Paypal warns buyers to avoid Safari browser from Apple

[clevin]

http://news.yahoo.com/s/infoworld/20080228/tc_infoworld/95634

main reason is the lack of "anti-phishing" technology which can be found in all other browsers.

“Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.”

“Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it,”

“[Opera, IE, and Firefox are] safer, precisely because we think they are safer for the average consumer. I’d love to say that Safari was a safer browser, but at this point it isn’t.”

Still, I don't think IE should be on any recommendation list.

 

[Hankster]

The only list IE should be on is the "Do Not Use" list.

 

[Moof1904]

The best way to safeguard your money is to avoid PayPal

PayPal sucks horribly. The mere fact that money is held by PayPal is more of a threat to the money's safety than Safari could ever be.

 

[Consultant]

If you are a merchant, google checkout fees are lower than PayPal's.

 

[retro83]

Can't really argue with what they said though - it does lack anti-phishing support.

 

[Cybergypsy]

PayPal sucks horribly. The mere fact that money is held by PayPal is more of a threat to the money's safety than Safari could ever be.

I agree, Paypal is the very worse!

 

[jeremy.king]

I wonder why they think its the browsers responsibility to fight phishing attempts? You could just as easily blame mail providers, mail applications, ISPs, or even backbone providers for not blocking those emails you get, that lead you to a phishing site.

Paypal is a waste, but unfortunately it's what everyone uses - so like the millions of people out there, I am stuck.

 

[dejo]

I wonder why they think its the browsers responsibility to fight phishing attempts?

Agreed. I think, ultimately, it is the end user's responsibility. And if they are educated properly, they can be vigilant on their own, rather than rely on some tool that phishers will try to find a way around.

 

[theBB]

I wonder why they think its the browsers responsibility to fight phishing attempts?

They don't say it is the browser's responsibility, but it is better to use one that gives you more tools to be secure. Just because it is made by Apple does not make it better than others.

 

[IJ Reilly]

Enlighten me please. How can browsers prevent phishing?

 

[kuebby]

Enlighten me please. How can browsers prevent phishing?

Some browsers have a feature (which to my understanding is still kind of a beta feature anyway) that will tell you (or try to) when you are viewing a site which is a phishing site.

This feature won't work for ever phishing site because they appear and disappear so quickly, for PayPal to do this is ridiculous. The best way to avoid phishing attacks is to simply be intelligent about giving away your information.

 

[gnasher729]

Enlighten me please. How can browsers prevent phishing?

There are lots of things a browser can do. Just as an example, if you follow a link to http://www.microsoft.com to download a software update, but the o's in microsoft are actually two cyrillic letters, then the browser could detect that and give you a warning (I think Safari does that).

 

[clevin]

Some browsers have a feature (which to my understanding is still kind of a beta feature anyway) that will tell you (or try to) when you are viewing a site which is a phishing site.

This feature won't work for ever phishing site because they appear and disappear so quickly, for PayPal to do this is ridiculous. The best way to avoid phishing attacks is to simply be intelligent about giving away your information.

right now, all browsers, except safari, has this, safari 3 was rumored to have this feature back in 2006 (appleinsider), but eventually didn't get it.

Immune is impossible, "safe-R" is what really counts here. Asking masses to be "intelligent enough" isn't responsible, since we all know its just not possible.

 

[dsnort]

Can't really argue with what they said though - it does lack anti-phishing support.

Enlighten me please. How can browsers prevent phishing?

Yeah, I had a phishing attempt the other day from eBay. Got an email saying I had an unpaid item. Looked the item up on another window, wasn't anything I had bid on. Clicked the link on the email to view the dispute, it took me to an "eBay" log on page asking for my user name and password, but my user name wasn't entered automatically like is usually is when I go to eBay. While I was sitting there wondering about that, FireFox popped up a warning that this site had been reported as a fraudulent site and I needed to haul a** out of there. I took a few minutes to look the site over before I closed it, it looked exactly like an eBay page.

