Avid Pro Audio Community

Avid Pro Audio Community

How to Join & Post  •  Community Terms of Use  •  Help Us Help You

Knowledge Base Search  •  Community Search  •  Learn & Support


Avid Home Page

Go Back   Avid Pro Audio Community > General Discussion & Off Topic > General Discussion

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 01-19-2021, 03:03 PM
unkJE's Avatar
unkJE unkJE is offline
Member
 
Join Date: Dec 2011
Location: Adelaide, Australia
Posts: 2,975
Default Protect the DUC

To protect the DUC and its Members & Moderators, may I suggest changing:

http://duc.avid.com/register.php

to

https://duc.avid.com/register.php


and


http://duc.avid.com/index.php

to

https://duc.avid.com/index.php




This Thread prompted this Post:
Fraudulent Avid Website Identified!
http://duc.avid.com/showthread.php?t=413711
__________________
Pro Tools Studio 2024.3

Last edited by unkJE; 01-20-2021 at 06:02 PM. Reason: more info
Reply With Quote
  #2  
Old 01-19-2021, 05:27 PM
unkJE's Avatar
unkJE unkJE is offline
Member
 
Join Date: Dec 2011
Location: Adelaide, Australia
Posts: 2,975
Default Re: Protect the DUC

Quoting from:
https://www.securitymetrics.com/blog...sites-insecure

"Are HTTP Websites Insecure?

HTTP vs. HTTPS: One little letter can make a lot of difference
If you’ve never paid attention to the browser URL while surfing the Internet, today is the day to start. At the prefix of each website URL, you’ll usually see either HTTP or HTTPS. One shows the site you are on is secure (HTTPS), and the other does not (HTTP).

In terms of security, HTTP is completely fine when browsing the web. It only becomes an issue when you're entering sensitive data into form fields on a website. If you're entering sensitive data into an HTTP web page, that data is transmitted in cleartext and can be read by anyone. ... And those customers data is insecure.”


When we register on the DUC:
http://duc.avid.com/register.php?
__________________
Pro Tools Studio 2024.3
Reply With Quote
  #3  
Old 01-20-2021, 12:26 PM
Bob Olhsson's Avatar
Bob Olhsson Bob Olhsson is offline
Member
 
Join Date: Dec 1969
Location: Songwriter Gulch, Nashville, TN
Posts: 3,519
Default Re: Protect the DUC

Converting my website was pretty trivial.
__________________
Bob's room 615 562-4346
Interview
Artists are the gatekeepers of truth! - Paul Robeson
Reply With Quote
  #4  
Old 02-23-2021, 07:27 PM
unkJE's Avatar
unkJE unkJE is offline
Member
 
Join Date: Dec 2011
Location: Adelaide, Australia
Posts: 2,975
Default Re: Protect the DUC

Thank you, Avid, for converting the DUC’s prefix to https://
__________________
Pro Tools Studio 2024.3
Reply With Quote
  #5  
Old 02-24-2021, 02:14 PM
unkJE's Avatar
unkJE unkJE is offline
Member
 
Join Date: Dec 2011
Location: Adelaide, Australia
Posts: 2,975
Default Re: Protect the DUC

Looks like "half-fixing" it appears ...

Now seeing both http://duc.avid.com/
and https://duc.avid.com/

Typing
Avid DUC Forum
in Google goes to: (Not secure) http://duc.avid.com/

However, typing in URL space
https://duc.avid.com/
gets to the “safe” DUC

So any new potential Member who Googles
Avid DUC Forum
then clicks up top on “How to Join & Post
will be entering their personal details on the (Not secure) http://duc.avid.com/

Conclusion: still needs fixing!
__________________
Pro Tools Studio 2024.3
Reply With Quote
  #6  
Old 02-24-2021, 02:40 PM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 19,510
Default Re: Protect the DUC

Yes should have been announced, and a redirect from http to https set up. There is no real fix until the unprotected site goes away. But maybe Avid is planning on doing that and we just jumped the gun?
Reply With Quote
  #7  
Old 02-24-2021, 09:17 PM
Emcha_audio's Avatar
Emcha_audio Emcha_audio is offline
Moderator
 
Join Date: May 2010
Location: Montréal, canada
Posts: 6,752
Default Re: Protect the DUC

Been a while since I registered, but I don't remember the DUC asking for any personal (dangerous) information it self that was required, nor CC # social security or anything that could very well be used to usurp identity.

Not saying it's not a good thing they did go to HTTPS, but there's no real personal data here.
__________________
Manny.

Wave-T.com
Reply With Quote
  #8  
Old 02-24-2021, 10:46 PM
JFreak's Avatar
JFreak JFreak is offline
Moderator
 
Join Date: Jan 2003
Location: Tampere, Finland
Posts: 24,853
Default Re: Protect the DUC

https could potentially reduce spam posts, though
__________________
Janne
What we do in life, echoes in eternity.
Reply With Quote
  #9  
Old 02-24-2021, 11:02 PM
Darryl Ramm Darryl Ramm is offline
Member
 
Join Date: Nov 2010
Location: USA
Posts: 19,510
Default Re: Protect the DUC

Quote:
Originally Posted by Emcha_audio View Post
Been a while since I registered, but I don't remember the DUC asking for any personal (dangerous) information it self that was required, nor CC # social security or anything that could very well be used to usurp identity.

Not saying it's not a good thing they did go to HTTPS, but there's no real personal data here.
This has been discussed before. It's open to MITM attacks, and there *is* critical data here. Especially passwords that users will naively reuse in their other Avid accounts and maybe accounts elsewhere, and I'll bet you there is confidential info in PMs. And what happens when vBulletin admin credentials are stolen? That would be fun. I'd just need to find where jeffro or other folks are... and unleash the pineapple. Nothing here is rocket science, or hard to do, you just don't put up any non-https web sites that are anything more than the dumbest static content.
Reply With Quote
  #10  
Old 02-25-2021, 09:27 AM
TOM@METRO's Avatar
TOM@METRO TOM@METRO is offline
Moderator
 
Join Date: Apr 2006
Location: Los Angeles
Posts: 17,626
Default Re: Protect the DUC

Quote:
Originally Posted by Darryl Ramm View Post
This has been discussed before. It's open to MITM attacks, and there *is* critical data here. Especially passwords that users will naively reuse in their other Avid accounts and maybe accounts elsewhere, and I'll bet you there is confidential info in PMs. And what happens when vBulletin admin credentials are stolen? That would be fun. I'd just need to find where jeffro or other folks are... and unleash the pineapple. Nothing here is rocket science, or hard to do, you just don't put up any non-https web sites that are anything more than the dumbest static content.
Thanks, Darryl.
__________________
~ tom thomas

Formerly hobotom

Pro Tools Ultimate 2024 HDX Hybrid
HD Omni and 192 I/Os
Windows 10
Intel Hexcore i7
All Samsung Pro SSDs
Ampex MM1200 2" 24 trk tape
Outboard: UREI, Eventide, Lexicon, Yamaha, TC Electronics, Orban, ART, EchoAudio, Dolby, Hughes, API, Neve, Audio Arts, BBE, Aphex, Berringer, MOTU, dbx, Allison, etc.
Plug-ins: Too many to talk about.

www.metrostudios.com
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to protect VCA solo when in X-Or Mode rantanplan Tips & Tricks 0 08-19-2015 01:23 PM
How to protect XLR outs? derker Eleven Rack 31 09-13-2011 05:43 PM
How can I protect my iLok Key? pcmusicpro Pro Tools 9 9 05-17-2011 09:01 AM
How to protect your 003 from Dust? Alexrkstr 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Mac) 10 02-13-2010 07:24 AM
copy protect 4times4mil 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Win) 2 06-27-2006 07:43 PM


All times are GMT -7. The time now is 06:01 AM.


Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com