toggle

AAPL Stock: 493.42 ( + 0.25 )

Safari not secure against phishing, says PayPal

updated 01:50 pm EST, Thu February 28, 2008

Safari vulnerable to phish


PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing – the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.

According to PC World Safari is the only major browser to be vulnerable in this way.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," said Michaek Barret, chief information security officer for PayPal. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari also does not support EV certificates, a relatively new standard that gives the user a visual cue that a website is valid.



by MacNN Staff

print
email
(20)

TAGS :

 industry, security, software, Safari, Paypal, phishing, Apple

Related Articles

Recent Articles

toggle

Comments

  1. dliup

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    02/28, 02:07pm | report spam | Reply |

    use common sense

    None of these systems catches 100%, thus it's better to use common sense.

  1. starwarrior

    Fresh-Faced Recruit

    Joined: Mar 2006

    -1
    02/28, 02:12pm | report spam | Reply |

    More Microtards

    Horseshit. Use a credit card and not paypal.

    Paypal must be nuts to not fix this themselves. More Microtards in action.

  1. Eldernorm

    Fresh-Faced Recruit

    Joined: Sep 2007

    0
    02/28, 02:47pm | report spam | Reply |

    Agreed

    Use IE over....well......anything else,....... cause it safer????

    What kind of statement is that? And phishing is a social issue not a technical one.

    Someone must have made a few bucks to make that statement publicly. :-)

  1. jhawk95

    Fresh-Faced Recruit

    Joined: Oct 2006

    0
    02/28, 02:48pm | report spam | Reply |

    Don't click on links!

    How about not clicking on links in a webpage when dealing with personal or financial infomraion.

    Always type in the address yourself.

  1. psdenno

    Fresh-Faced Recruit

    Joined: May 2003

    +1
    02/28, 02:51pm | report spam | Reply |

    Is Safari also....

    ...more vulnerable to letters from Mugabe Unsara, wife of the late Finance Minister of Uganda, who has a business proposition for me if I will be willing to deposit 11,000,000 in my checking account?

  1. vasic

    Fresh-Faced Recruit

    Joined: May 2005

    0
    02/28, 02:51pm | report spam | Reply |

    What was that???

    Let's see the scenario: I receive a message that looks like it is from PayPal (it is not). It convinces me that I must go to PayPal and log in. I follow the link, go to the site that looks like PayPal (it is not) and try to log in. The message was sent using virus-infected zombie Windows PCs; the fake site is hosted on some rogue server in Niue, or Tuvalu, or some other Pacific speck on the map. How can PayPal fix this? Could you please elaborate?

    I use PayPal all the time to send money to individuals who cannot take credit card payments. Same thing the other way.

    Whoever is referred to as Microtards is probably not involved in any way here.

    Other browsers already have this. Safari should. While it isn't 100% fool-proof, it will most likely save many ignorant users from the agony of identity theft and flat-out robbery.

  1. vasic

    Fresh-Faced Recruit

    Joined: May 2005

    0
    02/28, 02:58pm | report spam | Reply |

    Not safari...

    As for the letters of Mrs. Unsara, it is not Safari; it will be Mac OS Mail that's vulnerable to those. And Thunderbird has a tendency to identify those as suspicious as well.

    The author of the article may have a point. Phishing is social engineering, but there are ways to reduce risk, and other developers are implementing them. Apple should too.

  1. russellb

    Junior Member

    Joined: Sep 2001

    0
    02/28, 03:17pm | report spam | Reply |

    Common Sense

    I really wish that people would just use common sense .. pretty easy

    1) I get an email from my bank and 101 other banks warning me that I need to log in etc etc ... I DONT, just always manually type in your banks url yourself and manually log in

    2) PayPal send me an email warning to change password, click link etc HOW ABOUT paypal jst educate users to NEVER to respond to such emails and always manually go to paypal and log in ??

    it's not that hard

  1. DGFilm

    Fresh-Faced Recruit

    Joined: Mar 2007

    0
    02/28, 03:31pm | report spam | Reply |

    what can a browser do?

    can someone explain how a web browser can protect against phishing? I don't get it.

  1. dliup

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    02/28, 03:41pm | report spam | Reply |

    fool and his money

    No matter what kind of protection there is, A fool and his money are soon parted

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News