2017 was our 20th year online!

Welcome to the Piano World Piano Forums
Over 3 million posts about pianos, digital pianos, and all types of keyboard instruments. Over 100,000 members from around the world.
Join the World's Largest Community of Piano Lovers (it's free)
It's Fun to Play the Piano ... Please Pass It On!

Shop our online store for music lovers
SEARCH
Piano Forums & Piano World
(ad)
Best of Piano Buyer
 Best of Piano Buyer
(ad)
Faust Harrison Pianos
Faust Harrison 100+ Steinway pianos
(ad)
Wessell Nickel & Gross
PianoForAll
Who's Online Now
39 members (Belma, EPW, Bluthendorfer, AndrewJCW, Carey, Baltguy, DigitalMusicProduc, Beansparrow, CentauriB, 9 invisible), 533 guests, and 484 robots.
Key: Admin, Global Mod, Mod
(ad)
Estonia Pianos
Estonia Pianos
Previous Thread
Next Thread
Print Thread
Hop To
Page 3 of 3 1 2 3
Re: So it's now Kawai Jones?
MacMacMac #3046260 11/15/20 03:40 PM
Joined: Oct 2013
Posts: 2,940
2000 Post Club Member
Offline
2000 Post Club Member
Joined: Oct 2013
Posts: 2,940
Yes SSL only prevents someone which has a network access between the client and the server to get user/password. I suppose it may be more probable in the Wifi lan if it is not protected (open wifi in an hotel...)

It could be also an attack to the server and the access of crypted passwords. If the password is too simple it can be discovered. SSL doesn’t protect this kind of attack.


Yamaha CLP150, Bechstein Digital Grand, Garritan CFX, Ivory II pianos, Galaxy pianos, EWQL Pianos, Native-Instrument The Definitive Piano Collection, Soniccouture Hammersmith, Truekeys, Pianoteq
(ad)
Sweetwater Gifts That Rock
Re: So it's now Kawai Jones?
MacMacMac #3046263 11/15/20 03:49 PM
Joined: Apr 2007
Posts: 6,423
6000 Post Club Member
Offline
6000 Post Club Member
Joined: Apr 2007
Posts: 6,423
Lack of SSL indicates also lack of concern for security, hence there might be other vulnerabilities to be exploited. For instance I wouldn’t be surprised if the passwords are stored in plaintext and the “forgot password” and/or the authentication would allow for brute-forcing, etc. So, yes, the lack of SSL may not be an imminent problem in itself but is a sign of low overall attention for security.

Last edited by CyberGene; 11/15/20 03:51 PM.

My YouTube, My Soundcloud
Currently: Yamaha N1X, DIY hybrid controller -> Garritan CFX
Previously: NU1X, ES7, MP6, CA63, RD-700SX, CDP-100, FP-5, P90, SP-200
Re: So it's now Kawai Jones?
Frédéric L #3046269 11/15/20 04:08 PM
Joined: Mar 2016
Posts: 50
I
Full Member
Offline
Full Member
I
Joined: Mar 2016
Posts: 50
As a SysAdmin of 10+ years, I'm very aware that SSL by itself doesn't make a site/database hacker proof... but it is an important part of an overall security strategy, one which happens to be free and rather easy to implement.

My point is, as CyberGene also pointed out, that it shows an overall non-concern (and/or incompetence) around security.


Current gear: Roland DP603, Pianoteq 6 Pro
Previous gear: Yamaha CVP203 > Roland RD700SX
Re: So it's now Kawai Jones?
Frédéric L #3046270 11/15/20 04:09 PM
Joined: Jun 2019
Posts: 1,479
S
1000 Post Club Member
Offline
1000 Post Club Member
S
Joined: Jun 2019
Posts: 1,479
Originally Posted by Frédéric L
Yes SSL only prevents someone which has a network access between the client and the server to get user/password. I suppose it may be more probable in the Wifi lan if it is not protected (open wifi in an hotel...)

