PayPal: We won't block Safari
Clarification or backtracking?
"We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our Web site," a company spokeswoman said in an e-mail late Friday.
PayPal was reacting to reports of a research paper released the week before by Michael Barrett, the firm's chief information security officer, that said the payment service would ban browsers that lacked a way to block known or suspected phishing sites and didn't support Extended Validation (EV) certificates.
Safari does not have an antifraud blocker and does not support EVs, the relatively new digital certificates meant to reassure consumers that the site has been vetted and is legitimate.
"It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," Barrett said in the paper, which was released at the RSA Conference on April 10. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
Although the PayPal paper only called out Microsoft Corp.'s 1996 browser, Internet Explorer 3, and 1997's IE4, Barrett defined "unsafe browsers" as those "which do not have support for blocking phishing sites or for Extended Validation certificates."
On Friday, the company seemed to backtrack. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems," the company's spokeswoman specified. "An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98."
Microsoft dropped support for Windows 98 in July 2006 and dead-ended IE4 at the same time. IE3, which had been packaged with Windows 95, fell off Microsoft's support list with the demise of its parent operating system at the end of 2001.
Newer versions of IE, including IE5, IE6 and IE7, are still supported by Microsoft, although the first of the three -- IE 5.01, to be exact -- will be terminated in mid-2010 when Microsoft retires Windows 2000.
Meanwhile, Apple currently supports only Safari 3.0 with security updates and other patches. However, its predecessor, Safari 2.0, shipped with Mac OS X 10.4, alias "Tiger," an operating system that Apple still supports.
According to PayPal's revised criteria of "obsolete browsers on outdated or unsupported operating systems," it would not block IE5 until 2010 and would not bar Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5, a.k.a. "Leopard."
However, as of Sunday, PayPal had not replied to questions about when it would switch on its browser blocking. Apple has also not responded to queries asking for comment.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts