Evernote Hacked

Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

It might be easier to list the major sites that haven’t been hacked at this point.

It looks as if Evernote were using best practice in hashing and salting passwords, which is good news.  Any service that isn’t doing that needs to take a very close look at itself.

I maintain that services such as Evernote, of which I’ve been a user since its beta days and a long-term “Premium” user, can only secure their data in two ways.  The first is to assume that someone already has access.  So ensure that sensitive data is encrypted as strongly as reasonably possible (hashing using the most common algorithms is no longer sufficient given the depth and breadth of rainbow tables available, salting is a must), decouple data as much as possible and store only what is absolutely necessary.  The other thing companies must do is to have robust monitoring in place to detect when an attack actually does happen and partner it with a suitable response (which must be honest and open when dealing with customers).

I hope this doesn’t hurt Evernote too badly, it’s an excellent service that I regularly recommend to people.

via Evernote Blog | Security Notice: Service-wide Password Reset.

Tip me at 1HQwxtq5QdoCxvL4H5piA1c8JLdRKWMGxk

So far I've been tipped Loading....

You can find out more about Bitcoins at http://weusecoins.com/ or get your own  tips jar.

Contact

You can contact me any time day or night at simon@simonjthomas.com. I'll read every email, providing you're not trying to enhance my manliness or are a prince from Nigeria with a business proposition. You can also contact me on Twitter @sijt or App.net @sijt.