Keith C. Perry on 7 Jan 2016 09:38:03 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Time Warner and Linode report possible password breaches


Ok, so that is extremely bad.  I can't believe a former employee would do something that that.  Screwing the company is one thing- screwing the client is something else.


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Owner, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com


From: "Doug Stewart" <zamoose@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Thursday, January 7, 2016 12:18:03 PM
Subject: Re: [PLUG] Time Warner and Linode report possible password breaches

Based on what I've read, it's really bad. Looks like maybe a former employee either is directly responsible or perhaps sold off login credentials to malicious third parties who have been targeting the Linode Manager in particular with the DDoS to make it even harder for Linode customers to process their password resets.
We're looking to get any of our gear that's on Linode off.

HN thread, so take it with a grain of salt, but

https://news.ycombinator.com/item?id=10845170


On Thu, Jan 7, 2016 at 11:40 AM, Mike DePaulo <mikedep333@gmail.com> wrote:
Thanks,

On Thu, Jan 7, 2016 at 11:34 AM, Justin Reans <jreans@gmail.com> wrote:
> This article was just published today, and mentions Linode, which is asking
> users to update their Linode passwords ASAP. See links below.
>
> Original story:
> http://arstechnica.com/security/2016/01/time-warner-and-linode-report-possible-password-breaches/
>
> Linode response:
> https://linode.statuspage.io/incidents/ghdlhfnfngnh

They state "securely hashed passwords". However, they did not
explicitly state whether they are salted or what hashing algorithm is
used.

> "Effective immediately, Linode Manager passwords have been expired. You will
> be prompted to set a new password on your next login. We regret this
> inconvenience, however this is a necessary precaution."

-Mike
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
-Doug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug