Is Precision Camera really a dangerous website?

**Wheatridger** · 10-23-2020, 08:39 PM

I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page."

In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure
This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety."

I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh.

**pjv** · 10-23-2020, 09:08 PM

What security are you running Wheatridger? I am running Norton 360 Deluxe on Chrome, and I get no alerts with the site.

**UncleVanya** · 10-23-2020, 09:24 PM

On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned:

Quote:

The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later.

I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue.

**Wheatridger** · 10-23-2020, 10:12 PM

Malware Bytes, plus whatever's under the hood of Safari and Chrome.

**pjv** · 10-23-2020, 10:17 PM

Originally posted by Wheatridger

Malware Bytes, plus whatever's under the hood of Safari and Chrome.

Sometimes there is a conflict between the competing firewalls when using both. I disabled the in-built security and use my Norton exclusively.
Having an all encompassing dedicated security like Norton or Kasperski is valuable to me in these times.

**jumbleview** · 10-23-2020, 10:18 PM

They use http (unencrypted protocol) instead of https (encrypted) used mostly nowadays. That why browsers shows 'Not secure' in the url field. Technical speaking if somebody highjack your traffic he may read all the information exchange with this site including your credit card number if you send it.

**UncleVanya** · 10-23-2020, 10:20 PM - **1 Like**

Here's info on the TLS issue:

Google Chrome 72 deprecates support for TLS 1.0, TLS 1.1 - Hashed Out by The SSL Store?

Note that since precision takes credit cards I would have expected them to be PCI compliant, but they can't be compliant if they are using old TLS standards.

**SharkyCA** · 10-23-2020, 10:25 PM

Originally posted by Wheatridger

I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page."

In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure
This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety."

I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh.

Originally posted by UncleVanya

On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned:

I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue.

Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee https://www.mcafeesecure.com/verify?host=www.precisioncamera.com

**UncleVanya** · 10-24-2020, 06:11 AM - **1 Like**

Originally posted by SharkyCA

Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee McAfee SECURE - Certified Site precisioncamera.com

Opera unlike Chrome, doesn't warn you by default about http vs https sites. SSL cert is valid but they aren't using a secure version of the TLS protocol which is risky. Also SSL predates TLS and isn't used typically anymore, the terminology has such in people's minds however.

More detail than most will want: What is SSL, TLS and HTTPS? | DigiCert

**cdw2000** · 10-24-2020, 08:34 AM

You can always call them and give them any payment info over the phone. That's what I would do for now. For long term, they really should get their online security up to current standards.

Not a Number · 10-24-2020, 08:55 AM

Shows as unsecured/unencrypted in Firefox, Chrome, Edge and Internet Explorer. Last time I visited the site, several weeks ago, all was well.

**stevebrot** · 10-24-2020, 11:41 AM

I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation:

Quote:

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed.

Win 10 and Firefox with both Malwarebytes and McAfee running.

Steve

**UncleVanya** · 10-24-2020, 12:05 PM

Originally posted by stevebrot

I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation:

Win 10 and Firefox with both Malwarebytes and McAfee running.

Steve

Chrome automatically tries to use https and marks sites insecure when you connect. The TLS 1.2 issue lines up with what I reported.
Browsers display this differently however the entire point of this is that they are NOT offering a secure site right now. It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case. It is however not a safe place to put your data that you want to protect like your card information. I would suggest that until they resolve this you use a limited risk credit card (NOT a DEBIT card) and only give the data over the phone.

**stevebrot** · 10-24-2020, 01:35 PM - **1 Like**

Originally posted by UncleVanya

It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case.

I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0 and not the best. Whether a user accessing their site would be vulnerable depends on how clean their computer is and the security of their connection/network.

FWIW, Internet Explorer connects using HTTPS, no questions asked.

Steve

**UncleVanya** · 10-24-2020, 01:46 PM

Originally posted by stevebrot

I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0.

FWIW, Internet Explorer connects using HTTPS, no questions asked.

Steve

I manage my wife's hosted site. I still had to do work on my end to ensure http redirects worked. I also verified the TLS version - as a site maintainer you can't simply expect the hosting company to do it all. You do bear responsibility.

No one should be using IE anymore it isn't safe:
US Homeland Security warns you to stop using IE entirely

MS Edge shows "not secure" on the address bar as most modern browsers do.

