|
Avid DUC not secure?
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.
|
Re: Avid DUC not secure?
Quote:
Safari will let me login no problem. What version Safari and what OSX? |
Re: Avid DUC not secure?
Quote:
Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https). You do not enter credit card details here in the forum, isn't it? |
Re: Avid DUC not secure?
Quote:
|
Re: Avid DUC not secure?
Quote:
That's how identities get stolen and misused for worse purposes even when this is "just" a forum. So I do hope AVID will transition the DUC to https sooner than later. Google is slowly banning search results for non-encrypted websites mid term so they won't have a choice anyway ;-) Just be aware that everything you do here is sent across the net in plain text. Including your passwords, "private" messages etc. F. |
Re: Avid DUC not secure?
Any entry into a browser is the responsibility of the user (credit card info, home address, dob, SSN, etc.). We've gotten so lazy these days that we want to be placated at every site we go to. Own your own security. HTTPS is only required for a site were secure information is exchanged; this is not one of those sites. ESPN is not secure either. I wonder if we're complaining to them? ;);)
|
Re: Avid DUC not secure?
The opponents of https here may be underestimating the potential risks involved.
There is just no reason any public (i.e. non toy) website should use open http today.. Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio. |
Re: Avid DUC not secure?
Quote:
|
Re: Avid DUC not secure?
I have received a couple of extortion emails that included a real password I had used in the past. Something along the lines of "I know that your password is xxxx and that you have been naughty online, send us bitcoins etc..."
Years ago I did not have the habit of using different passwords, I used the same for the "not important" forums, including the DUC. I'm not saying the leak came from here, but people beware... use a pw that somehow you can link to the site you use it with. |
Re: Avid DUC not secure?
Anyone with a DropBox, Adobe, Yahoo, Myspace, LinkedIn account and many more has likely had his credentials compromised via past data breaches.
You can check here if your address comes up in one of these databases. https://haveibeenpwned.com It's not only about keeping credit card info safe but also about identity theft which can gain access to the latter indirectly. If you are still using the same logins since those breaches happened you'd better change them asap. |
| All times are GMT -7. The time now is 12:30 AM. |
Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com