PayPal: We won't block Safari
Clarification or backtracking?
"We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our Web site," a company spokeswoman said in an e-mail late Friday.
PayPal was reacting to reports of a research paper released the week before by Michael Barrett, the firm's chief information security officer, that said the payment service would ban browsers that lacked a way to block known or suspected phishing sites and didn't support Extended Validation (EV) certificates.
Safari does not have an antifraud blocker and does not support EVs, the relatively new digital certificates meant to reassure consumers that the site has been vetted and is legitimate.
"It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," Barrett said in the paper, which was released at the RSA Conference on April 10. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
Although the PayPal paper only called out Microsoft Corp.'s 1996 browser, Internet Explorer 3, and 1997's IE4, Barrett defined "unsafe browsers" as those "which do not have support for blocking phishing sites or for Extended Validation certificates."
On Friday, the company seemed to backtrack. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems," the company's spokeswoman specified. "An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98."
Microsoft dropped support for Windows 98 in July 2006 and dead-ended IE4 at the same time. IE3, which had been packaged with Windows 95, fell off Microsoft's support list with the demise of its parent operating system at the end of 2001.
Newer versions of IE, including IE5, IE6 and IE7, are still supported by Microsoft, although the first of the three -- IE 5.01, to be exact -- will be terminated in mid-2010 when Microsoft retires Windows 2000.
Meanwhile, Apple currently supports only Safari 3.0 with security updates and other patches. However, its predecessor, Safari 2.0, shipped with Mac OS X 10.4, alias "Tiger," an operating system that Apple still supports.
According to PayPal's revised criteria of "obsolete browsers on outdated or unsupported operating systems," it would not block IE5 until 2010 and would not bar Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5, a.k.a. "Leopard."
However, as of Sunday, PayPal had not replied to questions about when it would switch on its browser blocking. Apple has also not responded to queries asking for comment.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!