Forgot your password?
typodupeerror
Bitcoin

Linode Exploit Caused Theft of Thousands of Bitcoins 450

Posted by samzenpus
from the say-goodbye dept.
Sabbetus writes "Popular web hosting service Linode had a serious exploit earlier today. Apparently the super admin password for their server management panel was leaked and allowed a malicious attacker to target multiple Bitcoin-related servers. The biggest loss happened to a major Bitcoin mining pool that lost over 3000 BTC, which is currently worth almost 15 000 USD. Now the question is, will Linode compensate for lost bitcoins?" Update: The 3000 BTC theft was not even close to being the biggest, Bitcoin trading site Bitcoinica lost over 40,000 BTC.
This discussion has been archived. No new comments can be posted.

Linode Exploit Caused Theft of Thousands of Bitcoins

Comments Filter:
  • oops (Score:5, Funny)

    by buzzsawddog (1980902) on Thursday March 01, 2012 @11:09PM (#39216913) Journal
    oops...
  • Newsflash (Score:5, Insightful)

    by Anonymous Coward on Thursday March 01, 2012 @11:09PM (#39216915)

    Imaginary currency is not safe.

    • And real banks and credit systems are never robbed... They should have had insurance to cover this. If not, they are in a very bad way.
      • Re:Newsflash (Score:5, Interesting)

        by Kenja (541830) on Thursday March 01, 2012 @11:27PM (#39217021)
        That would be an interesting claim to file. "They stole my bits! I demand that you replace them."
        • Re:Newsflash (Score:5, Interesting)

          by mrmeval (662166) <<mrmeval> <at> <gmail.com>> on Thursday March 01, 2012 @11:45PM (#39217121) Journal

          Isn't that the point of bitcoin? To make the intangible tangible? If those bits can be stolen they're about as tangible as it gets. ;) So there is a loss. I'm sure Lloyds of London could write that policy but I don't see them doing it for a price that was affordable.

          • by BenJCarter (902199) on Friday March 02, 2012 @12:55AM (#39217437)
            Perhaps if they paid for the policy in Bitcoins?
          • Re:Newsflash (Score:5, Insightful)

            by dlgeek (1065796) on Friday March 02, 2012 @12:56AM (#39217445)
            How would insurance of bitcoins even work? It seems particularly challenging for many reasons.

            Generally, insurance policies are written for things with a strongly-known approximate value. Jewlery, physical property, buildings, a fixed amount of cash in a safe.... You can't generally get insurance on things with fluctuating value like real estate (you can insure the building on top of it, but you can't insure the lot against loss of value), various financial instruments, commodities futures, etc. Bit coins are highly variable - if I take out a policy against 10,000 bit coins, and they're lost, what value would the policy pay out based on? The value at the time I got my policy? The value at the time they were stolen? The value at the time the claim is settled? Does this take into account that if someone steals a large number of bitcoins, they're probably going to liquidate them quickly, which would depress the market? If the policy is based on the value at the time it's issued, the insured party has a motivation to purposefully lose or destroy the coins if the market dramatically drops - the insured value is higher than the market value. On the other hand, if the policy is based on the market value at the time of the incident, the insurance company's costs can skyrocket and no sane underwriter would write such a policy.

            Speaking of the insurred's motivation to defraud based on fluctuating value, the risk of fraud here is sky-high. A cryptographically-secure, untraceable currency where mere knowledge of a few numbers is enough to steal the entire value without leaving any evidence behind? It'd be trivial for the owner to purposefully leave a backdoor, then anonymously exploit it, especially given the nasscent state of computer security in the legal system. It wouldn't even have to be that subtle a hole, either. As far as I know, there isn't any precedent to establish what liability companies have with regard to negligence in the field, with the notable exception of PCI:DSS for the credit card industry. (For example, all the cases against Sony were dismissed as far as I'm aware.) In our current environment, the insurance company would have a hard time proving neglicence to dispute the claim. With that kind of risk, there's no way any insurer would issue that kind of policy. I just don't see any reasonable way that an insurance company would write a policy like this, at any price. Moreover, many of these issues reach past the bitcoin realm and apply to all sorts of online providers. As more and more of companies move data to "the cloud" - what kind of recourse do they have when security and availibility events happen. Can I get an insurance policy to protect me if my cloud email provider exposes confidential business informaton to the world which significantly impacts my revenue stream? It's a very thorny landscape...
            • Re:Newsflash (Score:5, Insightful)

              by plover (150551) * on Friday March 02, 2012 @01:04AM (#39217495) Homepage Journal

