OK, an update. I entered all the SSL-secured links into my host file:
127.0.0.1 cdn2.hubspot.net
127.0.0.1 js.hs-analytics.net
127.0.0.1 static.hsstatic.net
127.0.0.1 js.hscta.net
127.0.0.1 no-cache.hubspot.com
and a couple of other supects:
127.0.0.1 platform.twitter.com
127.0.0.1 ton.twimg.com
127.0.0.1 o.twimg.com
cleared the caches on my other browsers and lit them up. And got exactly the same results as my first post above
on all browsers.
Frankly, I am surprised Avast allows to utilise out-source components with substandard security. This is simply not good enough. IT-sec is IT-sec, it's done properly or not at all.
I don't use the Avast browser, but I wonder if it would masticate the blog page the way K-M did? It's only a few settings, even non-geeks can work it out:
security.fileuri.strict_origin_policy;true (default in KM76RC)
security.ssl.require_safe_negotiation;true
security.ssl.treat_unsafe_negotiation_as_broken;true
}
}all rc4 and des cyphers;false
}
security.tls.unrestricted_rc4_fallback;false
And TBH most of those settings today should be default, the percentage of sites that would break would be in the order of 5% at most, probably less.
The good news (for me anyway) is that I can read the blog in safety. Almost all threats that could come from that page have been neutralised. And I do have to say this is the only page I have ever seen that shatters so comprehensively with my not-very-advanced settings.
Gordon.