Latest or all posts or last 15, 30, 90 or 180 days.
Memory Deals, Thunderbolt Drives, Performance Upgrades, and More

Nikon Fails to Secure Its Web Sites for Firmware Updates, Putting All Users at Risk of System Compromise

See my Nikon wish list and get Nikon D850 at B&H Photo.

Sony is far worse with its root kit updater, but Nikon deserves harsh criticism too, for not securing its web sites with https. Nikon does the firmware updater right (in usability and security terms) by having the camera itself do the update—no some 'rootkit' installer on a computer.

There is NO EXCUSE for running insecure http these days, especially so for a corporation. Such a situation should be spelled out in quarterly corporate SEC-mandated reports as gross security incompetence putting the corporation at liability.

In my view, sites that fail to implement https ought to leave the company wide open to class action lawsuits that rightfully and fairly financially destroy the company—bankrupt it by liability for major damage to users of the site. Indeed, I call upon congress to articulate severe penalties for any company that runs an insecure http web site which can be proven to have led to compromise of user computers.

...

As shown below, Nikon’s firmware-updater and related web sites are insecure http sites.

Security is a BFD today—no laughing matter. An insecure site is wide open to all sorts of security risks which an ultimately lead to total system compromise, which ultimately could lead to losing all your passwords and money, just to put it in concrete terms.

Any attempt to use https on Nikon’s firmware updater site is flagged by Apple Safari as shown below, rightfully so.

Nikon does not implement https on these critical sites at all! It is risky and irresponsible for Nikon to offer firmware updates and similar on an insecure web site.

Attempts to use https on a site that does not implement it are properly flagged by Apple Safari a security risk. It is not possible to download Nikon firmware updates securely, because https is not enabled.

Insecure Nikon web site for firmware updates: attempts to use https are properly flagged by Apple Safari

Data transfer speeds up to 2800MB/s
B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 4 hours unless noted. Certain deals may last longer.
$3097 SAVE $200 = 6.0% Nikon D850 DSLR in Cameras: DSLR
$1797 SAVE $200 = 10.0% Pentax K-1 Mark II DSLR in Cameras: DSLR
$998 SAVE $400 = 28.0% Sony a7 II Mirrorless in Cameras: Mirrorless
$1798 SAVE $200 = 10.0% Sony a7R II Mirrorless in Cameras: Mirrorless
$2798 SAVE $400 = 12.0% Sony a7R III Mirrorless in Cameras: Mirrorless
$3998 SAVE $500 = 11.0% Sony a9 Mirrorless in Cameras: Mirrorless

diglloyd Inc. | FTC Disclosure | PRIVACY POLICY | Trademarks | Terms of Use
Contact | About Lloyd Chambers | Consulting | Photo Tours
RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.