Loading
Cloudy Circumstances Surround LXLabs Suicide
There are never adequate words to describe tragedies, especially those that involve loss of life. Today we find ourselves struggling for words to report the apparent suicide of LXLabs founder K. T. Lingesh on Monday.
LXLabs is perhaps best known for HyperVM, a popular control panel for virtual private server management. The product is used by countless VPS providers to control Xen and OpenVZ virtualization and, along with the hosting control panel Lxadmin (now known as Kloxo), to build and manage shared web hosting systems. Some twenty-four vulnerabilities in the Kloxo platform were recently discovered and patched by the company, a harbinger, perhaps of what was to come. Over the weekend, Veraserv, a hosting provider based in the United Kingdom, was the subject of a hacking attack, resulting in some 100,000 websites hosted with the company being deleted — roughly half of the company's stored user data. According to reports, many of the affected accounts had chosen the company's unmanaged hosting plans — significantly less expensive than managed plans — which did not include automatic backups, and as a result, their data may have been lost permanently.
Veraserv, which says that other firms have acknowledged experiencing similar attacks, attributed the breach to a zero-day vulnerability in HyperVM (Version 2.0.7992), possibly involving a SQL-injection attack against the company's central management system. The company's website, which has been replaced with plain-text — presumably due to traffic volume — bears a notice to customers containing information about the attack, the status of the company's systems and users' accounts, the steps being taken to remedy the situation, and a brief FAQ. The obviously quickly-composed message also includes a log of the actions being taken by Veraserv staff, including the provisioning of new virtual private servers to all affected customers.
According to The Times of India1, K. T. Lingesh and a roommate identified only as "Sheenu" spent Sunday evening drinking and talking — according to the report, the two talked about Lingesh's mother and sister, both of whom committed suicide several years ago. The Times article also suggests he was upset over a contract recently lost by LXLabs — there is no mention of the Veraserv hack or the Kloxo vulnerabilities in the article, though most reports draw what is certainly a clear link between the attacks and Lingesh's death. The Times indicates that "Sheenu" went to bed sometime after midnight, and on awaking Monday morning, found the thirty-two year old had hung himself.
Lingesh's death — as hardly needs saying — came as a great shock to fellow developers and LXLabs customers. One provider, Seattle-based VPSLink — a subsidiary of Spry, providing unmanaged virtual private servers — reported his death on its blog, expressing its sadness and saying the company had been in contact with Lingesh as late as Saturday to discuss LXLabs' software, including the possibility of joining the firm.
As of this time, LXLabs has not commented on the attacks or Lingesh's death — it is not immediately apparent who, if anyone, will step into Lingesh's role and what the future of the company and its products will be. Breaking News will continue to update this article as new information becomes available.
1 — The Times of India article contains some India-specific descriptions which results in some unclear information.
______________________
Justin Ryan is a Contributing Editor for Linux Journal.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Home, My Backup Data Center
- A Topic for Discussion - Open Source Feature-Richness?
- What's the tweeting protocol?
- Dart: a New Web Programming Experience
- Developer Poll
- Trying to Tame the Tablet
- Reply to comment | Linux Journal
2 hours 55 min ago - Reply to comment | Linux Journal
5 hours 28 min ago - Reply to comment | Linux Journal
6 hours 45 min ago - great post
7 hours 20 min ago - Google Docs
7 hours 42 min ago - Reply to comment | Linux Journal
12 hours 31 min ago - Reply to comment | Linux Journal
13 hours 17 min ago - Web Hosting IQ
14 hours 51 min ago - Thanks for taking the time to
16 hours 28 min ago - Linux is good
18 hours 26 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
More like weak repeated passwords!
Do some research and you will find the txt from the hacker (who said it was not HyperVM) it was actually the admin / owner using the same password repeatedly.
R.I.P Ligesh
venerability
> zero-day venerability in HyperVM
I think you mean "vulnerability" instead.
J