10 Questions with Fred Episode Seventeen | “EOS vulnerability is not the last one, and it is not even the most dangerous one” Says the Famous Angel Investor Hongyi Zhou on 10 Questions with Fred

10 Questions with Fred Episode Seventeen | “EOS vulnerability is not the last one, and it is not even the most dangerous one” Says the Famous Angel Investor Hongyi Zhou on 10 Questions with Fred

Sept 17th 2018| Investment By:Sakura
I think the real security issue in the blockchain industry has not yet been revealed. Through this disclosure of the EOS flaw, we hope everyone will see just how crucial security is to blockchain.

Interview Time:12:30 AM May 30

Wechat Group:The Camp of Feng Wang's 10 Questions

Guest:HongYi Zhou

HongYi Zhou, a famous angel investor, is the chairman of 360 Total Security. On March 30, 2011, Qihoo 360, led by HongYi Zhou, was listed on the New York Stock Exchange. In 2016, with 15 billion Yuan, he ranked 23rd on the Hurun IT Rich List. Moreover, HongYi Zhou is a member of the Economic Committee of the 13th National Committee of the Chinese People's Political Consultative Conference.

Feng Wang, former senior vice president of Kingsoft, is the founder of huoxing24.com, Linekong, as well as GeekFounders. 

Fred Wang: I heard that Qihoo 360's Vulcan Team released the EOS Node Remote Code Execution Vulnerability when I was drinking coffee with my friend Bo Feng, the founding partner of Ceyuan Ventures. I was shocked because I was learning that Qihoo 360 had finally started discovering blockchain vulnerabilities. Bo Feng sent a Wechat message to invite you to my interview, but I did not realize that you had replied to him so quickly. So, here you are. I would like to say that we finally get to see one of the Chinese Internet tycoons, the so-called "Cardinal", HongYi Zhou. The theme of the interview is the EOS Security Storm.

Bo Feng helped me invite HongYi Zhou.


HongYi Zhou:I am not tycoon. I think you can find a lot of tycoons on the street. Just call me Lao Zhou. Bo Feng is my old friend and my life mentor. He is an expert in love, marriage, family, children, and so on.

Fred Wang: First of all, let us take a look at HongYi Zhou's background. He graduated from the Department of Computer Science in the School of Electronic and Information Engineering at Xi'An JiaoTong University. He was then recommended to the Department of System Engineering in the School of Management at Xi'An JiaoTong University to obtain a Master's degree. 

HongYi Zhou is the founder of Beijing 3721 Technology Company. The company invented a solution for searching websites using Chinese characters. He also served as the president of Yahoo China. In 2006, HongYi Zhou founded Qihoo 360. Then he decided to create a 'Free Security' strategy. 

On March 30, 2011, Qihoo 360 listed on the NYSE. In January 2018, HongYi Zhou was elected as one of the 'Top 10 Economic Influencers in China'. In February, Qihoo 360 was successfully listed on the Shanghai Stock Exchange. Moreover, HongYi Zhou is a member of the Economic Committee of the 13th National Committee of the Chinese People's Political Consultative Conference.

Question One:

Feng Wang: I know that Qihoo 360's business mainly focuses on PC security and Internet security applications. In recent years, you've entered into enterprise security services. So, why have you suddenly decided to jump into the Blockchain industry? My colleagues have reviewed your social media. We found that you only mentioned Blockchain twice last year. The first time you mentioned blockchain was around September 4, 2017. At that time, Chinese regulators cracked down on ICOs and cryptocurrencies. The second time you mentioned Blockchain happened yesterday. You reposted the announcement of EOS's security vulnerability. It seems that the Blockchain industry is not your cup of tea since it is rare to see comments from you concerning Blockchain. Moreover, you did not say very much in the 3AM WeChat Group. However, after releasing the OS security vulnerability, you suddenly announced that Qihoo 360 is cooperating with Binance, Oraclechain, EOS LaoMao, Dbank, and so on. Why? It looks like you have been planning this for a long time. Do you have any other plans in the future?


