hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : [FEATURED] Linode allegedly compromised
Reply

Forum Jump

Linode allegedly compromised

Reply Post New Thread In VPS Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 04-15-2013, 11:29 AM
kaniini kaniini is offline
Aspiring Evangelist
 
Join Date: Apr 2008
Location: Tulsa, OK, USA
Posts: 353

Linode allegedly compromised


So, I have a Linode, right.

I woke up this morning and someone named 'ryan' told me that my financial information was compromised.

He provided this as proof: https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc ( mirrored at http://turtle.dereferenced.org/~neno...e/pastebin.png ).

There is also discussion of it on their IRC channel. I have snipped out the relevant part of the conversation.

Abridged: http://turtle.dereferenced.org/~neno...e-abridged.txt
Full log: http://turtle.dereferenced.org/~neno...ode/linode.log

I knew something was fishy when my 160 character generated password was claimed to be 'compromised'.


Thread Summary
Thread Summary Linode was indeed compromised:

Quote:
As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database.

Contributors: Orien


Share This Summary:

Sponsored Links
  #2  
Old 04-15-2013, 11:36 AM
TravisT-[SSS] TravisT-[SSS] is offline
Temporarily Suspended
 
Join Date: Mar 2012
Location: Tampa, FL =)
Posts: 1,748
Has Linode made a statement about this yet?

  #3  
Old 04-15-2013, 11:37 AM
Steven Steven is offline
Problem Solver
 
Join Date: Mar 2003
Location: California USA
Posts: 12,917
I don't know but magically today my password expired on my dev account.

Edit: http://blog.linode.com/2013/04/12/se...assword-reset/

__________________
Steven Ciaburri | Proactive Linux Server Management - Rack911.com
System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
Managed Servers (AS62710), Server Management, and Security Auditing.
www.HostingSecList.com - Security notices for the hosting community.

Sponsored Links
  #4  
Old 04-15-2013, 11:54 AM
LC Mike LC Mike is offline
Web Hosting Master
 
Join Date: Dec 2010
Location: 127.0.0.1
Posts: 3,818
Ouch I'm glad they took action and expired all passwords. Got to be hard to find someone has hacked they way in.

  #5  
Old 04-15-2013, 12:01 PM
notinterested notinterested is offline
Web Hosting Master
 
Join Date: Mar 2011
Posts: 575
My understanding was that they were not compromised but needlessly reset everyone's passwords anyway.

See their wording:
"coordinated attempt to access the account of one of our customers"

"We have found no evidence that any Linode data of any other customer was accessed"

I'm quite confused as to how an "attempt" to access "one" customer's data effects anyone else. If I had to make a guess, I'd suspect that they left out some vital information. People ATTEMPT to access ALL of my clients EVERY day. I suspect any host around here who watches incoming malicious traffic could say the same. I don't force everyone to reset their passwords every day. What am I missing here?

  #6  
Old 04-15-2013, 01:13 PM
SolaDrive - John SolaDrive - John is offline
Corporate Member
 
Join Date: Dec 2012
Posts: 1,293
Yeah, looks like linode expired everyone's passwords forcing them to update them as a security precaution. It seems even though this ryan kid claims the DB is on his computer, I would assume he cant do much with it as its probably encrypted.

__________________
SolaDrive - Enterprise Managed Solutions
Specializing in Managed SSD VPS & Dedicated Servers in US & UK
Rated #1 Provider at Top 20 VPS Providers For Performance
Visit us at SolaDrive.com

  #7  
Old 04-15-2013, 01:43 PM
Inertia Networks Inertia Networks is offline
Golden Member
 
Join Date: Dec 2012
Location: localhost
Posts: 293
The higher you are the harder you fall.

__________________
Inertia Networks, LLC
@InertiaNetworks
facebook.com/inertianet

  #8  
Old 04-15-2013, 01:45 PM
Paladine Paladine is offline
Junior Guru Wannabe
 
Join Date: Sep 2012
Posts: 83
Quote:
Originally Posted by SolaDrive - John View Post
Yeah, looks like linode expired everyone's passwords forcing them to update them as a security precaution. It seems even though this ryan kid claims the DB is on his computer, I would assume he cant do much with it as its probably encrypted.
I would never assume such a thing. My experience of data breaches (which given I am a privacy guy is fairly substantial) is that it is more often than not that the data is NOT encrypted.

