For decades security and IT consultants have been asked by their clients about possibilities of attacking the competition. I am just surprised it took so long before they found a bunch of crackers to actually do it at a level where it became news. Regards, Khawar Nehal http://atrc.net.pk/

I think the main reason is that the software is useless if it cannot connect. So developers are forced to make clients which work first and then give options for "enabling" security. It is left up to the user to decide what level of security they want to use to connect. The servers and clients can easily decide as far as management is concerned if they want to implement strict security or not. So the main reason why some browsers do implement is because people want to be aware. Until major attacks do not occur, and customers do not care, then there is no real reason to implement stricter security. It costs developers time and makes the software unnecessarily complex. Also it runs the risk of not working which in some customer cases is not acceptable. So this issue shall be around for ever as long as people do not need security is applications running on secure and controlled networks. Technically SSL is rumoured to be breakable so only OTP could be considered for serious applications. Regards, Khawar Nehal