as we move to improve the status of encryption of the internet and
at all levels internet companies diffuse the uses of HTTPS
encryption and integrity protection methods there are still a
variety of massively diffused pieces of software that can be subject
to malware injection trough MITM techniques.
VLC, Videolan Client, the most used opensource video player have
their entire website in HTTP, their download page in HTTP and the
mirror providing the downloading in HTTP.
However they are refusing to implement HTTPS arguing that because
their .exe are digitally signed with authenticode they are safeĀ https://trac.videolan.org/vlc/ticket/18472
.
Please help me explain them how digital attacks
works, or please someone make a MITM video-screencast to show them
how urgent and important is to upgrade all of the connections to
HTTPS.