WEBSITE UNSECURE

Discussions, questions, comments and suggestions regarding Capture One PRO, Capture One PRO(For Sony), Capture One DB and Capture One Express(For Sony) 9.x

WEBSITE UNSECURE

Postby fujier » Thu Nov 17, 2016 6:15 pm

I'm just wondering if Phaseone will take the steps necessary to make this website a secure site. Doing so will make the site safer for all users.
fujier
 
Posts: 6
Joined: Tue Apr 21, 2015 6:33 am

Re: WEBSITE UNSECURE

Postby John Doe » Thu Nov 17, 2016 7:10 pm

What seems to be the issue?
Sony DSC-RX100 - Capture One Pro 10.2.1 (macOS Sierra 10.12.6)
THIS IS A USER TO USER FORUM. FOR FEATURE REQUESTS AND BUG REPORTS, FILE A SUPPORT CASE AT https://www.phaseone.com/SupportMain.aspx
John Doe
 
Posts: 1025
Joined: Sun Jan 31, 2016 10:15 pm

Re: WEBSITE UNSECURE

Postby fujier » Fri Nov 18, 2016 7:48 am

fujier
 
Posts: 6
Joined: Tue Apr 21, 2015 6:33 am

Re: WEBSITE UNSECURE

Postby ApoFenomeno » Fri Nov 18, 2016 9:06 am

I contacted PhaseOne support a couple of months ago regading this issue.
I asked them to provide access via https but nothing happened.
ApoFenomeno
 
Posts: 30
Joined: Mon May 25, 2015 2:06 am

Re: WEBSITE UNSECURE

Postby Keith Reeder » Fri Nov 18, 2016 5:27 pm

John Doe wrote:What seems to be the issue?

The question still stands...

Fujier, what - exactly - do you think is "at risk" with the forum in its current (supposedly) unsecured state?

You only need "data security" to protect data which is of value.

What goes on here? Not that.
Keith Reeder
Keith Reeder
 
Posts: 1177
Joined: Mon Sep 29, 2008 7:43 pm
Location: Blyth, NE England

Re: WEBSITE UNSECURE

Postby HansVanEijsden » Mon Nov 21, 2016 1:13 am

Phase One, please fix the site and the forum. When I login in my hotel room all the other hotel guests on the same wifi can see my username, password and personal account data.
There's also no DNSSEC: people can do phishing attacks and can spoof the traffic by changing local DNS records, fooling any browser.

I know you're on Microsoft IIS and I only have the knowledge of the more popular NGINX webserver software (conforming and securing websites to standards is my speciality), but also with IIS it's possible. And it costs nothing, only some knowledge and some minutes of your time. And now certs are free too. Or, put the sites behind CloudFlare for the same effect.
I also cannot reach your site from many IPs in India, because in India all the new network connections are IPv6 only and your domain name server records of ns2 and ns4 have only an IPv4 record. It only works 50% of the time.

Check https://en.internet.nl/site/www.phaseone.com/results and see: all red crosses.
- An insufficient number of name servers (NS) come with an IPv6 address.
- Not secured with DNSSEC. Your registrar (most often also your DNS operator) is: DYNAMIC NETWORK SERVICES, INC
- HTTP compression supported (dangerous)
- HSTS policy could not be found
- certain cipher methods offered are not secure: IDEA-CBC-SHA, RC4-SHA, RC4-MD5, DES-CBC-SHA
- client-initiated renegotiation allowed (dangerous)
- no TLSA record found (DANE)

Anno 2016 it's very easy (at least with NGINX) to get a 100% score. And it's mandatory by law now since some months, to secure any login. Just let me know if you need any extra help. Thanks!
HansVanEijsden
 
Posts: 16
Joined: Fri Oct 23, 2015 2:54 pm
Location: Zwolle, The Netherlands

Re: WEBSITE UNSECURE

Postby John Doe » Mon Nov 21, 2016 2:00 am

File a support case. See my sig.
Sony DSC-RX100 - Capture One Pro 10.2.1 (macOS Sierra 10.12.6)
THIS IS A USER TO USER FORUM. FOR FEATURE REQUESTS AND BUG REPORTS, FILE A SUPPORT CASE AT https://www.phaseone.com/SupportMain.aspx
John Doe
 
Posts: 1025
Joined: Sun Jan 31, 2016 10:15 pm

Re: WEBSITE UNSECURE

Postby Keith Reeder » Mon Nov 21, 2016 7:45 pm

HansVanEijsden wrote:When I login in my hotel room all the other hotel guests on the same wifi can see my username, password and personal account data.

Yeah, but "all" the other guests can't, can they?

Not unless you're in the habit of staying at hotels populated entirely by particularly motivated hackers...

Can we keep at least some sense of proportion about the actual (not the theoretical) risks attached to "unsecured" websites, please?
Keith Reeder
Keith Reeder
 
Posts: 1177
Joined: Mon Sep 29, 2008 7:43 pm
Location: Blyth, NE England

Re: WEBSITE UNSECURE

Postby HansVanEijsden » Mon Nov 21, 2016 8:45 pm

Keith Reeder wrote:
HansVanEijsden wrote:When I login in my hotel room all the other hotel guests on the same wifi can see my username, password and personal account data.

Yeah, but "all" the other guests can't, can they?

Not unless you're in the habit of staying at hotels populated entirely by particularly motivated hackers...

Can we keep at least some sense of proportion about the actual (not the theoretical) risks attached to "unsecured" websites, please?

Here in the Netherlands we have wifi in the trains (and trams). And most of the time it's possible to see all the other connected clients on the network. So, now a lot of students in the trains have network sniffing as a hobby. They have to travel many hours a day to school and back and are scanning with their laptops, just for fun to see what they can capture. Here in The Netherlands it became a real problem already. :|
HansVanEijsden
 
Posts: 16
Joined: Fri Oct 23, 2015 2:54 pm
Location: Zwolle, The Netherlands

Re: WEBSITE UNSECURE

Postby digger1914 » Mon Nov 21, 2016 9:53 pm

Wouldn't use of a VPN solve this? I always use one on any public wifi I access.
digger1914
 
Posts: 27
Joined: Sat Apr 16, 2011 5:29 am

Re: WEBSITE UNSECURE

Postby HansVanEijsden » Mon Nov 21, 2016 10:47 pm

digger1914 wrote:Wouldn't use of a VPN solve this? I always use one on any public wifi I access.

Yes, that's a good one. But that's not solving the problem at the source: it's only circumventing it a little bit. I don't know many people who use VPN or who know how to use it. And in the trains, all ports except IMAP/POP3, Submission, HTTP and HTTPS are blocked. And still, the VPN provider can also capture all the data. Fortunately the government here is doing campaigns now to make everybody upgrade their websites to HTTPS and to make it mandatory for websites which store user data.
HansVanEijsden
 
Posts: 16
Joined: Fri Oct 23, 2015 2:54 pm
Location: Zwolle, The Netherlands


Return to Capture One 9.x Software



Who is online

Users browsing this forum: No registered users and 3 guests