View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Linode Resets Passwords due to exploit
Log in to Ask a Question

Linode Resets Passwords due to exploit

general

https://blog.linode.com/2016/01/05/secu … ord-reset/">https://blog.linode.com/2016/01/05/security-notification-and-linode-manager-password-reset/

Funny, I actually read this first on Slashdot 2-3 hours after the above blog post.

Really would have expected an Email security notice from Linode on this.

4 Replies

@Dweeber:

Really would have expected an Email security notice from Linode on this.
They are, but publishing a blog post is faster than sending hundreds of thousands of emails. They're doing both at the same time.

Last time they had to do an email blast, they used a third-party mail company and people complained that it looked like a phishing attempt. >_<

I saw the reset announcement on the status page since I was checking it fairly regularly due to the the DDoS attack.

However, I think their password reset mechanism has something to be desired. Upon logging in with my old password, I just got a form asking me to enter the new password. That is terribly insecure! I should have been emailed a unique reset URL with an expiring key, to then use to reset my password. As it was, if someone did have my password, all they would have to do is login, change my password, and I'd be locked out!

I concur. Either this is a terrible plan, or they have confidence that most users are not actually in danger.

@mwchase:

However, I think their password reset mechanism has something to be desired. Upon logging in with my old password, I just got a form asking me to enter the new password. That is terribly insecure! I should have been emailed a unique reset URL with an expiring key, to then use to reset my password. As it was, if someone did have my password, all they would have to do is login, change my password, and I'd be locked out!

I agree. This is terribly insecure!!

Shame on Linode.. You guys can do better!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct