First for mac news, reviews and know-how
  
Welcome Guest  Register Log in
  Advanced 

News 

[Internet]
Friday 18th April 2008
PayPal threatens to cut off Safari 11:28AM, Friday 18th April 2008
PayPal is considering banning web browsers that don't provide anti-phishing protection, and that includes Safari.

The eBay-owned web payments service has published a white paper outlining changes proposals to tackle phishing, which not only exposes customers to the risk of fraud but is also an expensive problem for PayPal, as it fully reimburses users their accounts are accessed by a fraudster.

One of these proposals outlines methods for blocking phishing sites that users are typically directed to by a fraudulent email. Certain browsers, which PayPal refers to as "safe browsers" include technologies for identifying such sites, comparing them to centralised blacklists and, more recently, employing Extended Validation Certificates.

But Safari has neither and without being named in the white paper, falls squarely into PayPal's "unsafe browsers"category.

Michael Barrett, PayPal's chief information security officer, says that PayPal cannot continue to permit access to online payments using such browsers.

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts,"he
 
 
ADVERTISEMENT
says in the document.

"We argue that it's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers."

PayPal's plan is to begin warning users of "unsafe browsers"before blocking from accessing the site from the most unsafe, which it says will usually the oldest, little used browsers, such as early versions of Internet Explorer.

Apple has yet to comment and makes little mention of phishing on its website. The one support article concerning the problem details how to identify phishing emails, which are, after all, the root of the problem

Asa Dotzler, community coordinator for Firefox marketing projects, backs PayPal's approach.

"PayPal takes social engineered threats as seriously as encryption or code flaws. It has to,"he wrote in a blog post. "Phishing is so much easier to pull off than cracking a browser or an encrypted client server session. Even lowering their exposure to these kinds of attacks by a fraction of a percent is a huge win for them, both financially and strategically. I think that PayPal is absolutely right to let its users know how to do the most they can to stay safe and secure online."

PayPal's proposals are outlined in A Practical Approach
to Managing Phishing.
Simon Aughton

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
› See more News

Columns

Editorial: Touching on a painful lesson

Storing all your data on a mobile device isn't always a good thing. › See full Opinion
› See more Columns

MAC GUIDE

The Independent Guide to the Mac 2

Featuring all the essential tips, crafty techniques and information you need, this fully updated publication is the definitive guide to the Apple range and a must have for any switched on individual.
If you would prefer a digital version for only £5,  click here

IPOD GUIDE

The Ultimate iPod Guide

Hundreds of tips to make the most of your iPod - covering every iPod, old and new.

IPHONE GUIDE

The Independent Guide to the iPhone

Master the iPhone, tool by tool. Everything you need to know about the most remarkable portable gadget.

GRAPHIC GUIDE

The Ultimate Guide To Graphic

Covering Photoshop, InDesign, QuarkXPress and more, this comprehensive guide compiled by experts across the field of computing, presents the reader with the vital knowledge of how to harness the power of their computer and use this to create professional, appealing and engaging projects.