Category Archives: Hacking

Synology vulnerability

Some users have apparently been reporting that their Synology NAS’s have been hacked into, and taken over for ransom. This is similar to the cryptolocker virus that had been making rounds recently and is very nasty. Some people have been reporting it in the Synology forums, but as of now, there is no patch for the Synology software. In the meantime there are a couple of things you can do to help prevent this from happening. First, pick really good, secure passwords, in fact, I’d take a look at the XKCD comic that may be useful when picking a strong password. Secondly, don’t connect yours directly to the internet. That means if you are connecting one from home, put it behind your router, which usually have a basic firewall set up. If you have any port forwarding set up, I’d disable that too until we hear from Synology. As always, if you have data on your Synology that you consider irreplaceable, make sure that you have it backed up too. I’d recommend using the built in Amazon S3 client. It’s cheap and fairly easy to set up, and should help you in case of a disaster. 

Link to discussion on Hacker News:

https://news.ycombinator.com/item?id=8128521

Evernote Hacked.

It look like Evernote has been hacked, they say that passwords were salted and hashed, but not the process in how they did so. To be really safe, you should have multiple strong password for ever service you use. Otherwise, if the hackers got your email address, they may try cracking your email password. 

Anyways, here is the info from Evenote themselves:

http://evernote.com/corp/news/password_reset.php

Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.

After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:

  • Avoid using simple passwords based on dictionary words
  • Never use the same password on multiple sites or services
  • Never click on ‘reset password’ requests in emails — instead go directly to the service

Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.

The Evernote team