It seems that the hacker group who breached linode recently are making new claims and this has led Phusion Passenger guys to issue a security warning.

Can we get an update on what the situation is and some categoric statements? If there is more of a potential problem than we were originally led to believe then I think we need to know (or to the contrary).

Here is the warning issued by Phusion Passenger today:

http://us5.campaign-archive1.com/?u=979 ... daed4e1bb6

What is worrying is that they were not informed by Linode that a problem existed

HTP claim that Linode didn't notify their customers until they were forced to by the FBI.

http://straylig.ht/zines/HTP5/0x02_Linode.txt

(Not that HTP can be trusted at all)

One can only hope HTP's hacking skills are better then their lame ass writing skills.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

They write like retards, and their motivation isn't clear at all. They don't seem to be after money.

But then they did have access to a zero day exploit for cold fusion so they can't be entirely retarded.

The release doesn't seem to offer anything new, either. It has been long known that someone with access to a Linode via manager.linode.com can gain root access by rebooting that Linode (or creating a new Linode and cloning the images onto that, but that's certainly going to create some credit card activity). There's no indication that they found a way around that.

_________________

/* TODO: need to add signature to posts */

HTP are now claiming to have owned a whole lot more linodes.

and on irc they claimed to have owned lish

new lish a few weeks after HTP

It's hard to know what is true and what is just bluster. There seems to be quite a bit of crowing and unverifiable claims (eg, "we had full access but didn't do anything, not even a calling card").

sednet is right that "they did have access to a zero day exploit for cold fusion". Either they are the ones who uncovered the zero day or they bought it, so their lack of interest in financial gain in this circumstance is puzzling.

If they were after nmap, and they added something to the code (backdoor into the networks that run it, a report on the vulnerabilities found so they can compromise the networks running it, a way to mask their specific infections, whatever), then we should see a major spike in breaches of nmap users. I'm sure that the good folks at nmap have thought of this as well and are double checking everything.