              It may appear thorny, but insurance is simply legitimized gambling, which ultimately is dirt simple. The company will lay odds against your losses. Now, they're going to study what's happening, and they're going to change the premiums on a scheduled basis, and they're going to present a quote that represents their estimate of your chances of loss, and they're going to have a lawyer write as many weaselly exclusions in the policy that they think they can get away with. If you ask them to insure $10,000 worth of bitcoins against loss, and they're only 50% confident in your security, they may take those odds and set your premium at $6,000.

              That's the other thing about insurance companies. They're exactly the same as the casino owner: the house always gets its cut.

              • by ComaVN (325750) on Friday March 02, 2012 @01:15AM (#39217547)

                They're exactly the same as the casino owner: the house always gets its cut.

                Not quite. The casino sets the rules of the game, making sure they know EXACTLY what the odds are, thereby turning long-term profit into a statistical certainty. The insurer has to guess the odds, and can actually guess wrong, so there's a lot less certainty. That's why there are reinsurers, who insure the insurers against unexpectedly large payouts.

                • by plover (150551) *

                  True, casinos are substantially more honest than insurance companies. The house cut is right there printed on the table for anyone to see. The insurance company, on the other hand, doesn't have to tell you the odds they calculated. They can compute them at 1% and charge you 10%, and you will never know.

                  And there are lots of methods for assessing risk that yield probabilities. FAIR [wikipedia.org] is one such practice that's gaining acceptance in the info security world. ISO 31000 is an attempt to standardize risk mana

                • At least US ones. The gaming commission of the various states that engage in it checks to make sure payouts are as required. They catch any tampering with it, there is hell to pay.

                  In the case of physical game (like Roulette) there are possibilities for some strange streaks, the overall payout is regulated by payout vs probability (like every number has a 1/36 probability of occurring but a bet on any number pays only 34:1) but on machine games it is regulated even tighter. The machines have specific percent

            • by tlhIngan (30335)

              Generally, insurance policies are written for things with a strongly-known approximate value. Jewlery, physical property, buildings, a fixed amount of cash in a safe.... You can't generally get insurance on things with fluctuating value like real estate (you can insure the building on top of it, but you can't insure the lot against loss of value), various financial instruments, commodities futures, etc. Bit coins are highly variable - if I take out a policy against 10,000 bit coins, and they're lost, what v

        • by FatdogHaiku (978357) on Friday March 02, 2012 @01:52AM (#39217715)
          Well, we can replace the 1's with no problem, but we can't give you anything for the 0's...
          Where would you like those emailed?
        • by sixtyeight (844265) on Friday March 02, 2012 @02:14AM (#39217821)

          That would be an interesting claim to file. "They stole my bits! I demand that you replace them."

          The RIAA, MPAA and Microsoft have been doing it for years now.

        • by snookums (48954)

          That would be an interesting claim to file. "They stole my bits! I demand that you replace them."

          Do you think that when you deposit money in the bank they put a pile of cash in the safe for you?

          Almost all modern currency is bits.

        • "They stole my $WHATEVER!" is exactly why umbrella insurance policies exist. Yes, they cover lost bits. Yes, they have value, and it costs real money to replace them, just like pieces of paper printed with green ink also have no intrinsic value but it's reasonable to have insurance to cover them.

          As for the GP's point that Bitcoin is imaginary money: Your bank account balance is also just a bunch of bits in a database somewhere. The vast majority of those bits don't even have green pieces of paper to bac

      • by Dunbal (464142) *
        Tell me, how much do you lose if your bank gets robbed?
    • by matrim99 (123693)
      All currency is imaginary.
    • Re:Newsflash (Score:4, Insightful)

      by ultranova (717540) on Friday March 02, 2012 @02:32AM (#39217891)

      Imaginary currency is not safe.

      All currency is imaginary. It's an abstract representation of wealth, which in turn is an abstract representation of resources and services owed to you. And of course the entire concept of owing - debt - is a purely social construct, and thus imaginary.

      But yeah, wealth is not safe.

  • by cold fjord (826450) on Thursday March 01, 2012 @11:10PM (#39216921)

    The greatest value of bitcoin seems to be in generating headlines.

    • Ever read/watch/listen to the news? Besides terrible things happening to people, 90% of the headlines are the government doing something questionable. Following your logic...

    • If the people who play with Bitcoins don't keep making headlines and hype, they face the very real possibility of their "investment" going down to zero. They are not catching on as use as a general currency. You can't go spend BTC at Newegg or Amazon or the like. So they have to keep new people interested to keep this going. Otherwise nobody will want to buy BTC meaning the value will effectively be zero. You'd still be able to trade them among people who take them, but since that is almost nobody it gets y

  • by Laebshade (643478) <laebshade@gmail.com> on Thursday March 01, 2012 @11:10PM (#39216923)

    http://www.linode.com/tos.cfm [linode.com]

    Section 9, paragraph 1:

    Subscriber acknowledges that the service provided is of such a nature that service can be interrupted for many reasons other than the negligence of Linode.com and that damages resulting from any interruption of service are difficult to ascertain. Therefore, subscriber agrees that Linode.com shall not be liable for any damages arising from such causes beyond the direct and exclusive control of Linode.com. Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred. In no event shall Linode.com be liable for any special or consequential damages, loss or injury. Linode.com is not responsible for any damages your business may suffer. Linode.com does not make implied or written warranties for any of our services. Linode.com denies any warranty or merchantability for a specific purpose. This includes loss of data resulting from delays, non-deliveries, wrong delivery, and any and all service interruptions caused by Linode.com.

    • by Wonko the Sane (25252) * on Thursday March 01, 2012 @11:21PM (#39216987) Journal
      Those people had no business storing $15,000 worth of irreplaceable data, electronic currency or not, on a service with these kinds of terms. Instead of spending an appropriate amount of money for the proper security they gambled with a service not designed to insure against that kind of liability and lost.
    • by v1 (525388) on Thursday March 01, 2012 @11:25PM (#39217015) Homepage Journal

      Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred.

      So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

      That's very likely to go to court. They may win or they may lose, but that fails the "common sense" assumption that part of what you are paying for is at least reasonable security for your IP at the facility you are leasing time on. And losing control of your hypervisor-ish password should be easy to prove to be negligent.

      I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers. But that's basically what this is going to tell all their customers now. They'd have been a lot smarter to just have quietly reimbursed them. It'll cost them more due to bad publicity.

      • by jpmorgan (517966)

        And? You get what you pay for. Linode is a cheap VPS provider. I doubt Linode signed up to accept tens of thousands of dollars of potential liability when they took these guys on as customers. I sure as hell wouldn't, not without charging a lot more.

        Cheap is fine if you want to run a normal website, but obviously not sufficient if you plan on storing bitcoin. Remember this is currency. There's a reason banks have vaults and don't store their currency in utility closets built by the lowest bidder. And these

        • The vault at the bank does not contain the money. It contains banks of small, thin-walled boxes. The purpose of the vault is to appear impressive, to attract customers.

      • by exomondo (1725132)

        I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers.

        So you're suggesting they had no security and they just 'let random vandals come in'? That's clearly not what happened.
        And realistically if you're storing that sort of data you don't just plonk it on any service and hope for the best, you go for a service that offers insurance and some added security.

        So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

        Yes, in which case people storing valuable data will go with a service designed for that sort of thing, probably at a higher price to cover insurance and added security costs.

    • ...of such a nature that service can be interrupted for many reasons other than the negligence of Linode.com

      Allowing a "super user" password to fall into unauthorized hands *is not* negligence of Linode.com?

    • by mysidia (191772)

      Linode can put in disclaimers until they are blue in the face. Obviously they have made an effort to disclaim liability for service interruptions.

      The issue they could likely be sued over is not the service interruption, and not necessarily negligence in regards to proferring the service.

      But the issue, being that Linode may be strictly liable for their exposure of sensitive customer data due to their direct failure to maintain reasonable care in the maintenance of Linode systems' security, in the for

      • by mysidia (191772)

        P.S. Linode may be implicitly and strictly liable for damages caused by the "linode admin" product on hosted servers.

        Separate from any liability for the manner in which service is provided.

        In many states, manufacturers cannot disclaim one or more forms of implicit liability.

