![]() ![]()
Just one example: If somebody infected your PC with some malware, even using a PW-Manager will not help, because for example they can log every key you press, including your user name and PW, make a screen copy every few seconds and send it to a remote server etc. One last thing: Nothing has to do with EN not protecting your data, but with yourself logging in yesterday in the Internet cafe on an open WiFi / your maybe infected hardware / whatever weak PW you may use etc. Wellcome to the world behind the mirrors, where nothing is at it seems. #SEND TO EVERNOTE CHROME EXTENSION SOFTWARE#This is how it happens (or better: If Disaster Kid is doing it, Pros would rather use automated software to do this, and not use a VPN service but a network of "dark" proxy servers used for the same purpose, but harder to track). ![]() In reality I am sitting on my desk in Germany, and use a PC to go and steal your data. #SEND TO EVERNOTE CHROME EXTENSION ANDROID#Now you have got what you would see later: An access from Singapore with an Android device to your account. OK, so I use some software that will virtually convert my PC into an Android, Samsung S5, together with all false device and SW fingerprints. Not good enough, because several data from my PC would be transmitted as well, that could be used for fingerprinting my device. What would you see ? An access from Singapore. What would I do ?Īctivate my VPN, switch the country to say Singapore, which builds a VPN tunnel from my PC to Singapore, and enter your account data. Now I am going to attack your account (if I had your credentials, which I don't have, and if I had any intention to do so, which I don't have), but want to cloak my location. Just to make it a little easier than the academic explanation, I tell it as a story: If you are a user of the WebClipper Extension for Google Chrome, and you have changed the defaults on how your Chrome Extensions upgrade, you should ensure that you have v7.11.1 (or better) of the Chrome WebClipper Extension installed. #SEND TO EVERNOTE CHROME EXTENSION PATCH#In this case, due to the potential impact, we had patched the vulnerability and distributed a new release within 3 days of Guardio’s contacting us.Ĭhrome Extensions are by default set to auto-upgrade precisely for these sorts of situations consequently our patch was automatically applied to the vast majority of installed Chrome WebClippers. We have a robust security program which includes working with many external security researchers when we or a third-party discover vulnerabilities, we have a formal triage process that ensures that we appropriately prioritize and resolve/mitigate the vulnerability. At Evernote, we have not found any evidence that the vulnerability reported by Guardio has been exploited. The original Guardio press release is here: extension-300866322.htmlĪs mentioned in the CyberScoop coverage above, Guardio does not believe that anyone took advantage of the bug. Here’s another piece of coverage with more accurate and specific information. Jumping in with a couple of observations: Hey Folks, I am Jesse Lesperance and am the Head of Security at Evernote. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |