DigitalOcean recently changed the default API behavior from scrub to non-scrub when destroying a VM. Libcloud doesn't explicitly send "scrub_data" query parameter when destroying a node. This means nodes which are destroyed using Libcloud are vulnerable to later customers stealing data contained on them. Only users who are using DigitalOcean driver are known to be affected by this issue. The issue is said to be fixed in the version 0.13.3. References: http://seclists.org/fulldisclosure/2014/Jan/11 http://libcloud.apache.org/security.html https://digitalocean.com/blog_posts/transparency-regarding-data-security https://github.com/fog/fog/issues/2525 Commit: https://github.com/apache/libcloud/commit/4449e165a00756dc61430e6ad9520f005b045d29
Created python-libcloud tracking bugs for this issue: Affects: fedora-all [bug 1047868]
python-libcloud-0.13.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
python-libcloud-0.13.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
python-libcloud-0.13.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.