        Just in the same manner, as a manufacturer cannot disclaim warranty in case, your brand new toaster blows itself up the first time you plug it in, due to a manufacturing defect

        The manufacturer will be responsible for your injur

  • ToS (Score:4, Insightful)

    by Rinisari (521266) on Thursday March 01, 2012 @11:17PM (#39216969) Homepage Journal

    I saw an analysis of their Terms of Service somewhere, indicating that they will only compensate up to the value of the service paid. So, if your service was $100/mo, they'd only compensate you for the downtime you experienced, or up to that month's service charge of $100.

    If Linode cares about Bitcoin, it will find a way to compensate its users. Otherwise, if the users who lost money are up to it, I'm sure there is at least one lawyer out there willing to be counsel on the first case involving theft of a digital currency, testing whether or not the data/rights to data stolen are legitimate property of legal value. We supporters of Bitcoin say, "Of course!" but it's not until there's a legal precedent that we really can say that.

    Or, Linode can sit behind its ToS and test contract law.

    Or, the users can vote with their money and leave Linode and tell others why they're leaving.

    At least in my eyes, that I would ever consider Linode in the future is hanging in the balance, and they've previously always had a good reputation in my mind. I would venture that there are plenty of other like-minded geeks out there. Given that Linode's market is primarily we geeks, I believe it behooves them to do the right thing and compensate for the losses.

    • Re: (Score:3, Funny)

      If Linode cares about Bitcoin, it will find a way to compensate its users. Otherwise, if the users who lost money are up to it, I'm sure there is at least one lawyer out there willing to be counsel on the first case involving theft of a digital currency, testing whether or not the data/rights to data stolen are legitimate property of legal value.

      Out of principle, shouldn't the complainants only hire a lawyer who will agree to be paid in Bitcoins?

      • by kiore (734594)
        I would imagine that the crackers would want the same deal with their lawyers
  • Seems like Linode had more in common with Disney's Pirates of the Caribbean ride than, say, San Francisco Bay. Yarrr!

  • Social or technical?

  • No correlation. (Score:5, Insightful)

    by Anonymous Coward on Thursday March 01, 2012 @11:32PM (#39217049)

    Meh. No correlation. Linode has nothing to do with Bitcoins. You could store magic unicorns on their servers, want compensation if they get stolen? In the end _you_ are responsible for your data, not the host. So sorry if Bitcoin is flawed to the point where it can be so easily stolen by little old root. If you purchase service with a back up plan and the servers get hacked and your content is deleted, then you would legally/reasonably expect a restore but sorry fake money that gets "stolen" doesn't count.

  • Let's write a news article about it
  • Got me, but if I had $50k in digital currency I think I'd spread my risk around and stash bits (no pun intended) across many servers at many different hosting sites and companies. The things are like $20/month, for pete's sake.
  • by Chalex (71702) on Thursday March 01, 2012 @11:38PM (#39217085) Homepage

    Back when I worked for a web host company, we occasionally (rarely) had some issues where customers got screwed. In the worst case, your VPS is on a box where multiple disks die in a RAID array, and you don't have backups, and that's that.

    We were customer-friendly, so we would refund the customer's hosting charges if something went terribly wrong. But if you're paying $19/month, you can't really expect us to refund you more than $19/mo when something goes wrong.

    There's a rule of thumb in physical security; you should spend ~5% of the value of the thing to secure the thing. E.g. ~$1000 bicycle means ~$50 bicycle lock. If you're using a $19/mo service to hold $10k worth of value, you better be taking some other precautions. These guys were doing the equivalent of keeping $10k in cash in a $20 lockbox in a public place.

  • by slashmydots (2189826) on Thursday March 01, 2012 @11:43PM (#39217101)
    Oh the drama. As an actual bitcoin miner, let me fill you in on the real story instead of that media fluff that's purposely inflated to overdramatic proportions. Almost all bitcoin mining pool websites are configured to pay people every time 1 BTC is reached. That's around $5 US and takes a mediocre mining rig approximately 2 days to generate. So the most that the average person probably lost is $0.01 - $5.00. NOBODY keeps massive piles of BTC sitting around at the pool itself. The exchanges, yeah, but not the pools. They're known for lax security too. At the #1 biggest mining pool, your miners' login passwords are listed as plaintext on the page because what are people going to do, mine for you? And none of your money stay there for long so nobody really cares.
    What really doesn't add up is the 3000 BTC estimate. Even Deepbit, the largest pool, doesn't have 6000 members, which would be the number required to, at any given point in time, have an average of 3000 BTC on-hand. So it likely was the site owner's profit pool that got robbed the most heavily.
    • by godofpumpkins (1340039) on Friday March 02, 2012 @12:05AM (#39217243)
      What about the 43,000 coins bitcoinica reported stolen in the same breach? Still overblown? https://bitcointalk.org/index.php?topic=66979.0 [bitcointalk.org]
    • Actually, pool users aren't losing anything. The "hot" wallet stored at Linode was only the daily-use petty cash fund used for routine payouts. The bulk of the pool's balance is in "cold" storage and was not affected, so it's not like they were cleaned out. They got the register at the front, but not the safe in the back.

      The owner of the pool, Slush, is covering the losses out of pocket, so nobody is losing anything except him.

      The same story (though with a larger "hot" wallet) is happening over at Bitcoi

    • by dbIII (701233)

      NOBODY keeps massive piles of BTC sitting around at the pool itself

      I'm sorry, but do you really expect us to think that people who get taken in by ponzi schemes are likely to be careful with their get rich quick scheme?
      It looks like we've got our own little cut rate reality TV show here where we can marvel at the sharks and minnows in a squalid little pretend ecosystem.

  • by Anonymous Coward on Thursday March 01, 2012 @11:43PM (#39217105)

    A question I consider sometimes is the relationship between Bitcoins and the US Customs (or any other border agency.)

    When we cross the border there are obvious signs making it clear that if you carry more than $10,000 across the border (Canadian or American in my case) in either direction you must declare the transaction. Suppose one's bitcoin wallet is on their cellphone and they are carrying more than $10,000 worth of bitcoins on their cellphone. Would these need to be declared?

    I guess it would be similar to carrying bearer bonds across the border but I'm not certain what the conditions are for those, either.

    The concern would be whether two people with cellphone bitcoin wallets could meet and move bitcoins from one cellphone wallet to the other without another server or service being involved in the transaction. If so then I can certainly see how this process could be used to facilitate illegal transactions with less obvious traces than carrying large volumes of actual cash.

    • Have you tried carrying a checkbook through customs? Its the equivalent. Customs only has a need to know of real cash or valuables (say gold, meth) being carried through them, they dont really have to bother about anything else.

    • You are correct, bitcoins make it easier for the average person to move large amounts of money across borders to facilitate any transaction (illegal or not). As it currently stands, you need the resources to set up a reliable way to cross the border with the money undocumented or shell corporations, etc that hide the true purpose of the money transfer.

      The real question is :
      Since the well connected and wealthy will find a way to do this either way, is it not better that everyone can now do it?

      The answer:
      I du

      • You are correct, bitcoins make it easier for the average person to move large amounts of money across borders to facilitate any transaction (illegal or not). As it currently stands, you need the resources to set up a reliable way to cross the border with the money undocumented or shell corporations, etc that hide the true purpose of the money transfer.

        This is called hawala, and is very much legal, and is much more efficient that bank transfers in many cases.

  • by YesIAmAScript (886271) on Thursday March 01, 2012 @11:48PM (#39217131)

    If anyone (like me) was wondering if there was any confirmation that linode accepted blame other than from the person who was robbed, there is.

    http://status.linode.com/2012/03/manager-security-incident.html [linode.com]

    Linode is actually rather lucky this person who did this only went for 8 machines. They could have been in a whole lot more trouble when someone got access like this.

  • Bad decisions were made. If you have ever had to deal with PCI DSS certification then you know what the credit card processing companies expect of their merchant customers. Now imagine the standards the credit card companies themselves try to adhere to. Some developers using BitCoin need to think about the security Big Picture before creating infrastructure for their projects/businesses. Keeping a BitCoin wallet containing thousands of BTC on a little cloud server is not wise.

    Having said that, there is a so

  • Awesome (Score:3, Funny)

    by glwtta (532858) on Thursday March 01, 2012 @11:56PM (#39217201) Homepage
    So I take it we're back on the BitCoin thing full-time?

