-
Website
http://the.taoofmac.com/ -
Original page
http://the.taoofmac.com/space/blog/2008/04/29/2242 -
Subscribe
All Comments -
Community
-
Top Commenters
-
Daniel
13 comments · 3 points
-
nevyn
4 comments · 4 points
-
keithspragg
2 comments · 1 points
-
rcarmo
56 comments · 1 points
-
dbr
3 comments · 2 points
-
-
Popular Threads
-
The Making of Darling Fireball - Tao of Mac
6 days ago · 2 comments
-
On Evernote, FNAC customer service, and the lack of tech savvy and courtesy thereof - Tao of Mac
4 weeks ago · 12 comments
-
The Making of Darling Fireball - Tao of Mac
could you please identify the packet sniffer in the image ?
Thank you.
I've been beta testing Evernote for a while now. I really don't remember they promising any kind of ultra security feature. Therefore, this unsecured connection, is no big deal.
And, come on, if you really want to store something private on-line, you shouldn't choose a beta application and even refrain from storing this kind of information on-line.
Anyway. This finding show us a good opportunity for people behind Evernote. They can create a subscription model for those willing an extra level of security on their accounts.
Abração,
Flavio
should demand better information about security and be more aware of
what cleartext communication entails.
Thanks for the detailed analysis. You're absolutely correct the that the current free beta uses SSL for authentication and plaintext HTTP for subsequent operations. This is similar to how free services like gmail behave.
In the near future, we will offer a Premium version of the service for a few dollars a month that will offer greatly increased storage, priority image processing, and SSL for all communications.
Thanks
supports full SSL encryption of the entire session. It's not the
default, but it's there.
Thanks
That is, unless they had crypto accelerators:
http://www.google.com/search?q=crypto+accelerator
or had a server with a CPU with built-in crypto:
http://www.sun.com/processors/UltraSPARC-T2/
since 2000 or something, and they're getting faster and cheaper all
the time...
Unfortunately it's not truly secure and does not support PDF's. Even as a local app, the lack of pdf support is a dealkiller for me.