Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

PayPal May Require Anti-Phishing Browsers

By
Add as a preferred source on Google

In a new white paper prepared for the recent RSA Conference, PayPal chief information security officer Michael Barrett and colleague Dan Levy wrote a paper (PDF) outlining a multi-part strategy for PayPal to combat phishing attacks. The paper proposes PayPal stop supporting browser that do not implement Extended Validation certificates (EV-SSL)—which would mean PayPal could stop supporting “unsafe” browsers including versions of Internet Explorer before IE7, early versions of FireFox, and current versions of Apple’s Safari Web browser (the default browser for Mac OS X, which Apple is now pushing to Windows users via iTunes).

“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts,” the authors wrote in the white paper.

Recommended Videos

The paper outlines a graduated strategy whereby users with browser supporting the required technology would be able to conduct transactions via PayPal normally, users with the previous major release of a browser would be allowed to conduct transactions only after explicitly bypassing a warning, and users of still-older browsers would be disallowed entirely.

Barrett has previously criticized Safari for not supporting EV-SSL and for not offering anti-phishing filters that warn users when they attempt to connect to known phishing sites. Usability studies haven’t shown that anti-phishing warnings are effective without user training, but Barrert believes that the “green bar” of a validated site provides a clear visual cue users will understand when they land on a validated site.

Currently, only Internet Explorer 7 supports EV-SSL; Firefox 3.0 plans to support it, as does Opera. Apple hasn’t made any comment on when (or if) Safari might support EV-SSL or anti-phishing services.

In a statement, PayPal says it only plans to develop features that block customers from logging in using “obsolete browsers on outdated or unsupported operating systems”—it offers IE4 on Windows 98 as an example—and says it would not block current versions of any browser, including Apple’s Safari.

Geoff Duncan
Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Gemini in Chrome can now see exactly what you’re looking at on screen
Google's new "Select from screen" tool makes it easier to ask Gemini questions about text and images in a browser tab.
Google Chrome Gemini Featured

Google is making Gemini a lot more aware of what's happening inside Chrome. The company has started rolling out a new "Select from screen" feature that lets users highlight specific text or images from a webpage and send them directly to Gemini, making conversations with the AI assistant far more contextual.

Gemini can now focus on exactly what users want to ask about

Read more
Microsoft’s new Surface PCs are cheaper — but there’s a catch
Cardboard, Box, Carton

The tech industry’s favorite balancing act is getting harder by the month. Component prices are rising, memory costs refuse to settle down, and laptop makers are scrambling to keep sticker shock under control. Microsoft’s latest Surface refresh feels like a direct response to that problem.

The company has introduced new entry-level versions of its 12-inch Surface Pro and 13-inch Surface laptop, offering lower starting prices without changing the processor or storage. On the surface, that sounds like good news for budget-conscious buyers. Dig a little deeper, however, and you’ll find a compromise hiding in plain sight.

Read more
A new supercomputer has dethroned the U.S — here’s why it matters
Crowd, Person, Architecture

The race to build the world’s fastest supercomputer has been dominated by the United States. Now, China has stormed back into the lead. A newly ranked system called LineShine has claimed the No. 1 position on the latest Top500 list, a closely watched ranking of the planet’s most powerful supercomputers. The machine, located in Shenzhen, pushed past the U.S. government’s El Capitan system and became the first Chinese computer to top the list since 2017. That’s notable on its own. But what makes LineShine particularly interesting is how it got there.

The tortoise just outran the rocket

Read more