Page 1 of 3 123 LastLast
Results 1 to 15 of 42
  1. #1
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    369

    Linode allegedly compromised

    So, I have a Linode, right.

    I woke up this morning and someone named 'ryan' told me that my financial information was compromised.

    He provided this as proof: https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc ( mirrored at http://turtle.dereferenced.org/~neno...e/pastebin.png ).

    There is also discussion of it on their IRC channel. I have snipped out the relevant part of the conversation.

    Abridged: http://turtle.dereferenced.org/~neno...e-abridged.txt
    Full log: http://turtle.dereferenced.org/~neno...ode/linode.log

    I knew something was fishy when my 160 character generated password was claimed to be 'compromised'.

  2. Thread Summary Linode was indeed compromised:

    As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database.

    Contributors: Orien


  3. #2
    Join Date
    Mar 2012
    Location
    Tampa, FL =)
    Posts
    1,748
    Has Linode made a statement about this yet?

  4. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    I don't know but magically today my password expired on my dev account.

    Edit: http://blog.linode.com/2013/04/12/se...assword-reset/
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  5. #4
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,229
    Ouch I'm glad they took action and expired all passwords. Got to be hard to find someone has hacked they way in.

  6. #5
    Join Date
    Mar 2011
    Posts
    630
    My understanding was that they were not compromised but needlessly reset everyone's passwords anyway.

    See their wording:
    "coordinated attempt to access the account of one of our customers"

    "We have found no evidence that any Linode data of any other customer was accessed"

    I'm quite confused as to how an "attempt" to access "one" customer's data effects anyone else. If I had to make a guess, I'd suspect that they left out some vital information. People ATTEMPT to access ALL of my clients EVERY day. I suspect any host around here who watches incoming malicious traffic could say the same. I don't force everyone to reset their passwords every day. What am I missing here?
    MXroute - E-mail Hosting for Your Domain.

  7. #6
    Join Date
    Dec 2012
    Posts
    1,627
    Yeah, looks like linode expired everyone's passwords forcing them to update them as a security precaution. It seems even though this ryan kid claims the DB is on his computer, I would assume he cant do much with it as its probably encrypted.
    SolaDrive - Enterprise Managed Solutions
    Specializing in Managed SSD VPS & Dedicated Servers in US & UK
    Rated #1 Provider at Top 20 VPS Providers For Performance
    Visit us at SolaDrive.com

  8. #7
    Join Date
    Dec 2012
    Location
    localhost
    Posts
    294
    The higher you are the harder you fall.

  9. #8
    Join Date
    Sep 2012
    Posts
    81
    Quote Originally Posted by SolaDrive - John View Post
    Yeah, looks like linode expired everyone's passwords forcing them to update them as a security precaution. It seems even though this ryan kid claims the DB is on his computer, I would assume he cant do much with it as its probably encrypted.
    I would never assume such a thing. My experience of data breaches (which given I am a privacy guy is fairly substantial) is that it is more often than not that the data is NOT encrypted.

    Paladine

  10. #9
    Join Date
    Mar 2011
    Posts
    630
    Quote Originally Posted by Paladine View Post
    I would never assume such a thing. My experience of data breaches (which given I am a privacy guy is fairly substantial) is that it is more often than not that the data is NOT encrypted.

    Paladine
    For Linode's sake, and my own, I hope they are PCI compliant. What bugs me is that here Linode is clearly telling me I have nothing to worry about, then taking an action that clearly implies that I do have something to worry about.

    I don't know that I put much faith in this "Ryan" fellow but I would certainly urge him not to prove his point at our expense. If my billing data was compromised and Linode told me to reset my password for no reason, because even that wasn't compromised according to them, the amount of "upset" that I'll be wouldn't fit on any graph I've ever seen.
    MXroute - E-mail Hosting for Your Domain.

  11. #10
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    369
    Quote Originally Posted by jarland View Post
    For Linode's sake, and my own, I hope they are PCI compliant. What bugs me is that here Linode is clearly telling me I have nothing to worry about, then taking an action that clearly implies that I do have something to worry about.

    I don't know that I put much faith in this "Ryan" fellow but I would certainly urge him not to prove his point at our expense. If my billing data was compromised and Linode told me to reset my password for no reason, because even that wasn't compromised according to them, the amount of "upset" that I'll be wouldn't fit on any graph I've ever seen.
    They are not, read the IRC log on #linode:

    05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security

  12. #11
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    369
    I think it would be a very good idea to start making preparations to change card information.

    Luckily, I was on a bi-yearly plan so my card information was already expired anyway (due to another host being hacked I already changed it unfortunately... how ironic).

  13. #12
    Found this thread being slashdotted.
    But fortunately I don't have any plan with linode since years ago.

  14. #13
    Join Date
    May 2003
    Location
    Scotland
    Posts
    3,703
    Perhaps Linode being Linode being super cautious just went for a full reset of the passwords to get people to think more about their choice when selecting a password.

    Damned if they do and damned if they don't.

  15. #14
    Join Date
    Mar 2011
    Posts
    630
    Quote Originally Posted by W1H-Lee View Post
    Perhaps Linode being Linode being super cautious just went for a full reset of the passwords to get people to think more about their choice when selecting a password.

    Damned if they do and damned if they don't.
    That is an interpretation that I would accept. It did not come across to me that way so thank you for the alternate perspective.
    MXroute - E-mail Hosting for Your Domain.

  16. #15
    Join Date
    Sep 2012
    Posts
    81
    Quote Originally Posted by nenolod View Post
    They are not, read the IRC log on #linode:

    05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security
    Funny you should mention that I nearly stated in my last post "Either the data is not encrypted or the keys are stored in the same place as the data."

    You would be amazed how often it happens that way.

    Paladine

Page 1 of 3 123 LastLast

Similar Threads

  1. Linode - Does any shared hosting company use Linode's hardware?
    By fast1 in forum Managed Hosting and Services
    Replies: 14
    Last Post: 01-26-2013, 01:14 PM
  2. Linode Management console compromised
    By sellmestuff in forum VPS Hosting
    Replies: 23
    Last Post: 03-02-2012, 06:43 PM
  3. Man Allegedly Tries to Hide Drugs in Box
    By HakonHoy in forum Web Hosting Lounge
    Replies: 2
    Last Post: 04-03-2008, 09:11 PM
  4. Woman Allegedly Tries to Buy Pot From Cops
    By Hiccups in forum Web Hosting Lounge
    Replies: 6
    Last Post: 02-16-2006, 09:07 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •