[ale] evernote security breach
Ron Frazier (ALE)
atllinuxenthinfo at techstarship.com
Mon Mar 4 21:18:37 EST 2013
Jay Lozier <jslozier at gmail.com> wrote:
>On 03/04/2013 12:38 PM, Ron Frazier (ALE) wrote:
>>
>> "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
>>
>>> On Mon, 2013-03-04 at 09:35 -0500, Ron Frazier (ALE) wrote:
>>>> Hi all,
>>>> I first saw the link to this article on the dc404 mailing list. If
>>> you're an evernote user, you need to know about this.
>>>
>>>> http://www.theverge.com/2013/3/2/4056704/evernote-password-reset
>>> If you are an Evernote user, you need to change your password. The
>>> attackers had access to user-id's and password hashes. The
>passwords
>>> where hashed and salted but simple passwords are still subject to
>>> off-line brute force and rainbow table attacks. Change your
>password
>>> to
>>> a good, high complexity, password or passphrase.
>>>
>> Do you think a 15 character random alphanumeric generated by Lastpass
>is good enough? Or, should you go longer if the site will let you?
>I tend to use very long gibberish passwords (Keypassx) that include any
>
>keyboard character including punctuation. I consider 15 characters
>unacceptably short.
>
>The reason for both is the potential complexity of the password is
>increased forcing hackers to use purely brute force methods which can
>become time consuming with very long passwords. My goal is to be hard
>enough that the hackers will eventually give up.
>
>Also, every site has its own password so even if they crack one
>password
>it not used any where else.
><xnip>
>
>--
>Jay Lozier
>jslozier at gmail.com
>
My wife, who's not a super geek, rightly pointed out that the weak link in my chain is now the master password to the lastpass database. If that were cracked at the lastpass website, or on a stolen PC, I'd be in trouble. I do have to remember that one, and I do have to type it, every time I want to access the passwords for ANY site. I'll have to give that some more thought.
Sincerely,
Ron
--
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity if I'm typing on the touch screen.
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
More information about the Ale
mailing list