HongYi Zhou: It is not my plan. But I have been trying my best to learn blockchain since the beginning of 2018.

I did not talk too much in the 3AM WeChat Group because I really did not yet understand blockchain.

But I am a security expert. At the end of 2017 and the beginning of 2018, Qihoo 360 began to explore blockchain security.

We got in contact with many blockchain projects along the way. We are very open to embracing this new technology. But we also hope that people will pay much more attention to the security issues. Actually, we are very content to not only communicate with blockchain projects, but also to provide more security solutions for the blockchain industry.

We will definitely continue to research blockchain security issues. I hope that more and more projects will work with us.

Although many blockchain projects and cryptocurrencies brag and boast that they have very secure systems, generally speaking, the more complex a system is, the more fragile it is. Bugs can be exploited by hackers. It brings risks and security problems. We know the blockchain industry is hot. But people should pay much more attention to the security of blockchain systems, exchange systems, as well as wallet systems. 

We all know that there are many business opportunities in the blockchain industry. However, it is also significant for us to be concerned about security. We have submitted EOS bugs to Block.one and urged them to repair the bugs. In fact, it is the responsibility of our security company to disclose this.

It was not premeditated. We also do not have a larger plan. All we want is to help the blockchain industry eliminate risk.

I don't feel that I'm very knowledgeable in blockchain. I have not purchased any virtual currency. I see that many Chinese blockchain experts, especially in the 3AM WeChat Group, including economists, philosophers, and ideologists. I feel like an idiot.  I don't know what to say.  However, I am very good at systems security. I'm hoping to communicate with people to make the blockchain industry safer.

Moreover, I think people in the blockchain industry want to cooperate with us because they hope to focus on system security. This is great. We are open and willing to protect users' safety. We also hope the blockchain ecosystem can be developed safely.

Question 2

Fred Wang:Before publishing the #3498 EOS bug discovered by Chinese Internet security giant Qihoo 360, there had been 3497 EOS bugs submitted on Github. However, none of these had made quite as big a stir as Qihoo 360. Frankly speaking, what do you think about the serious vulnerability exposed yesterday? Why should it be valued at 10 billion US dollars? Why did Qihoo 360 call it an "Epic" bug? So far as I know, epic is used to describe significant achievements for an event that is highly praised. What an interesting choice of the word "Epic" that Qihoo 360 used here!     

HongYi Zhou:Qihoo 360's position is completely neutral and without any bias. Every bug we uncover is intended to help increase the security of this system, to keep it safe rather than damaging it. In the field of blockchain, we receive both honor and contempt. Since blockchain is a newcomer, if one player is unsafe, the whole industry will appear questionable and lose confidence in the markets, which is unfavorable for the entire industry. That's why we oppose taking advantage of the security problem and turning it into a tool for competition. 

Firstly, let me explain what this bug could be used for. Were it leveraged by hackers, they could control all the nodes and servers on the EOS blockchain, take over the right of managing not only all the virtual currencies, transactions and applications for EOS, but also all the servers participating in the nodes. And that enables the server-controller to do whatever he or she pleases. If someone created a malicious smart contract, all digital currencies could disappear. 

Therefore, on any blockchain network, nothing is more serious than this bug. 

As to "Epic", I'm sure we all know the significance of EOS in the development of blockchain. If we didn't find this bug, and EOS wasn't fixed, once the EOS mainnet activated, it could be exploited by any malicious hacker. Who knows what the consequence would be? It's hard to tell whether EOS would suddenly crash from such an exploitat or not.   

EOS has a valuation of at least US$10 billion, so I don't think the bug being worth that amount is overstated. 

By the way, epic is a semi-borrowed word popular in the security field. Overseas security communities always use the phrase "Epic bug"or "Epic fail"to refer large vulnerabilities.

Of course, from a PR perspective, epic may have a different meaning, but that's too literal. Maybe "Ten-Billion-Dollar-Bug" is more understandable.

Nowadays, the headlines are so exaggerated that expressions like "terrified", "horrifying", and "total collapse" are all overused, so 360 chose "epic" to underline its serious nature. In fact, "Ten-Billion-Dollar-Bug" would be the better choice.

Question 3

Fred Wang:Early this morning, in response to 360's critical bug discovery, BM, the EOS creator revealed in their telegram channel that the bug had already been fixed long before 360 reported it. As for the bug itself, BM said the majority of reported bugs have come from the third party libraries instead of the core EOS codebase. They wouldn't over-write executable memory and wouldn't get root access, unless they were run by the root user when arranging nodes. BM's answer indicated that 360 was intentionally spreading fear. He also announced that any party who triggered this kind of panic would be disqualified for block rewards. What's your opinion about BM's reaction? 

To be honest, I think BM acted strongly. When he made that response, Xubo, leader of EOS Galaxy under Chinese blockchain media Huoxing24, and I watched his answer in the telegram channel. His quick response lessened the public panic over EOS's security concern. Instead, he successfully fueled more people's suspicions that it's more likely to be 360's well-designed speculation. I would like you  to reply to the problem more directly, Zhouhongwei.      


HongYi Zhou: No problem, take your time and let the bullets fly. The news you are talking about is actually not the latest. Let's discuss the latest thing carefully.

Fred Wang:Our team has ESO Galaxy's BP (Super Node) campaign, so our internal technical team is also very concerned about this.


HongYi Zhou:About the bug already being fixed, I still need to familiarize everyone with some basic knowledge, that is, when our security company publicly discloses vulnerabilities, we must first communicate with the other party, submit it to them for repair, and then bring it to the public after receiving confirmation of their repair. Because if EOS didn't fix the bug before we announced it, there would be a massive wave of hackers going to get them right now, so we have to release the report after the repair has been made.

This is not just for EOS, it is the same for Microsoft, Google, Apple. For security vulnerabilities, the typical first step is to dig out the vulnerabilities, and then discover how the research could be used by hackers, and then pass these findings to the relevant vendors. For example, in the case of the EOS vulnerability, we reported the details of how to exploit the vulnerability and the details of the code involved. Then the other party repaired it. We waited until the other party confirmed the fix before we announced it.

Silin Shang: Why does BM firmly state that fix happened earlier?

HongYi Zhou: He was referring to the root privilege, which is the highest privilege in the computer system. Whether you gain root privileges or not does not affect the attacker's control of the EOS node. If the user runs EOS with root privileges, the attacker can gain root privileges. The BM's response was a bit confusing. It seems that before we reported it, this part had been repaired, but in fact we followed the industry standard process: Report->Repair->Open.

To be very clear, we first contacted BM privately and informed them of the loopholes in EOS. We hoped that they could repair it first. We have a screenshot of this chat log. After EOS was repaired, we announced the vulnerability.

We continue to communicate with each other today. They said they would give us bonuses and expresses their thanks. 

This is also the prevailing practice in the security circle: if the other party cannot repair the bug, we do not announce it. We have been communicating with BM alone on this matter. His screenshot message on Telegram from yesterday evening was taken out of context. In fact, after sending that message, he quickly replied that the loophole was actually valid but was truncated.

As for creating panic, if we wanted to create a panic, we could release this directly on the main net, and the effect would have been bigger than it is now.

I repeat that EOS officials confirmed that the loopholes we submitted were real and effective, and we have been communicating with EOS officials and BM individually about the submission and characterization of the loopholes. Moreover, when communicating with BM this morning, they very much agreed with our achievement and technical prowess.

Throughout the entire process, 360 has strictly followed the security industry's disclosure process for security breaches. As one of the largest domestic security vendors in the world, we hope to work with global counterparts and technology companies to solve network security problems and reduce the damage caused by network security problems to users. It is our common responsibility to help everyone find loopholes and fix bugs so that everyone can provide users with safe and secure products.

Fred Wang:EOS is the hottest blockchain topic this year. When 360 exposed this bug, many people were worried that the EOS Mainnet launch would be delayed. More were concerned about its launch date. According to 360's security team assessment, is there any possibility of delaying the official EOS Dawn 4.0 Mainnet launch?

HongYi Zhou: I think it should be delayed. Our security team also found more EOS bugs, and will submit them soon. We recommend that the EOS team delays the mainnet launch until all of those bugs are fixed.  

Question 4

Fred Wang: Vulcan team became quite famous for this EOS bug report, but before the discovery, few in the field knew their name. They are still unfamiliar to us. Would you please make a specific introduction for the team? We also noted that you kept mentioning 360's "Security Brain" recently - how about introducing this concept along with your team? Back to this EOS case, since 360's Security Brain team directly communicated with BM's team via telegram, when did you contact BM on this serious topic? It was said that EOS and 360 would soon announce their cooperation. Do you feel free to give us any details about it? 


HongYi Zhou: The field you're referring is by no means the security community. In this field, 360's Vulcan team is well-known more or less. Vulcan is originally a team of 360 researchers in network attack/defense. For the purposes of entering a worldwide hacking contest, the researchers formed a team, so that's where they came from.

Their strengths are attack/defense research, bug discovery, as well as bug recovery. The team's picture we shared above was taken during their award-winning Pwn2Own 2015 contest. It took just 17 seconds for them to successfully hack IE11. They made history as the first Asian team who hacked IE. In Pwn3own, Vulcan beat more than ten champions from previous years, including the world champion of Pwn2own 2017. The team is no doubt familiar to the security field.


As for the latest concept of 360's Security Brain, just as the name suggests, a brain obviously has the ability to learn, compute and make decisions. In a word, the 360 Security Brain is a comprehensive smart system, which combines the capabilities of perception, learning, reasoning, prediction and decision-making. How much can it do? Discovering this critical EOS bug actually demonstrates the integral power of the 360 Security Brain and 360 Total Security.

I would like to give you an example. Do you remember when the United States suffered a massive Internet outage in 2016? It was discovered that the cause of the outage was a DDoS attack made by digital security cameras. 360 was invited to join the emergency management teams regarding the accident, and we received thanks from the FBI. What did the 360 Security Brain do in this mitigation process? In fact, 360 released a warning to the security community right before the outage occurred. We are the earliest warning system. It is the 360 Security Brain that saw the suspicious traffic from those digital security cameras. 

With the help of big-data based AI analysis and our experienced security professionals, the 360 Security Brain is an actual super brain for security.

Communication with the BM team was made directly by our security team. Our first contact with them was on May 28th.

We don't have any direct cooperation with EOS yet. We keep our focus on blockchain security. And as an enterprise offering Internet technology service, 360 always invests in research for technologies used in mainstream blockchains like EOS. Since the beginning of this year, we have been working with partners to discuss many issues concerning EOS, such the ecosystem's construction, safety protection, and competition for the master node.  

Question 5

Fred Wang: Let's look at the conspiracy theory. Although I don't believe it, there are rumors that 360 is collaborating with other organizations to short EOS. I'm sorry but I have to ask if this is true. There are many EOS super node participants in the country, many of which are fanatical EOS supporters. Yesterday, 360's security loopholes were disclosed, which triggered a variety of speculations and critiques, so some people asked me to ask you this question.

HongYi Zhou: From the time the security loopholes that 360 discovered were disclosed, it can be shown that we are definitely not shorting EOS. If we really wanted to do that, we could hide the truth, wait for the EOS mainnet to launch, and then disclose it. But what are we doing right now? We are now working on a security industry standard loophole notification mechanism. We contact the EOS team first to submit the details of the loopholes, and then wait for them to be repaired, and finally we announce it to the public. This is a very responsible approach. We hope that EOS and even the entire blockchain industry will develop better.

Dong Zhao: I really believe that EOS is not being shorted by HongYi Zhou because the interest in short-selling is very limited for 360 or HongYi Zhou. It is more cost-effective to use this commercial hype as an opportunity to enter the game (I have no negative views on commercial hype). Is that right? Of course, in fact, as long as there is no illegal invasion and no Bitcoin is stolen, there is nothing wrong with it even if there is short-selling. Some companies are looking for loopholes in the capital markets, but others are shorting in a legal way, which is understandable.

Question 6

Fred Wang: In terms of security issues, I have been asking Chu Shuai, the founder of Qtum, about this from the very beginning of "10 Questions with Fred Wang". Later, many hidden risks were discovered. For example, aside from EOS, I noticed that Ethereum had several serious security incidents. On June 17th, 2016, the largest crowdfunding project, TheDAO, was attacked, which resulted in the separation of more than 3 million Ether tokens from the asset pool. On July 21st, 2017, Parity, a smart contract coding company, confirmed that 150,000 Ethereum coins had been stolen. Besides that, the latest BEC has been sold off in huge increments. With lots of funding and strong technical capabilities, EOS and Ethereum are still having security troubles, let alone other blockchain projects. Thus, an additional vigilance against security risks is needed. What do you think blockchain companies should do to strengthen blockchain security?

HongYi Zhou: I think the real security issue in the blockchain industry has not yet been revealed. Through this disclosure of the EOS loophole, we hope everyone will attach greater importance to blockchain security. In the cyber security industry, there are two situations that are the most frightening: One is to be an ostrich in the desert, which means that you know the situation but you just deceive yourself about it and don't change it. Another is that you know about the situation but you don't disclose it and finally you're taken advantage of by others. I recently mentioned a concept called "big security". In short, it means that the impact of cybersecurity has evolved from simple information security to the present situation where more and more new threats keep appearing and there will be threats by cyber attacks online and offline. I put the security threats that blockchain is encountering into the category of new threat, because blockchain is a new technology.

In this situation, if you rely on a certain company or a project (such as in the blockchain industry) alone, the security protection capabilities are definitely limited. Thus, 360 alone can't have a security protection capability that is strong enough to deal with it all, and the entire security industry should be further developed. Therefore, the blockchain industry should collaborate with the cybersecurity industry to work on this issue. Fred Wang certainly knows much more than me about blockchain projects, but I am more experienced in security issues, so if we do some security tests for you, the security risk will be greatly lowered. Isn't that right?

We must remember that there is no network that cannot be attacked, but there are loopholes that have not been discovered, or have already been discovered but not yet disclosed. Therefore, we hope that regardless of whether it is the blockchain industry or other industries, all relevant industries should come to terms with the importance of network security issues in a reasonable way.

Fred Wang: From the current loophole generation mechanism, the 360 security team only disclosed design flaws in the EOS smart contract. In fact, from the perspective of loophole risk, we think it may be possible that there are many large hidden security loopholes in terms of P2P ports, RPC ports, servers and clusters, etc. Will 360's technical team evaluate EOS systematically? This is more like a technical problem. I hope you and the 360 security team can give me some ideas.

HongYi Zhou: On the previous issue, I want to add that apart from letting companies in other industries join in on the cyber security issue, you can also create reward programs for finding loopholes, so that the entire security community can help you solve security problems. Every year we help Google, Microsoft, and Apple solve many problems. They all have their own loophole reward programs to reward the teams that submit the loopholes.

Bo Yang: If the loopholes can be shorted, the community will not need to report it. It can be done quietly.

HongYi Zhou: Yes, from the hackers' point of view, there are many points of attack for a system or application. They try to attack them in various ways. The defects in software design and implementation are one of the most direct points of attack.

There are many security teams in 360 who will discover system vulnerabilities from different perspectives and give an overall security solution after the evaluation. Currently, blockchain applications are mainly based on smart contract applications and digital currency. From the perspective of security threats discovered by the 360 security team, there are indeed many security threats in the new blockchain field. We will gradually broaden our focus and research in this area. 

Question 7

Fred Wang: A friend who was engaged in information security reminded me to ask you a question, which can be answered only by those who are in this field, like you. The question is: After the Vulcan team discovered the big loophole, how did you consider the timing and manner of exposing the loophole? Did you think about whether the timing and manner in which such loopholes were revealed has reflected or met the general and responsible measures of the cyber security industry?

