Vulnerability of OpenSource Software download mechanisms: VLC
Fabio Pietrosanti - Lists
lists at infosecurity.ch
Mon Jul 3 05:36:31 PDT 2017
Hello,
as we move to improve the status of encryption of the internet and at
all levels internet companies diffuse the uses of HTTPS encryption and
integrity protection methods there are still a variety of massively
diffused pieces of software that can be subject to malware injection
trough MITM techniques.
VLC, Videolan Client, the most used opensource video player have their
entire website in HTTP, their download page in HTTP and the mirror
providing the downloading in HTTP.
However they are refusing to implement HTTPS arguing that because their
.exe are digitally signed with authenticode they are safe
https://trac.videolan.org/vlc/ticket/18472 .
Please help me explain them how digital attacks works, or please someone
make a MITM video-screencast to show them how urgent and important is to
upgrade all of the connections to HTTPS.
-- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital
Human Rights http://logioshermes.org - https://globaleaks.org -
https://tor2web.org - https://ahmia.fi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1868 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170703/646fcf64/attachment.txt>
More information about the cypherpunks
mailing list