Author

Topic: Linode hacked, CC info leaked (Read 2458 times)

hero member
Activity: 868
Merit: 1000
April 16, 2013, 10:22:24 AM
#10
what goes around, comes around Linode. Was going to post this, but you beat me to it. Remember the sysadmins of Linode just laughed at the bitcoin businesses that lost their coins last time around..
donator
Activity: 980
Merit: 1000
April 16, 2013, 05:11:20 AM
#9
Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service.

I know. Which is why I said that BTC service providers should know better.
hero member
Activity: 700
Merit: 500
April 16, 2013, 12:38:52 AM
#8
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.

Still amusing that he bothered commenting on it.

Linode don't take BTC do they?

Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service.
legendary
Activity: 1512
Merit: 1036
April 15, 2013, 10:27:10 PM
#7
The hacker shows that he has access to linode's own www, and compromise was apparently over two weeks ago:

https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc

You can see things like the yahoo and google webmaster tokens, and verify that they are files on the live site:

http://www.linode.com/googledebcc14d3c9f777a.html

We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset...You will be prompted to create a new password the next time that you log in

So hackers get to reset your password to a new one... I guess at least you will know you are hacked then.
Besides admins that steal your Bitcoins, "we suck at security, so we call the cops". Just another reason to run from Linode.
donator
Activity: 980
Merit: 1000
April 15, 2013, 05:20:39 PM
#6
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.

Still amusing that he bothered commenting on it.

Linode don't take BTC do they?
newbie
Activity: 39
Merit: 0
April 15, 2013, 03:55:44 PM
#5
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.
donator
Activity: 980
Merit: 1000
April 15, 2013, 03:02:23 PM
#4
?

Bitcoin service providers possibly affected. But they should know better than Linode at this point.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
April 15, 2013, 02:59:54 PM
#3
?
donator
Activity: 980
Merit: 1000
April 15, 2013, 02:56:46 PM
#2
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
donator
Activity: 980
Merit: 1000
April 15, 2013, 02:54:02 PM
#1
https://news.ycombinator.com/item?id=5552756

http://slashdot.org/firehose.pl?op=view&type=submission&id=2603667

On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims

http://turtle.dereferenced.org/~nenolod/linode/linode-abridged.txt
Jump to: