On the weekend news of a bug at NEO-Nodes made the rounds. The NEO bug discovered by the Chinese software giant Tencent is supposed to make it potentially possible for attackers to withdraw crypto currencies from wallets of NEO node operators. NEO co-founder Erik Zhang now gave the all-clear – at least in part.
On December 1, Tencent Security on the Chinese social media platform Weibo announced the discovery of a bug in the NEO block chain. Accordingly, the operators of NEO nodes expose themselves to crypto-piracy if they use the standard configuration. This is what the Tencent announcement says:
“The monitoring of the famous blockchain project NEO […] revealed the risk of remote piracy. When a user starts the NEO node with the default configuration and opens the wallet, the digital currency can be stolen remotely.”
Tencent recommends three things to the node operators:
1. update of the NEO client to the latest version
2. not using the RPC function and changing the BindAddress in the configuration file to 127.0.0.1
3. if not: change RPC port, enable HTTPS-based JSON RPC interface and adjust firewall policies accordingly
So far, so FUD. What, in contrast to the Tencent warning, did not make the round so fast was the answer from NEO co-founder Erik Zhang, who refuted the claims only a few hours later.
Erik Zhang: “Normal” users not affected
Zhang swiftly reacted to reassure the NEO-Hodler community. “Normal users” don’t have to worry because the RPC function is disabled by default. RPC can only be accessed via the NEO-CLI client. Since this is a command line program, technically inexperienced users do not run the risk of opening the door to hackers through careless configuration adjustments. Zhang closes:
Since Zhang does not deny the security gap, one can assume that operators of NEO nodes are in danger of being robbed. It is probably for this reason that Zhang points to the bounty program that NEO launched this year under the name “NEO Vulnerability Bounty Program”. Anyone who finds a relevant and above all unknown NEO bug is entitled to a reward from NEO.
The guidelines of the Bounty Program state:
“If vulnerabilities are published before NEO repairs or publishes them, the reward is void.”
Tencent will therefore not be able to claim a reward for discovering the NEO bug.
This post summarize is succintly:
“No vulnerability exists and there is nothing to fix.
- Normal users do not use neo-cli
- Neo-cli does not have RPC activate by default
- Neo-cli does not have wallets active by default
- Users that need neo-cli with RPC and wallet enabled are advised to set a firewall in the installation docs for obvious reasons (putting your private key on an accessible server is pretty dumb)”
Was this FUD by Tencent?
No, because bug clearly exists. However, Tencent did, purposefully or not, mislead their readers by claiming this was a default configuration which is proven to be false. It is important to note that bugs and software errors are the most common thing in any company and with any technology. NEO team is clearly aware of that and puts a lot of focus and resources into their bug bounty campaigns and should be applauded for that.
NEO battle for decentralization isn’t over yet
- NEO foundation to decentralized all the network nodes by the end of 2019.
- NEO currently controls five of its seven consensus nodes.
The NEO Foundation has for the longest time been working on ensuring that the network is fully decentralized. The latest from the organization is that is ready y decentralized at least four of its seven nodes. NEO has seven nodes in total, five of which are controlled by the NEO Foundation. One of the node is currently open for application. Interested parties wishing to run the node still have the opportunity do so.
In a press release sent to news outlets on December 5, the network said that the decentralization will take place using a “selection process.” The Director of Research and Development at NEO Global Development said in a comment:
“NEO is embarking on its next phase, which will see more public involvement in efforts of greater decentralization.”
While the NEO Foundation currently manages five of the 7 nodes, the remaining two are managed by the Dutch telecom company KPN and city of Zion. The Foundation says that they intend to have four of the five nodes run by different parties. However, before that, the applicants will have to go through “a screening process” in addition to completing a six month’s trial using the NEO testnet. The press release adds:
“…after the first seven consensus nodes are selected, the next number of consensus nodes should be 10, then 13, and so forth. Once the seven existing consensus nodes are fully decentralized, the number of consensus nodes is likely to increase through additional selection cycles at the discretion of the NEO Foundation.”
At the time of writing NEO is trading at $6.33 following a 1.54% drop on the day. The $409 million cryptocurrency has a 24-hour trading volume of $131 million, a circulating supply of 65 million NEO coins and a total supply of 100 million NEO coins.
NEO Long-term Price Analysis
NEO/USD Long-term Trend – Bearish
Distribution territories: $15, $35, $55
Accumulation territories: $3, $2, $1
NEO like many other cryptocurrencies has been serially suffering from the overbearing market worth of the USD in the last couple of several weeks. A drop has been visibly noticed in the NEO/USD valuation on December 3 while the crypto failed to break northwards after a while of being hovered around the 14-day SMA’s location on the chart.
Price has been trading around the $6 territory presently. The 50-day SMA is located at around $12 mark over the 14-day SMA that is found at around $7 market territory. The Stochastic Oscillators have headed into the oversold zone, and it appears that they may be consolidating within it soon.
It is now been insinuated that bears’ good set-ups of the current market are the best to watch out for while placing trading positions. However, a correction or a sudden spike could emerge between the market territories of $7 and $3 during a volatile price movement, and it may occur at any point in time.
Source: Bitcoin Exchange Guide
Neo: From Travel To AI: Five Leading DApps On The NEO Blockchain
Ethereum might be the most well-known dApp platform, but it’s far from the only place for smart contracts. The NEO blockchain is home to a whole dApp ecosystem of its own, and it’s thriving.
NEO’s “Smart Economy” debuted shortly after the public blockchain rebranded from Antshares in August of 2017. The Smart Economy concept combines digital assets, digital identity, and smart contracts through a distributed network for both public and private/enterprise projects.
Community developer groups – such as City of Zion, NeoResearch, and NewEconoLabs – are providing the technical support and development tools to build decentralized applications on the blockchain. In coordination with NEO core developers, these groups have created many suites of tools to decrease friction and bring on new teams.
Additionally, the NEO Virtual Machine (NeoVM) offers support for multiple programming languages. According to NEO documentation, “more than 90% of developers can directly participate in the development of an NEO smart contract without the need to learn a new language. ”
Each of these companies launched their initial coin offerings (ICO) on NEO. In the time since, their teams have developed their products on the MainNet as an integral part of the stack.
The Bridge Protocol offers Know Your Customer (KYC) and identify verification services. Users provide their personal identifying information (PII) and Bridge creates a “compliant identity” that’s tied to a public address.
By partnering with entities that require KYC verification, Bridge shares only the user information that is necessary for compliance. To upload user information, the Bridge Chrome Extension was recently released to early adopters for user testing.
Bridge envisions its project as particularly beneficial for “jumping from exchanges to retail with ease” without the need to maintain passwords for each portal.
Bridge Protocol concluded its ICO on February 28th, 2018, and expects to release a browser extension to the public in Q1 of 2019.
Travala (formerly known as Concierge) is a global online travel booking marketplace that aims to be a one-stop shop for all travel-related services. Travala uses (AVA), a NEP-5 token, to purchase hotel rooms on its platform.
Since then, the team has delivered an online portal with access to 550,000 international hotel accommodations and properties. Through a slew of newpartnerships, Travala has been growing its offerings to meet a Q1 2019 quota of 1.5 million properties.
Travala concluded its ICO on April 25th, 2018, and its beta platform is expected to launch in Q1 of 2019.
Switcheo Exchange is a decentralized exchange (DEX) that first launched on the NEO blockchain. It has since expanded, becoming “the first non-custodian exchange to support both NEO and Ethereum blockchains.” Currently, the DEX offers all NEP-5 tokens and more than 45 ERC-20 tokens.
With a DEX, users trade directly from their cold wallet with no centralized log-in. That doesn’t appear to be a limiting factor for the Switcheo Exchange, which has since seen a trading volume peak of $3 million with over 25,000 traders since it launched in March.
Looking forward, Switcheo will focus its efforts to fiat-based onboarding, cross-chain swaps, and adding Qtum to their list of supported blockchains.
The Switcheo ICO concluded on March 17th, 2018, and the exchange went live on March 31st, 2018.
Effect.AI aims to establish a decentralized network for artificial intelligence (AI) services. It will do this by creating a decentralized Mechanical Turk marketplace (Phase 1), a marketplace for AI services (Phase 2), and a distributed computational platform for deep learning frameworks (Phase 3).
Currently, Effect.AI is operating a decentralized version of Amazon’s Mturk, dubbed Effect Force, which continues recruit new workers with over 2,000 active users as of November. Earlier this year, Effect.AI partnered with Quadrant to provide the Singapore Government with a workforce to manage image metadata for mapping purposes.
The Effect.AI ICO ended on March 28th. In the immediate future, Effect.AI will pursue the expansion of users on its working product, Effect Force.
nOS is a virtual operating system that functions as a web browser and wallet. It’s a bit like the NEO version of the Brave Browser or EOS’ Lynx wallet, with a built-in NEP-5 wallet, dApp explorer and a profile tied to the user’s KYC settings. In the future, it will incorporate a dApp gateway (in the vein of Google Play or Apple Store) and the Neon Exchange DEX into its platform.
In a press release accompanying the launch, nOS developers said they hoped to provide a “safer and easier” way to access decentralized applications. Of the 140 NEO dApps, roughly 60 are now connected to the blockchain through the nOS platform API.
At the time of its ICO, which ended on November 8th, nOS already had a working product in its nOS Client v0.4.6. In the future, nOS users can expect the development of the dApp gateway, and the release of nOS client v1.0.