HongYi Zhou: I said previously that we dealt with it in a very responsible manner, which was also a general measure taken in the cyber security industry. Right after we discovered the loophole, the Vulcan team completed the research and testing and immediately contacted EOS's founder BM. We hoped to help the EOS development team solve the problem first and ensured that the loophole was not manipulated by attackers. It was only after the repair had been made that the loophole was disclosed.

The reason why we took this measure is that we hope to appeal to the public to pay attention to blockchain technology while also attaching importance to blockchain security. I think the time of disclosing current loopholes and measures taken after that are appropriate and responsible.

Question 8

Fred Wang: If 360 enters the blockchain industry, where are the opportunities? How do you evaluate the current status of digital currency exchange in the blockchain industry?

HongYi Zhou: Our focus on the blockchain now is definitely all about security. We do not disclose a loophole, and then repair it, and then after that just forget about it. I hope everyone will remember that this loophole in EOS is neither the last one nor the most important one. In the future, there will surely be more security issues in the blockchain industry. The security problems that have appeared in the traditional Internet sector will certainly appear in the blockchain industry. This is where our opportunity is. Of course, we also have the confidence and strength to take responsibility for it and ensure the health and stable development of the blockchain industry.

Fred Wang: We noticed that 360 released its "blockchain security situational monitoring system" in mid-May, and launched its "blockchain ecosystem security solution" in terms of four major sectors including wallets, exchanges, mining pools, and smart contracts. The products that have already been on the market include Dbank digital wallets, which has more functions than imtoken. Can you tell us about 360's layout and plans for blockchain security, such as: What will you do for exchange security, mining pool security and smart contract security?

HongYi Zhou: During this time, 360's security teams have made many efforts to conduct research and also come up with solutions in terms of the blockchain. In the future, we will launch three systems based on the blockchain security ecosystem, including a digital currency wallet security auditing system, blockchain security situational monitoring system, and blockchain node security solutions.

The first one is the digital currency wallet security audit system, which will outline in detail some of the audit points and explain how to make a relatively secure digital wallet to protect the user's property. The second is the blockchain security situational perceptive system. This system is based on the 360 Security Brain and can automatically monitor abnormal blocks, abnormal transactions, abnormal addresses, and smart contracts. It can not only minimize the risk of transactions, but also trace the source of illegal digital currency. The last one is a blockchain node security solution, which is currently targeted at EOS.

Fred Wang: In the next few years, will there be an influential security company in the blockchain industry in the same way as 360 is in the PC Internet era? In the blockchain era, can 360 security products be fully open source?

HongYi Zhou: As for the question of whether there will be a 360 in the blockchain industry, I think it will not happen. The solution to blockchain problems will be more about computerization. 360 will certainly be the main force, but it will not be a situation of "there is only one company outstanding from all others" as in the PC era; instead, there will be a lot of security companies and individuals working together to safeguard the security of the blockchain.

I want to add that, this is the blockchain security situational monitoring system that we have released.


Question 9

Fred Wang:At the recent 2nd World Intelligence Congress, you mentioned that "there is a safety problem with artificial intelligence itself." You cited the example where the 360 security team used ultrasonic interference technology to successfully make Tesla believe that obstacles ahead didn't exist. The 360 security team also got into Tesla's Hall of Fame because it reported the loophole. Your point is that artificial intelligence may have a 99.99% probability that its perception is correct, but in terms of security, as long as there is one possible perception error, it could lead to serious consequences. For example, some time ago, Uber's modified automatic driving test vehicle killed a woman in the United States, which demonstrated that today's artificial intelligence technology is not a complete system. I am surprised that 360 can cover such a wide range of areas in terms of security. What I am curious about is that what is the boundary of 360-defined security services? AI/IOT/Blockchain?

HongYi Zhou:We are concerned about artificial intelligence and blockchain. In fact, there is one thing in common with the security of AI and blockchain, which is that the algorithms for both AI and blockchain are achieved through code. Code is written by people, so loopholes are inevitable.

I have learned that in open source software, there are an average of 6-8 security loopholes per thousand lines of code.

