toggle

AAPL Stock: 524.94 ( + 5.93 )

Printed from http://www.macnn.com

Safari not secure against phishing, says PayPal

updated 01:50 pm EST, Thu February 28, 2008

Safari vulnerable to phish

PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing - the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.

According to PC World Safari is the only major browser to be vulnerable in this way.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.





by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. dliup

    Joined: Dec 1969

    0

    use common sense

    None of these systems catches 100%, thus it's better to use common sense.

  1. starwarrior

    Joined: Dec 1969

    -1

    More Microtards

    Horseshit. Use a credit card and not paypal.

    Paypal must be nuts to not fix this themselves. More Microtards in action.

  1. Eldernorm

    Joined: Dec 1969

    0

    Agreed

    Use IE over....well......anything else,....... cause it safer????

    What kind of statement is that? And phishing is a social issue not a technical one.

    Someone must have made a few bucks to make that statement publicly. :-)

  1. jhawk95

    Joined: Dec 1969

    0

    Don't click on links!

    How about not clicking on links in a webpage when dealing with personal or financial infomraion.

    Always type in the address yourself.

  1. psdenno

    Joined: Dec 1969

    +1

    Is Safari also....

    ...more vulnerable to letters from Mugabe Unsara, wife of the late Finance Minister of Uganda, who has a business proposition for me if I will be willing to deposit 11,000,000 in my checking account?

  1. vasic

    Joined: Dec 1969

    0

    What was that???

    Let's see the scenario: I receive a message that looks like it is from PayPal (it is not). It convinces me that I must go to PayPal and log in. I follow the link, go to the site that looks like PayPal (it is not) and try to log in. The message was sent using virus-infected zombie Windows PCs; the fake site is hosted on some rogue server in Niue, or Tuvalu, or some other Pacific speck on the map. How can PayPal fix this? Could you please elaborate?

    I use PayPal all the time to send money to individuals who cannot take credit card payments. Same thing the other way.

    Whoever is referred to as Microtards is probably not involved in any way here.

    Other browsers already have this. Safari should. While it isn't 100% fool-proof, it will most likely save many ignorant users from the agony of identity theft and flat-out robbery.

  1. vasic

    Joined: Dec 1969

    0

    Not safari...

    As for the letters of Mrs. Unsara, it is not Safari; it will be Mac OS Mail that's vulnerable to those. And Thunderbird has a tendency to identify those as suspicious as well.

    The author of the article may have a point. Phishing is social engineering, but there are ways to reduce risk, and other developers are implementing them. Apple should too.

  1. russellb

    Joined: Dec 1969

    0

    Common Sense

    I really wish that people would just use common sense .. pretty easy

    1) I get an email from my bank and 101 other banks warning me that I need to log in etc etc ... I DONT, just always manually type in your banks url yourself and manually log in

    2) PayPal send me an email warning to change password, click link etc HOW ABOUT paypal jst educate users to NEVER to respond to such emails and always manually go to paypal and log in ??

    it's not that hard

  1. DGFilm

    Joined: Dec 1969

    0

    what can a browser do?

    can someone explain how a web browser can protect against phishing? I don't get it.

  1. dliup

    Joined: Dec 1969

    0

    fool and his money

    No matter what kind of protection there is, A fool and his money are soon parted

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

toggle

Most Commented