Avid Pro Audio Community

Avid Pro Audio Community (http://duc.avid.com/index.php)
-   General Discussion (http://duc.avid.com/forumdisplay.php?f=3)
-   -   Avid DUC not secure? (http://duc.avid.com/showthread.php?t=403825)

gscaife 03-21-2019 04:42 PM

Avid DUC not secure?
 
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.

musicman691 03-22-2019 06:49 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by gscaife (Post 2519771)
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.

There isn't and there's no need to as nothing is sold here. I don't use Safari - hate the gui. My browser of choice is Firefox Quantum.


Safari will let me login no problem. What version Safari and what OSX?

mbafmike 03-22-2019 10:35 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by gscaife (Post 2519771)
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.


Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?

musicman691 03-22-2019 11:02 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by mbafmike (Post 2519830)
Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?

It's a free forum run by Avid.

Frank Kruse 03-24-2019 04:18 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by mbafmike (Post 2519830)
Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?

Well for people who use the same login credentials for every website it can be dangerous. It's never a good idea to send logins in plain text over the internets.

That's how identities get stolen and misused for worse purposes even when this is "just" a forum. So I do hope AVID will transition the DUC to https sooner than later.

Google is slowly banning search results for non-encrypted websites mid term so they won't have a choice anyway ;-)

Just be aware that everything you do here is sent across the net in plain text. Including your passwords, "private" messages etc.

F.

andrej770 03-24-2019 11:12 AM

Re: Avid DUC not secure?
 
Any entry into a browser is the responsibility of the user (credit card info, home address, dob, SSN, etc.). We've gotten so lazy these days that we want to be placated at every site we go to. Own your own security. HTTPS is only required for a site were secure information is exchanged; this is not one of those sites. ESPN is not secure either. I wonder if we're complaining to them? ;);)

Darryl Ramm 03-24-2019 12:02 PM

Re: Avid DUC not secure?
 
The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.

Frank Kruse 03-25-2019 08:31 AM

Re: Avid DUC not secure?
 
Quote:

Originally Posted by Darryl Ramm (Post 2519981)
The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.

Well said.

nucelar 03-26-2019 04:32 AM

Re: Avid DUC not secure?
 
I have received a couple of extortion emails that included a real password I had used in the past. Something along the lines of "I know that your password is xxxx and that you have been naughty online, send us bitcoins etc..."

Years ago I did not have the habit of using different passwords, I used the same for the "not important" forums, including the DUC. I'm not saying the leak came from here, but people beware... use a pw that somehow you can link to the site you use it with.

Frank Kruse 03-26-2019 06:21 AM

Re: Avid DUC not secure?
 
Anyone with a DropBox, Adobe, Yahoo, Myspace, LinkedIn account and many more has likely had his credentials compromised via past data breaches.

You can check here if your address comes up in one of these databases.

https://haveibeenpwned.com

It's not only about keeping credit card info safe but also about identity theft which can gain access to the latter indirectly. If you are still using the same logins since those breaches happened you'd better change them asap.


All times are GMT -7. The time now is 10:07 PM.

Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com