I also find it really troubling they haven't released a "Here's what we're doing different" blog post in response to the attack. Their only blog post on the matter came a week (2 weeks?) after the intrusion, which they were of course pressured to release after everyone found out via a pastebin IRC transcript... By chance I happened to sign up for my first Linode account the day before that hit HN.
I hope their silence on the aftermath is due to an ongoing investigation with feds, or something, where they can't talk about it yet. Do they think their customers are stupid and will forget the incident?
Imagine if AWS had a security breach of that magnitude. They would release an initial 4000 word blog post in grave technical detail, and then follow up with a 25 page white paper, or whatever.
Oh, and to stay on topic, I tried Linode's 2-factor with Google Authenticator and it works well.
Do they think their customers are stupid and will forget the incident?
Yes. They have done it before and people on here still recommend them with a straight face. It honestly confuses me that people care so little about security.
I hope their silence on the aftermath is due to an ongoing investigation with feds, or something, where they can't talk about it yet. Do they think their customers are stupid and will forget the incident?
Imagine if AWS had a security breach of that magnitude. They would release an initial 4000 word blog post in grave technical detail, and then follow up with a 25 page white paper, or whatever.
Oh, and to stay on topic, I tried Linode's 2-factor with Google Authenticator and it works well.