Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 03-02-2013, 09:58 PM   #1
gardenstate
Groupie
gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.gardenstate ought to be getting tired of karma fortunes by now.
 
gardenstate's Avatar
 
Posts: 195
Karma: 1069472
Join Date: Aug 2007
Location: Chicago,IL USA suburb
Device: Sony PRS-T1 and PRS-950
EVERNOTE passwords were hacked

Although I own Sony PRS-T1 and 950 ebook readers, I came across this news article that may be of concern to the T2 (and other?) users that use EVERNOTE:

http://gma.yahoo.com/evernote-hacked...opstories.html

part of the article..
"The next time you log in to your Evernote account, don't be surprised when you are asked to reset your password. The web and app-based digital notebook service reset all user passwords after a "coordinated attempt to access secure areas of the Evernote Service."

Last edited by gardenstate; 03-02-2013 at 09:59 PM. Reason: clarification
gardenstate is offline   Reply With Quote
Old 03-03-2013, 01:56 AM   #2
SeaKing
Frequent Flier
SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.SeaKing ought to be getting tired of karma fortunes by now.
 
SeaKing's Avatar
 
Posts: 1,282
Karma: 2058993297
Join Date: Oct 2011
Device: KB kindle aboard, Galx Tab 7.0 Plus, trying out Droid 1 as mini-tab
Quote:
Originally Posted by gardenstate View Post
Although I own Sony PRS-T1 and 950 ebook readers, I came across this news article that may be of concern to the T2 (and other?) users that use EVERNOTE:

http://gma.yahoo.com/evernote-hacked...opstories.html

part of the article..
"The next time you log in to your Evernote account, don't be surprised when you are asked to reset your password. The web and app-based digital notebook service reset all user passwords after a "coordinated attempt to access secure areas of the Evernote Service."
Why would Evernote be targeted?
Is some valuable kept there? I thought it was just a note taker and writer.
SeaKing is offline   Reply With Quote
Old 03-03-2013, 02:08 AM   #3
taustin
Wizard
taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.
 
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
Quote:
Originally Posted by SeaKing View Post
Why would Evernote be targeted?
Is some valuable kept there? I thought it was just a note taker and writer.
People tend to use the same passwords everywhere, and an account on any web site will very likely have an email address in it. Spammers love to get hold of other people's email passwords.
taustin is offline   Reply With Quote
Old 03-04-2013, 02:04 PM   #4
WT Sharpe
Bah, humbug!
WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.
 
WT Sharpe's Avatar
 
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
I know this is no laughing matter (I'm an Evernote customer myself), but I couldn't hold it in after reading this comment by "Ralf The Dog" at the Huffington Post's article on this subject:


Quote:
I am safe. My password "W0rdP4$$" has upper and lower case letters as well as numbers and symbols. No one will ever be able to get W0rdP4$$ from a dictionary attack.
Attached Thumbnails
Click image for larger version

Name:	Evernote Hacked.png
Views:	257
Size:	230.1 KB
ID:	102308  
WT Sharpe is offline   Reply With Quote
Old 03-04-2013, 02:40 PM   #5
holymadness
Guru
holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.
 
holymadness's Avatar
 
Posts: 722
Karma: 2084955
Join Date: Dec 2010
Device: iPhone
Quote:
Originally Posted by taustin View Post
People tend to use the same passwords everywhere, and an account on any web site will very likely have an email address in it. Spammers love to get hold of other people's email passwords.
They love the email addresses, even without the passwords. I read that Dropbox users whose accounts were hacked months ago have recently been bombarded with junk mail.
holymadness is offline   Reply With Quote
Old 03-04-2013, 04:10 PM   #6
afv011
Captain Penguin
afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.
 
afv011's Avatar
 
Posts: 2,944
Karma: 2077653593
Join Date: May 2009
Location: Vancouver, BC
Device: Kobo Libra 2, Nook Glowlight
Quote:
Originally Posted by WT Sharpe View Post
I know this is no laughing matter (I'm an Evernote customer myself), but I couldn't hold it in after reading this comment by "Ralf The Dog" at the Huffington Post's article on this subject:
That's pretty much the end goal, to get dictionary passwords that can be used on more lucrative websites. Unfortunately most people use a single password throughout most, if not all, the websites they visit.
afv011 is offline   Reply With Quote
Old 03-04-2013, 05:29 PM   #7
Ninjalawyer
Guru
Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.
 
Ninjalawyer's Avatar
 
Posts: 826
Karma: 18573626
Join Date: Jun 2011
Location: Canada
Device: Kobo Touch, Nexus 7 (2013)
Quote:
Originally Posted by afv011 View Post
That's pretty much the end goal, to get dictionary passwords that can be used on more lucrative websites. Unfortunately most people use a single password throughout most, if not all, the websites they visit.
I'm somewhat guilty of this. Aside from my bank and email accounts, I was using the same password for most sites with a login.

As of yesterday though, I've started using LastPass, and now have a different password for every site. The passwords are generally 12 to 16 character long strings of random letters, numbers and symbols to avoid an easy dictionary-based attacks, and I've also setup two-factor authentication where it's available. Even with all that, I still feel like my data on any given site is easy prey to a hacker with enough time or skill.

Edit

If anyone is interested in setting up a password manager, LifeHacker has a tutorial on LastPass here.

