mz123 42 Posted April 10, 2014 Share Posted April 10, 2014 Any idea why this page shows that Evernote is definitely vulnerable, while Evernote claims it has never been? https://lastpass.com/heartbleed/?h=www.evernote.com Link to comment
Level 5* gazumped 10,328 Posted April 10, 2014 Level 5* Share Posted April 10, 2014 'This page' shows "very likely" which is a long way from "definitely vulnerable" and skirts around the 'don't know'. Evernote have issued a statement on the subject, I don't know whether they'll want to come back and comment on every external website that quotes a vuln. However. It can't hurt to change your password for every site that even might be suspect, and Lastpass makes that easy! Link to comment
mz123 42 Posted April 10, 2014 Author Share Posted April 10, 2014 Hmmm... now that page shows no vulnerability. Link to comment
gbarry 2,657 Posted April 10, 2014 Share Posted April 10, 2014 Thanks for reporting. We believe the Lastpass tool was incorrectly flagging www.evernote.com as vulnerable. No tool or checker is 100% accurate and some occasionally report an incorrect finding. Our official response here (http://blog.evernote.com/blog/2014/04/10/evernote-service-unaffected-openssl-bug/) remains and it appears Lastpass is now correctly reporting our Heartbleed status for www.evernote.com. Link to comment
Level 5 jbenson2 2,146 Posted April 10, 2014 Level 5 Share Posted April 10, 2014 'This page' shows "very likely" which is a long way from "definitely vulnerable" and skirts around the 'don't know'. Evernote have issued a statement on the subject, I don't know whether they'll want to come back and comment on every external website that quotes a vuln. However. It can't hurt to change your password for every site that even might be suspect, and Lastpass makes that easy! Just be sure to change your password AFTER the specific sites confirm it has been corrected. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.