    Does this mean that we at least don't have to see anything about Raspberry Pie or Strawberry Jam, or whatever, for a few weeks?
    • by Bieeanda (961632)
      You wish. As soon as the second batch goes out, there's going to be a flurry of articles about some guy who daisy-chained a hundred of them together for mining.
  • by slashmydots (2189826) on Thursday March 01, 2012 @11:57PM (#39217205)
    Boy did they bury the lead. Here's the entire story. Allegedly someone broke into the Linode web hosting company, hacked specifically just 8 sites involved in bitcoins and THAT'S IT, no other sites, and stole a hell of a lot more than 3000 BTC. 3000BTC isn't significant but 43,554 BTC were stolen from another major exchange, Bitcoinica. That company is claiming they have the money to cover it and will reimburse everyone. That's almost a quarter of a million US dollars by the way.

    Apparently the word on the street is this was targeted and definitely an inside job from an employee or multiple employees at Linode. The easiest way a simultaneous 8-site web control panel hack would be to simply log in with a secret back-door master password that basically all web hosts have. Either someone hacked Linode and found out that master password or it was an employee, the latter of which is obviously a lot simpler and more believable.
  • by yukk (638002) on Friday March 02, 2012 @12:44AM (#39217395)
    1. Generate bitcoins.
    2. Hack in and steal bitcoins.
    3. Sue for real money.
    4. Profit!
  • by dadioflex (854298) on Friday March 02, 2012 @03:07AM (#39218071)
    are really starting to sound a lot like gold/silver bugs do on the investment forums. I'm invested in uranium exploration, oil exploration and undersea exploration companies and I suspect they are no more safe an investment that Bitcoin, or (right now) gold and silver. But damn, you don't hear me frothing at the mouth every time someone starts talking about BP or Fukushima. Fact is, the value of my risky investments and Bitcoin can both flat-line - if you're not prepared to accept that, then you shouldn't be investing either real money, or your time and energy in it. But honestly, best of luck to Bitcoin - I find the experiment at turns fascinating and ridiculous, but it never fails to entertain.
    • Well there's two problems with bitcoins that make them more open to people to be stupid about.

      One is that they are so easy to get in to. Anyone can buy in for a low price, and you can actually "mine" your own with a computer. You see it on hardware forums all the time, people looking to drop a grand on hardware to "make money" mining bitcoins.

      The other is that there are more than a few True Believers(tm) who think this will be The Next Big Thing in currencies. They read Cryptonomicron and think it is a pred

  • by bLanark (123342) on Friday March 02, 2012 @05:34AM (#39218663)

    I reckon this was a targeted attack.

    There were at least two big bitcoin users with accounts there - if you actually RTFA, the biggest loss was 10,000 bitcoins (~45,000 USD) from Bitcoinica in addition to the 3,000 bitcoins from Palatinus.

    If it was well-known, or could be easily discovered, that several bitcoin sites used the same hosting service, then that would be something worth breaking into, wouldn't it? Social attack, brute-force, some custom malware on a stick in the parking lot of the hosting site - it would be worth it to get your hands on big money.

    Everyone should do their own research when choosing which hosting service to use (cost, uptime, features, history of security cock-ups), but it might also be worthwhile making sure no big players use the same host. If they do, then maybe avoid them and look at the next-best option.

  • by coldsalmon (946941) on Friday March 02, 2012 @10:12AM (#39219855)

    Like any vendor, Linode has included language in their contract which limits their liability. This is standard language, and it operates according to the following principal, which originated in landlord/tenant law: Linode has no control over the value or sensitivity of the property that you store on its site, so you must get insurance against the loss of this property yourself. No landlord/host wants to act as an insurance company, and they are in no position to do so. I can put anything I want in a rented space; it could be a $5,000,000.00 supercomputer, or a $30,000,000.00 Van Gogh. If there is a leak in my landlord's roof and a drop of water destroys the supercomputer, I must look to my own insurance policy, because I am the one why owns this property. If I want to store $15,000 in cash, I am not going to rent a storage unit and leave it lying all over the floor (the equivalent of what these Linode users did). I am going to put it in a BANK, which is a business specifically designed to store one type of thing, and which provides insurance against its loss.

    Here's a link to the TOS: http://www.linode.com/tos.cfm [linode.com]

    THIS POST DOES NOT CONSTITUTE LEGAL ADVICE OR CREATE AN ATTORNEY-CLIENT RELATIONSHIP. ANY LEGAL ADVICE MUST BE TAILORED TO YOUR INDIVIDUAL NEEDS BY AN ATTORNEY LICENSED IN YOUR JURISDICTION.

Overload -- core meltdown sequence initiated.

Working...