I don't honestly know if I would have figured this out on my own before it was too late, but I do know I'm using Firefox more now.

 

[Stampyhead]

I don't think those other browsers are 'safer' just because they make a feeble attempt to keep idiots from hurting themselves on the internet. I actually can't stand that 'anti-phishing' feature in other browsers. That's one of the reasons I like Safari. Perhaps I'm in the minority, but I consider myself smart enough to know what I'm doing online and I don't need my web browser second-guessing me every step of the way. As the number of available domain names becomes fewer and fewer people will start resorting to less conventional names for their completely legal sites. These browser 'safeguards' will become nothing more than another annoying alert one must click through in order to get where one wants to go.
This is just another instance of Paypal trying to shift the blame to someone else for something that should be their problem. Real banks have made advances in protecting their sites from phishing scams. Why hasn't Paypal done any of that?

 

[clevin]

I just remembered, even thunderbird email client has this phishing protection of some sort. if the link' url in the email doesn't match what it appears to be, TB will warn you when you click the link. (of course, you can check the real url in status bar of TB w/o clicking it anyway....

Maybe safari 4? since no mention of this in 3.1?

 

[mrwizardno2]

Is it just me or is the grammar in that quoted bit absolutely atrocious? I mean, come on. I understand it's PayPal, but I don't think anything actually PUBLISHED would have sentences so unreadable. The misplaced commas alone are enough to drive a person insane!

 

[sellitman]

You would think that Apple would immediately work to correct this?

 

[~Shard~]

If you are a merchant, google checkout fees are lower than PayPal's.

Do your customers not require a Google ID though to process orders, payment etc. using Google's services? Might turn some people off who don't have Google IDs, that's all...

 

[IJ Reilly]

Is it just me or is the grammar in that quoted bit absolutely atrocious? I mean, come on. I understand it's PayPal, but I don't think anything actually PUBLISHED would have sentences so unreadable. The misplaced commas alone are enough to drive a person insane!

Maybe it was sent out by a phisher?

So, I still don't get how a browser is supposed to discriminate between a legitimate and a phishing site. Do they check the IP number against the registered domain?

 

[kkat69]

You would think that Apple would immediately work to correct this?

Who says they aren't? But I mean come on, I have to agree when surfing or checking your email you NEED TO BE AWARE of what your doing.

People are so demanding in making other people do things for them in regards to internet security. Sure not everyone is savvy enough to know what to do and what NOT to do, but quite a BIT of phishing attacks are almost so obvious it's scary.

Should Apple be to blame for not adding this in Safari? Maybe

But if one blamed Apple for having their CC stolen because they didn't add anti-phishing support is like blaming apple for ruining your underwear for not whiping your arse when you took a dump.

Excercise some caution and you'll be ok (for the most part)

Man I hate ranting but I wanted to use the "whipe your arse" and couldn't find any other way to work it in.

Come on Apple, get Safari up to par, if FF, a practically opensource browser can have it (regardless if it's still a beta technology overall) Safari can have it too........ or does it and we just don't know about it?

 

[clevin]

Come on Apple, get Safari up to par, if FF, a practically opensource browser can have it (regardless if it's still a beta technology overall) Safari can have it too........ or does it and we just don't know about it?

webkit/safari is supposed to be OSS as well.

well, until today I found out apple is hiding secrets from OSS contributers. I guess that explains alot tho.

 

[Eraserhead]

^^ . I know that only the engine is open not the browser, but what do you mean?

 

[clevin]

only the engine is open not the browser.

well, thats probably what I was talking about, engine. but im obviously no expert on this, you might want to search webkit at google blog search and read yourself.

 

[kkat69]

webkit/safari is supposed to be OSS as well.

well, until today I found out apple is hiding secrets from OSS contributers. I guess that explains alot tho.

bleh, either way, I use FF anyway, I like it better than Safari

So any impurities in Safari don't concern me much.. hahahaha