Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Warning: Division by zero in /var/www/sites/jtnew/wp-content/themes/twentysixteen/functions.php on line 16
Evernote, today, reported that they detected and blocked suspicious activity on their network. As a precaution, they say, they’ve implemented a password reset for all users. When I first read about this, it sounded as if they had already reset your password and you would need to have it emailed to you. Instead, an email sent out instructed users to log in and change their passwords upon login.
What Happened?
Anything I say here would be purely speculation. However, attacks are often as simple as a SQL injection. This usually happens when a website takes user input (like a contact form or blog comment form) and does not properly run it through the ringer before adding it to a database. It’s more common than you think. For anyone interested in a more technical view of security vulnerabilities, check out OWASP’s Top 10 Project. In reality, any number of things could have let in a hacker and it’s too early to say for sure.
Should I Worry?
This is a two-part answer. First, your Evernote account is fine. According to Evernote, no data stored was lost or accessed (other than your credentials, of course). Just reset your password and you should be OK. Your other accounts, may not be, however. Take a look at the most important part of Evernote’s statement:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
This tells me that my username, email and encrypted password are out there in the hands of a hacker and because Evernote is a large service, it wouldn’t surprise me if a torrent file of this information shows up for download by anyone with an internet connection. “hashed and salted” means that, like they said, it’s one-way encryption. A hacker can try to encrypt a word using the same methods and see if it matches the blob of characters next to your username, but they can’t directly decrypt your password. This is important, but if your password was cracked, the hackers would now have a username/email/password combination to try on many other services. If I were that hacker, I would start with other cloud services, namely Apple’s. If you use the same username and password anywhere else, you should change your password there, too.
How To Protect Yourself
While websites and online services have legal and ethical obligations when it comes to storing your information, you should have some rules of your own.
Use a secure password that you can remember. The word “password” is sadly not only the most insecure password, but also the most popular. If it was easy for you to come up with and type in, it’s likely easier to crack. Don’t use your birthday, any word that can be found in a dictionary, or anything someone could guess with a little information about you.
Don’t write it down if you can help it. If I was in your house and wanted to get into your computer, the first place I would look is under your computer. Shockingly often, people just put their password on a sticky note and stick it to their monitor. The password is only as good as the user. Protect it like you’re protecting what it gets access to. If you wouldn’t leave your life’s savings on your desk, don’t put your password to it there, either.
Split up your passwords. This is a hard pill to swallow, but you absolutely should use a different password for each site. The cost is convenience, but the reward is not having every account you have hacked just because one site let your password get out. If this is too hard for you, use individual passwords for any site with finances, or sensitive information and another “global” password for the 150 other sites that are less critical.
Don’t just stick to one rule, either. I know from experience that thinking you’re doing so awesome with one rule (like having an incredibly hard to crack password) excuses you from the other rules is a good way to get hacked.
Wow, I didn’t get a notice regarding my password, but it’ll be a good idea to change my pass anyway. If you’re using a lot of services, maybe using a password tracker like KeePass (http://keepass.info/) can help keep ’em organized.
Changing passwords ever so often is a good practice for any and all accounts/profiles. Using unique combinations of numbers and letters plus different case set is a good way to protect yourself.
Changing your passwords every 3 months, I think is good practice to try and avoid this type of situation. More and more often you hear about security breaches like this so it is best to try and stay ahead of things.
Having so difficult password so you can not read them, mix wild letters and numbers, different for different accounts and change every three months.
There are lot of password are assigned by me to the different websites. Its so difficult to find out and understand them. I hear that there are lot of software for managing passwords. but I don’t use them. I note down them in my PC and store them. It is not so secure but I do that in my personal folders… Its a very nice concept and content to share..
To sign in with wrong user name and password cause to suffer.Thanks for sharing here the nice helpful information.
You’ll find wide range of private data tend to be assigned by means of everyone to the different web sites. This is so difficult to acquire out and about along with understand these individuals.
Great post !!! This is definitely very necessary to change passwords of the accounts regularly…
Ya, its good to update our password regularly. Its a good way to protect yourself with the use of password that contain numbers with letters.
Ya, its good to update our password regularly. Its a good way to protect yourself with the use of password that contain numbers with letters.
xcdbj
Ya, its good to update our password regularly. Its a good way to protect yourself with the use of password that contain numbers with letters.
We should update passwords after some time. This will decrease the password stealing situations. Alphabets and digits both are to be used in password..Great info shared by you…
Its very effective looking as for the security concern. Lots of spam generating these days and such things require effectively.
Make sure to use a different password for every account..”.Always use special symbols like @,%,*,digits in your password , to prevent from hackers. This is old and tedious and unrealistic advice
I’m enjoying this service already by signing up there.It really safe n secure.Numeric values can do a lot.
Its really great service.Only need to register and tension free security features are its strength.Thanks for the protection tips here.
Your password should be a good mix of letters and numbers that do not mean anything. Have different for all social media and forums, etc. that you are in and the need to log on. Unfortunately, you have to keep in mind all the different codes.
Make sure you write them down or keep a secret notepad somewhere cause I know if I don’t I end up forgetting sometimes.
I have been in the habit of using number, letters, some capital letters and usually over 10 characters long. Never have I been compromised following that recipe.
One should never note down the passwords in the apps. just keep it in mind.
As the internet market growing daily,its very important to protect oneself. I do agree with all the ideas you have presented in your post. They are very convincing and will definitely work. Thanks for the post.
I always visit your blog and retrieve everything you post here but I never commented but today when I saw this post, I couldn’t stop myself from commenting here. great mate!
This subject has interested me for quite some time. I have just started researching it on the Internet and found your post to be informative.
I try to reset my passwords as often as I can to avoid any trouble. I am sure the Evernote accounts will be fine. Just make sure your email password is not the same as your Evernote account info.
Â
– Robert
I always visit your blog and retrieve everything you post here but I never commented but today when I saw this post……….
I think split up passwords are very nice feature.It changes according time and help to keep all data safe.Thanks for the nice review.
If you employ good habits when it comes to user names and passwords one should never have issues of being compromised.
I am the regular Follower of this website. There is a great collection of the informative posts.Thanks for that
I personally feel that this type of good sites should be developed by more people to provide secure net surfing in budget.Security is main issue while surfing social sites.