macnn

02/28/2008, 1:50pm, EST

Thursday, February 28th

Safari not secure against phishing, says PayPal

PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing – the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.

According to PC World Safari is the only major browser to be vulnerable in this way.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.



Filed under: Apple, industry, security, software
Other story tags: Safari, Paypal, phishing

, , 23comments, del.icio.us, slashdot, digg, buzz


23 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
dliup
use common sense
0
02/28, 2:07pm, EST
None of these systems catches 100%, thus it's better to use common sense.
Fresh-Faced Recruit
Joined Jan 2006
User is offline
starwarrior
More Microtards
0
02/28, 2:12pm, EST
Horseshit. Use a credit card and not paypal.

Paypal must be nuts to not fix this themselves. More Microtards in action.
Fresh-Faced Recruit
Joined Mar 2006
User is offline
Eldernorm
Agreed
0
02/28, 2:47pm, EST
Use IE over....well......anything else,....... cause it safer????

What kind of statement is that? And phishing is a social issue not a technical one.

Someone must have made a few bucks to make that statement publicly. :-)
Fresh-Faced Recruit
Joined Sep 2007
User is offline
jhawk95
Don't click on links!
0
02/28, 2:48pm, EST
How about not clicking on links in a webpage when dealing with personal or financial infomraion.

Always type in the address yourself.
Fresh-Faced Recruit
Joined Oct 2006
User is offline
psdenno
Is Safari also....
0
02/28, 2:51pm, EST
...more vulnerable to letters from Mugabe Unsara, wife of the late Finance Minister of Uganda, who has a business proposition for me if I will be willing to deposit 11,000,000 in my checking account?
Fresh-Faced Recruit
Joined May 2003
User is offline
vasic
What was that???
0
02/28, 2:51pm, EST
Let's see the scenario: I receive a message that looks like it is from PayPal (it is not). It convinces me that I must go to PayPal and log in. I follow the link, go to the site that looks like PayPal (it is not) and try to log in. The message was sent using virus-infected zombie Windows PCs; the fake site is hosted on some rogue server in Niue, or Tuvalu, or some other Pacific speck on the map. How can PayPal fix this? Could you please elaborate?

I use PayPal all the time to send money to individuals who cannot take credit card payments. Same thing the other way.

Whoever is referred to as Microtards is probably not involved in any way here.

Other browsers already have this. Safari should. While it isn't 100% fool-proof, it will most likely save many ignorant users from the agony of identity theft and flat-out robbery.
Fresh-Faced Recruit
Joined May 2005
User is offline
vasic
Not safari...
0
02/28, 2:58pm, EST
As for the letters of Mrs. Unsara, it is not Safari; it will be Mac OS Mail that's vulnerable to those. And Thunderbird has a tendency to identify those as suspicious as well.

The author of the article may have a point. Phishing is social engineering, but there are ways to reduce risk, and other developers are implementing them. Apple should too.
Fresh-Faced Recruit
Joined May 2005
User is offline
russellb
Common Sense
0
02/28, 3:17pm, EST
I really wish that people would just use common sense .. pretty easy

1) I get an email from my bank and 101 other banks warning me that I need to log in etc etc ... I DONT, just always manually type in your banks url yourself and manually log in

2) PayPal send me an email warning to change password, click link etc HOW ABOUT paypal jst educate users to NEVER to respond to such emails and always manually go to paypal and log in ??

it's not that hard
Fresh-Faced Recruit
Joined Sep 2001
User is offline
DGFilm
what can a browser do?
0
02/28, 3:31pm, EST
can someone explain how a web browser can protect against phishing? I don't get it.
Fresh-Faced Recruit
Joined Mar 2007
User is offline
dliup
fool and his money
0
02/28, 3:41pm, EST
No matter what kind of protection there is, A fool and his money are soon parted
Fresh-Faced Recruit
Joined Jan 2006
User is offline
additional comments:..1..2..Next
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Turn your laptop into CASH: Sell us your used laptop. Working or not. Get money FAST. Instant online quote. Shipping is FREE.

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Computer Training Online: Helpful Links for Computer Training Online.

Free 2008 Education Guide: Free Guide to U.S. Colleges. Tons of financial aid and FAFSA help.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.