[Hello71]

DO isn't any better, just hasn't been targeted by any serious attackers yet.

until very recently, they didn't allow using a custom kernel (except via kexec hackaround) and were quite slow updating their kernel for security patches. they repeatedly gave random dates for implementation, then repeatedly pushed them back, then eventually just ignored users on this issue for years.

their images were also poorly sanitized, leading to the well-known problem of SSH host key duplication, which was the case for years.

[nacs]

> just hasn't been targeted by any serious attackers yet.

Source? Just because they haven't announced any successful security breaches, doesn't mean they haven't been seriously targeted.

In fact, considering the amount of times my random dedicated server instance (not hosted at DO) gets hit with random attacks, I'm sure a large provider like DO has had numerous serious, targeted attacks against their network/servers/control panel/etc.

[Hello71]

> Source? Just because they haven't announced any successful security breaches, doesn't mean they haven't been seriously targeted.

True, and in fact the only basis for my statement is that they have historically taken security so not-seriously that it would be surprising if they were in fact able to withstand advanced attacks, given that even the most secure organizations are often unable to do so. (see: every talk at Black Hat)

> In fact, considering the amount of times my random dedicated server instance (not hosted at DO) gets hit with random attacks, I'm sure a large provider like DO has had numerous serious, targeted attacks against their network/servers/control panel/etc.

this statement is just as baseless as mine. perhaps even moreso, since the two numbers seem to have nothing to do with each other. one could just as well say "my server gets lots of bogus SSH attempts, so banks get robbed a lot".

[dpacmittal]

In addition to that, they even had security issues where people could use testdisk or any other file recovery tools to recover files which would often belong to another customer.

http://venturebeat.com/2013/12/30/iaas-provider-digitalocean...

[ryanlol]

>DO isn't any better, just hasn't been targeted by any serious attackers yet.

As the official authority on serious attackers I can confirm that his is in fact not true.