Nikon Fails to Secure Its Web Sites for Firmware Updates, Putting All Users at Risk of System Compromise
Sony is far worse with its root kit updater, but Nikon deserves harsh criticism too, for not securing its web sites with https. Nikon does the firmware updater right (in usability and security terms) by having the camera itself do the update—no some 'rootkit' installer on a computer.
There is NO EXCUSE for running insecure http these days, especially so for a corporation. Such a situation should be spelled out in quarterly corporate SEC-mandated reports as gross security incompetence putting the corporation at liability.
In my view, sites that fail to implement https ought to leave the company wide open to class action lawsuits that rightfully and fairly financially destroy the company—bankrupt it by liability for major damage to users of the site. Indeed, I call upon congress to articulate severe penalties for any company that runs an insecure http web site which can be proven to have led to compromise of user computers.
As shown below, Nikon’s firmware-updater and related web sites are insecure http sites.
Security is a BFD today—no laughing matter. An insecure site is wide open to all sorts of security risks which an ultimately lead to total system compromise, which ultimately could lead to losing all your passwords and money, just to put it in concrete terms.
Any attempt to use https on Nikon’s firmware updater site is flagged by Apple Safari as shown below, rightfully so.
Nikon does not implement https on these critical sites at all! It is risky and irresponsible for Nikon to offer firmware updates and similar on an insecure web site.
Attempts to use https on a site that does not implement it are properly flagged by Apple Safari a security risk. It is not possible to download Nikon firmware updates securely, because https is not enabled.