Evernote Business

2019: XSS vulnerability in Evernote Web Clipper threatened user data

On June 14, 2019 it became known that XSS vulnerability in the browser Evernote expansion threatened user data. Real leak, apparently, did not happen: Evernote developers quickly corrected a problem.

As it was reported, quite banal vulnerability in corporate browser expansion of the popular business application Evernote threatened data of all its users. The approximate user base of the Evernote Web Clipper expansion for Chrome is 4600000 accounts.

According to Guardio company which experts detected a bug, it is about vulnerability of the class Universal Cross-Site Scripting (universal cross-site scripting). The error in the Evernote Web Clipper code allows to bypass rules of restriction of the domain in the browser (Same Origin Policy) that provides to the malefactor "privileges on code execution in iFrame outside the domain Evernote".

In practice it means that data of users of Evernote can be opened on other websites. So the malefactor will need to entice the potential victim on the website under the control - with the hidden iframe into which the target third-party websites are loaded. Then, using an exploit it is possible to force Evernote to implement harmful a component in all loaded iframe, and with its help it is possible to steal files cookie, login credentials to other resources and other confidential information and also to perform any operations on behalf of the user.

The roller shows an opportunity to get access to accounts in social networks, financial to data and data on purchases and also to read private messages and e-mail any user of the vulnerable Chrome expansion.

Evernote - for June, 2019 the popular tool so operation of this vulnerability could create massive problems for users of this expansion. It, fortunately, did not occur, however a situation - a reason for developers of popular browser expansions to book additional security audit of the products. The risk from a banal error in the code can be too high. told Anastasia Melnikova, the information security expert of SEC Consult Services company

The problem was revealed at the end of May, 2019. Evernote developers needed less than a week to roll out correction, having updated the version of expansion to index 7.11.1.^[1]

2014: Updating of functionality

On October 6, 2014 it became known of some new features and opportunities planned for users of the application in the future.

New features

• The web client of service is equipped with new design. According to developers, it is created to remove everything distracting - all visual noise from navigation and functions of service. During creation of a note almost all tools and functions disappear, then return to the place.

• Two new features will be a part of Evernote: Context and Work Chat. In the course of input of a new note Context analyzes information and selects the materials corresponding to the current work. In need of them it will be possible to add to a note. Evernote Context acts on the basis the opportunities existing in Evernote. So, the Related Notes function shows notes, related to that which is entered by the user.

• In Evernote Business similar notes of colleagues are displayed. By means of Evernote Context this functionality is expanded. The application loads relevant data which can be added to the current note into the left part of the interface. Data appear after Evernote "reads out" the entered note: for example, if a note concerns the specific organization, the program offers links to its contacts in LinkedIn and news about its activity.

• Work Chat is means of on-line communication in the course of joint work of several employees over documents. Some kind of space for joint work in group using artificial intelligence.

With implementation of a chat users will not need to use third-party means of communication, for example, e-mail or messengers. New features will be implemented in applications of Evernote for iOS, Android and Mac, in the web application.

• Presentation. Purpose of the mode — to facilitate process of creation of the presentations. With its help it is possible to transform a note in the automatic mode, having picked up optimal adjustments of formatting. The possibility of creation of the presentations from several notes is available at once. If it is required to change something, it is possible to return to the usual mode and to make these changes. They will be automatically used in the presentation mode.

New features will be available in November, 2014.

2013

General information

Evernote Business is created based on a key set of opportunities of Evernote service and complemented with the functionality developed specially under the needs of small and medium business and also the working groups for the big companies.

With Evernote Business users will be able to add new information for colleagues and quickly to learn in turn about what is known to other employees on the interesting topics without any delays and uneven dissemination of information to the companies.

Support of Evernote Business is implemented in applications of Evernote for Windows, Mac, iOS and Android and the web client of service. The connected notes can already be browsed in the application for Mac, Evernote Clearly for Chrome and Firefox and also in Evernote Web Clipper for Chrome.

Since February 28, 2013 the product is available to the Russian companies.

Product website: [[1]]

Evernote Business - the representative of BYOD. Only the business data belonging to corporation, and personal data are differentiated. And business data remain even if the user leaves, at the same time he can delete nothing from a business notepad, everything remains at the administrator on the business account moderation.

Corporate data are stored in the data-center in California^[2]. Except users three faces of the company have a data access: the head of department of technical maintenance, the technical director and the CEO of Evernote there is an access to the data-center for the preliminary application. A number of the protocols of security applied to any case of pass of employees to the data-center who includes obligatory check of fingerprints and scanning of an iris of the eye of an eye is provided.

Work of Evernote is physically carried out from the data-center in the city of Santa Clara, California. It underwent certification on SAS 70 (Type II) and SSAE16 SOC-1 (Type 2). Internet connection is performed through the reserved pair connection from NTT America. Night backup is executed on the selected private channel also undergone certification of SAS 70 (Type II). Data of Evernote are stored in the servers belonging to us grouped in farms of servers (shards). Each shard processes all data and all traffic (both a web, and API), at least, for 100 thousand registered users. The shards containing user data along with other elements of service infrastructure, are protected by a series of routers, brandamauer and balancers of loading. All transmitted data between applications of Evernote and Evernote service are ciphered according to the industry standard of SSL. Physically shards are located in pairs in boxes of SuperMicro and 48 Gbytes of OZU and a set of the industrial disks of Seagate united in the mirroring RAIDs are supplied with quad-core Intel processors.

Functionality of the solution

Business notepads

Users can place working documents, projects and researches in business notepads which they can share with colleagues or publish in business library. Personal and business notepads differ visually.

Business library

The library is the uniform platform for the publication of business notepads the employees and also important corporate information adminstrator. In process of growth of the company the knowledge base collected in business library becomes a useful resource both for new, and for already existing employees.

The improved possibilities of shared access

Evernote Business allows employees to share important information with the command, department or the companies entirely, or with users from the outside (for example, clients). Access restrictions are easily configured, and in case of departure of the employee from the company, it has access only to personal records, and in the corporate knowledge base access to its business notes remains.

Connected notes

The new feature of the connected notes allows to pay in due time attention to valuable information, showing suitable records from the collective knowledge base of the company. During the viewing, search or creation of a new note the user will see similar records both from the account, and from the connected business notepads and also from business library.

Simple deployment

The central panel of administration allows to increase easily number of jobs and also to browse and control access rights of accounts of all employees. It is possible to pay a subscription for employees with the credit card.

The increased monthly volume of the added information

Users of Evernote Business can add up to 2 gigabytes of new information to personal notepads monthly that twice exceeds the volume available to premium subscribers. The company also receives 2 gigabytes a month on each user which are distributed among all business notepads.

Editing and removal of notes

Removal from a basket will destroy data. Some time they will remain in a backup system, but it is impossible to recover them after removal by the user. However if it is about text editing, then, using premium function of history of a note, the previous version can be recovered.

Evernote for Salesforce

Painless scaling of business without huge finance and time expenditure in development and adaptation of new personnel and search of new sales channels seemed a little feasible task until recently. However, already now fast-growing business can reach it using cloud computing and solutions — such as Salesforce, the leading world brand in the field of automation of sales and Evernote for Salesforce, the instrument of information support of specialists in sales.

This Evernote application allows to collect automatically data on the existing or potential client which are available in the account Evernote as for the employee of sales department, and his colleagues and to bring them in Salesforce on the page with summary information on the client.

Notes