undefined | Better HN

0 pointstaway201212y ago0 comments

You've written the same thing twice in this thread, without giving specifics.

Which Linode specific security policies caused you what specific "grief"? And what provider do you use now?

I know (1) they were late to the two-factor-auth party, (2) had a break-in where credit cards numbers were stolen, (3) a targeted attack that was used to compromise some bitcoin hosts.

I am aware of these incidents and still give full marks to Linode. The hardware is incredible. The hard disks are speedy. The network connection is very fast. My $20/mo is working much harder at Linode than it would at Amazon. :)

I've been hosting a lightly-used disk- and network- heavy app for a few months now. Never had a problem so far.

0 comments

3 comments · 2 top-level

bliti12y ago· 1 in thread

The credit card break in caused me a lot of grief. It just blew my mind how something so important would not be treated as such. If you do not take care of the basics, I cannot trust you with my code.

For most of my smaller needs, I use webfaction (web hosting and vps). Which has been very good. Costs more, but their support is very good. Bigger things go to Amazon.

I did not have hardware issues with Linode. Wish you the best of luck. Hopefully they have learned and taken security seriously since the last breach.

taway2012OP12y ago

OK. FWIW, I do not consider credit card number theft to be a big deal (I just lost my wallet a couple of weeks ago). I know I am probably in the minority on this.

That said, they should have an option to pay by paypal to outsource this risk to somebody else. I always pick paypal when I have the option to do so.

There's a saying that guarding diamonds and coal to the same extent is unwise. :)

Good luck and thanks for your reply!

ig112y ago

It wasn't the fact that they were hacked, it happens, it was the way they handled it. Their official statement read "We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed."

It was only after the hacker publicly posted detail of the hack that linode admitted that the hacker did have access to their customer database including encrypted credit card details.

Even then they failed to make it clear that the hacker claimed to have a copy of their encryption key (they made no attempt to deny this either).

All of Linode's press releases were written in a fashion designed to make Linode look as good as possible rather than attempting to protect their customers.

I used to be a fan of Linode but I cancelled all of my contracts with them as a result of their terrible handling of the situation.

j / k navigate · click thread line to collapse