Paypal’s Chief Information Security Officer recommends everyone who has a Paypal account to avoid using Apple’s Safari browser. Apparently, Safari is still way behind in security features compared to Internet Explorer and Firefox.
The story from Infoworld reveals that Paypal is most vulnerable to phishing attacks when accessed via the Safari browser.
Safari doesn’t make PayPal’s list of recommended browsers because it doesn’t have two important anti-phishing security features, according to Michael Barrett, PayPal’s chief information security officer.
Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.
Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari’s lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
With over 276 million users, Paypal is often a target of phishing scams which also includes online banking websites and social networking sites.
The most likely victims of these Safari-related phishing activities would be regular Mac users running Apple’s built-in browser. And though most internet-savvy users can easily spot a phishing website, it does help to have some sort of warning mechanism from your browser if the site you’re visiting is fake or not.
Do you agree that people should drop Safari?
Loading ...
This is not a MAC vs Windows thing. I just don’t believe that built-in browser security features will protect an unwitting paypal user.
Here’s a test to prove my point. Go ask any average internet user (by average, i mean your mom or any non-techie internet user) if they check for the https or padlock when using so-called “secure sites” using “secure browsers” and if they know what it means.
The fact that they don’t know it simply means that they don’t know how to use the technology. Any technology will all go to waste if the user can’t even begin to imagine how to use it.
It’s like saying, I’m gonna give my granny a kevlar vest so she won’t get killed when somebody tries to shoot her. How can the kevlar vest protect your granny when she can’t even figure out how to wear it?
Just my two cents. Oh and by the way, not a mac user here. I simply switch browsers ever so often (I have Firefox, IE7, Opera, and Safari on my Windows XP) so spare me the fanboy bashing.
errr.. i think i just got lost in this conversation… but bottom line, security risk is still a risk… but then again, a perfectly secure software is unusable. go ask dilbert. :p
oh another thing a lot of banking/ecommerce sites recommends IE explorer. any thoughts? is it because ie is more secure? a lot of people will disagree on this one. maybe their site is just built for a specific browser.
then again, who cares? i don’t see non-techie people freaking out about this which is probably a majority. same experience as lyle, i’ve forced my parents to use anti-virus, but then don’t care
oooopss… sorry for the wrong grammar on my previous post…
Firefox prompted me when i visited a phishing site. It’s better to use a secure browser than using a non-secure.
If the blog post asked if it was better using a more secure browser… Then I would have agreed with the rest of the commenters here.
But Yuga asked if Safari should be dropped altogether.. I disagree with the idea. Otherwise, we should all stop using computers, e-mail, and the internet because of insuffecient security against virus, spam, etc.
No, don’t drop Safari. If you are a WebDeveloper, you will need Safari.
On my machine, I have the following:
1) Firefox 3
2) Firefox 2
3) Opera 9.5
4) Opera 9.x (pre 9.5)
5) Safari 3
6) Internet Explorer 7
7) Internet Explorer 6
Then on my Ubuntu, I have:
1) Firefox 3
2) Firefox 2
3) Opera 9.5
4) Opera 9.x
5) Internet Explorer 7
6) Internet Explorer 6
I have to test the themes/skin I am creating or migrating over to a new platform on as many browsers as I can. Windows based and GNU/Linux based browsers also have differences. I wish I have a Mac to test also.
But when it comes to “money” and any other password security sensitive stuff, I use Firefox 2. Will use Firefox 3 once it is ready for public consumption.
Just don’t use the Safari Browser when doing paypal transactions if you’re not comfortable with it. If you feel like you can distinguish between phising site and legit ones, then by all means use any browser you like.
I’d preferably use FF first then Opera then IE, in that order, and then Safari and other browsers…