> They're a fucking disaster security-wise. +1
> In general, blocking javascript won't get you too far, because most of the > issues are not in the client, but rather in the use that's made of javascript. I basically block javascript to stop some adveritising and keep some sites from crashing firefox. But many, many sites require javascript to even login (i.e. many bank websites!) > - trying to do https and having to deal with corrupt certificate authorities > that don't guarantee too much in the end. CA's cannot be trusted to even pay attention to carefully securing your certificate. Here in the US, the government can simply ask for your certificate and get it ( and possibly even use it to impersonate you) I sign my own certificates, post a copy of serial number and correct name and IP address on my websites using them. I explain to every customer that I do not trust external CA's and that I am only using https for encryption of passwords and paid content. No one has complained. Some have told me that I am risking a man-in-the-middle attack. Perhaps. But I see little reason to trust the CA man-at-the-end! Chris Bennett
