Back on April 12, my Web host, Linode, sent me an email letting me know that I needed to reset my password without any further details. Today they announced that their user management application was hacked and that the hackers were able to download their full database, including hashed passwords and encrypted credit card information. The hackers also have the public and private keys to the credit card database. They can obtain the credit cards if they can brute force the passphrase for the private key. When it comes to security, taking shortcuts is death.
Linode post on getting hacked
Linode’s security incident report
Back on April 12, my Web host, Linode, sent me an email letting me know that I needed to reset my password without any further details. Today they announced that their user management application was hacked and that the hackers were able to download their full database, including hashed passwords and encrypted credit card information. The hackers also have the public and private keys to the credit card database. They can obtain the credit cards if they can brute force the passphrase for the private key. When it comes to security, taking shortcuts is death.
Commentary
security
Previous post
Peter Ludlow on Hacktivists as GadfliesNext post
The Miranda warning and constitutional rights