[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability of OpenSource Software download mechanisms: VLC

Subject: Vulnerability of OpenSource Software download mechanisms: VLC
From: admin at pilobilus.net (Steve Kinney)
Date: Mon, 3 Jul 2017 10:24:32 -0400
In-reply-to: <[email protected]>
References: <[email protected]>


On 07/03/2017 08:36 AM, Fabio Pietrosanti - Lists wrote:
> Hello,
> 
> as we move to improve the status of encryption of the internet and at
> all levels internet companies diffuse the uses of HTTPS encryption and
> integrity protection methods there are still a variety of massively
> diffused pieces of software that can be subject to malware injection
> trough MITM techniques.
> 
> VLC, Videolan Client, the most used opensource video player have their
> entire website in HTTP, their download page in HTTP and the mirror
> providing the downloading in HTTP.
> 
> However they are refusing to implement HTTPS arguing that because their
> .exe are digitally signed with authenticode they are safe 
> https://trac.videolan.org/vlc/ticket/18472 .

Follow-Ups:
- Vulnerability of OpenSource Software download mechanisms: VLC
  - From: bardi.harborow at gmail.com (Bardi Harborow)
- Vulnerability of OpenSource Software download mechanisms: VLC
  - From: stargrave at stargrave.org (Sergey Matveev)

References:
- Vulnerability of OpenSource Software download mechanisms: VLC
  - From: lists at infosecurity.ch (Fabio Pietrosanti - Lists)

Prev by Date: Vulnerability of OpenSource Software download mechanisms: VLC
Next by Date: Vulnerability of OpenSource Software download mechanisms: VLC
Previous by thread: Vulnerability of OpenSource Software download mechanisms: VLC
Next by thread: Vulnerability of OpenSource Software download mechanisms: VLC
Index(es):
- Date
- Thread