Avid Pro Audio Community

Avid Pro Audio Community

How to Join & Post  •  Community Terms of Use  •  Help Us Help You

Knowledge Base Search  •  Community Search  •  Learn & Support


Avid Home Page

Go Back   Avid Pro Audio Community > General Discussion & Off Topic > General Discussion

Reply
 
Thread Tools Search this Thread Display Modes
  #21  
Old 04-09-2019, 11:51 AM
JFreak's Avatar
JFreak JFreak is online now
Moderator
 
Join Date: Jan 2003
Location: Tampere, Finland
Posts: 16,239
Default Re: Avid DUC not secure?

Quote:
Originally Posted by andrej770 View Post
Someone explain what you are asking to be protected here?
Someone somewhere wrote that most users are idiots and are likely using same password here and there so this https most likely would be protecting other parts of avid.com

Just a guess.
__________________
Janne
What we do in life, echoes in eternity.
Reply With Quote
  #22  
Old 04-09-2019, 11:55 AM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 13,050
Default Re: Avid DUC not secure?

I explained enough issues. You don’t think it’s an issue, too bad. I don’t know any security person who would think this is not an issue worth fixing.

Want to guess how many Avid staff might reuse passwords or slight permutations on DUC and Avid in-house systems? Want to guess if they have a corporate password management system or hardware key/2FA authentication implemented for internal systems? Oh what goodies that might reveal?

Want to think what could happen if somebody MITM attacks and gets admin access to DUC and all the non-public info is scraped?

Security happens in layers, https is one of those important layers.
Reply With Quote
  #23  
Old 04-09-2019, 12:05 PM
andrej770 andrej770 is offline
Member
 
Join Date: Dec 2000
Posts: 432
Default Re: Avid DUC not secure?

Darryl, if you feel so strongly why not offer to pay to move it to https for Avid. Put your money where your mouth is. Oh, not that important anymore right! It doesn't matter to me either way. I'm not one of the idiots JFREAK was referring to. But I agree there are those that need protecting from their own bad habits. Hmmm, maybe those that want https most are those that need protecting most. . Tell me... whats your password? And whats in YOUR wallet!

All in fun. Pull ya panties back out!
__________________
Mac 8 Core 6,1 - OSX 10.13.6 - 32GB RAM - Pro Tools 2018.10 - 8x8x8+8 ch DA Card (x2) - HD OMNI - ICON D-Control 32 - Sync I/O - Sonnet xMac Pro Server w/HDX x 1, Blackmagic Intensity Pro 4K
Protools 2018.10 HD Native in 1 project suite
Eristopher Music
Reply With Quote
  #24  
Old 04-09-2019, 12:23 PM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 13,050
Default Re: Avid DUC not secure?

Cost which has been brought up here before is a fallacy. Organizations like Let’s Encrypt provide certificates for *free*. Sure I’ll pay for one of those for Avid. Additional overhead costs should be down in the weeds, and easily offset by any security breach cost models.

How about having a nice slow think before you type a reply and see if you can come up with any actual reasons why using https would not improve security for almost everybody on DUC? My day job is working in the technology industry, including in the past for Google, I damn well appreciate their push to get everybody, technology luddites included, on https.
Reply With Quote
  #25  
Old 04-09-2019, 12:40 PM
andrej770 andrej770 is offline
Member
 
Join Date: Dec 2000
Posts: 432
Default Re: Avid DUC not secure?

Quote:
Originally Posted by Darryl Ramm View Post
Cost which has been brought up here before is a fallacy. Organizations like Let’s Encrypt provide certificates for *free*. Sure I’ll pay for one of those for Avid. Additional overhead costs should be down in the weeds, and easily offset by any security breach cost models.



How about having a nice slow think before you type a reply and see if you can come up with any actual reasons why using https would not improve security for almost everybody on DUC? My day job is working in the technology industry, including in the past for Google, I damn well appreciate their push to get everybody, technology luddites included, on https.


