PayPal Says NO to Safari: We Say Take Responsibility for Your Actions

[Mr. Mayor]

<img src="http://www.mactropolis.com/images/blog/paypal-logo.gif" alt="PayPal Offers Safari Security Warning" align="right" height="70" width="140" />Yesterday, PayPal issued a warning of sorts in a <a href="http://www.macworld.com/article/132285/2008/02/paypal.html" target="_blank">MacWorld interview</a>. According to Michael Barrett (PayPal's chief security officer), Safari does not make PayPal's list of recommended browsers because it is missing 2 important anti-phishing security features.

<strong>Barrett noted:</strong>

<em>'Apple, unfortunately, is lagging behind what they need to do, to protect their customers... Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.'</em>

<strong>Points taken Mr. Barrett.</strong> However, on other sites around the web I'm hearing different. Lets take this snippet from <a href="http://jeremiahlee.com/blog/2008/02/28/paypal-and-browser-security/" target="_blank">Jeremiah Lee's blog</a>:

<em>'Michael Barrett, PayPal’s chief information security officer, said, “Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it.” Indeed, Safari lacks anti-phishing blacklisting and support for extended validation (EV) certificates. Unfortunately for Mr Barrett, SSL is the only method mentioned for securing online transactions. Blacklists and EV certificates provide information to the visitor that the site is more likely to be what it claims. They don’t actually make the browser connection to the web server any more secure.'</em>

<strong>Jermiah then goes on to say:</strong>

<em>'Phishing sites impersonate real sites in order to trick visitors into giving legitimate information. Attackers can then use this information to defraud the visitor. Phishing attacks are attacks on visitors, not technology. The solutions aren’t likely technical.'</em>

I think I can sum this whole argument up by simply saying... <strong>It's time for all of us to take responsibility for our actions on the net.</strong> It's true, unfortunately there are a lot of criminals out there 'phishing' for your paypal/bank logins out there... Gleaning private login info and stealing hoards of $$$ from the innocent. That's awful and it sucks... But if we can step-up our own accountability and responsibility on this issue... There will be fewer victims and we'll all be in a better place.