PayPal considers blocking certain browsers
As part of an effort to combat phishing, PayPal plans to block older versions of Internet Explorer and Firefox and other “unsafe” browsers from accessing the online payment site. In a paper released at an RSA security conference this month in San Francisco, PayPal said there is a significant number of site visitors using browsers as old as Internet Explorer versions 3 and 4, released in August 1996 and September 1997, respectively. Such “unsafe browsers” lack the latest technology for blocking phishing sites and do not support Extended Validation Certificates, which are digital certificates that establish Websites as trusted during online transactions. Phishing is a deceptive practice used by Web criminals to acquire personal information, such as usernames, passwords and credit card details. Phishers often pose as legitimate businesses in emails to lure victims to fraudulent sites where they are asked to input their personal data. PayPal is among the favorite targets of phishers, along with eBay and online banks.
“At PayPal, we are in the process of re-implementing controls, which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe,” the eBay-owned payment service said. “Later, we plan on blocking customers from accessing the site from the most unsafe — usually the oldest — browsers.” PayPal in February warned people that Apple’s Safari browser didn’t have the necessary security to protect Web users and recommended the latest versions of Microsoft’s Internet Explorer and Mozilla’s Firefox.
Source: InfoWeek
Comments(22)
wow…IE 3 brings back some memories
seems like good news, but i never had phishing problems ever
no browser out is secure, no matter what what firefox fanboi’s say. Pretty stupid on paypal’s part.
But it is safer than IE4 don’t you think?
i would consider any number higher than zero a signifcantly high amount of people using ie3
Spam protection: Sum of 3 + 5 = 7 =S
You can’t mess with Opera, the safest around, with a really good anti-phishing system
the safest phishing protection is your brain and nothing’s goin’ to change it
@7
Last time i heard…. the IFRAME Exploit still works in Opera too just with minor modification to prior IFRAME Code.
Also no browser is safe, however Firefox is in most cases safest since it allows 3rd party people to make plugins that make it safe.
Firefox + NoScript Plugin = condom against script exploits! (Also the only known fix to “disable” iframe Exploits)
Yeah, at least FF has something to let you know if you visit a spoof site.
Using a browser from a decade ago should be punishable by death.
what about opera? i use that all the time and its supposed to be safe, safer that Explorer… possibly better than firefox. however i do dig firefox, so im gonna use that for my paypal acquisations. i never ever use explorer that one is g**!
Hopefully they don’t block IE 6, I’ve become attached to it, never had a problem, I get all the security updates, don’t need no fancy stuff, tabs, plugins, and such, just want a simple browser, IE 6 is perfect for me.
we need more of this… just block old technology.
I don’t think it’s paypal’s business what software or hardware I’m using. Where does it stop?
PayPal is more of a threat to your bank account than what version of a browser you use.
I’d laugh in the face of anyone still using dinosaur browsers. There’s no need for being anti-update. And it is usually with people who know nothing and dont updgrade because it “still works” or old geeks who just can’t let go. Theres really no reason for not upgrading, its not hard and it’s free, so why not get the latest version of the browsers? The latest versions are far more secure than versions made back when the internet was still a baby, even though nothing is 100% perfectly failsafe, updating is really the only option and it looks like PalPay might be just a sign for the beginning of the end for legacy relicware.. RRRAAAAWWWWRRRR!!!
If I arrive at the PayPal website – no mater which browser I’m using – then, by definition, I’ve not been phished there. It’s the PayPal site, all is good* and I can pay for my eBay junk (* for some definition of “good”)
If I’m phished to http://paypal.com.thisispaypal.no.really.ru and bash in my PayPal login details, it makes no difference if I’m blocked from PayPal.com or not.
Am I missing something here?
@19 LoL,
You miss the fact that not everyone is using up to date systems. I’m still using Windows 98SE myself. IE7 and Firefox 3 won’t run under 98. Not only that, even if they did run, most authors today like to add tons of pointless graphical crap to programs that cause it to use a ton of system resources, making it impractical to run on older hardware.
@8
Exactly what i think. To all those people that spend money on software that will warn them of phishing sites, USE YOUR BRAIN!! Look at the address bar. If you get an email from a bank don’t open it. Most of the time they don’t send emails, unless you do paperless billing. But still, look at where the links take you to.
@13
ROFLMAS!!