Avid Pro Audio Community

Avid Pro Audio Community (http://duc.avid.com/index.php)
-   General Discussion (http://duc.avid.com/forumdisplay.php?f=3)
-   -   Avid DUC not secure? (http://duc.avid.com/showthread.php?t=403825)

andrej770 03-27-2019 09:07 PM

Re: Avid DUC not secure?
 
https certificates cost. This is a free forum where the terms are clearly, share at your own risk, it still falls back on individuals to understand the risk, assess it and take the necessary precautions. There is no bonafide reason to use https on this site other than to placate the paranoid. I would not waste the money frankly. There are no scripts running on this site or any vBulletin software that grabs passwords. A cookie is saved and thats it. FUD only works to on those unwilling to educate themselves on the real risks. Google scrapes this site nightly so every word you type is searchable on google.

While the whole conversation is a great discussion to have in context of information classified at a certain level other than public (which all forum data is), the risk here is so low its not worth the money investing in securing it with https. Kinda like putting a deadbolt on your dog's doghouse door. What are you protecting that any one really wants other than fleas. :D:D

Just MHO!

jeffro 04-03-2019 10:01 AM

Re: Avid DUC not secure?
 
Understand your concerns, looking into this with our host... stay tuned.

K Roche 04-03-2019 11:21 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by Frank Kruse (Post 2520181)
Anyone with a DropBox, Adobe, Yahoo, Myspace, LinkedIn account and many more has likely had his credentials compromised via past data breaches.

You can check here if your address comes up in one of these databases.

https://haveibeenpwned.com

It's not only about keeping credit card info safe but also about identity theft which can gain access to the latter indirectly. If you are still using the same logins since those breaches happened you'd better change them asap.

Wait how do we know that link is not some dark web email address gathering bottomless hole ?? :D

musicman691 04-03-2019 06:51 PM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by K Roche (Post 2521046)
Wait how do we know that link is not some dark web email address gathering bottomless hole ?? :D

Let's put it this way - it returned false positives for places I've never been

Darryl Ramm 04-03-2019 07:14 PM

Re: Avid DUC not secure?
 
Have I Been Pwoned is a *very* well respected security web site. And since that URL uses https, you can be confident that it's really that web site you are seeing. If your email address is listed there on "sites" you don't think you have been to it's a sign that somebody else may have been using your email address, or some bad sites have some of your data (some "sites" where your email address will be reported consist of data stolen elsewhere). It does not necessarily mean your email account has been compromised, but change your password anyhow.

JFreak 04-04-2019 04:29 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by andrej770 (Post 2520402)
https certificates cost.

That would be the worst excuse of not using https in a forum with a user base this large -- and a user base that may or may not have another account somewhere else in avid.com so let's just take Jeffro's word for it and assume Avid is once again taking a look into this...

andrej770 04-09-2019 07:03 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by JFreak (Post 2521098)
That would be the worst excuse of not using https in a forum with a user base this large -- and a user base that may or may not have another account somewhere else in avid.com so let's just take Jeffro's word for it and assume Avid is once again taking a look into this...



Those ďSecureĒ symbols donít guarantee a website is safe from all threats. A phishing site, for example, can legitimately display that comforting green lock next to its https address.

Phishers make active use of this: According to Phishlabs, a quarter of all phishing attacks today are carried out on HTTPS sites (two years ago it was less than 1 percent). Moreover, more than 80 percent of users believe that the mere presence of a little green lock and the word ďSecureĒ next to the URL means the site is safe, and they donít think too hard before entering their data.

Donít be lulled into thinking https is the answer, itís just a step but also a step phishers have already moved beyond.

https://www.kaspersky.com/blog/https...afe/20725/amp/


Sent from my iPhone using Tapatalk

bobcharest 04-09-2019 08:11 AM

Re: Avid DUC not secure?
 
Point taken with regard to phishing sites.

i think the point of this thread is that Itís wise to not enter a password on an unsecure site that is the same as the password one uses on banking or credit card sites.

A best practice is to not make it easier for those looking to obtain passwords that they can use to crack IDs.

Encrypting data to/from this forum would be a good thing.

Best regards,
Bob Charest


Sent from my iPhone using Tapatalk

JFreak 04-09-2019 12:41 PM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by andrej770 (Post 2521620)
Donít be lulled into thinking https is the answer, itís just a step

Of course, but would be nice to get that one sorted out

andrej770 04-09-2019 12:44 PM

Re: Avid DUC not secure?
 
Still no one has posted the justification other than a nice to have. Its a forum that google scrapes nightly to so all comments are public. Someone explain what you are asking to be protected here? Yes there will be idiots that use the same password on DUC as they use on their bank and they deserve the issues their ignorance allows, to be frank. But encrypting a public forum with public information for public consumption - I don't get the point? Its like posting the national guard around a public park that has a public library on the grounds. What are they protecting?


All times are GMT -7. The time now is 05:13 PM.

Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com