facebook rss twitter

Safari not the Apple of PayPal's eye?

by Scott Bicheno on 18 April 2008, 23:23

Quick Link: HEXUS.net/qamr2

Add to My Vault: x

Phish Phight

PayPal, often the target of phishing scams, has published a white paper outlining methods in which the popular payment site intends to combat such threats in the future.

Among the recommendations is the use of Extended Validation SSL certificates. The move is a welcome one but the relative lack of support for EV SSL certificates in browsers looks set to pose problems for users, in particular Macintosh users.

PayPal has already stated that older browsers such as Internet Explorer 3 and 4 will be blocked from using their service, however, by making EV SSL support mandatory, users of Safari, the browser that ships with all Apple computers and iPhones, will be blocked too.

The paper, co-authored by PayPal heavyweights Michael Barrett, chief information security officer and Dan Levy, senior director of risk management, Europe states that they are 'in the process of re-implementing controls which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe.'

However they continue, 'later, we plan on blocking customers from accessing the site from the most unsafe – usually the oldest – browsers.'

The race is on

For users of Safari it's a race between Apple bringing in modifications to the popular Mac browser or them choosing an alternative. The problem is exacerbated by the fact that the popular multi-platform browser, Firefox doesn't support EV SSL without first installing an extension.

Firefox 3.0, slated for launch early in the summer will support EV SSL certificates. The surprising fact is that Internet Explorer 7 is currently only browser out of the trinity which comprises of over 95% of all Web surfing to support EV SSL certificates 'out of the box'.

The authors go on to detail other measures that have been undertaken by PayPal such as the use of warning pages, blacklists and authentication.

Evidence provided suggest that these changes have indeed had a positive impact on reducing the 'phishing volume' over time adding that their own results have 'surprised' them.

Whether other retailers will follow suit and require the support of EV SSL certificates is unclear at this point, however judging by the success enjoyed by PayPal through incorporating the technologies outlined by Barrett and Levy, it may not be long until we see increased security checks when shopping online.



HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by deleted - Sat 19 Apr 2008 02:02
:O_o1: older versions of browsers i can see a very valid reason for blocking… but safari in general? never used it so you will have to excuse me but are there actual issues or is this a vendetta of some sort?
Posted by deleted - Sat 19 Apr 2008 14:52
Deleted
:O_o1: older versions of browsers i can see a very valid reason for blocking… but safari in general? never used it so you will have to excuse me but are there actual issues or is this a vendetta of some sort?
If you read the arctilce you'd realise it's because Safari doesn't support EV SSL, and they are planning to make that mandatory for their website to improve security.
Posted by deleted - Sat 19 Apr 2008 15:25
I don't see anything wrong with that. If it doesn't support the security requirement, which is available in other browsers (available on the Mac too), then it's up to Apple to sort it out. Since Safari has such a small user base I doubt it's going to effect too many of PayPal's customers.
Posted by deleted - Sat 19 Apr 2008 15:46
I see no problem either they give their browser required support or it's banned.
Posted by deleted - Sun 20 Apr 2008 14:02
Deleted
If you read the article you'd realise it's because Safari doesn't support EV SSL, and they are planning to make that mandatory for their website to improve security.

Firefox doesn't support it either(without an extension).

SEE NEWER »