Jump to content

Search the Community

Showing results for tags 'credential'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Calendars

There are no results to display.

There are no results to display.

Forums

  • General Discussion
    • Community Announcements
    • Evernote General Discussions
    • Evernote Integrations
    • Evernote Betas
    • Evernote API Discussion
  • FAQ's: Best Answers
    • FAQ's: Best Answers
  • Possible Bugs/Technical Issues
    • General Technical Issues
    • Evernote Business
    • Evernote for Android
    • Evernote for iOS
    • Evernote for Mac
    • Evernote for Windows
    • Web Client
    • Evernote Product Suite
  • Product Feedback/Feature Requests
    • General Feature Requests
    • Evernote Business Requests
    • Evernote for Android Requests
    • Evernote for iOS Requests
    • Evernote for Mac Requests
    • Evernote for Windows Requests
    • Evernote Web Client Requests
    • Evernote Product Suite Requests
  • Evernote Forum Archives
    • Using Evernote
    • General Discussion Archive
    • Product Archives
  • Web Clipper***
  • International Forums
    • Japanese Discussions
    • Brazilian Portuguese Discussions
    • Discussions in Spanish
    • Korean Discussions
    • Traditional Chinese Discussions

Blogs

There are no results to display.

There are no results to display.

Categories

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Subscription

Found 2 results

  1. Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
  2. Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
×
×
  • Create New...