PayPal planning to block browsers it deems unsafe

by Steve Ragan - Apr 18 2008, 15:15

PayPal released a white paper called “A Practical Approach to Managing Phishing” during RSA. Some of the people in the press room paid it little attention. The paper talks about how PayPal will deal with the Phishing problem. One method is to block browsers that they deem unsafe.

PayPal is one of the biggest targets for Phishers and Phishing emails related to the site are seen more times than any other in email boxes. The paper published by PayPal covered several areas, but when you get to section 4.1, something stands out. Browsers that do not support EVSSL and automatic blocking of Phishing related websites could be barred from viewing PayPal.

“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts. At PayPal, we are in the process of re-implementing controls, which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe – usually the oldest – browsers,” the paper reads.

This seems practical, until you pause to think about it. PayPal mentioned in the paper Internet Explorer 4.0 and 3.0 were the oldest browsers they see. However, those browsers are miniscule in usage to say, Safari. Safari is one of the browsers now in its second or third generation. You could call it a new browser, it is constantly updated, but according to PayPal’s CIO Michael Barrett, “Safari has got nothing in terms of security support, only SSL, that's it,” he said.

Think back to early March, when Michael Barrett told Network World, “Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.”

What exactly does he have against Safari? (I use Firefox with IE Tab. I tried Safari and didn't like it. That does not mean I would block people from reading this article in Safari.) This is the second time in just under two months he either directly or indirectly blasted Apple’s browser. This is the same FUD he started spinning before, and now he appears to be serious about it.

PayPal outlines security measures against Phishing. These measures include blocking browsers. Oddly Safari fits the bill. (IMG: J.Anderson)

The whitepaper details steps taken with regard to shutting down false sites, and customer education. There is a sharp drop against fraud on the site according to the numbers shown.

PayPal has fought Phishing for a long time, and while there is progress, Phishing continues. PayPal is educating customers about fraud, they are working overtime to close Phishing sites, but blocking a user base simply because of their browser of choice is Safari? That is just sad.Whitepaper here: http://tinyurl.com/4wdc7s

Talkback

Add your comment (no registration required)

page: 1

OpenDNS UserApr 18th, 2008 - 16:48:41

A simple solution ....... use OpenDNS ... it's free and it works. Go to www.opendns.com

'no' I do not work for OpenDNS

Report this comment

SteveApr 19th, 2008 - 17:39:26

http -- isc.sans.org/diary.html?storyid=4309
This is an interesting take.
I wonder if it would be too far off to have PayPal enforce a NAC like policy instead of blocking browsers.

Report this comment

page: 1

Add your comment (no registration required)

Security: Index; News

: Features; Reviews

Advertising

The Fine Print

© 2008 - 2009 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint

Security

PayPal planning to block browsers it deems unsafe

Talkback

Latest

Latest Articles on Monsters&Critics

In The Tech Herald

Site

The Fine Print