[luser001]

Hmm, for a customer of a cloud provider, this sort of thing will be very hard to defend against.

Maybe if the customer service system had had two-factor security, this might have been avoided (i.e., customer service can access your account only if you read them your hardware token's code).

Requiring SSL/SSH client certificates even for intranet accesses might have deterred this attack.

I hope other cloud providers take note of this incident. This is a very interesting incident.

[ceejayoz]

> customer service can access your account only if you read them your hardware token's code

At the very least, I'd hope Linode implements two-factor authentication for their own logins. A customer-provided OTP would be great but you'd need a customer service reset tool for that when people forget, which would put you back where you started...

[ajross]

Not necessarily if the reset tool is manually driven and audited. The vulnerability we're worried about here is an automated attack against many customers of a single hosting provider.

There will always be ways to human-engineer your way into any single host. Having a hosting provider just increases the attack surface a little.

[ceejayoz]

> The vulnerability we're worried about here is an automated attack against many customers of a single hosting provider.

This was an attack against Linode's customer service systems, which allow their support reps to reset root passwords. There's no reason for that system not to be protected by two factor authentication on top of heavy logging.

[RLG_RLG]

You obviously have never worked for a retail ISP.

[wheels]

Actually not. Just use a loopback cypto FS to store the sensitive stuff. The reason they had to reboot the machine is that they just had access to the HDD where they could change the password, as opposed to having live root access.

[marshray]

I really doubt that "only HDD access" is a secure position in cases where your cloud provider CSR is pwned.

If that's even the case here. We don't have much indication that the attacker couldn't have taken a snapshot of a running system (or that that will be how it happens next time).

So, sure, use a loopback crypto filesystem. It just doesn't provide much in the way of a security guarantee (but it adds some measurable costs).

[tlb]

Indeed. Well-designed money storage systems aren't vulnerable no matter who has console access.

[lsc]

where do you keep the key to the crypto fs?

[RLG_RLG]

Written on a scrap of paper in your wallet. only the password and no other info should be on the scrap.

If you can memorize it, it is a bad password.

[bronson]

That's not strictly true. If you're careful and imaginative, with moderate effort you can commit a fair amount of highly random data to memory. You just can't expect to change it every month.

This may be oversimplified, but it's the correct horse battery staple.

[Avshalom]

Eh, it depends, a random fragment of a very long poem for instance can be quite easy to memorize but at 80-90 words/300-400 characters long is pretty damn secure, doesn't even need to be written down then.

[DanBC]

"muscle memory" helps here. People only need to refer to the scrap of paper for the first couple of weeks of entering a password.

Then that scrap can be securely stored somewhere else. (eg: In your "in case of death" box if you want people to have access when you die.)

[korny]

What the? If you write it down, it's a bad password. Make it a pass phrase, make it long. And possibly store it in an encrypted password database, protected by a master pass phrase.

[mckoss]

My password was randomly generated, has 85 bits of entropy and, it took me only a couple of days to memorize.

[eli]

Hmm, hope you don't take many vacations

[kristianp]

https://www.xkcd.com/936/

[kbuck]

You memorize it.

[lsc]

how do you transmit it to the server in such a way that it can't be intercepted by someone that compromises the bits of your virtual that boot before the key is uploaded?

[RLG_RLG]

By using your public key.

http://www.debian-administration.org/articles/152

You can also require a password AND a cert.

[lsc]

Yes, but will that help you if the attacker trojans whatever it is that is doing the decryption?

I mean, I'm very clearly not a crypto expert, but I do believe that this would be quite a lot like what Bruce Schnier calls 'the evil maid' attack. Instead of having a bootloader, you have a minimal Linux install, then you get a key to that minimal linux install, and that minimal linux install uses that key to decrypt your encrypted disk.

I believe that if that minimal linux install that does the decrypting is compromised before you log in, in theory, the attacker could then insert something in the code that runs after the data is decrypted to, say, send some of that data elsewhere, or, say, open a back door for them to log in and examine the decrypted data.

I mean, certainly, you are making the attacker wait for you to log in (assuming that they've only compromised the admin interface and don't have full root on the dom0) and that's another step you are forcing the attacker to take, and you do at least have a chance then of detecting the compromise and /not/ sending the key, so I'm not saying that it's worthless.

Of course, this is all protecting against a compromise of the admin tools that does not lead to a compromise of the dom0. If the attacker compromises the dom0 without rebooting it or otherwise disturbing the guests? they have access to your ram. They can snapshot both the ram and the disk and take apart the system at their leisure.

[javajosh]

Yes. Tracing this back to one of their own employees, the company is clearly liable for any resulting loss. If they do not find themselves liable (and a court does not) this will be a big problem for people doing shared or cloud hosting, and traditional, physically secure datacenters will see a resurgence.