Vulnerability of OpenSource Software download mechanisms: VLC
Sergey Matveev
stargrave at stargrave.org
Mon Jul 3 08:27:49 PDT 2017
*** Steve Kinney <admin at pilobilus.net> [2017-07-03 17:30]:
>> However they are refusing to implement HTTPS arguing that because their
>> .exe are digitally signed with authenticode they are safe
>> https://trac.videolan.org/vlc/ticket/18472 .
>
>Against hostile State actors, HTTPS only provides a false sense of
>security. If your threat model includes the CIA, reliance on HTTPS is a
>fundamental error in the "game over" category.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
More information about the cypherpunks
mailing list