Time spent on these improvements:Coding + Testing + Article = ~6 hs
1. Healthy nodes detection
Lately Hive is often having nodes issues (likely caused by Justin DDOSsing Hive). I want to give @keys-defender the ability to detect at run time which nodes are performing better and switch to those. In this way I will be able to guarantee that keys will be detected and protected as quickly as possible.
With that goal in mind, I used something similar to the code snippet that I posted on my blog earlier this week and when the amount of network errors reaches a given threshold I detect which nodes are healthy.
This is only the first part of the feature and for now it only prints out which nodes are stable. I usually check my server a couple times a day so if I see that warning I can restart @keys-defender pointing to another known healthy node.
The second step will be to automatically switch to a different node at runtime. I'll work on this next weekend, it will require some refactoring in order to be able to synch in one shot all multiple instances of the Hive API (these are currently spread across the code base).
2. Transfer of compromised funds to savings on both chains
A little intro: keep in mind that when a key is leaked on Steemit, it can be used on Hive as well if the key wasn't changed after the fork.
On Thursday night a user with almost $ 28,000 across Hive.blog and Steemit leaked his active key on Hive and I realized that, despite the fact that keys-defender runs on both chains, it does not transfer the user's funds of the other platform into their savings.
I therefore had to log in into the wallet of the user that compromised his key and perform the transfer manually.
With this new release, when @keys-defender detects a leaked active key, it automatically transfers the liquid funds of the compromised accounts into the owner savings of BOTH platforms.
2. Incoming transactions checker
Something else that I learned during the last leak is that, even if you warn the account owner of their leak and put their funds into their saving s, that does not fully protects them yet. For instance his account kept getting funds transferred into his wallet (I believe through automated trades) so these funds were at risk of being stolen since his private key was clearly displayed in the memo of a previous transaction of his.
I therefore had to log in again into his account and manually transfer his new liquid funds (1,600 HIVE) into his savings:
So, in order to avoid having to manually monitor compromised accounts, I decided to automate checks of funds coming into a compromised account.
The liquid funds of a compromised account will now be checked every second, on BOTH platforms. This goes on until it detects that the owner changed their keys on both platforms (the transfer to savings transactions fails due to invalid key) or I manually interrupt the guard because the owner notified me of the recovery of their account.
The key got intentionally leaked on Steemit and the funds on Hive got correctly transferred into Savings.
Additional testing will be performed next weekend.