[Chugalug] Linode accounts compromised...again.

Lynn Dixon boodaddy at gmail.com
Tue Apr 16 14:59:42 UTC 2013


i have read about Linode being compromised regularly.  It seems there is
always some exploit happening. This latest compromise was handled pretty
poorly in my opinion.   Why the hell would you put your billing systems in
the same layers as your customers hosts? Why would you try to "bargain"
with the attacker?
Seriously though, if you are customer of Linode, you may want to check your
Credit Cards.  There are alot of reports of fraudulent charges on the cards
Linode customers had on file. It would appear Linode is very lacking when
it comes to PCI compliance :(

http://www.zdnet.com/vps-host-linode-issues-customer-wide-password-reset-7000014057/

More information and links from this latest compromise and how poorly
Linode has been handling the situation:
http://www.reddit.com/r/sysadmin/comments/1cf07d/vps_provider_linode_hacked_hacker_says_all_logins/

Here is a story of a Linode security failure from last year
http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/





On Tue, Apr 16, 2013 at 10:46 AM, Lee Walker <mrscumbagtoyou at gmail.com>wrote:

> I've been using Linode for almost 2 years, this is the 1st compromise I
> know of.
>
>
> On Tue, Apr 16, 2013 at 10:07 AM, Dan Eveland <develand at gmail.com> wrote:
>
>> I have not seen them compromised since I started using them a few years
>> go, but it's possible I didn't read some emails. Perhaps they are just more
>> open about these issues than other hosts? I have had fantastic results with
>> Linode. I find it far superior to Rackspace insofar as usability,
>> performance and support are concerned. I use both companies daily. In the
>> Drupal community, Linode very popular. I will freely admit have little
>> experience with Amazon's services in that category.
>>
>> Thanks.
>>
>> Dan
>>
>>
>> On Mon, Apr 15, 2013 at 8:35 PM, Lynn Dixon <boodaddy at gmail.com> wrote:
>>
>>> Why do people still use linode? It seems like they are compromised on a
>>> regular and routine basis.
>>>
>>>
>>> http://blog.linode.com/2013/04/12/security-notice-linode-manager-password-reset/
>>>
>>> _______________________________________________
>>> Chugalug mailing list
>>> Chugalug at chugalug.org
>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>
>>>
>>
>>
>> --
>> Dan Eveland
>> dan at daneveland.com
>> voice (727) 344-9179
>> fax (727) 362-9276
>> skype dan.eveland
>> www.daneveland.com
>>
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>
>>
>
>
> --
> Lee Walker
> Principal Engineer
> 404-405-1194
> l.s.walker (Skype)
> www.codejourneymen.com
>
> Code Journeymen LLC
> 100 Cherokee Blvd
> Suite #332,
> Chattanooga TN,
> 37405
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130416/615a202d/attachment-0001.html>


More information about the Chugalug mailing list