The Linode Security Team

This week, in our new blog post series from the Linode Security team, we cover WooCommerce security, Capoea Malware, and more.

We recently received new information regarding our 2015 security incident which is relevant to Linode customers who activated their account before 2016. As detailed in our January 2016 blog post, we reset passwords for all users at that time after investigating unauthorized access to some customer accounts. This new information confirms the scope of database […]

This week Intel publicly disclosed a group of processor vulnerabilities known as Microarchitectural Data Sampling (MDS), also referred to as “ZombieLoad”. MDS affects systems that host virtual machines from varying security domains and/or that the system owner does not fully trust, which includes Linode's infrastructure and Linodes themselves.

Earlier this week Intel publicly disclosed a new class of processor vulnerabilities known as L1 Terminal Fault (L1TF). Variants of L1TF affect many single and multi-tenant environments, including some of Linode’s infrastructure and Linodes themselves. Read on for what you can do...

As we outlined in our last network update, our network engineering department has been hard at work revamping our entire Internet-facing network by turning up gobs of capacity and directly peering with hundreds of networks all over the globe. Since then, we have extended our network backbone to all datacenters in North America and Europe. This […]

We are proud to announce the opening of our ninth datacenter: Tokyo 2. There has been high demand for additional Linode capacity in this region and we’re excited to open up availability. Tokyo 2 offers all of the features and services as our other datacenters, at standard Linode pricing. Connectivity into Tokyo 2 features a […]

Linode has completed initial Internet capacity upgrades in all facilities. All of our data centers are now multi-homed with several tier-1 transit providers and the largest peering exchanges in the world. This marks a milestone in Linode’s history: we now manage our own true service provider network, allowing us to deliver robust and reliable connectivity. […]

A privilege escalation vulnerability being branded as “Dirty Cow” (CVE-2016-5195) was recently discovered and fixed yesterday in the Linux Kernel. It has existed for 11 years, so pretty much every device running Linux is affected (this includes VMs, physical machines, mobile devices, and so on) and, in general, distros from every vendor are affected. Linode […]

In his January blog post, Alex Forster articulated that we have a plan in motion to upgrade the network across all of our data centers. We would like to share with everyone what has been done so far, and what still needs doing. Staffing up Since December 2015, we’ve added two new members to our […]

On January 5, 2016, we issued a password reset for all Linode customers during our investigation into the unauthorized access of three customer accounts. We have been working with federal authorities on these matters and their criminal investigations are ongoing. Today we are sharing our findings and those of the third-party security firm we retained […]

Over the twelve days between December 25th and January 5th, Linode saw more than a hundred denial-of-service attacks against every major part of our infrastructure, some severely disrupting service for hundreds of thousands of Linode customers. I’d like to follow up on my earlier update by providing some more insight into how we were attacked […]

Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution. A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external […]