Thread: The DUC is struggling
View Single Post
  #15  
Old 08-12-2021, 02:52 AM
unkJE's Avatar
unkJE unkJE is offline
Member
  
Join Date: Dec 2011
Location: Adelaide, Australia
Posts: 3,022
Default Re: The DUC is struggling
Quote:
Originally Posted by Bob Olhsson View Post
They changed something so it no longer omits the s from email notifications.
Work in progress ...

https://duc.avid.com/showpost.php?p=2594397&postcount=6
or
http://duc.avid.com/showpost.php?p=2594397&postcount=6
Quote:
Originally Posted by Darryl Ramm View Post
Yes should have been announced, and a redirect from http to https set up. There is no real fix until the unprotected site goes away. But maybe Avid is planning on doing that and we just jumped the gun?

https://duc.avid.com/showpost.php?p=2519981&postcount=7
Quote:
Originally Posted by Darryl Ramm View Post
The opponents of https here may be underestimating the potential risks involved.
There is just no reason any public (i.e. non toy) website should use open http today..
Https protects users from man in the middle attacks, protects users from easy things like stealing passwords (yes you should not reuse passwords or slight permutations on different services... but people do). Anybody want to guess how many users share passwords across DUC and avid.com and iLok.com? This and other reasons are why companies like Google are pushing for increased adoption of https, and folks have worked to make this all easier for web site owners to deploy. There is just no valid reason why Avid has not implemented https here. If not here, God hope Avid has folks paying attention to security elsewhere. A non-SSL protected user forum associated with corporate website, cloud services, online stores, billing systems, etc, is likely to be an interesting target for a malicious hacker. Oh and folks here with home studios full of valuable equipment... maybe being careful to not share location or other personal information on DUC... it may be possible to grab enough info about those users via a MITM attack to end up locating their studio.
https://duc.avid.com/showpost.php?p=...1&postcount=10
Quote:
Originally Posted by Frank Kruse View Post
Anyone with a DropBox, Adobe, Yahoo, Myspace, LinkedIn account and many more has likely had his credentials compromised via past data breaches.
You can check here if your address comes up in one of these databases.
https://haveibeenpwned.com
It's not only about keeping credit card info safe but also about identity theft which can gain access to the latter indirectly. If you are still using the same logins since those breaches happened you'd better change them asap.
https://duc.avid.com/showpost.php?p=...5&postcount=15
Quote:
Originally Posted by Darryl Ramm View Post
Have I Been Pwoned is a *very* well respected security web site. And since that URL uses https, you can be confident that it's really that web site you are seeing. If your email address is listed there on "sites" you don't think you have been to it's a sign that somebody else may have been using your email address, or some bad sites have some of your data (some "sites" where your email address will be reported consist of data stolen elsewhere). It does not necessarily mean your email account has been compromised, but change your password anyhow.
https://duc.avid.com/showpost.php?p=...8&postcount=16
Quote:
Originally Posted by JFreak View Post
... let's just take Jeffro's word for it and assume Avid is once again taking a look into this...
https://duc.avid.com/showpost.php?p=...0&postcount=22
Quote:
Originally Posted by Darryl Ramm View Post
…I don’t know any security person who would think this is not an issue worth fixing.
Want to guess how many Avid staff might reuse passwords or slight permutations on DUC and Avid in-house systems? Want to guess if they have a corporate password management system or hardware key/2FA authentication implemented for internal systems? Oh what goodies that might reveal?
Want to think what could happen if somebody MITM attacks and gets admin access to DUC and all the non-public info is scraped?
Security happens in layers, https is one of those important layers.
But what an enormous task!
Darryl stated “There is no real fix until the unprotected site goes away

There’s a heap of http prefixes when you consider all Pro Tools versions up to now - and their subsequent Documentation and Downloads, but "if a job’s worth doing, it’s worth doing well":

All past versions of Pro Tools
All Plug-Ins
All Documentation – (PDFs, Read Me, Knowledgebase articles etc. - including links to Drivers)
All should be available in Avid Download Centre (one-stop-shop)

BTW – trying to post this – got redirected into logging in again!
It’s the “Reply” button that goes to a “http”-prefixed site
Copy URL to new tab and add an “s” … make it:
https
… and you’re in!
__________________
Pro Tools Studio 2024.3 * Studio One Pro 6.6 * Harrison Mixbus 10 Pro * SSL UC-1 * Digidesign Command 8 * TECH 21 SansAmp 2.0 * Xvive U3 2.4Ghz Wireless Microphone * Shure SM57 & Rode NT2-A * Fender 30 & Champ 12 valve amps * M-Audio Axiom Pro 49 & Air 32 MINI * PreSonus Speakers & Monitor Station V2 * Lenovo W520 laptop Type 427637U (32 GB RAM) with extra-Ports Dock * 3 TB Samsung SSDs * 3 Screens: 15.6” Laptop & 24” BENQ LED GL2450-B & Samsung 27” CT550 curved Monitor
Last edited by unkJE; 08-12-2021 at 04:03 PM. Reason: make every Avid download available in Avid Download Centre
Reply With Quote