I use NoScript regularly. It's good but has its limitations. The problem is that many websites deliver much of their JavaScript functionality through third-party sites. If you use NoScript to enable just the site's own JavaScript, it often won't work. Then you have to guess which of the ten other sites you can trust. The thief seems to have used a domain name similar to NewEgg's, so people might have assumed it was safe and enabled it first.
This theft grabbed credit card data by JavaScript as it was being entered, so the best server-side protection in the world wouldn't help.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2018-09-21 09:57 pm (UTC)This theft grabbed credit card data by JavaScript as it was being entered, so the best server-side protection in the world wouldn't help.