Jump to content

cattywampus

Level 1
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cattywampus

  1. Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
  2. Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
×
×
  • Create New...