Every year we can read about various hacks, identity thefts and sensitive data leaks and wonder how sophisticated the attackers must be to overcome all corporate protections to get through. With crypto-currencies the threat becomes even more imminent as the attacker doesn’t have to bother with monetizing his trophy — he already has real money that can be stored, moved, divided and spent anytime. Furthermore, the potential for a successful attack becomes even stronger when the target is not a resourceful corporate but an individual user.
The goal of cryptography is to balance out this disproportion: it gives us the tools that are easy to use for an individual and yet powerful enough to protect against resourceful attacker, in theory. Most breaches nowadays are not caused by breaking the math though — they are a consequence of bad operational security and shortsighted mistakes in programs we use on daily basis. In order to protect our most valuable assets we should take a step back and realize that even practices otherwise considered too paranoid in common life may not be sufficient to protect us in the digital world of trustless Internet. We should not try to rely on the security of a single component responsible for protecting us, but instead should seek to implement defense-in-depth — protection on every possible layer and component.
At OneGram we constantly monitor and analyze recent vulnerabilities discovered in both software and hardware components serving as building blocks of OneGram platform and are dedicated to protect this digital asset with the best measures. To offset against the threat coming from fatal bugs like recently published Meltdown and Spectre, already forgotten Shellshock and VENOM or ever-lasting BadUSB and many others concerning all major platforms, we have decided to run the critical infrastructure solely on dedicated machines. For OGC users interested in contributing to the network by running a block validator node we will be (optionally) offering special devices with pre-installed validator software optimized for compact singleboard computers. It will give you piece of mind when using your commodity computers for daily browsing and with plenty of other apps, keeping your OneGram validator physically separated. In fact, we will use the very same type of devices to run some of our official validators and will even keep spare boxes in our safe as a hot standby, ready to immediately replace any potentially failing node.
Security is hard but we love to take challenges and boost innovation. Constantly shrinking the attack surface together with hardening our software will lead to increased robustness in the long run and help us build higher degree of trust for the whole OGC platform.