Hacker News new | past | comments | ask | show | jobs | submit login

I'd like to understand the what actions will be taken to prevent similar attacks in the future. Also, what can I as a linode customer to prevent my host from being compromised in a similar fashion.

Implementation of two factor authentication for your customers and requiring it for a root password reset would go a ways to preventing similar attacks.




Two-factor authentication for their support personnel you mean?


It should be required for their personnel and an option for me to enable for my account/specific Linodes.


The only excuse for this incident is if they did have 2-factor for their admin portal (which, from the discussion, is presumably separate from manager.linode.com) and someone conducted a targeted attack on a linode employee to compromise/steal both her token (either separate or a totp oath app like googleauthenticator or similar) AND her password.

If someone went to that much effort just to steal some bitcoins, they set their sights too low. Linode must host more valuable stuff.


Someone got off scot-free with a quarter million USD in anonymous currency. I'm not sure how that's setting sights too low...


Yes they are free a day after the event. There are bound to be logs and with that the possibility of capture. The person or people who did this are not quite resting easy, well unless it was a foreign entity that did it... That would change things considerably.


Given the nature of how bitcoin works, however, they can easily move the money through exchanges in foreign jurisdictions, effectively laundering it. There'd be a trail, with logs, but it'd be inaccessible to investigators.


> Linode must host more valuable stuff.

Such as? bitcoins are valuable and easy to run away with. Stolen credit card numbers are such a hassle to monetize that they can be bought with only $2 or $3 of e-currency.


Also, is this customer service portal available via a public URL? Shouldn't some sort of VPN access be required to even get on the network hosting these things?


Can additionally restrict by IP which. That is also the way Verisign protects the registry system that registrars use (as well as two factor authentication).


It is public yes, this is it: http://manager.linode.com/


I think there is some confusion here. That's the link to the customer portal, which needs to be pretty public.

I have no idea how Linode's support team access accounts, but I would hope it is less public.


The title of their blog post is: "Linode Manager Security Incident" and that's exactly the name of the customer website where you can manage your instance, billing, etc.

I think someone found a way to gain access to any Linode customer account through the customer website and from there shut down the instance, changed root password and rebooted (you can do that from there).


I think it's just poorly worded - from the OP and what I've read elsewhere someone accessed the portal used for customer service employees that has access to options/all hosts.


In any event, it's not very clear, which adds to my confusion/worries as a Linode customer.


Yes the notes in the original pastebin post kind of indicated it was an issue with a "customer support" control panel, maybe it's just another method or area using the Linode Manager.

I just wish they posted a little more, it feels vague.


It would be interesting to get a report on what actually happened - I've not seen anything official from Linode yet




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: