Avid Pro Audio Community

Avid Pro Audio Community

How to Join & Post  •  Community Terms of Use  •  Help Us Help You

Knowledge Base Search  •  Community Search  •  Learn & Support


Avid Home Page

Go Back   Avid Pro Audio Community > General Discussion & Off Topic > General Discussion

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-21-2019, 04:42 PM
gscaife gscaife is offline
Member
 
Join Date: Oct 2008
Location: Bryant, Arkansas
Posts: 57
Default Avid DUC not secure?

Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.
Reply With Quote
  #2  
Old 03-22-2019, 06:49 AM
musicman691 musicman691 is offline
Member
 
Join Date: Dec 2009
Location: The Soprano State (NJ)
Posts: 16,644
Default Re: Avid DUC not secure?

Quote:
Originally Posted by gscaife View Post
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.
There isn't and there's no need to as nothing is sold here. I don't use Safari - hate the gui. My browser of choice is Firefox Quantum.


Safari will let me login no problem. What version Safari and what OSX?
__________________
Jack
See profile for system details
iMac dead & retired as of 11/4/17

QAPLA!
Reply With Quote
  #3  
Old 03-22-2019, 10:35 AM
mbafmike's Avatar
mbafmike mbafmike is offline
Member
 
Join Date: Jul 2012
Location: Frankfurt/Germany
Posts: 32
Default Re: Avid DUC not secure?

Quote:
Originally Posted by gscaife View Post
Browsers Chrome and Safari are both warning that duc.avid.com is not a secure site. Safari will not allow me to continue the login process but Chrome will let me login (even though there is a bright red NOT SECURE warning in the banner. Apparently there isn't a https route to the site.

Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?
Reply With Quote
  #4  
Old 03-22-2019, 11:02 AM
musicman691 musicman691 is offline
Member
 
Join Date: Dec 2009
Location: The Soprano State (NJ)
Posts: 16,644
Default Re: Avid DUC not secure?

Quote:
Originally Posted by mbafmike View Post
Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?
It's a free forum run by Avid.
__________________
Jack
See profile for system details
iMac dead & retired as of 11/4/17

QAPLA!
Reply With Quote
  #5  
Old 03-24-2019, 04:18 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,420
Default Re: Avid DUC not secure?

Quote:
Originally Posted by mbafmike View Post
Don't panic. It is, as you said, because duc.avid.com does not use the Hypertext Transfer Protocol Secure (https).

You do not enter credit card details here in the forum, isn't it?
Well for people who use the same login credentials for every website it can be dangerous. It's never a good idea to send logins in plain text over the internets.

That's how identities get stolen and misused for worse purposes even when this is "just" a forum. So I do hope AVID will transition the DUC to https sooner than later.

Google is slowly banning search results for non-encrypted websites mid term so they won't have a choice anyway ;-)

Just be aware that everything you do here is sent across the net in plain text. Including your passwords, "private" messages etc.

F.
__________________
PTHDn 2019.10 (OSX10.14.4), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote
  #6  
Old 03-24-2019, 11:12 AM
andrej770 andrej770 is offline
Member
 
Join Date: Dec 2000
Posts: 433
Default Re: Avid DUC not secure?

Any entry into a browser is the responsibility of the user (credit card info, home address, dob, SSN, etc.). We've gotten so lazy these days that we want to be placated at every site we go to. Own your own security. HTTPS is only required for a site were secure information is exchanged; this is not one of those sites. ESPN is not secure either. I wonder if we're complaining to them?
__________________
Mac 8 Core 6,1 - OSX 10.13.6 - 32GB RAM - Pro Tools 2018.10 - 8x8x8+8 ch DA Card (x2) - HD OMNI - ICON D-Control 32 - Sync I/O - Sonnet xMac Pro Server w/HDX x 2, Blackmagic Intensity Pro 4K
Protools 2018.10 HD Native in 1 project suite
Eristopher Music
Reply With Quote
  #7  
Old 03-24-2019, 12:02 PM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 13,432
Default Re: Avid DUC not secure?

The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.

Last edited by Darryl Ramm; 03-24-2019 at 01:24 PM.
Reply With Quote
  #8  
Old 03-25-2019, 08:31 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,420
Default Re: Avid DUC not secure?

Quote:
Originally Posted by Darryl Ramm View Post
The opponents of https here may be underestimating the potential risks involved.

There is just no reason any public (i.e. non toy) website should use open http today..

Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.
Well said.
__________________
PTHDn 2019.10 (OSX10.14.4), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote
  #9  
Old 03-26-2019, 04:32 AM
nucelar's Avatar
nucelar nucelar is offline
Member
 
Join Date: May 2006
Location: Barcelona
Posts: 386
Default Re: Avid DUC not secure?

I have received a couple of extortion emails that included a real password I had used in the past. Something along the lines of "I know that your password is xxxx and that you have been naughty online, send us bitcoins etc..."

Years ago I did not have the habit of using different passwords, I used the same for the "not important" forums, including the DUC. I'm not saying the leak came from here, but people beware... use a pw that somehow you can link to the site you use it with.
Reply With Quote
  #10  
Old 03-26-2019, 06:21 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,420
Default Re: Avid DUC not secure?

Anyone with a DropBox, Adobe, Yahoo, Myspace, LinkedIn account and many more has likely had his credentials compromised via past data breaches.

You can check here if your address comes up in one of these databases.

https://haveibeenpwned.com

It's not only about keeping credit card info safe but also about identity theft which can gain access to the latter indirectly. If you are still using the same logins since those breaches happened you'd better change them asap.
__________________
PTHDn 2019.10 (OSX10.14.4), 8x8x8, MacPro 5,1 3.33Ghz 12-Core, BM DeckLink SDI, SYNC HD, all genlocked via AJA GEN10, 48GB RAM
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The best way to secure your ILOK crizdee Pro Tools TDM Systems (Mac) 13 02-14-2007 10:12 AM
"Secure Delivery Plug-in" what is that? K.B. 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Win) 32 04-14-2004 08:54 AM
Warning: iLok site IS NOT secure! dkrz 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Mac) 5 11-25-2003 12:16 PM
Digi Store not secure? jimlongo General Discussion 6 02-08-2001 12:25 PM


All times are GMT -7. The time now is 08:55 AM.


Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com