Last edited by Ninjalawyer; 03-04-2013 at 05:31 PM.
Ninjalawyer is offline   Reply With Quote
Old 03-04-2013, 05:34 PM   #8
jamadams
Connoisseur
jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.jamadams ought to be getting tired of karma fortunes by now.
 
jamadams's Avatar
 
Posts: 59
Karma: 712900
Join Date: Oct 2009
Location: Hull, UK
Device: Kindle PW, Kindle Keyboard, Kobo Touch, Sony PRS-505, 600 & Librié
Quote:
Originally Posted by Ninjalawyer View Post
Even with all that, I still feel like my data on any given site is easy prey to a hacker with enough time or skill.
I think that's a safe and sensible assumption to make.

These hacks are a pain in there backside but at least it's making people think about security.
jamadams is offline   Reply With Quote
Old 03-04-2013, 06:46 PM   #9
Apache
Readaholic
Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.
 
Apache's Avatar
 
Posts: 5,129
Karma: 89858112
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
I have multiple passwords of differing difficulties depending on the sites.
Apache
Apache is offline   Reply With Quote
Old 03-05-2013, 08:29 AM   #10
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
I only trust open source password managers and of those I've looked over, two that look like they cover everything are Password Safe and Keepassx. Not done a detailed analysis though, just had a brief read the source to see how they handle key generation/storage and password stretching and to build a version for myself.

Whilst there could be bugs, they at least appear to do everything needed, which is more than can be said for many of the closed source offerings. Some were found to use weak encryption or stored a master password with the db or didn't perform key stretching...

Not looked at last pass, but I wouldn't trust any online service with my passwords even with client side encryption.
JoeD is offline   Reply With Quote
Old 03-05-2013, 09:13 AM   #11
WT Sharpe
Bah, humbug!
WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.WT Sharpe ought to be getting tired of karma fortunes by now.
 
WT Sharpe's Avatar
 
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
Quote:
Originally Posted by afv011 View Post
That's pretty much the end goal, to get dictionary passwords that can be used on more lucrative websites. Unfortunately most people use a single password throughout most, if not all, the websites they visit.
Good point. It makes sense to use a different password on every site that requires one.
WT Sharpe is offline   Reply With Quote
Old 03-06-2013, 05:18 AM   #12
EowynCarter
Wizard
EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.EowynCarter ought to be getting tired of karma fortunes by now.
 
Posts: 4,332
Karma: 4000000
Join Date: Oct 2008
Location: Paris
Device: Cybooks; Sony PRS-T1
Quote:
Originally Posted by WT Sharpe View Post
Good point. It makes sense to use a different password on every site that requires one.
I use mostly the same passord. Except for account that mater (ie gmail account and other linked to credit card accounts)
EowynCarter is offline   Reply With Quote
Old 03-06-2013, 07:08 AM   #13
Apache
Readaholic
Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.
 
Apache's Avatar
 
Posts: 5,129
Karma: 89858112
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
Banks in the US are required to make you change your password every six months. And you can not use the last four previous passwords. The logic behind this is that it is supposed to make your account more secure. I find that it does the opposite. Changing your password frequently will make most people use something that is easy to remember or write down their current password. I prefer to just use one really strong one that I have memorized.
A corollary is people that right down safe combinations and leave them on their desk or carry them on them. Anytime you have a password written down someone can use it. Even if you have it stored encrypted electronically it can be hacked. The only safe password is the one that stays in your brain and nowhere else.
Every one of my employees that has access to my security system has his own unique code. Whenever my system is accessed it is logged and I receive email and text alerts allowing me to see which code is being used. Your security is important and everyone should always be aware of theirs.
Apache
Apache is offline   Reply With Quote
Old 03-06-2013, 02:33 PM   #14
bullet
Rookie Mucker
bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.bullet ought to be getting tired of karma fortunes by now.
 
bullet's Avatar
 
Posts: 56
Karma: 568004
Join Date: Mar 2011
Location: NW Montana-near center of universe
Device: Pixel 7. Moto G, Kobo Glo HD, PW2, Linux PCs
Question

Quote:
Originally Posted by Apache View Post
Banks in the US are required to make you change your password every six months. And you can not use the last four previous passwords.
Apache
All of my banks are all in the U.S. and none of them require me to change my password. I googled it and see where experts recommend it but see no mention of it being required. Am I missing something or did you mean to say it is recommended?
bullet is offline   Reply With Quote
Old 03-06-2013, 04:10 PM   #15
Apache
Readaholic
Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.Apache ought to be getting tired of karma fortunes by now.
 
Apache's Avatar
 
Posts: 5,129
Karma: 89858112
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
I have business and personal accounts in different banks. All of them have told me they are required to do so by the Fed.
Apache
Apache is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Classic Passwords etc Pomtroll Barnes & Noble NOOK 3 04-03-2013 01:25 PM
News for PRS-T2 Users: EVERNOTE passwords were hacked gardenstate Sony Reader 1 03-03-2013 06:08 AM
PRS-T1 problem with passwords Priscillux Sony Reader 10 11-13-2011 04:30 PM
Passwords, mashwords.......... carpetmojo News 32 05-03-2011 06:49 PM
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM grr PDF 0 12-21-2009 02:21 PM


All times are GMT -4. The time now is 09:35 AM.


MobileRead.com is a privately owned, operated and funded community.