updated 01:50 pm EST, Thu February 28, 2008
Safari vulnerable to phish
PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing - the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.
According to PC World Safari is the only major browser to be vulnerable in this way.
"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."
Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.