[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability of OpenSource Software download mechanisms: VLC

Subject: Vulnerability of OpenSource Software download mechanisms: VLC
From: stargrave at stargrave.org (Sergey Matveev)
Date: Mon, 3 Jul 2017 18:27:49 +0300
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

*** Steve Kinney <admin at pilobilus.net> [2017-07-03 17:30]:
>> However they are refusing to implement HTTPS arguing that because their
>> .exe are digitally signed with authenticode they are safe 
>> https://trac.videolan.org/vlc/ticket/18472 .
>
>Against hostile State actors, HTTPS only provides a false sense of
>security.  If your threat model includes the CIA, reliance on HTTPS is a
>fundamental error in the "game over" category.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

References:
- Vulnerability of OpenSource Software download mechanisms: VLC
  - From: lists at infosecurity.ch (Fabio Pietrosanti - Lists)
- Vulnerability of OpenSource Software download mechanisms: VLC
  - From: admin at pilobilus.net (Steve Kinney)

Prev by Date: Vulnerability of OpenSource Software download mechanisms: VLC
Next by Date: Vulnerability of OpenSource Software download mechanisms: VLC
Previous by thread: Vulnerability of OpenSource Software download mechanisms: VLC
Next by thread: Vulnerability of OpenSource Software download mechanisms: VLC
Index(es):
- Date
- Thread