Redirect to HTTPS on codecguide.com

Go down

Redirect to HTTPS on codecguide.com

Post by miken on Sun Mar 25, 2018 7:30 pm

I've just noticed that "codecguide.com" does not redirect to the HTTPS version of the website even though there is one available.
It would be great if you could implement this, it's really simple. One example how to do so: https://infosec.mozilla.org/guidelines/web_security#http-redirections

Also I've noticed that when I use the K-Lite Update Checker and click on "Download installer" button this leads to the non-HTTPS version of "codecguide.com".

But even more importantly: Currently it's not possible to ensure that the downloaded files are valid and have not been tampered with.
Yes, there are hashsums visible on the download-page so you could check the correctness of the downloads (which sadly are not signed and also downloaded over HTTP only) but if you view this page via HTTP you can't know if the page has been intercepted.

Yes, this happens and in some countries actually is enforced via deep packet inspection middleboxes to redirect users of certain website to nation-state spyware if the website they visit and the download-link they use is being served over non-encrypted websites. Examples in this recent report of Citizen Lab are Avast Antivirus, CCleaner, Opera, and 7-Zip:
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ (yes, it's a long read but worth it)

So my suggestions would be:

Thank you for the continuous support of K-Lite over all the years! Smile

miken

Posts : 1
Join date : 2018-03-25

View user profile

Back to top Go down

Re: Redirect to HTTPS on codecguide.com

Post by Admin on Mon Mar 26, 2018 5:27 pm

The seconds download mirror now supports https.

Admin
Admin

Posts : 4081
Join date : 2011-06-17

View user profile http://codecs.forumotion.net

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum