Jump to content

Rich Tener

Level 2
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Rich Tener

  1. @Artgirlofnm @xvisto: While it might not appear in your access history, your access history is correct. We only display 30 days of access history and in some cases, the unauthorized access happened before that. Once we learned about the the malicious activity pattern, we notified users. If you were notified, it was because we found evidence of this pattern on your account. Please change your password as soon as possible and be sure to revoke all connected applications. The person that accessed your account also created a personal developer token that may still be present under Settings -> Applications. Please make sure that is no longer present and revoke it if it is. @xvisto: We don’t know how someone learned your password. This is not related to the password reset in 2013.
  2. Hi everyone, I lead Evernote's security team. We have received reports regarding what appears to be suspicious activity affecting a small percentage of our users. Our team is working with individual users to better secure their accounts and our security team believes that someone has learned these users’ passwords from a website or service not associated with Evernote. If you, or the people in your network receive an email from Evernote mentioning that we’ve detected suspicious activity, please know that this is not a hoax or spam message; it’s from us. To more quickly notify our customers in the future, we will roll out a new feature that will notify customers when we detect a new login from a new location or device.
  3. Hi @happycheese, I lead the security team here at Evernote and am happy to discuss how we are thinking about this attack vector. We do support TOTP codes with Google Authenticator, but don't give you a way to disable SMS delivery. Internally, we've discussed U2F support with our product teams and it is in our backlog, but we don't have any plans to implement support right now. We don't have any plans to let you disable SMS authentication as a backup to your code generator, but will consider it. We probably wouldn't do that by default, but would make it an option for users that want to protect their account against the type of mobile number takeover attacks described in the article. We still think that using SMS for delivering 2-factor codes is an improvement over not having 2-factor enabled at all. It also strikes a good balance between securing your account and not locking you out of it. Most code generator apps don't back up the secret keys, so if you lose or wipe your phone and didn't print out your backup codes, you are stuck. I suggest following the recommendations in the Forbes article. Even if we address this specific threat model, there will always be another service that doesn't and protecting your mobile number better secures all of them.
  4. Hi @murrain, we've been having trouble getting password reset emails delivered to some email providers. While we work on fixing that, we do have a way to help you. We don't offer phone support yet, but one of our customer support representatives can help if you create a customer support ticket here: https://help.evernote.com/hc/en-us/requests/new
  5. @addmoo The notification emails you received after you changed your password are just delayed. Our email systems queue the outbound emails and may try to deliver for a couple of days before they give up and let you know. If you don't see any unexpected access in your Access History, you successfully kicked out whoever was using your account to send the emails.
  6. Our email system may continue to retry sending an email, even after you change your password and revoke any connected devices and sessions. The notifications are just delayed and not an indication that someone is still using your account to email notes. When we received reports about the bounced emails, I reviewed the activity patterns and saw similar behavior across most of our affected users. Not always though. In many cases, it wasn't clear whether the account login was suspicious until the account started sending emails. I agree that this type of activity is something that our users want to be notified about. We are working on adding a feature to our service that will notify you whenever someone logs into your account from a new device or network location. For the users that received bounce notification emails from our service, we haven't found any evidence that the person that accessed your account read any of your notes. They only seem to be using Evernote accounts to deliver spam by creating a new note, emailing that note, and then deleting that note.
  7. Hi, I lead Evernote's security team and can help answer some of your questions. Someone could have learned the password to your account in a variety of ways. The most common situation is when you use your Evernote password on another web site and that other web site gets hacked. Another possibility is that you entered your Evernote password on a computer that was infected with malware and the malware sent it to someone who collects and then uses or sells those collected usernames and passwords. To keep your data safe, change your password to a strong one that you only use on Evernote and setup two-step verification. That will make it very difficult for someone to break into your account.
  8. A number of you have asked questions about Google’s ability to analyze the content of your notes and what metadata they collect through our use of Google Cloud APIs. As we note in our Privacy Policy, Evernote may analyze your data to improve the service we provide to you. We may use Google Cloud Services to help us, but different Google Cloud APIs interact with Evernote data in somewhat different ways, which doesn’t lend itself to providing one simple description of all use cases. We are in close contact with the Google team to ensure that the Evernote data is processed in ways that are consistent with our Privacy Policy, and Google is not allowed to process your data for its own use or in ways that deviate from our instructions. Before we start to use any new Google service, we will review it to understand if any user data is collected and how it might be processed. In the event we need to update our Privacy Policy to communicate such use to you, we will do so.
  9. We will be using Google’s built-in encryption-at-rest features, which they describe here and here. This only addresses the risks associated with physically stealing a storage device or a failure in their drive disposal process. We did discuss key management practices with Google and had no concerns about their ability to address those risks. We are relying on the strength of our contract with Google and not introducing any new encryption methods to enforce it. We are not developing any new end-to-end encryption features at this time. I appreciate that some of our users want this in the form of password protected notes, notebooks, and entire accounts. We have a fairly long-running thread on that topic. We are going to use Google as IaaS and PaaS on the backend. Our clients will continue to interact with our service using the Evernote API. We don't have any plans to change that as part of this migration. We have an application security program and dedicated staff that focus on securing our API, web client, and native clients. Addressing browser attacks is one part of that program. That's great to hear. We appreciate feedback from the security community. People like you help us to make Evernote more secure and if you find a security issue, don't hesitate to engage with our security team: https://evernote.com/security/report-issue/
