they not try to take down steemit by any means necessary?

In light of this, I would like to suggest that steemit not only work around the clock on improving its security posture but also to consider decentralising the website entirely. In addition to providing the website with increased security, this would also reduce the ability of the government to step in and apply pressure on steemit to remove content that it believes is inappropriate or illegal which will inevitably become a problem as the community expands and becomes more popular. Anyhow, the community should prepare and expect for more potential exploits to head our way and we should all try our best to remain calm throughout the storm that's ahead. We will prevail in the end!

Sort:  

Anyone can create their own steemit and interface it to the same blockchain.

The data will be the same, the presentation different.

Here's a thought: A lightweight "Steemit management app" where users manage transfers, keys, et cetera..

And the normal steemit.com website, which under this model, NEVER gets to see the active or owner keys.

Therefore, at most, an attacker would be able to post with your name... and you can then easily revoke this access from the standalone app.

As long as the whole site runs in the browser, remember this: there is no magic bullet, if there is a server-side hack or client-side exploitation, all bets are off..

The problem essentially is that steemit.com is sending you the computer code that your machine will run to manage your funds.

Disrupt that process, take ownership of the wallet. As we've seen.

It's not safe, and it can never be with this model.

You raise some good concerns, but are you thinking the Steemit team are unaware of them?

I see a couple options for you:

Join their team and contribute
Submit proposals through the proper channels (Slack, Github, #proposals, etc)
Leave the site and comeback when you feel it has matured enough for you to enjoy it.
I've seen a lot of posts like this and, to me, they seem to disregard how difficult something like this is to accomplish. As a developer, I have great respect for the speed at which they are moving and the quality of the changes they are making. I'm looking at the code diffs of the releases they are putting out and they seem to be making some really good improvements.

Think of this like the early Internet. Email used to be through SMTP commands typed in by hand on a console.

Let's give them a few weeks and months and see where things are there before we get out the pitchforks. :)

Keep up the good work.