Paladine

  #9  
Old 04-15-2013, 01:53 PM
notinterested notinterested is offline
Web Hosting Master
 
Join Date: Mar 2011
Posts: 575
Quote:
Originally Posted by Paladine View Post
I would never assume such a thing. My experience of data breaches (which given I am a privacy guy is fairly substantial) is that it is more often than not that the data is NOT encrypted.

Paladine
For Linode's sake, and my own, I hope they are PCI compliant. What bugs me is that here Linode is clearly telling me I have nothing to worry about, then taking an action that clearly implies that I do have something to worry about.

I don't know that I put much faith in this "Ryan" fellow but I would certainly urge him not to prove his point at our expense. If my billing data was compromised and Linode told me to reset my password for no reason, because even that wasn't compromised according to them, the amount of "upset" that I'll be wouldn't fit on any graph I've ever seen.

  #10  
Old 04-15-2013, 01:55 PM
kaniini kaniini is offline
Aspiring Evangelist
 
Join Date: Apr 2008
Location: Tulsa, OK, USA
Posts: 353
Quote:
Originally Posted by jarland View Post
For Linode's sake, and my own, I hope they are PCI compliant. What bugs me is that here Linode is clearly telling me I have nothing to worry about, then taking an action that clearly implies that I do have something to worry about.

I don't know that I put much faith in this "Ryan" fellow but I would certainly urge him not to prove his point at our expense. If my billing data was compromised and Linode told me to reset my password for no reason, because even that wasn't compromised according to them, the amount of "upset" that I'll be wouldn't fit on any graph I've ever seen.
They are not, read the IRC log on #linode:

05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security

  #11  
Old 04-15-2013, 01:59 PM
kaniini kaniini is offline
Aspiring Evangelist
 
Join Date: Apr 2008
Location: Tulsa, OK, USA
Posts: 353
I think it would be a very good idea to start making preparations to change card information.

Luckily, I was on a bi-yearly plan so my card information was already expired anyway (due to another host being hacked I already changed it unfortunately... how ironic).

  #12  
Old 04-15-2013, 02:15 PM
GridPlanet GridPlanet is offline
New Member
 
Join Date: Jul 2012
Posts: 1
Found this thread being slashdotted.
But fortunately I don't have any plan with linode since years ago.

  #13  
Old 04-15-2013, 02:43 PM
~Lee~ ~Lee~ is offline
Ten years on this site!
 
Join Date: May 2003
Location: Scotland
Posts: 3,621
Perhaps Linode being Linode being super cautious just went for a full reset of the passwords to get people to think more about their choice when selecting a password.

Damned if they do and damned if they don't.

  #14  
Old 04-15-2013, 02:56 PM
notinterested notinterested is offline
Web Hosting Master
 
Join Date: Mar 2011
Posts: 575
Quote:
Originally Posted by W1H-Lee View Post
Perhaps Linode being Linode being super cautious just went for a full reset of the passwords to get people to think more about their choice when selecting a password.

Damned if they do and damned if they don't.
That is an interpretation that I would accept. It did not come across to me that way so thank you for the alternate perspective.

  #15  
Old 04-15-2013, 02:59 PM
Paladine Paladine is offline
Junior Guru Wannabe
 
Join Date: Sep 2012
Posts: 83
Quote:
Originally Posted by nenolod View Post
They are not, read the IRC log on #linode:

05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security
Funny you should mention that I nearly stated in my last post "Either the data is not encrypted or the keys are stored in the same place as the data."

You would be amazed how often it happens that way.

Paladine

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linode - Does any shared hosting company use Linode's hardware? fast1 Managed Hosting and Services 14 01-26-2013 01:14 PM
Linode Management console compromised sellmestuff VPS Hosting 23 03-02-2012 06:43 PM
Man Allegedly Tries to Hide Drugs in Box HakonHoy Web Hosting Lounge 2 04-03-2008 09:11 PM
Woman Allegedly Tries to Buy Pot From Cops Hiccups Web Hosting Lounge 6 02-16-2006 09:07 PM

Related posts from TheWhir.com
Title Type Date Posted
Linode Releases CLI Tool for Cloud Platform Web Hosting News 2014-01-29 17:15:43
Linode Mitigates DDoS Attack on Linode Manager Web Hosting News 2013-08-06 14:46:48
Name.com Resets Customer Passwords After Security Breach Web Hosting News 2013-05-13 14:43:19
Unpatched Adobe ColdFusion Vulnerability Made Linode Hack Possible Web Hosting News 2013-04-16 16:16:35
Linode Resets Passwords After Discovering Customer Hacking Attempt Web Hosting News 2013-04-15 13:25:41


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?