top | item 5555287

(no title)

cwb71 | 13 years ago

I am not sure that "gospel truth" is a fair characterization.

Anonymous IRC person has provided verifiable details that strongly suggest he or she had access to Linode administrative systems. Fyodor's post to nmap-dev supports the notion that customer nodes were accessed as well.

Linode has provided no details or evidence of anything.

I don't think one has to take that IRC log as gospel truth to be reasonably concerned about the security of their data stored by Linode.

discuss

eridius|13 years ago

The only "verifiable detail" I saw in the chatlog was the output of `ls` in the http root. And that's only verifiable because you can try to access that weirdly-named HTML file and get a 200 back. Honestly, that doesn't tell me a whole lot.

Everything else, such as the password hashes, don't seem at all verifiable (even if someone were to crack any of the hashes, you can't verify that the password worked at the time of the hack because Linode has presumably changed them all anyway).