Hacker News new | comments | show | ask | jobs | submit login

Right; according to HTP (http://straylig.ht/zines/HTP5/0x02_Linode.txt), it sounds like Linode were willing to delay notifying their customers of a serious incident in exchange for a promise from the attackers that the data would be destroyed -- the supposedly totally secure data, according to a later blog post from Linode.

The takeaway is that now, while I don't know if I can trust other VPS providers or not, I know I can't trust Linode. (Hell, to some extent, I trust HTP more than Linode now -- I haven't seen a dump of the Linode data on pastebin or a .ru forum yet.)

How a business handles disclosure of a compromise is as important to me as the fact that they were compromised. Notably, this is the second time they screwed up disclosure, after being raked over the coals for it the first time. I was willing to let the first one slide since Linode is so awesome in every other regard, and hope that they would handle the next incident more gracefully. Unfortunately, they didn't.

I agree, I just don't expect much from VPS hosts - although their handling of this was remarkably poor.

FWIW I'll be finding a new host, I just like to play devils advocate to balance discussions.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact