[ale] evernote security breach

Michael H. Warfield mhw at WittsEnd.com
Mon Mar 4 11:54:57 EST 2013


On Mon, 2013-03-04 at 09:35 -0500, Ron Frazier (ALE) wrote:
> Hi all,

> I first saw the link to this article on the dc404 mailing list.  If you're an evernote user, you need to know about this.

> http://www.theverge.com/2013/3/2/4056704/evernote-password-reset

If you are an Evernote user, you need to change your password.  The
attackers had access to user-id's and password hashes.  The passwords
where hashed and salted but simple passwords are still subject to
off-line brute force and rainbow table attacks.  Change your password to
a good, high complexity, password or passphrase.

MOST IMPORTANT!  This is NOT mentioned in the article quoted, but...  If
you used the same user id (E-Mail address) or similar and the same
password on other sites, change all of them and use different passwords
on each.  It is not uncommon for someone to use the same password and id
on different sites.  It is equally not uncommon for attackers to KNOW
THIS and, once they break your password on one site, to use a common,
broken, password to attack other sites.  That includes sites with other
common variations on your user id.

> Sincerely,

> Ron

Regards,
Mike

> --
> 
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity if I'm typing on the touch screen.
> 
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone.  I get about 300 emails per day from alternate energy
> mailing lists and such.  I don't always see new email messages very quickly.)

> Ron Frazier
> 770-205-9422 (O)   Leave a message.
> linuxdude AT techstarship.com



-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20130304/3e5b8df3/attachment.sig>


More information about the Ale mailing list