View Single Post
  #7  
Old 03-24-2019, 12:02 PM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 13,449
Default Re: Avid DUC not secure?

The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.

Last edited by Darryl Ramm; 03-24-2019 at 01:24 PM.
Reply With Quote