Skip the navigation

PayPal: We won't block Safari

Clarification or backtracking?

April 20, 2008 12:00 PM ET

Computerworld - PayPal Inc., the electronic payment service owned by eBay Inc., has denied that it plans to tag Apple Inc.'s Safari as "unsafe" and block it from accessing the site.

"We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our Web site," a company spokeswoman said in an e-mail late Friday.

PayPal was reacting to reports of a research paper released the week before by Michael Barrett, the firm's chief information security officer, that said the payment service would ban browsers that lacked a way to block known or suspected phishing sites and didn't support Extended Validation (EV) certificates.

Safari does not have an antifraud blocker and does not support EVs, the relatively new digital certificates meant to reassure consumers that the site has been vetted and is legitimate.

"It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," Barrett said in the paper, which was released at the RSA Conference on April 10. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."

Although the PayPal paper only called out Microsoft Corp.'s 1996 browser, Internet Explorer 3, and 1997's IE4, Barrett defined "unsafe browsers" as those "which do not have support for blocking phishing sites or for Extended Validation certificates."

On Friday, the company seemed to backtrack. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems," the company's spokeswoman specified. "An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98."

Microsoft dropped support for Windows 98 in July 2006 and dead-ended IE4 at the same time. IE3, which had been packaged with Windows 95, fell off Microsoft's support list with the demise of its parent operating system at the end of 2001.

Newer versions of IE, including IE5, IE6 and IE7, are still supported by Microsoft, although the first of the three -- IE 5.01, to be exact -- will be terminated in mid-2010 when Microsoft retires Windows 2000.

Meanwhile, Apple currently supports only Safari 3.0 with security updates and other patches. However, its predecessor, Safari 2.0, shipped with Mac OS X 10.4, alias "Tiger," an operating system that Apple still supports.

According to PayPal's revised criteria of "obsolete browsers on outdated or unsupported operating systems," it would not block IE5 until 2010 and would not bar Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5, a.k.a. "Leopard."

However, as of Sunday, PayPal had not replied to questions about when it would switch on its browser blocking. Apple has also not responded to queries asking for comment.

Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!