News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
PayPal, eBay’s electronic payment service, plans to take the dramatic step of locking out people using older versions of web browsers in order to stem phishing attacks.
PayPal said a “significant” group of people still use Microsoft’s Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing web site.
“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts,” according to a paper released during the RSA security conference in San Francisco earlier this month.
It also could mean eventual trouble for users of Apple’s Safari browser, which has no phishing filter. PayPal warned users in February to stay clear of Safari.
Phishing sites are designed to look like the legitimate web sites of major brands such as banks and seek to elicit financial and personal information. Users are often lured to the sites through unsolicited e-mail, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly differently spelling.
PayPal has been one of the brands hit hard by phishing since the service allows people to transfer money. The company has taken steps to strengthen authentication controls and worked with ISPs (Internet service providers) to block e-mails purporting to be from PayPal but lacking a valid digital signature.
PayPal said it plans to warn users who come to its site that they are using an old browser. Eventually, those users will be blocked, although the company did not say when.
The plan won’t necessarily prevent a person from being victimised by a phishing attack. A user could still be duped by an e-mail with a link to a phishing site and then divulge their details.
But by preventing access to its site, PayPal hopes those users will then upgrade their browsers, which will then give them an additional security protection against phishing.
Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple’s browser — Safari — does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to web sites that have been vetted as legitimate.
For web site with that certificate, IE shows a green bar. Firefox’s address bar changes with white to beige and Opera denotes a safe site.
wrote on April 25, 2008 12:54 PM
The line we've always heard from the banks (and maybe Paypal too - I can't remember) was they would NEVER send out an e-mail asking you to confirm your account details, like those phishing emails do. But both my bank and now Paypal too, have recently sent me marketing e-mails containing a link to their login page. With my bank, the marketing emails come from their credit card division. With Paypal, the email was promoting "Mother's Day savings." Both types of emails contained links to a login screen requiring you to enter your username and password. This must surely create a false sense of security in the less computer-savvy customers and certainly puts out a mixed message about their emailing policy. Perhaps the banks and Paypal believe that phishing filters will provide the security they need to stamp out phishing (although I doubt it), but surely it would help if they followed their own guidelines in not sending out emails containing links to a login screen
Some Macintosh users have encountered a security program whose function and web site have the tell-tale signs of a scam. Visitors to the website selling the program, called MacSweeper, are offered a free security scan of their computers. The scan, which only works on Macs,highlights supposed security problems with the computers. It offers to remove the problems with the purchase of a $US39.99 lifetime subscription.
AMW | Jan 22, 2008
This evening, Adobe will release the first full version of its Adobe Integrated Runtime (AIR), while revealing early adopter customers who are building both business and consumer applications using the technology. AIR 1.0 is now available as a free technology, said Adobe Chief Technology Officer Kevin Lynch. He said hundreds of thousands of developers have downloaded the software development kit (SDK) for AIR during the beta process, which began in June. Some of the first applications built using AIR also will be available tonight.
Elizabeth Montalbano | Feb 26, 2008
If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer. "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera." Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac. Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
Robert McMillan | Feb 29, 2008
Almost exactly at the stroke of midnight Tuesday (Sydney time), Apple released a new version of its Safari web browser for Mac and Windows operating systems. This keeps with the "tradition" this year of releasing or at least announcing products on Tuesday each week (Cupertino time). This one had the added convenience of not requiring too late a night for Antipodean Apple watchers.
Jim Dalrymple and Matthew JC. Powell | Mar 19, 2008
As I type these words, I am waiting for Apple's Developer Connection web site to ease up sufficiently for me to download the long-awaited Software Developer Kit for the iPhone (and iPod touch, just by the by). In a way, I hate developer-oriented announcements — "here's a really cool thing we're working on, and it's available now, and hoi polloi can have it in about six months". Actually, it's the six months I hate.