10-23-2020, 08:39 PM	#1
Wheatridger Site Supporter Join Date: Dec 2010 Location: Colorado Front Range Photos: Gallery \| Albums Posts: 621	Is Precision Camera really a dangerous website? I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page." In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety." I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh.

10-23-2020, 10:25 PM	#8
SharkyCA Site Supporter Join Date: Sep 2017 Location: Carleton Place, Ontario, Canada Photos: Gallery Posts: 806	Originally posted by Wheatridger I have a Ricoh Theta that needs service, and our beloved Precision Camera is the only source. Every time I visit their website to initiate a repair, I get warnings like this, from Safari: "THIS CONNECTION IS NOT PRIVATE: This website has an outdated security configuration, which may allow an attacker to steal personal or financial information. You should go back to the previous page." In Chrome, I got three screens farther in before this popped up: "Your connection is not fully secure This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site. Go back to safety." I've been getting these warnings for weeks, and I haven't proceeded. Is anyone else getting this problem? It sounds like everybody's problem, considering that they're the sole authorized repair shop in North America for Ricoh. Originally posted by UncleVanya On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned: I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue. Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee https://www.mcafeesecure.com/verify?host=www.precisioncamera.com Last edited by SharkyCA; 10-23-2020 at 10:28 PM. Reason: add link

10-24-2020, 01:35 PM - 1 Like	#14
stevebrot Otis Memorial Pentaxian Join Date: Mar 2007 Location: Vancouver (USA) Photos: Gallery \| Albums Posts: 42,007	Originally posted by UncleVanya It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case. I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0 and not the best. Whether a user accessing their site would be vulnerable depends on how clean their computer is and the security of their connection/network. FWIW, Internet Explorer connects using HTTPS, no questions asked. Steve Last edited by stevebrot; 10-24-2020 at 01:43 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Nice one Precision, really impressive service	awscreo	Pentax DSLR Discussion	23	05-03-2018 06:38 PM
So, I'm supposed to send my camera to these people...? (Precision Camera)	zazism_rx	Pentax K-1 & K-1 II	23	02-24-2018 01:58 PM
Do high trigger voltages of old flash guns really dangerous????	alijafary509	Flashes, Lighting, and Studio	47	07-29-2013 07:17 PM
Abstract My Website and Photos on Website	Scootatheschool1990	Photo Critique	11	05-22-2013 01:13 AM
is light snow and rain really dangerous?	Gooshin	Photographic Technique	26	01-13-2008 08:37 PM

10-23-2020, 09:08 PM	#2
pjv Proudly Pentaxian Join Date: Mar 2015 Photos: Gallery Posts: 8,671	What security are you running Wheatridger? I am running Norton 360 Deluxe on Chrome, and I get no alerts with the site.

10-23-2020, 09:24 PM	#3
UncleVanya Loyal Site Supporter Join Date: Jul 2014 Photos: Gallery \| Albums Posts: 24,795	On my phone using chrome I get the dreaded triangle with an exclamation point in the address bar. That initial error is the default when a site doesn't force https. However in their case even if you change http to https you will be warned: Quote: The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later. I would strongly suggest calling them or emailing them and explaining their website is out of step with modern security requirements. I might also suggest cc'ing their repair partners like Pentax if they don't rapidly resolve the issue.

10-23-2020, 10:12 PM	#4
Wheatridger Site Supporter Join Date: Dec 2010 Location: Colorado Front Range Photos: Gallery \| Albums Posts: 621 Original Poster	Malware Bytes, plus whatever's under the hood of Safari and Chrome.

10-23-2020, 10:17 PM	#5
pjv Proudly Pentaxian Join Date: Mar 2015 Photos: Gallery Posts: 8,671	Originally posted by Wheatridger Malware Bytes, plus whatever's under the hood of Safari and Chrome. Sometimes there is a conflict between the competing firewalls when using both. I disabled the in-built security and use my Norton exclusively. Having an all encompassing dedicated security like Norton or Kasperski is valuable to me in these times.

