Global Security Watch > Economics not repealed, just slow: Paypal blames Browsers for Phishing

Financial Cryptographyhttps://financialcryptography.com/mt/archives/001010.html [Financial Cryptography] It likely had to be Paypal because the regulated banks won't say boo without permission, and Paypal might be supposed to be net-savvy. It had to be Safari because (a) there is that popular alternate now, and (b) Apple is still small enough not to be offended, and (c) others have done something in the phishing area.

Some related posts from Technorati and Google.

Sunnet Beskerming Security Advisories[Sunnet Beskerming Security Advisories] PayPal and Anti-Phishing Recommendations: It has been pointed out that browsers such as Safari and Camino, while they don't have the anti-phishing address bar colorisation built in do use the system Keychain to store authentication details for sites and this will provide an instant visual clue to users that something is wrong, when their details have not been pre-filled on a site that is claiming to be PayPal, eBay, their bank, or some other site where they use authentication.

Spyware Techie[Spyware Techie] PayPal Considers Safari Web Browser Insecure: The Safari Web Browser software does not have a phishing filter and this classifies it as an unsecure web browser by many banking sites such as PayPal. PayPal’s CIO Michael Barrett recently said “Apple, unfortunately, is lagging behind what they need to do, to protect their customers.

macnn | The Macintosh News Networkhttp://www.macnn.com/articles/08/02/28/safari.vulnerable.to.phish/ [macnn | The Macintosh News Network] Safari not secure against phishing, says PayPal: "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

mozillazine feedhousehttp://weblogs.mozillazine.org/asa/archives/2008/02/safari_unsafe_p.html [mozillazine feedhouse] Asa Dotzler: safari unsafe? paypal thinks so.: To those who doubt the efficacy of EV certs based on a study of IE 7's current UI, are also pushing flawed information. Just because IE's implementation is less than ideal doesn't mean that Firefox's will be or that we won't see all browsers advancing the usefulness of EV cert features.

The PC Doctor's bloghttp://www.pcdoctor-guide.com/wordpress/?p=4678 [The PC Doctor's blog] PayPal tells Mac users to drop Safari: PayPal is urging its users to ditch Safari and instead use alternative browsers such as Internet Explorer 7, IE 8, Firefox 2, Firefox 3, or even Opera. The reason for the warning is Safari's lack of anti-phishing technology.

securosis.comhttp://securosis.com/2008/02/29/ask-securosis-is-safari-less-secure/ [securosis.com] Ask Securosis, Is Safari Less Secure?: That’s the bottom-line finding of a new study from researchers at Harvard University and MIT, who conducted a live test of banking users to measure the effectiveness of browser-based authentication and anti-phishing features earlier this year. The research is scheduled to be presented at the IEEE Symposium on Security and Privacy next month.

Slashdot: Generated for ChicoLance (318143)http://it.slashdot.org/article.pl?sid=08/03/03/2049205&from=rss [Slashdot: Generated for ChicoLance (318143)] Paypal Advises Users To Stop Using Safari: (Incidentally, I do rather wonder why, with modern Macs all having wide-aspect monitors, the default Dock position is still along the bottom of the screen, and why windows still have their toolbars along the top rather than down the side, but those are whole other cans of worms...)

yugatech | Philippines, Technology News & Reviewshttp://www.yugatech.com/blog/freewares/paypal-says-avoid-safari-browser/ [yugatech | Philippines, Technology News & Reviews] Paypal says avoid Safari browser: Another problem is Safari’s lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.

crunchgearhttp://www.crunchgear.com/2008/02/29/paypal-warns-against-using-safari-because-of-its-lack-of-anti-phishing-technology/ [crunchgear] PayPal warns against using Safari because of its lack of anti ...: PayPal, darling of the Internet, has warned its users to steer clear of Apple’s Safari Web browser because it doesn’t support anti-phishing technologies. (IE 7 and the upcoming Firefox 3.0 do, however.) Specifically, PayPal says .

Identity and Privacy Bloghttp://yes2privacy.wordpress.com/2008/03/05/ev-ssl-certs-and-phishing/ [Identity and Privacy Blog] EV SSL certs and phishing: So, should a site get EV certs knowing that they probably won’t stop phishing and the main gainer is the CA who gets extra money over ordinary SSL certs? Unfortunately, the answer is yes.

The Unofficial Apple Weblog (TUAW)[The Unofficial Apple Weblog (TUAW)] PayPal excludes Safari from "Safer Browsers": These same people have asked me how to protect themselves from spammers and phishers (usually right after a special on the evening news). They are so blinded by something in the messages they get, that no amount of telling them not to click on things in their spam folder, or not to send any personal information over email is going to work.

Tim Callan's SSL Bloghttps://blogs.verisign.com/ssl-blog/2008/03/paypal_considers_safari_to_be.html [Tim Callan's SSL Blog] PayPal considers Safari to be insecure: Still, Barrett says data compiled on PayPal's Web site show that the EV certificates are having an effect. He says IE 7 users are more likely to sign on to PayPal's Web site than users who don't have EV certificate technology, presumably because they're confident that they're visiting a legitimate site.

Jeremiahhttp://jeremiahlee.com/blog/2008/02/28/paypal-and-browser-security/ [Jeremiah] Dear PayPal, Safari Isn’t The Security Problem: Michael Barrett, PayPal’s chief information security officer, said, “Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it.” Indeed, Safari lacks anti-phishing blacklisting and support for extended validation (EV) certificates.

The Mac Security Bloghttp://blog.intego.com/2008/02/28/paypal-says-safari-is-not-secure/ [The Mac Security Blog] PayPal Says: Safari Is Not Secure: Barrett recommends that PayPal customers use other browsers because Safari has no built-in anti-phishing protection. “Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it,” said .

[Still As Life] Safari Excluded from Paypal’s “Safer Browsers”: It is a let down on Apple’s part, especially considering how nice of a browser Safari is. I personally use it minimally since I’m an avid Firefox user, but I cannot deny it is a light and fast browser, using far less RAM than Firefox, as well as being more stable.

Reflected tags on Technorati: Blog, , , , ,