Hello,
   as we move to improve the status of encryption of the internet and at
   all levels internet companies diffuse the uses of HTTPS encryption and
   integrity protection methods there are still a variety of massively
   diffused pieces of software that can be subject to malware injection
   trough MITM techniques.
   VLC, Videolan Client, the most used opensource video player have their
   entire website in HTTP, their download page in HTTP and the mirror
   providing the downloading in HTTP.
   However they are refusing to implement HTTPS arguing that because their
   .exe are digitally signed with authenticode they are safe
   [1]https://trac.videolan.org/vlc/ticket/18472 .
   Please help me explain them how digital attacks works, or please
   someone make a MITM video-screencast to show them how urgent and
   important is to upgrade all of the connections to HTTPS.

   -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and
   Digital Human Rights [2]http://logioshermes.org -
   [3]https://globaleaks.org - [4]https://tor2web.org -
   [5]https://ahmia.fi

References

   1. https://trac.videolan.org/vlc/ticket/18472
   2. http://logioshermes.org/
   3. https://globaleaks.org/
   4. https://tor2web.org/
   5. https://ahmia.fi/