undefined | Better HN

0 pointsthreeseed10y ago0 comments

Could not disagree more. I would NEVER run anything serious on Linode.

They have a long history of withholding information from customers in the face of security incidents and outages. The last time they were hacked I found out from Reddit that it happened and even when they bothered to tell me they failed to say (a) what actually happened or (b) what steps they took to prevent it occurring again. And many, many outages had information communicated on the IRC hours before website was updated.

It is the culture and professionalism that differentiates one VPS provider from another. Linode gets a massive thumbs down for me.

0 comments

riquito10y ago

Their blog answer most of your questions.

https://blog.linode.com/2013/04/16/security-incident-update/

You can't prevent 0 days, and the informations hacked were encrypted.

threeseedOP10y ago

Remember that was the 2nd or I believe 3rd time the same management UI was hacked. And that post was done days after the incident occurred e.g.

http://www.webhostingtalk.com/showthread.php?p=8646073

The issue here is not the 0 days occurred but how you deal with them and what systems you have in place to prevent them. Linode has consistently been sloppy at notifying customers and their auditing systems are/were clearly inadequate since their positions changed over the few days. Sure their data is encryptable but if you are sloppy about the process you're likely pretty sloppy about the implementation. It's trivial to decrypt data if you haven't encrypted it properly.

j / k navigate · click thread line to collapse