Hello, as we move to improve the status of encryption of the internet and at all levels internet companies diffuse the uses of HTTPS encryption and integrity protection methods there are still a variety of massively diffused pieces of software that can be subject to malware injection trough MITM techniques. VLC, Videolan Client, the most used opensource video player have their entire website in HTTP, their download page in HTTP and the mirror providing the downloading in HTTP. However they are refusing to implement HTTPS arguing that because their .exe are digitally signed with authenticode they are safe https://trac.videolan.org/vlc/ticket/18472 . Please help me explain them how digital attacks works, or please someone make a MITM video-screencast to show them how urgent and important is to upgrade all of the connections to HTTPS. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi