Re: [tlug] Linode DDOS postmortem

["SCHWARTZ, Fernando G." <fgs@example.com>]

On 01/31/2016 02:09 AM, Charles Muller wrote:
> Dear TLUGers,
>
> Just in case you haven't seen this yet, Linode has provided a very
> complete (and for me, confidence-inspiring) report of their handling
> recent attacks on their system.

Skimming through, I appreciate sincere words acknowledging that 
connectivity was fragile, that is, they haven't had full control to 
their "tier 1". It was targeted during the holidays, maybe more 
insider's work than we might think.

But it's PR damage contol to me now that people realize most 
infrastructures are just vulnerable even with all patches applied, best 
practices in place and a monkey looking at a screen 24/7.

One thing, I've seen outbreaks of phishing and general sh*t passing 
through "LiNode" coming to my shores in 2015 and they were promptly 
reported and their staff seemed to respond responsibly. Maybe that came 
with a price for "LiNode" in retaliation. Ask "CloudFare" and the likes 
what's part of their mitigation technology... They're plain 
cyber-criminal-friendly.

Many times "FBI" officials spoke about giving up trying to crack places 
like Ukraine with just not enough international legislation and the 
current affairs of corruption in such places. I can speak for my native 
Brazil, where they have to elect things with just not enough resources 
to fight back, in this case, giving priority to child pornography.

Saying things like "future looks bright" to "LiNode" is way too much 
wishful thinking to me as I can only see bigger and bigger challenges 
for us in this field.

Regards, Fernando.