Topic: Suspect #1: Linode admins/insiders - page 3. (Read 4785 times)
Yeah I agree with you here.
I think it is more fair to assume that could be an action from a single employee than the whole compagny.
That's usually what happens.
That's usually what happens.
Sure, the company couldn't spend the BTC anyway. However, the company can spend the savings from less effort on security... and there's no way to tell what position the thief might have inside the company. The problem is: a customer should not have to care about the internal structure of a company he trades with. Especially on a free market, there needs to be someone responsible.
Linode is clearly responsible here. I would demand that they either prove that their security handling was appropriate, e.g. it was a hard-to-find flaw or a flaw in a system usually expected safe, or else pay the full amount. We can't have a market in which people can just write a post containing "lol I got hacked" and have other peoples' money disappear. That press release is insufficient, more of an insult if you ask me.
Just as a disclaimer, I'm not involved in this, just an external observer who finds the behavior absurd.
If I entrust A with X, and X ends up with some random person somewhere else, I demand a very good explanation from A. I advise that everyone demand a very good explanation from Linode.
I think it is more fair to assume that could be an action from a single employee than the whole compagny.
That's usually what happens.
That's usually what happens.
I really doubt a company like Linode would even consider risking anything for this amount of Bitcoin. If it was internal then it would most likely be a single employee. That is a possibility and if it was internal the chance of the individual being caught goes up considerably.
Jered
I think it is more fair to assume that could be an action from a single employee than the whole compagny.
That's usually what happens.
That's usually what happens.
I wonder why everybody assumes the hacker is outside Linode.
Isn't the most likely person to know of such security issues someone within the company? I didn't even know Bitcoinica was hosted there. Also, it reeks of sloppy admin password policy:
IMO, Linode is responsible, either by using the typical ridiculous internal security, or directly (admin, higher-up person, etc.). Anyone serious about their reputation would pay back what they likely took.
Also, their press release is a joke. "Only eight accounts were compromised," no mention that it happened to be exactly the accounts the thief needed.
Isn't the most likely person to know of such security issues someone within the company? I didn't even know Bitcoinica was hosted there. Also, it reeks of sloppy admin password policy:
Quote
compromised credentials used by this intruder (quote directly from Linode!)
IMO, Linode is responsible, either by using the typical ridiculous internal security, or directly (admin, higher-up person, etc.). Anyone serious about their reputation would pay back what they likely took.
Also, their press release is a joke. "Only eight accounts were compromised," no mention that it happened to be exactly the accounts the thief needed.
Jump to: