Quote:
Originally Posted by Emcha_audio
Been a while since I registered, but I don't remember the DUC asking for any personal (dangerous) information it self that was required, nor CC # social security or anything that could very well be used to usurp identity.
Not saying it's not a good thing they did go to HTTPS, but there's no real personal data here.
|
This has been discussed before. It's open to MITM attacks, and there *is* critical data here. Especially passwords that users will naively reuse in their other Avid accounts and maybe accounts elsewhere, and I'll bet you there is confidential info in PMs. And what happens when vBulletin admin credentials are stolen? That would be fun. I'd just need to find where jeffro or other folks are... and unleash the pineapple. Nothing here is rocket science, or hard to do, you just don't put up any non-https web sites that are anything more than the dumbest static content.