View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions New update on security breach - can we get an update please
Log in to Ask a Question

New update on security breach - can we get an update please

general

It seems that the hacker group who breached linode recently are making new claims and this has led Phusion Passenger guys to issue a security warning.

Can we get an update on what the situation is and some categoric statements? If there is more of a potential problem than we were originally led to believe then I think we need to know (or to the contrary).

Here is the warning issued by Phusion Passenger today:

http://us5.campaign-archive1.com/?u=979 … daed4e1bb6">http://us5.campaign-archive1.com/?u=9798cf0716b767b7c062d0f6f&id=4c781264e9&e=daed4e1bb6

What is worrying is that they were not informed by Linode that a problem existed :(

6 Replies

@tentimes:

What is worrying is that they were not informed by Linode that a problem existed :(

HTP claim that Linode didn't notify their customers until they were forced to by the FBI.

http://straylig.ht/zines/HTP5/0x02_Linode.txt

(Not that HTP can be trusted at all)

One can only hope HTP's hacking skills are better then their lame ass writing skills.

@vonskippy:

One can only hope HTP's hacking skills are better then their lame ass writing skills.

They write like retards, and their motivation isn't clear at all. They don't seem to be after money.

But then they did have access to a zero day exploit for cold fusion so they can't be entirely retarded.

The release doesn't seem to offer anything new, either. It has been long known that someone with access to a Linode via manager.linode.com can gain root access by rebooting that Linode (or creating a new Linode and cloning the images onto that, but that's certainly going to create some credit card activity). There's no indication that they found a way around that.

HTP are now claiming to have owned a whole lot more linodes.

and on irc they claimed to have owned lish

new lish a few weeks after HTP

It's hard to know what is true and what is just bluster. There seems to be quite a bit of crowing and unverifiable claims (eg, "we had full access but didn't do anything, not even a calling card").

sednet is right that "they did have access to a zero day exploit for cold fusion". Either they are the ones who uncovered the zero day or they bought it, so their lack of interest in financial gain in this circumstance is puzzling.

If they were after nmap, and they added something to the code (backdoor into the networks that run it, a report on the vulnerabilities found so they can compromise the networks running it, a way to mask their specific infections, whatever), then we should see a major spike in breaches of nmap users. I'm sure that the good folks at nmap have thought of this as well and are double checking everything.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct