March 12, 2010

Posts Comments

You are here: Home / Archives for Phishing

PayPal May Block Safari & Older Browsers to Stem Phishing

April 19, 2008 By Mr. Mayor 6 Comments

PayPalWord has it that PayPal is seriously considering locking out older browsers in an attempt to curb phishing attacks. Paypal commented that a large number of people are still using Internet Explorer 3 and 4. These versions were released in 1996 and 1997… It’s hard to imagine many people are still using those dinosaurs, but what the heck do I know!?

A paper released during the RSA security conference in San Fran earlier this month noted:

“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts…”

With all this news of banning older browsers because of their lack of anti-phishing filters, Apple’s Safari could very well be next on the hit list. Not only is Safari missing anti-phishing filters, but it also does not support Extended Validation SSL Certificates issued to sites that have been tagged as legitimate.

You can bet your butt on it that Apple has their team working just that little bit extra on Safari over the past month or so to get things up to snuff. I’d be surprised if we do not see a major Safari update within the next month or two.

[via Macworld]

Filed Under More... Tagged With PayPal, Phishing, Safari, SSL

PayPal Says NO to Safari: We Say Take Responsibility for Your Actions

February 28, 2008 By Mr. Mayor 1 Comment

PayPal Offers Safari Security WarningYesterday, PayPal issued a warning of sorts in a MacWorld interview. According to Michael Barrett (PayPal’s chief security officer), Safari does not make PayPal’s list of recommended browsers because it is missing 2 important anti-phishing security features.

Barrett noted:

‘Apple, unfortunately, is lagging behind what they need to do, to protect their customers… Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.’

Points taken Mr. Barrett. However, on other sites around the web I’m hearing different. Lets take this snippet from Jeremiah Lee’s blog:

‘Michael Barrett, PayPal’s chief information security officer, said, “Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it.” Indeed, Safari lacks anti-phishing blacklisting and support for extended validation (EV) certificates. Unfortunately for Mr Barrett, SSL is the only method mentioned for securing online transactions. Blacklists and EV certificates provide information to the visitor that the site is more likely to be what it claims. They don’t actually make the browser connection to the web server any more secure.’

Jermiah then goes on to say:

‘Phishing sites impersonate real sites in order to trick visitors into giving legitimate information. Attackers can then use this information to defraud the visitor. Phishing attacks are attacks on visitors, not technology. The solutions aren’t likely technical.’

I think I can sum this whole argument up by simply saying… It’s time for all of us to take responsibility for our actions on the net. It’s true, unfortunately there are a lot of criminals out there ‘phishing’ for your paypal/bank logins out there… Gleaning private login info and stealing hoards of $$$ from the innocent. That’s awful and it sucks… But if we can step-up our own accountability and responsibility on this issue… There will be fewer victims and we’ll all be in a better place.

Filed Under More... Tagged With PayPal, Phishing, Safari