PayPal to block users with old browsers, warns against Safar...

Discussion in 'MacBytes.com News Discussion' started by Piarco, Apr 18, 2008.

  1. macrumors 68030

    Piarco

    Joined:
    Jun 24, 2004
    Location:
    Londinium
    #1
    I think I remember the folks at PayPal bemoaning Safari's apparent lack of security, but an active block due to the lack of Extended Validation SSL Certificates in Safari?

    BBC Link

    Is this going to force Apple to add them to Safari if this is the start of a trend?
     
  2. macrumors 6502a

    ::Lisa::

    Joined:
    Oct 28, 2007
    Location:
    Nottingham, UK
    #2
    Will I be the first person here to state that I think this is ridiculous?

    I mean I do not need my browser address bar to glow neon green to know whether a site is none-phising or not! I would not even want my browser to do that really neither. Maybe that is just me?

    I would consider myself to be web aware. It only takes 2 seconds to hover over the link and tell, and besides most of these emails have such bad grammar people can tell a mile off! LOL. The likes of my husband though, I would not even trust him with a PayPal account. He is the type of person to do that.

    I think "blocking" is a bit of a harsh tactic. I mean think about it. You cannot use PayPal, you do not know why, then you accidentally come across a phising PayPal page. You then probably think that is real PayPal (because 'real' PayPal blocked you) and then enter your info. I can see that happening. Maybe all they need is a warning when logging in, similar to what you get when you have a resolution case open, stating that your browser is unsafe and linking to why.
     
  3. macrumors 6502a

    Joined:
    Feb 6, 2008
    Location:
    The Netherlands
    #3
    Maybe it'll push Apple to take action. Not only does Safari lack anti-phishing support, it also doesn't handle evssl-certificates. Safari isn't the number one browser when it comes to safety, while safery has always been one of the spearheads of Apple's campaign against Microsoft.

    --Erwin
     
  4. macrumors G3

    Kilamite

    Joined:
    Mar 20, 2007
    #4
    I try to avoid PayPal as much as I can.

    If they block Safari, that'll be a big customer base they'll be pissing off.
     
  5. macrumors newbie

    Joined:
    Apr 15, 2008
    Location:
    Richmond, UK
    #5
    I don't know why PayPal are bothering that much - it doesn't ever seem to be PayPal that end up out of pocket but their innocent customers instead.
     
  6. macrumors 6502a

    superleccy

    Joined:
    Oct 31, 2004
    Location:
    That there big London
    #6
    Is Safari REALLY as unsafe as PayPal says?

    If "Extended Validation SSL Certificates" are so great, then why doesn't Safari support them?

    Does PayPal think that Firefox is a 'Safe" browser?

    SL
     
  7. macrumors 68040

    Joined:
    Feb 17, 2008
    Location:
    Britain
    #7
    Not that big a deal, you can download firefox, although Safari is much better imo.
     
  8. macrumors member

    Joined:
    Jan 18, 2008
    #8
    EV SSL certificates are only as secure as the site using them. The EV SSL certificates can cause people to lower their guard as it's sounds like it's more secure and so they authorise things they would normally be wary of.

    It's already been shown how a compromised site can display a valid EV SSL certificate while allowing cross-site scripts to be injected into a site.

    Sourceforge was one of the EV SSL sites that had a flaw that allowed a cross-site script to be injected while still showing the green EV SSL approved address bar.
     
  9. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #9
    1. I wouldn't make judgment until I see the fact that paypal does this
    2. Its a simple function, there is no reason to defending a position that's out of touch of the normal users, they need it, and thats end of story. You are well-informed enough that you don't need it? good for you. But you don't represent the majority of users
    3. Firefos IS a safe browser.

    I don't get this, for this type of logic, cars make people not want to walk and be healthy; lifesaver might give users too much false security since it might has a small hole somewhere and sinks in the ocean.

    Its just so unreasonable to focus on 1% of exception and ignore the 99% of benefits. Nothing is perfect, I would be first to admit that, but get real and be honest.

    you can't be telling me that "anything apple doesn't use is bad or worthless"? aren't you?
     
  10. macrumors G4

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #10
    I use Firefox 2.0.0.14 for PayPal-related stuff; does this issue even affect me at all?

    That said, I have to agree with cw2k7 here - EV SSL is an improvement, but certainly not a perfect solution.
     
  11. macrumors 6502a

    superleccy

    Joined:
    Oct 31, 2004
    Location:
    That there big London
    #11
    No, it was a serious question. If there was a tone of sarcasm in there it wasn't intentional.

    SL
     
  12. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #12
    Sorry I might wake up on the wrong side of the bed this morning....:(

    if its not sarcastic question, then its a great question we all should be asking, why?

    I understand there were codes within webkit that are related to anti-phishing, it was planned function for safari 3 and was canceled eventually.

    I don't think there is any difficulty in implementing this at all.

    Two possibility I can think of

    1. Apple is not aware of the seriousness of phishing development in recent years and think its not of great importance

    2. Apple has trouble dealing with Security check providers for various reasons.

    But for whatever reason, I hope next safari will have this. Users sure should educate themselves to be on high guard, but phishing, is quite serious at times, and self-education sometimes might just not enough.
     
  13. macrumors 6502a

    Joined:
    Feb 6, 2008
    Location:
    The Netherlands
    #13
    I try to use PayPal as much as I can. Not because I think they are great (far from it), but because I hate to re-enter my credit card information for every on-line retailer I do business with. Plus, more importantly, I don't want to leave my sensitive credit card information all over the place. Only PayPal has it, and I feel much safer about that. Think about it.

    If you don't buy on-line a lot, I guess you could live without PayPal. Most retailers have the possibility to provide them with your credit card info directly on their site. If that's safe depends on the retailer, of course.

    --Erwin
     
  14. macrumors 68000

    ltldrummerboy

    Joined:
    Oct 15, 2007
    #14
  15. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #15
    Here's a third possibility I can think of:

    Apple is aware of the seriousness of phishing and has no trouble dealing with the security check providers but realizes that the phishers are very clever and whatever methods Apple puts in to stop them, the phishers will try to find ways around them. This ends up becoming a never-ending, escalating "arms war". Instead, Apple is developing ways to educate their users as to the dangers of phishing and will provide such education in a future browser update.

    'Course I'm just guessing, same as you. :)
     
  16. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #16
    whatever, its fine you just want to argue, if you think that helps anybody, go for it. :)
     
  17. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #17
    Who said I just want to argue? I don't. I thought I would just provide another possibility from a different perspective. I'm sure there are even more than just these three. And you must admit that your possibilities are just as much guesses as mine are, since neither of us works for the Webkit/Safari team.
     
  18. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #18
    really? for a browser of 2-3% marketshare globally, what makes you think if apple implements an anti-phishing measure, phishing makers will give a *** ?
     
  19. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #19
    :confused: Huh? I'm not even sure how you came to this question based on what you were quoting. But I'll address it anyways:

    Presumably because these anti-phishing measures will be the same as all the other 'safe' browsers are using, i.e. Extended Validation SSL Certificates. Remember that's what started this thread.
     
  20. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #20
    well, you were the one saying that apple is afraid that if it adds anti-phishing measure to safari, phishing makers will get more "cleverer".:confused:

    Im just asking, does apple adding "whatever methods" have any impact on phishing makers at all? with 2-3% market share?

    PS. EV is not what started this thread, "anti-phishing" is, and anti-phishing != EV.
     
  21. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #21
    It is. It is ridiculous because accessing PayPal with an unsafe browser is not unsafe. Accessing something that _looks_ like PayPal but isn't, that is the problem, and blocking an unsafe browser from the PayPal website doesn't stop this problem. The logic is: If PayPal is blocking your access, then you are at the PayPal site, and therefore there is no phishing happening right now.

    Any criminals that managed to get your PayPal account details through whatever means will obviously use what PayPal calls a "safe" browser to empty your account.
     
  22. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #22
    you are right!:eek: hehe,

    But after the revelation that paypal is only blocking ancient browsers, this might not be anti-phishing related afterall, maybe just SSL, TLS related.
     
  23. macrumors 6502a

    superleccy

    Joined:
    Oct 31, 2004
    Location:
    That there big London
    #23
    Exactly. If the site you think is PayPal is blocking you, then it must be PayPal. See... no need for anti-phishing measures! :D

    SL
     
  24. macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #24
    nonononono, anti-phishing measure is for, when you visit a site looks like paypal, but actually is not.

    really, eventually normal users gonna need this, and if safari doesn't offer it, there are other browsers with total 97% of market share they can pick...
     
  25. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #25
    But if those methods are the same methods that the other 97% of the browser market are using, then, yes, it does impact the phising makers.
    Um, let me quote the first post in this thread:
    And let me also quote the BBC article linked to in the first post:
    To me, EV is what started this thread.

    And P.S. yes, now I just want to argue. :D
     

Share This Page