Paypal’s Chief Information Security Officer recommends everyone who has a Paypal account to avoid using Apple’s Safari browser. Apparently, Safari is still way behind in security features compared to Internet Explorer and Firefox.
The story from Infoworld reveals that Paypal is most vulnerable to phishing attacks when accessed via the Safari browser.
Safari doesn’t make PayPal’s list of recommended browsers because it doesn’t have two important anti-phishing security features, according to Michael Barrett, PayPal’s chief information security officer.
Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.
Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari’s lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
With over 276 million users, Paypal is often a target of phishing scams which also includes online banking websites and social networking sites.
The most likely victims of these Safari-related phishing activities would be regular Mac users running Apple’s built-in browser. And though most internet-savvy users can easily spot a phishing website, it does help to have some sort of warning mechanism from your browser if the site you’re visiting is fake or not.
Do you agree that people should drop Safari?
Just don’t use the Safari Browser when doing paypal transactions if you’re not comfortable with it. If you feel like you can distinguish between phising site and legit ones, then by all means use any browser you like.
I’d preferably use FF first then Opera then IE, in that order, and then Safari and other browsers…
No, don’t drop Safari. If you are a WebDeveloper, you will need Safari.
On my machine, I have the following:
1) Firefox 3
2) Firefox 2
3) Opera 9.5
4) Opera 9.x (pre 9.5)
5) Safari 3
6) Internet Explorer 7
7) Internet Explorer 6
Then on my Ubuntu, I have:
1) Firefox 3
2) Firefox 2
3) Opera 9.5
4) Opera 9.x
5) Internet Explorer 7
6) Internet Explorer 6
I have to test the themes/skin I am creating or migrating over to a new platform on as many browsers as I can. Windows based and GNU/Linux based browsers also have differences. I wish I have a Mac to test also.
But when it comes to “money” and any other password security sensitive stuff, I use Firefox 2. Will use Firefox 3 once it is ready for public consumption.
:D
If the blog post asked if it was better using a more secure browser… Then I would have agreed with the rest of the commenters here.
But Yuga asked if Safari should be dropped altogether.. I disagree with the idea. Otherwise, we should all stop using computers, e-mail, and the internet because of insuffecient security against virus, spam, etc.
Firefox prompted me when i visited a phishing site. It’s better to use a secure browser than using a non-secure.
oooopss… sorry for the wrong grammar on my previous post…
oh another thing a lot of banking/ecommerce sites recommends IE explorer. any thoughts? is it because ie is more secure? a lot of people will disagree on this one. maybe their site is just built for a specific browser.
then again, who cares? i don’t see non-techie people freaking out about this which is probably a majority. same experience as lyle, i’ve forced my parents to use anti-virus, but then don’t care :)
errr.. i think i just got lost in this conversation… but bottom line, security risk is still a risk… but then again, a perfectly secure software is unusable. go ask dilbert. :p
This is not a MAC vs Windows thing. I just don’t believe that built-in browser security features will protect an unwitting paypal user.
Here’s a test to prove my point. Go ask any average internet user (by average, i mean your mom or any non-techie internet user) if they check for the https or padlock when using so-called “secure sites” using “secure browsers” and if they know what it means.
The fact that they don’t know it simply means that they don’t know how to use the technology. Any technology will all go to waste if the user can’t even begin to imagine how to use it.
It’s like saying, I’m gonna give my granny a kevlar vest so she won’t get killed when somebody tries to shoot her. How can the kevlar vest protect your granny when she can’t even figure out how to wear it?
Just my two cents. Oh and by the way, not a mac user here. I simply switch browsers ever so often (I have Firefox, IE7, Opera, and Safari on my Windows XP) so spare me the fanboy bashing.
no need to drop mac, use parallels
Maybe just for now until Safari is updated with more security features.
I don’t think PayPal would be a big enough influence to really drop Safari usage. We all know how fanatic Mac heads are. :P
@Lyle: Any software with security flaws is worth dropping. Mac users dropped Windows for a reason right? Or is Mac just a fad?
A perfectly valid precautionary measure. Anyone defending Safari would be in denial.
That is why they need more security, because as lyle said, they are not aware of the padlock and the https…
I use paypal with safari and I don’t have a problem with it. I guess that’s because I can spot a phising site easily.
I don’t think it’s fair to drop safari just because it lacks security features. In the first place, how many paypal users actually are using the security features of these browsers?
I bet a majority of internet/paypal users don’t even know what the padlock icon and https mean when it shows up on their browser.
We should drop Steve Jobs:D
I do my banking transaction online and some of them will not even show you the login form if you’re using safari.
Among the three browsers that PayPal recommends, Firefox has the best phishing filter. Some phishing scams/sites still get through undetected in IE or Opera. :)
nahh, lets drop paypal.