As a person who is working in the security industry, when I see new things (including new technologies), I look at their positive sides, and I also unconsciously notice their potential security risks. People who work in the security industry are more like "gatekeepers" and always maintain a feeling of suspicion and protectiveness. Regarding the boundary issue, we are now entering an era of great security. For the development of new technologies such as cloud computing, big data, artificial intelligence, and the Internet of Things, cyber security is not just about basic information security, but about the security of the individuals' information, financial security, family security, travel security, corporate security, public security in society, national information infrastructure security, political security, military security and so on...

So I think we can't limit the boundaries of the security business. There are more and more security issues in the network security industry. This is not only a challenge, but also an opportunity for 360.

From the point of view of an entrepreneur or a CEO, the company should not be framed as being about one thing. Our focus is on security. Based on this, our boundary is a limited but infinite boundary.

Question 10

Fred Wang: In the age of the Internet PC, 'The Battle of Qihoo 360 and Tencent' is not only the most influential competition in Chinese Internet history, but also a glorious record in the developmental history of Qihoo 360. On the other hand, Tommy Ma also mentioned several times that Tencent was motivated by 'The Battle of Qihoo 360 and Tencent' to execute the strategy of an open platform. However, many new competitors emerged in the era of the Mobile Internet, such as ByteDance, XiaoMi, Meituan-Dianping, and so on. Unlike the era of the Internet PC, Qihoo 360 does not have the first-mover advantage. Does it make you feel lost? We all know that you are a man that many imitate. So will this be a big motivator for Qihoo 360 to aggressively enter the blockchain industry in the future? 


HongYi Zhou:In fact, the security industry is very exciting. Whether it was last year's blackmail virus, or yesterday's EOS loopholes, you find them and all of a sudden the whole industry will pay attention to you.

But at the same time, the security industry is fraught with loneliness and requires long-term efforts. For example, I mentioned before that Vulcan attacked IE11 within 11 seconds when they participated in the hacking contest. However, they spent a lot of time on code. We helped Microsoft, Google and Apple fix many loopholes. We are more like a group of guardians, standing behind everyone.

In the PC era, viruses and Trojan horses were rampant. We released 360 Security Guards and 360 Antiviruses to help solve security problems and may receive more attention for those. But in the era of the mobile internet, we also did a lot of things actually. You can look at the Google Acknowledgments list last year. We ranked first globally on Android and helped Google fix more than 200 loopholes, three times as many as the next one. In addition to this type of work, we also cooperate with public security agencies to combat fraud in telecommunication telephone networks with platforms such as the Hunt Network platform. These things may not be as exciting as they were in the past, but I think we have done some very meaningful things. We are very proud.

Over the years, we have accumulated a lot of original core technologies. For instance, the Security Brain I mentioned before is actually the result of our accumulated technology. The big data in 360's Security Brain is now the largest cyber security data collection in the world. Thanks to big data and data centers, the 360 Security Brain is now very competitive globally in terms of its situational awareness, intelligent process killing, offense and defense, traceability and emergency response.

We don't have to enter the blockchain industry, but we hope to continue playing the role of 360 security guardian. Blockchain applications are likely to become deeply embedded into many aspects of life and production. As the largest security company in China, 360 surely hopes to act as a "guardian" to protect blockchain applications.

Fred Wang: I've always wanted to work on a dialogue between "10 Questions with Fred Wang" and Zhou Hongyi, but I didn't expect it would be BM and EOS that would give me the opportunity. I don't know what moves you will make next, but Mars Financial will continue focusing on blockchain security. In the last segment, Yonghao Luo said that he would definitely work on a blockchain mobile phone, which was very impressive. Obviously, more and more companies have entered the blockchain industry, and they are cutting into the areas that they are familiar with. I think there will be more companies coming into blockchain industry.

You said that, "I am not afraid of changes in the world, nor the circling of the giants. What I am worried about is losing the spirit of enterprise and challenge, and finally being knocked down by myself." I like it very much. I heard that you recently published a new book called "Extreme Product". And you've also published a book called "Subversive" before. I suggest that others read these two books.

HongYi Zhou is really awesome. We have known each other for 20 years. I hope our team can learn from you and keep up the momentum.