Information Security Bulletin
Issue #2013-06
Raising awareness of information security related issues and concerns.
Evernote, Facebook, Rent-to-Own Computers
(March 2013)
Evernote
What happened: Hackers stole usernames, associated email addresses and encrypted passwords for
nearly 50 million Evernote users. The passwords were hashed and salted, which will help mitigate the
damage. Evernote has attempted to notify users and is enforcing password changes. Read more about
the breach at http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/
Recommended Action: If you have an Evernote account, go to https://www.evernote.com/Login.
action and change your password. If you used the same password in other sites, be sure to change
those passwords as well. There are reports that those who are not using the most recent versions of the
software are experiencing issues when changing passwords so be sure to apply the updates.
FaceBook
What happened: The new Graph Search has brought a host of issues for FaceBook users. Potentially embarrassing uses for
the new Graph Search, using information people posted, can be found here: http://nakedsecurity.sophos.com/2013/01/28/privacyfacebook-graph-search/ For approximately 9 months, FaceBook has had an API bug that was leaking users’ phone numbers to
application developers. At this time, there appears to be no way to know if your phone number was shared inappropriately. To
read more about the bug, https://developers.facebook.com/bugs/298946933534016.
Recommended action: If you have a FaceBook account, be very careful to consider
the long range impact of information you provide via FaceBook and stay abreast of all their
privacy changes. As a Facebook User, you are responsible for what you share on the social
network.
Rent to Own computers
What happened: The software, PC Rental Agent by DesignerWare, was reportedly installed to shut down the computer if the
renters fall behind on payments. One of the seven rent-to-own companies identified by the FTS, Aaron’s Rentals, had local franchisees. The US Federal Trade Commission (FTC) found that the software’s “Detective Mode” also logged key strokes, captured
screen shots and used the computer’s webcam to take photographs inside people’s homes. This software tracked movement of the
individuals via WiFi hotspots. Fake program registration screens were used that tricked consumers into providing their personal
contact information. In one or more cases, a manager used the software even after the computer was
paid off. To read more: http://www.ftc.gov/opa/2012/09/designware.shtm; http://www.nbcnews.
com/technology/technolog/185-000-spyware-emails-were-sent-aarons-computers-1C8595813; At least
one class action suit has been filed.
Recommended Action: If your home computer was purchased through a rent-to-own lease
or if you purchased it from someone who bought it from one of these companies, check for the
software. If you paid off the company where you leased the computer, remove the software for you and your family’s protection.
Be careful to remove all of it (hire a professional if you are unsure). If you are still paying off the contract and the machine has
this software, be very careful when and how you use the computer, especially when accessing bank accounts and any password
protected site or when the webcam could capture uncomfortable images.
Information Security Team:
Cheryl Bowman, Information Security Risk Advisor 831-6574 cbowman@epcc.edu
Richard Becker, Chief Information Security Officer 831-6411 rbecker3@epcc.edu
The El Paso County Community College District does not discriminate on the basis of race, color, national origin, religion, gender, age, disability, veteran status, sexual orientation, or
gender identity.