It could be also an attack to the server and the access of crypted passwords. If the password is too simple it can be discovered. SSL doesn’t protect this kind of attack.

There are other types of attacks prevented by SSL. Encrypting traffic sent to the server with the (correct) service public key ensures you are communicating with the service, and not a trojan horse for the service or "man-in-the-middle". Encrypted sessions also defeat attacks that hijack the session with forged packet headers.


Not logging in very often, but I will receive PMs.
Re: So it's now Kawai Jones?
MacMacMac #3046296 11/15/20 05:52 PM
Joined: Sep 2009
Posts: 12,918
Yikes! 10000 Post Club Member
OP Offline
Yikes! 10000 Post Club Member
Joined: Sep 2009
Posts: 12,918
Yes, I have to agree with CG and tux-meister. Security does not seem to be a priority at PW.
To borrow a phrase from Cheech and Chong: "Discipline's gettin' pretty lax around here."

Re: So it's now Kawai Jones?
MacMacMac #3046334 11/15/20 07:53 PM
Joined: Sep 2009
Posts: 12,918
Yikes! 10000 Post Club Member
OP Offline
Yikes! 10000 Post Club Member
Joined: Sep 2009
Posts: 12,918
And now ... it's Kawai James again. Have a look.

I'd like to know what happened.

Re: So it's now Kawai Jones?
MacMacMac #3046541 11/16/20 09:49 AM
Joined: Nov 2012
Posts: 1,469
M
1000 Post Club Member
Offline
1000 Post Club Member
M
Joined: Nov 2012
Posts: 1,469
Originally Posted by MacMacMac
And now ... it's Kawai James again. Have a look.

I'd like to know what happened.

We may never know. But this was a fun weekend thread.

Re: So it's now Kawai Jones?
CyberGene #3047365 11/18/20 11:49 PM
Joined: Jul 2020
Posts: 98
M
Full Member
Offline
Full Member
M
Joined: Jul 2020
Posts: 98
Originally Posted by CyberGene
I wouldn’t be surprised if the passwords are stored in plaintext

Bottom of the page states "Powered by UBB.threads™ PHP Forum Software 7.7.4", which was released on 2020-03-07. I don't immediately see any mention of password hashing in the changelogs, but given it's a recent update of a commercial product, and they at least mention a SHA1 tool, it seems unlikely. Maybe PW needs a volunteer to help/do the move to https?

Re: So it's now Kawai Jones?
MacMacMac #3047376 11/19/20 02:02 AM
Joined: Oct 2013
Posts: 2,940
2000 Post Club Member
Offline
2000 Post Club Member
Joined: Oct 2013
Posts: 2,940
@MartF : if the password hashing is already in a previous version, it would be normal that this changelog doesn’t say anything about it. The SHA1 described is only about attached files. Then you can’t deduce anything about password.

And https and password hashing protect about different types of attacks. A https protected web server would still make password too less protected if stored unencrypted.


Yamaha CLP150, Bechstein Digital Grand, Garritan CFX, Ivory II pianos, Galaxy pianos, EWQL Pianos, Native-Instrument The Definitive Piano Collection, Soniccouture Hammersmith, Truekeys, Pianoteq
Re: So it's now Kawai Jones?
MacMacMac #3047381 11/19/20 02:27 AM
Joined: Jul 2020
Posts: 98
M
Full Member
Offline
Full Member
M
Joined: Jul 2020
Posts: 98
Yes absolutely. I looked through a couple of changelogs and didn't see anything, so we can't be sure. But I'd be surprised if they weren't hashing, given it's a recent version of popular forum software. I thought it was open source, but couldn't see the code anywhere to check.

I only mentioned the SHA1 tool since it implies they at least know what hashing is :-)

Anyway, for normal people what this all means is, don't use the same password on multiple websites. Use a different password for every website. If you need somewhere to keep your passwords, use a password manager (KeePassXC, Bitwarden, Password Safe, Dashlane, 1Password).

You can also check if any of your passwords have been leaked and need changing at https://haveibeenpwned.com/.

Re: So it's now Kawai Jones?
MacMacMac #3047469 11/19/20 10:12 AM
Joined: Jun 2013
Posts: 3,479
P
3000 Post Club Member
Online Content
3000 Post Club Member
P
Joined: Jun 2013
Posts: 3,479
Did we ever get any clarification on this ‘Jones’ situation?

Was James simply trying on Jones for a change?

Did he plan on becoming the artist formerly known as James?

Was it a good ol’ fashion prank, or a nefarious hack?


I apologize if these questions have already been answered.


Yours truly,

Ben Dover

Re: So it's now Kawai Jones?
MacMacMac #3047477 11/19/20 10:32 AM
Joined: Apr 2007
Posts: 6,423
6000 Post Club Member
Offline
6000 Post Club Member
Joined: Apr 2007
Posts: 6,423
For Pete's sake, that has been answered: Masai Jones has been working on the Masai CA79 manual.

Last edited by CyberGene; 11/19/20 10:33 AM.

My YouTube, My Soundcloud
Currently: Yamaha N1X, DIY hybrid controller -> Garritan CFX
Previously: NU1X, ES7, MP6, CA63, RD-700SX, CDP-100, FP-5, P90, SP-200
Re: So it's now Kawai Jones?
MacMacMac #3047496 11/19/20 11:24 AM
Joined: Jun 2013
Posts: 3,479
P
3000 Post Club Member
Online Content
3000 Post Club Member
P
Joined: Jun 2013
Posts: 3,479
blush

Page 3 of 3 1 2 3

Moderated by  Piano World 

Link Copied to Clipboard
What's Hot!!
News from the Piano World
100,000!
---------------------
NEW! Sell Your Piano on our world famous Piano Forums!
---------------------
Posting Pictures on the Forums
-------------------
Forums RULES & HELP
-------------------
ADVERTISE on Piano World
(ad)
Pianoteq
Steinway Spiro Layering
(ad)
PianoDisc

PianoDisc
(ad)
Piano Life Saver - Dampp Chaser
Dampp Chaser Piano Life Saver
(ad)
Mason & Hamlin Pianos
New Topics - Multiple Forums
Yamaha or Rolan Or William rhapsody
by Belma - 01/15/21 11:22 PM
Kawai GX2 vs Shimmel 180
by tony3304 - 01/15/21 10:51 PM
N3X Lid Pin Sticking Out?
by tierce_de_picardie - 01/15/21 07:45 PM
Polyester finish Yammy
by bill miller - 01/15/21 07:29 PM
Stack of Thirds Temperament
by Seeker - 01/15/21 07:07 PM
Download Sheet Music
Virtual Sheet Music - Classical Sheet Music Downloads
Forum Statistics
Forums42
Topics204,279
Posts3,047,119
Members100,069
Most Online15,252
Mar 21st, 2010
Please Support Our Advertisers


Faust Harrison 100+ Steinways

Dampp Chaser Piano Life Saver

 Best of Piano Buyer

PianoTeq Bechstein
Visit our online store for gifts for music lovers

Virtual Sheet Music - Classical Sheet Music Downloads



 
Help keep the forums up and running with a donation, any amount is appreciated!
Or by becoming a Subscribing member! Thank-you.
Donate   Subscribe
 
Our Piano Related Classified Ads
| Dealers | Tuners | Lessons | Movers | Restorations | Pianos For Sale | Sell Your Piano |

Advertise on Piano World
| Subscribe | Piano World | PianoSupplies.com | Advertise on Piano World |
| |Contact | Privacy | Legal | About Us | Site Map | Free Newsletter |


© copyright 1997 - 2021 Piano World ® all rights reserved
No part of this site may be reproduced without prior written permission
Powered by UBB.threads™ PHP Forum Software 7.7.4