  10. Hi @DCDawg, happy to respond. 1. We aren’t FedRAMP compliant today, so meeting all the requirements for a FedRAMP certification wasn’t a requirement for us. As part of our security review process, we reviewed their audit reports and asked a lot of questions. My goal is to protect your data (and mine) and ensure that our service providers have reasonable security protections in place. Google does. We aren’t planning to pursue any additional certifications for ourselves right now, but moving into Google Cloud Platform does help with built-in capabilities like encryption at rest. 2. Do you have a specific threat scenario you are concerned about? We have protective capabilities in our data centers that we are implementing in GCP using their native features, plus some additional ones we are engineering. I’d like to save a lot of the detail for a future blog post, but happy to let you know how we address a particular risk that you are concerned about.
  11. Hi @Cherice B, If you move a note into a local notebook, it makes a copy of the note to that notebook and moves the original note to your Trash. If you want to delete that note, you'll need to empty your trash. See this link for more information on how to do that: https://evernote.com/contact/support/kb/#!/article/23176542. As @gazumped mentioned, we do maintain backups, so you should refer to section IV of our privacy policy for more information about that: https://evernote.com/legal/privacy.php.
  12. We are not changing our refund policy for this announcement. Please visit this page for information on refunds: https://help.evernote.com/hc/en-us/articles/208314118
  13. @DTLow, @Dave-in-Decatur - Our only announcement in regard to advertising was that we are committed to our Three Laws of Data Protection and Google is not allowed to use your data for their advertising purposes. Also, check out our FAQ for more information.
  14. You are correct that the data is on their storage and encrypted with their keys, so technically they can access it. As our cloud provider, Google inherently has access to Evernote data. When we made the decision to move to a cloud we knew that we would be extending trust to our cloud partner. Our trust, security, and privacy reviews took this into account as we explored the scenarios where a Google employee might need to access our data. We confirmed with Google that if an employee needed to access Evernote data, it would be: restricted to a minimal set of employees with a business need monitored and audited to make sure that access wasn't being abused For more information on Google’s administrative access practices, check out their security whitepaper. Google's access to Evernote data is also subject to strict security and legal obligations and Google won’t process data for any purpose other than to deliver cloud services to Evernote.
  15. When we move your note data to the cloud, we will be using Google’s built-in encryption-at-rest features. That means that your data will be protected in a situation where someone steals a physical server or hard drive from a Google data center. More technically, we are using Google's server-side encryption feature with Google-managed encryption keys to encrypt all data at rest using AES-256, transparently and automatically. For more detail, you can read about Google server-side encryption here: https://cloud.google.com/compute/docs/disks/ https://cloud.google.com/storage/docs/encryption We will continue to protect your data in transit using Transport Layer Security (TLS) encryption.
  16. Correct. We don’t provide you with a feature that lets you client-side encrypt all your content in a way that we can no longer read it. The only end-to-end encryption feature we offer is note text encryption. We’ve had a lot of people voice their interest in full note, notebook, and account encryption, but we don’t have any plans to support that right now. Yes. Both Evernote and Google will have access to data that you don’t manually encrypt using our note text encryption feature.
  17. We provide you with the ability to encrypt segments of text within any given note. You can learn how to encrypt text by reviewing this article.
  18. We didn’t update our Three Laws of Data Protection for this announcement. We did update those laws in 2014 from the original post we made in 2011.
  19. @Rick G, @RMansfield I understand your concern and we had the same concerns about how they would use our customers' data. The Cloud Platform side of their business is separate from their search and other consumer products. Google is contractually bound not to process data for any purpose other than to deliver cloud services to Evernote.
  20. Hi @JoshSchaidt, your data is still yours. When we use Google's Cloud features like machine learning to help you find notes more easily, that doesn't change. Google is subject to strict security and legal obligations which limit what Google can do with you data. Google will not process data for any purpose other than to fulfill our contractual obligations.
  21. Hi @EdH, I lead the Evernote security team and am happy to respond. Evernote does use Sparkle in our Mac app. We were not vulnerable to the Sparkle security issues because we use HTTPS for both the software download and loading WebView content. Even though we weren't vulnerable in older versions, we updated to Sparkle version 1.13.1 in version 6.6 of our Evernote Mac client.
  22. @JMichaelTX, thanks for the clarification on what you were looking for. We hadn't internally considered enhancing the encrypted block to be an encrypted note body contained within a note body. I think if we expand the current note text encryption feature, we'd just look at encrypting the entire note body rather than pieces of it. @Glyph, Like Jason mentioned, the product managers and I have discussed it. They like the idea of expanding our end-to-end encryption feature to include full notes and notebooks. The only reason it isn't on the roadmap is that we have to prioritize our resources to focus on features and bug fixes that impact the largest number of users. Thanks everyone for your feedback and comments.
  23. @JMichaelTX, the new encrypted text block will still only encrypt plain text like it does today. Adding fully encrypted notes or notebooks still isn't a business priority, so we don't have any plans to add those features.
  24. Hi everyone, I’m Evernote’s head of security. @areese801, thanks for pointing out this issue. Here's how we plan to address it: Our current plan is to change the encrypted text feature to only allow you to create a new encrypted text block, and disable your ability to highlight and encrypt existing text. Then any text you type in the encrypted text box will have always been encrypted. This isn't going to stop you from cutting/copying text from outside the encrypted block into it, but that is something you have to do intentionally and it would be out of our control. We did consider a few of the other options that you suggested, but we decided that other solutions would be too difficult to explain for most users other than our power users, or would require us to dig into the content of users’ accounts in ways that would be inconsistent with our Privacy Policy. In the meantime, there are a couple of workarounds, including the one that @gazumped mentioned. You can make a copy of the note and delete the old note. The note history is lost when you make a copy. If you want to create an encrypted text block that will never get snapshotted in plaintext, you can enter a few spaces into the note body, highlight those spaces and choose "Encrypt Selected Text". Thanks again for raising this issue and I'll drop an update into this topic once we release a fix.
  25. Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread. As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.
  • Create New...