Re: Avid DUC not secure?
Quote:
Originally Posted by Darryl Ramm
The opponents of https here may be underestimating the potential risks involved.
There is just no reason any public (i.e. non toy) website should use open http today..
Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.
|
Well said.
__________________
PTHDn 2024.3 (OSX13.6.5), 8x8x8, MacPro 14,8, AJA LHi, SYNC HD, all genlocked via AJA GEN10, 64GB RAM, Xilica Neutrino, Meyersound Acheron
|