Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Cloud Security IT

Evernote Security Compromised 104

Posted by Soulskill
from the 12345-to-123456 dept.
starburst writes "Another online company has had its security compromised. Today Evernote posted on their blog that they're issuing a service-wide password reset because of suspicious activity on their network. They say an unknown intruder gained access to usernames, email address, and encrypted passwords. Even though the passwords were hashed and salted, they're doing the password reset as a precautionary measure. Nevertheless, it's a good reminder to keep a close eye on who you keep your data with in the cloud. Nothing is totally secure; it's always a compromise between security and convenience."
This discussion has been archived. No new comments can be posted.

Evernote Security Compromised

Comments Filter:
  • Shocking... (Score:3, Interesting)

    by ohzero (525786) <> on Saturday March 02, 2013 @06:02PM (#43056447) Homepage Journal
    One more trendy company that didn't have a security program gets compromised. It's almost as if ignoring the problem doesn't make it go away. Pentest, code review, remediate, and test some more. Or, you know, lose brand value...that's the other option.
  • Re:Shocking... (Score:5, Interesting)

    by Mr Thinly Sliced (73041) on Saturday March 02, 2013 @06:10PM (#43056497) Homepage Journal

    As entertaining as a finger pointing "these guys don't know what they're doing" exercise can be, with the best will in the world you're always just one mistake away from letting the bad guys in.

    It sounds like they have a pretty good system in place (salted hashes, intrusion detection mechanisms and notification) and they aren't being coy about a problem.

    At the very least their internal security team now gets a nice big stick to beat management with to stopping cutting certain corners.

What good is a ticket to the good life, if you can't find the entrance?