View Single Post
  #8  
Old 03-25-2019, 08:31 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,433
Default Re: Avid DUC not secure?

Quote:
Originally Posted by Darryl Ramm View Post
The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.
Well said.
__________________
PTHDn 2019.10 (OSX10.14.6), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote