Update:
https://news.ycombinator.com/item?id=5556846
http://blog.linode.com/2013/04/16/security-incident-update/
ColdFusion. LOL.
Topic: Linode hacked, CC info leaked (Read 2444 times)
what goes around, comes around Linode. Was going to post this, but you beat me to it. Remember the sysadmins of Linode just laughed at the bitcoin businesses that lost their coins last time around..
Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service.
I know. Which is why I said that BTC service providers should know better.
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
Still amusing that he bothered commenting on it.
Linode don't take BTC do they?
Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service.
The hacker shows that he has access to linode's own www, and compromise was apparently over two weeks ago:
https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc
You can see things like the yahoo and google webmaster tokens, and verify that they are files on the live site:
http://www.linode.com/googledebcc14d3c9f777a.html
So hackers get to reset your password to a new one... I guess at least you will know you are hacked then.
Besides admins that steal your Bitcoins, "we suck at security, so we call the cops". Just another reason to run from Linode.
https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc
You can see things like the yahoo and google webmaster tokens, and verify that they are files on the live site:
http://www.linode.com/googledebcc14d3c9f777a.html
Quote from: http://blog.linode.com/
We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset...You will be prompted to create a new password the next time that you log in
So hackers get to reset your password to a new one... I guess at least you will know you are hacked then.
Besides admins that steal your Bitcoins, "we suck at security, so we call the cops". Just another reason to run from Linode.
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
Still amusing that he bothered commenting on it.
Linode don't take BTC do they?
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified. 06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
?Bitcoin service providers possibly affected. But they should know better than Linode at this point.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
?
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
https://news.ycombinator.com/item?id=5552756
http://slashdot.org/firehose.pl?op=view&type=submission&id=2603667
On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims
http://turtle.dereferenced.org/~nenolod/linode/linode-abridged.txt
http://slashdot.org/firehose.pl?op=view&type=submission&id=2603667
On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims
http://turtle.dereferenced.org/~nenolod/linode/linode-abridged.txt
Jump to: