Posted by David Leo on Mar 03

When we browse the web, top threats are:
1. Remote code execution – everything is lost
2. Man in the middle – sniffing, and tampering
3. Phishing – simple, old, and still quite useful
4. Cross site scripting – data of the vulnerable domain is lost
5. CSRF – unauthorized action

So, what if the browser can only access HTTPS of whitelist domains? With HTTPS, “man in the middle” is fixed. And with
the whitelist, other attacks become very…