|
Title: Linode hacked, CC info leaked Post by: muyuu on April 15, 2013, 07:54:02 PM https://news.ycombinator.com/item?id=5552756
http://slashdot.org/firehose.pl?op=view&type=submission&id=2603667 On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims http://turtle.dereferenced.org/~nenolod/linode/linode-abridged.txt Title: Re: Linode hacked, CC info leaked Post by: muyuu on April 15, 2013, 07:56:46 PM 06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers 06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously 06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source. 06:08 < ryannn> Nobody would figure it out until it's too late Title: Re: Linode hacked, CC info leaked Post by: Remember remember the 5th of November on April 15, 2013, 07:59:54 PM Title: Re: Linode hacked, CC info leaked Post by: muyuu on April 15, 2013, 08:02:23 PM Bitcoin service providers possibly affected. But they should know better than Linode at this point. Title: Re: Linode hacked, CC info leaked Post by: Nicolai on April 15, 2013, 08:55:44 PM 06:07 < ryannn> They say there's no 'central weak point' ... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.06:07 < ryannn> Yeah there is, there's the developers 06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously 06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source. 06:08 < ryannn> Nobody would figure it out until it's too late Title: Re: Linode hacked, CC info leaked Post by: muyuu on April 15, 2013, 10:20:39 PM 06:07 < ryannn> They say there's no 'central weak point' ... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.06:07 < ryannn> Yeah there is, there's the developers 06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously 06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source. 06:08 < ryannn> Nobody would figure it out until it's too late Still amusing that he bothered commenting on it. Linode don't take BTC do they? Title: Re: Linode hacked, CC info leaked Post by: deepceleron on April 16, 2013, 03:27:10 AM The hacker shows that he has access to linode's own www, and compromise was apparently over two weeks ago:
https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc You can see things like the yahoo and google webmaster tokens, and verify that they are files on the live site: http://www.linode.com/googledebcc14d3c9f777a.html Quote from: http://blog.linode.com/ We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset...You will be prompted to create a new password the next time that you log in So hackers get to reset your password to a new one... I guess at least you will know you are hacked then. Besides admins that steal your Bitcoins, "we suck at security, so we call the cops". Just another reason to run from Linode. Title: Re: Linode hacked, CC info leaked Post by: Atruk on April 16, 2013, 05:38:52 AM 06:07 < ryannn> They say there's no 'central weak point' ... and this is not true, as the official binary is signed, and many people run cronjobs to download and verify that the official binary hasn't been modified.06:07 < ryannn> Yeah there is, there's the developers 06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously 06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source. 06:08 < ryannn> Nobody would figure it out until it's too late Still amusing that he bothered commenting on it. Linode don't take BTC do they? Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service. Title: Re: Linode hacked, CC info leaked Post by: muyuu on April 16, 2013, 10:11:20 AM Linode being hacked was responsible for one of the first big hacking loses by a bitcoin service. I know. Which is why I said that BTC service providers should know better. Title: Re: Linode hacked, CC info leaked Post by: Herodes on April 16, 2013, 03:22:24 PM what goes around, comes around Linode. Was going to post this, but you beat me to it. Remember the sysadmins of Linode just laughed at the bitcoin businesses that lost their coins last time around..
Title: Re: Linode hacked, CC info leaked Post by: muyuu on April 16, 2013, 03:27:24 PM Update:
https://news.ycombinator.com/item?id=5556846 http://blog.linode.com/2013/04/16/security-incident-update/ ColdFusion. LOL. |
