SillyDog701

[profman]

A fairly balanced article, PayPal Plans to Block Safari and Old Browsers, can be read at the New York Times site. (I think that nonmembers of that site can now read articles there. If not, a Google search should bring up others.)

Under PayPal's plan, Apple Inc.'s Safari would be banned completely, while only older versions of its rivals Microsoft Corp.'s Internet Explorer and Mozilla Corp.'s Firefox would be barred. ...

...PayPal spelled out the idea in a paper (download PDF) released at last week's RSA Conference. "It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," said Michael Barrett, PayPal's chief information security officer, in the paper. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."

The two features that Barrett said browsers must have to be considered safe by PayPal were an ability to block known or suspected phishing sites, and support for Extended Validation (EV) certificates. EVs, which are given to companies only after more stringent background checks than the commonplace SSL (Secure Socket Layer) certificates, are supposed to reassure users that the online site is legitimate. Browsers that support EVs typically shade the address bar green as a signal that the site is safe.

But while the current or soon-to-be-released versions of IE and Firefox support both of PayPal's must-have features, Safari includes neither.

PayPal's mentioned that before: in February, Barrett said users should steer clear of Apple's browser because it wasn't up to snuff. "Apple, unfortunately, is lagging behind what they need to do to protect their customers," Barrett said then. "Safari has got nothing in terms of security support, only SSL, that's it."

The actual PayPal article, [url=http://files.shareholder.com/downloads/PAY/287563088x0x186589/173FA367-4FD8-424A-A98D-14CD0ED234BF/A%20Practical%20Approach%20To%20Managing%20Phishing%20-%20April%202008.pdf]A Practical Approach
to Managing Phishing[/url] mentions neither Safari nor Firefox by name.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

[Antony]

Thanks for bringing up the PayPal and Safari news profman.

I understand why PayPal wanted to push for more secure browsers, except I believe that banning a certain browser completely is a bit extreme. And there are cases when people do not have access to other browsers.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

[profman]

PayPal denies plan to block Safari

This article presents the following quote from a PayPal spokesman:

We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our website.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

[Antony]

PayPal clarifies it has no intention to block Safari.

It will block people using old browsers and old operating systems, but contrary to many reports it will not block Apple’s Safari browser.
(The Wall Street Journal)

"An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98," said spokesperson Michael Oldenburg. "In doing so, we better protect our customers from viewing a phishing site through their browser. We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our website."
(Apple Insider)

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14