dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
534
share rss forum feed


dib22

join:2002-01-27
Kansas City, MO

evernote systemwide forced password resets

Evernote has forced a password reset for all users.

Details here:

»evernote.com/corp/news/password_reset.php



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

Scoop-du-jour on Twitter
»venturebeat.com/2013/03/02/evern···assword/

--
She shills sea shills by the Sea Shore.



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to dib22

User information stolen in security breach

quote:
Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach.
The Verge: »www.theverge.com/2013/3/2/405670···rd-reset

quote:
What's not good news is that the hackers now have access to** the usernames and email addresses of Evernote customers.
**50 million(?)... Naked Security: »nakedsecurity.sophos.com/2013/03···-breach/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

**50 million(?)...

Yep !
quote:
is requiring its nearly 50 million users to reset their passwords after the popular personal note-taking app became the latest high-profile victim of wide-scale hacking attempts.
TechCrunch article

--
She shills sea shills by the Sea Shore.


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to dib22

(Since I didn't know, though it still doesn't tell me much. Suppose I'm a 50 Mil to 1 long shot .)

"Evernote makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web."



mouse
Premium
join:2007-03-29
australia
reply to dib22

Click for full size
still confused - have changed my password after logging in via the website.

I am now getting the attached Update request via the internal updater. While this type of update is quite normal for Evernote, I find it strange that they state " this update addresses a security issue to reset your password" but the otherwise listed improvements or fixes have nothing to do with it.
The reference to the blog is just the usual announcement as has been well documented. Anyone having a clearer understanding regarding this update?

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

said by mouse:

I am now getting the attached Update request via the internal updater.
[snip]
Anyone having a clearer understanding regarding this update?

They are releasing updates for all of their apps on all platforms to make the forced password change easier and more clear. The existing (previous) version just fails to login with no additional notice. For those that either had not yet received the email notification or did not read it that could be confusing.

For those that have already changed their password following the procedure in the notice this update will not have a noticeable impact now.


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to dib22

Evernote note service hacked – password reset mails worry users

quote:
Unfortunately, the Evernote emails were a potential gift for phishers as the click-through links in the email sent users to "http://links.evernote.mkt5371.com/", rather than directly to Evernote....

Sending out emails with a throw-away domain in the links doesn't help users adopt secure behaviour as it becomes harder to distinguish between a legitimate email and a phisher's email with the phisher's own throwaway domains. Evernote themselves say "Never click on 'reset password' requests in emails — instead go directly to the service",...

The incident has also brought previous issues with Evernote security to the fore, with some users complaining that Evernote's RC2-based content encryption was chosen for exportability rather than security and that the two-factor authentication that has been promised over the past year has not yet been implemented.
Full article at The H Security (Heise)


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to dib22

Evernote shoots itself in foot over "never click on 'reset password' requests" advice
• »nakedsecurity.sophos.com/2013/03···assword/



dib22

join:2002-01-27
Kansas City, MO

1 recommendation

said by siljaline:

Evernote shoots itself in foot over "never click on 'reset password' requests" advice
• »nakedsecurity.sophos.com/2013/03···assword/

now think of all the fancy metrics they will have on this one email


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

Evernote to adopt two-step authentication after security breach



HA Nut
Premium
join:2004-05-13
USA
reply to dib22

Thanks for the notice. I have an account and reset my password.

But to be honest, I have never really used Evernote. I have a couple of minor things sitting there, but really can't figure out much it's good for...