|
|
|
|
|
|
by marshray
4790 days ago
|
|
|
> The access that HTP obtained does not, full stop, lead to root on Linode instances without at least one shutdown job or change of root password job showing up in your Linode's history that you did not ask for. ... the access they obtained does not lead to root on the Linode host fleet itself I wouldn't bet on that. > There will always be targets but harboring SwiftIRC is probably a malicious-actor magnet. Isn't that the same logic Everydns/Dyn Inc. used when they censored Wikileaks? > All it takes is one zero-day, and you will all be hit by one in your career, so cut Linode a little slack. True dat. |
|
|
I don't need to wager, and can speak with authority based on what I know (which I'd prefer to leave vague). There are two vectors into a Linode's filesystem from the perspective of an internal attacker: having root on the Xen host or gaining a login on the Linode. Knocking over the database and Web server gives you neither unless the person reused their account's password as their root password, in which case it's behind a cryptographic hash and subject to the typical rules there. If you own the database, you do have LISH access which gives you the equivalent of a VGA console; if someone left that console logged in, it's a vector as well.
The only vector HTP would have had in the general case would be bouncing the Linode. It's a fairly sufficient air gap, in a way.