Public-key cryptography

Passwords under threat at Linode

April 20th, 2013

One of the leading VPS hosting company Linode came under a vicious hack attack, that posed serious threats to its customers. Luckily for them, Linode had been proactive in safeguarding its customers’ credit card information. They had been successful in thwarting the attack. According to a blog post that was published soon after the incident, the company’s officials identified and blocked all suspicious activities on the networks.

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Read one of the blog posts on the company’s website. Linode maintains that a group named Hack The Planet (HTP) claimed   responsibility for accessing   Linode Manager web servers, by exploiting an obscure vulnerability in Adobe’s ColdFusion application server. These vulnerabilities tended to in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was belted out last week.

This is not the first time hackers have tried to get inside Linode .A year ago, sometime in the March of ’12 servers it hosted were hacked and the hackers got their bank balances full with bitcoins.

The susceptibility resulted in the group getting exposure to a web server, parts of Linod’s source code and finally its database. The company is reported to have been bending over backwards to safeguard critical information of its customers.

A customary investigation done by the company revealed that HTP did not get access to any other section of the company.

However, HTP has asserted it has access to those keys, however, as it was stored on the same server it compromised

The company also divulged a little information on how they function. Their database contains credit card numbers in an encoded format, using both public and private encoding. Since the private key is protected and the complex password is not stored on the network, it becomes next to impossible for hackers to get all the information

The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode,” one of the officials maintained.

It is advisable for the customers of Linode to change their passwords in case they have used their Linode passwords on any service other than Linode.

How Alertsec can be of help to customers in such murky waters

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Enhanced by Zemanta