Darryl, you care! Great! I don’t! It’s simple. Nothing http or https has helped or hindered any of the work we do in PT or in the industry. AVID has never had a breach anywhere. The possibility and probability are always part of a thorough threat Matrix (I guess my days as Dir. of infoSec for a major airline for 15 years in which the no fly list landed on my desk to process in) comes in handy but doesn’t change my opinion on THIS site. This forum is about PT and PT processes. It’s great you care. There’s your pat on the back.

Now...back to writing music. Good day!


Sent from my iPhone using Tapatalk
__________________
Mac 8 Core 6,1 - OSX 10.13.6 - 32GB RAM - Pro Tools 2018.10 - 8x8x8+8 ch DA Card (x2) - HD OMNI - ICON D-Control 32 - Sync I/O - Sonnet xMac Pro Server w/HDX x 1, Blackmagic Intensity Pro 4K
Protools 2018.10 HD Native in 1 project suite
Eristopher Music

Last edited by andrej770; 04-09-2019 at 03:53 PM.
Reply With Quote
  #26  
Old 04-09-2019, 01:23 PM
jeffro's Avatar
jeffro jeffro is offline
Avid
 
Join Date: Jun 1999
Location: SF Bay Area
Posts: 8,262
Default Re: Avid DUC not secure?

Not a bad idea to weigh the impact in cost or inconvenience when considering increases to security, but based on discussions with our forum host I don't see a valid reason at this point to not implement this change.
__________________
Reply With Quote
  #27  
Old 04-09-2019, 03:51 PM
andrej770 andrej770 is offline
Member
 
Join Date: Dec 2000
Posts: 432
Default Re: Avid DUC not secure?

Hooray Jeff. Darryl will be tickled pink.

As soon as that's done, everyone can go back to using the same password they use at their bank. LOL . https saved us again!

Sent from my iPhone using Tapatalk
__________________
Mac 8 Core 6,1 - OSX 10.13.6 - 32GB RAM - Pro Tools 2018.10 - 8x8x8+8 ch DA Card (x2) - HD OMNI - ICON D-Control 32 - Sync I/O - Sonnet xMac Pro Server w/HDX x 1, Blackmagic Intensity Pro 4K
Protools 2018.10 HD Native in 1 project suite
Eristopher Music
Reply With Quote
  #28  
Old 04-10-2019, 02:25 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,352
Default Re: Avid DUC not secure?

Quote:
Originally Posted by musicman691 View Post
Let's put it this way - it returned false positives for places I've never been
Not saying that this is the case but it **could** mean that someone is already singing up to services in your name or using your name/email.

But again: not saying this must be the case. It just means your address is in those leaked/breached databases.
__________________
PTHDn 2019.6 (OSX10.14.4), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote
  #29  
Old 04-10-2019, 02:29 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,352
Default Re: Avid DUC not secure?

Quote:
Originally Posted by JFreak View Post
Someone somewhere wrote that most users are idiots and are likely using same password here and there so this https most likely would be protecting other parts of avid.com
HTTPS won't stop people from recycling login credentials (and no one here claimed that), it protects from that info being intercepted by impersonating this website (MITM attack) and gets you to go there by sending you a fake email with a "click here to verify your account" or whatever. We all get these all the time.

Clicking on the little lock lets you verify the website you are visiting actually IS run by AVID and not someone else.
__________________
PTHDn 2019.6 (OSX10.14.4), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The best way to secure your ILOK crizdee Pro Tools TDM Systems (Mac) 13 02-14-2007 09:12 AM
"Secure Delivery Plug-in" what is that? K.B. 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Win) 32 04-14-2004 07:54 AM
Warning: iLok site IS NOT secure! dkrz 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Mac) 5 11-25-2003 11:16 AM
Digi Store not secure? jimlongo General Discussion 6 02-08-2001 11:25 AM


All times are GMT -7. The time now is 02:05 PM.


Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com