Forgot Password
Pentax Camera Forums Home
 

Reply
Show Printable Version Search this Thread
10-23-2020, 08:39 PM   #1
Site Supporter
Site Supporter




Join Date: Dec 2010
Location: Colorado Front Range
Photos: Gallery | Albums
Posts: 644
Is Precision Camera really a dangerous website?

I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page."

In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure
This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety."

I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh.

10-23-2020, 09:08 PM   #2
Closed Account




Join Date: Mar 2015
Photos: Gallery
Posts: 8,694
What security are you running Wheatridger? I am running Norton 360 Deluxe on Chrome, and I get no alerts with the site.
10-23-2020, 09:24 PM   #3
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,182
On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned:

QuoteQuote:
The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later.
I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue.
10-23-2020, 10:12 PM   #4
Site Supporter
Site Supporter




Join Date: Dec 2010
Location: Colorado Front Range
Photos: Gallery | Albums
Posts: 644
Original Poster
Malware Bytes, plus whatever's under the hood of Safari and Chrome.

10-23-2020, 10:17 PM   #5
Closed Account




Join Date: Mar 2015
Photos: Gallery
Posts: 8,694
QuoteOriginally posted by Wheatridger Quote
Malware Bytes, plus whatever's under the hood of Safari and Chrome.
Sometimes there is a conflict between the competing firewalls when using both. I disabled the in-built security and use my Norton exclusively.
Having an all encompassing dedicated security like Norton or Kasperski is valuable to me in these times.
10-23-2020, 10:18 PM   #6
Site Supporter
Site Supporter
jumbleview's Avatar

Join Date: May 2012
Location: Concord, CA
Posts: 1,066
They use http (unencrypted protocol) instead of https (encrypted) used mostly nowadays. That why browsers shows 'Not secure' in the url field. Technical speaking if somebody highjack your traffic he may read all the information exchange with this site including your credit card number if you send it.
10-23-2020, 10:20 PM - 1 Like   #7
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,182
Here's info on the TLS issue:

Google Chrome 72 deprecates support for TLS 1.0, TLS 1.1 - Hashed Out by The SSL Store?

Note that since precision takes credit cards I would have expected them to be PCI compliant, but they can't be compliant if they are using old TLS standards.

10-23-2020, 10:25 PM   #8
Pentaxian
SharkyCA's Avatar

Join Date: Sep 2017
Location: Carleton Place, Ontario, Canada
Photos: Gallery
Posts: 806
QuoteOriginally posted by Wheatridger Quote
I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page."

In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure
This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety."

I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh.
QuoteOriginally posted by UncleVanya Quote
On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned:



I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue.
Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee https://www.mcafeesecure.com/verify?host=www.precisioncamera.com

Last edited by SharkyCA; 10-23-2020 at 10:28 PM. Reason: add link
10-24-2020, 06:11 AM - 1 Like   #9
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,182
QuoteOriginally posted by SharkyCA Quote
Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee McAfee SECURE - Certified Site precisioncamera.com
Opera unlike Chrome, doesn't warn you by default about http vs https sites. SSL cert is valid but they aren't using a secure version of the TLS protocol which is risky. Also SSL predates TLS and isn't used typically anymore, the terminology has such in people's minds however.

More detail than most will want: What is SSL, TLS and HTTPS? | DigiCert
10-24-2020, 08:34 AM   #10
Site Supporter
Site Supporter




Join Date: Aug 2020
Location: New Hampshire
Photos: Albums
Posts: 244
You can always call them and give them any payment info over the phone. That's what I would do for now. For long term, they really should get their online security up to current standards.
10-24-2020, 08:55 AM   #11
Moderator
Not a Number's Avatar

Join Date: Mar 2012
Location: Venice, CA
Posts: 10,510
Shows as unsecured/unencrypted in Firefox, Chrome, Edge and Internet Explorer. Last time I visited the site, several weeks ago, all was well.
10-24-2020, 11:41 AM   #12
Otis Memorial Pentaxian
stevebrot's Avatar

Join Date: Mar 2007
Location: Vancouver (USA)
Photos: Gallery | Albums
Posts: 42,007
I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation:

QuoteQuote:
This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed.
Win 10 and Firefox with both Malwarebytes and McAfee running.


Steve
10-24-2020, 12:05 PM   #13
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,182
QuoteOriginally posted by stevebrot Quote
I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation:



Win 10 and Firefox with both Malwarebytes and McAfee running.


Steve
Chrome automatically tries to use https and marks sites insecure when you connect. The TLS 1.2 issue lines up with what I reported.
Browsers display this differently however the entire point of this is that they are NOT offering a secure site right now. It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case. It is however not a safe place to put your data that you want to protect like your card information. I would suggest that until they resolve this you use a limited risk credit card (NOT a DEBIT card) and only give the data over the phone.
10-24-2020, 01:35 PM - 1 Like   #14
Otis Memorial Pentaxian
stevebrot's Avatar

Join Date: Mar 2007
Location: Vancouver (USA)
Photos: Gallery | Albums
Posts: 42,007
QuoteOriginally posted by UncleVanya Quote
It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case.
I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0 and not the best. Whether a user accessing their site would be vulnerable depends on how clean their computer is and the security of their connection/network.

FWIW, Internet Explorer connects using HTTPS, no questions asked.


Steve

Last edited by stevebrot; 10-24-2020 at 01:43 PM.
10-24-2020, 01:46 PM   #15
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,182
QuoteOriginally posted by stevebrot Quote
I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0.

FWIW, Internet Explorer connects using HTTPS, no questions asked.


Steve
I manage my wife's hosted site. I still had to do work on my end to ensure http redirects worked. I also verified the TLS version - as a site maintainer you can't simply expect the hosting company to do it all. You do bear responsibility.

No one should be using IE anymore it isn't safe:
US Homeland Security warns you to stop using IE entirely

MS Edge shows "not secure" on the address bar as most modern browsers do.
Reply

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
camera, configuration, connection, information, pentax service, precision camera, repair, ricoh, security, security warnings, service, warnings, warranty, website
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nice one Precision, really impressive service awscreo Pentax DSLR Discussion 23 05-03-2018 06:38 PM
So, I'm supposed to send my camera to these people...? (Precision Camera) zazism_rx Pentax K-1 & K-1 II 23 02-24-2018 01:58 PM
Do high trigger voltages of old flash guns really dangerous???? alijafary509 Flashes, Lighting, and Studio 47 07-29-2013 07:17 PM
Abstract My Website and Photos on Website Scootatheschool1990 Photo Critique 11 05-22-2013 01:13 AM
is light snow and rain really dangerous? Gooshin Photographic Technique 26 01-13-2008 08:37 PM



All times are GMT -7. The time now is 01:49 AM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top