10-23-2020, 10:18 PM	#6
jumbleview Site Supporter Join Date: May 2012 Location: Concord, CA Posts: 959	They use http (unencrypted protocol) instead of https (encrypted) used mostly nowadays. That why browsers shows 'Not secure' in the url field. Technical speaking if somebody highjack your traffic he may read all the information exchange with this site including your credit card number if you send it.

10-23-2020, 10:20 PM - 1 Like	#7
UncleVanya Loyal Site Supporter Join Date: Jul 2014 Photos: Gallery \| Albums Posts: 24,795	Here's info on the TLS issue: Google Chrome 72 deprecates support for TLS 1.0, TLS 1.1 - Hashed Out by The SSL Store? Note that since precision takes credit cards I would have expected them to be PCI compliant, but they can't be compliant if they are using old TLS standards.

10-24-2020, 06:11 AM - 1 Like	#9
UncleVanya Loyal Site Supporter Join Date: Jul 2014 Photos: Gallery \| Albums Posts: 24,795	Originally posted by SharkyCA Hi All, looking at the code on their web page they have a lot of "java script" in the coding and since it is used for their "Partner sign in" block and some versions of Java will no longer be supported after Dec 2020 they are probably due for an update anyway! I too use Norton 360 and because of the safesearch function I do not have a problem with my browser (Opera) There is a link at the bottom of their page from McAfee McAfee SECURE - Certified Site precisioncamera.com Opera unlike Chrome, doesn't warn you by default about http vs https sites. SSL cert is valid but they aren't using a secure version of the TLS protocol which is risky. Also SSL predates TLS and isn't used typically anymore, the terminology has such in people's minds however. More detail than most will want: What is SSL, TLS and HTTPS? \| DigiCert

10-24-2020, 08:34 AM	#10
cdw2000 Site Supporter Join Date: Aug 2020 Location: New Hampshire Photos: Albums Posts: 237	You can always call them and give them any payment info over the phone. That's what I would do for now. For long term, they really should get their online security up to current standards.

10-24-2020, 08:55 AM	#11
Not a Number Moderator Join Date: Mar 2012 Location: Venice, CA Posts: 9,707	Shows as unsecured/unencrypted in Firefox, Chrome, Edge and Internet Explorer. Last time I visited the site, several weeks ago, all was well.

10-24-2020, 11:41 AM	#12
stevebrot Otis Memorial Pentaxian Join Date: Mar 2007 Location: Vancouver (USA) Photos: Gallery \| Albums Posts: 42,007	I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation: Quote: This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed. Win 10 and Firefox with both Malwarebytes and McAfee running. Steve

Thread Tools	Search this Thread
	Search this Thread: Advanced Search

10-24-2020, 12:05 PM	#13
UncleVanya Loyal Site Supporter Join Date: Jul 2014 Photos: Gallery \| Albums Posts: 24,795	Originally posted by stevebrot I have no problem with either site doing business under that name (Enfield, CT vs. Austin TX). Perhaps they figured it out. That said, the connection offered is not secure. Attempt using https results in a "secure connection failed" error in Firefox, the explanation: Win 10 and Firefox with both Malwarebytes and McAfee running. Steve Chrome automatically tries to use https and marks sites insecure when you connect. The TLS 1.2 issue lines up with what I reported. Browsers display this differently however the entire point of this is that they are NOT offering a secure site right now. It is not unsafe to look at that we know of - although with their lack of security acumen I'm not sure how long that will remain the case. It is however not a safe place to put your data that you want to protect like your card information. I would suggest that until they resolve this you use a limited risk credit card (NOT a DEBIT card) and only give the data over the phone.

10-24-2020, 01:46 PM	#15
UncleVanya Loyal Site Supporter Join Date: Jul 2014 Photos: Gallery \| Albums Posts: 24,795	Originally posted by stevebrot I would blame their hosting service rather than Precision. Pentax Forums uses the TLS 1.3 specification from 2018. Precision is using TLS 1.0 from 1998, meaning it is essentially the same as SSL 3.0. FWIW, Internet Explorer connects using HTTPS, no questions asked. Steve I manage my wife's hosted site. I still had to do work on my end to ensure http redirects worked. I also verified the TLS version - as a site maintainer you can't simply expect the hosting company to do it all. You do bear responsibility. No one should be using IE anymore it isn't safe: US Homeland Security warns you to stop using IE entirely MS Edge shows "not secure" on the address bar as most modern browsers do.