PayPal: We won't block Safari
Clarification or backtracking?
"We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our Web site," a company spokeswoman said in an e-mail late Friday.
PayPal was reacting to reports of a research paper released the week before by Michael Barrett, the firm's chief information security officer, that said the payment service would ban browsers that lacked a way to block known or suspected phishing sites and didn't support Extended Validation (EV) certificates.
Safari does not have an antifraud blocker and does not support EVs, the relatively new digital certificates meant to reassure consumers that the site has been vetted and is legitimate.
"It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," Barrett said in the paper, which was released at the RSA Conference on April 10. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
Although the PayPal paper only called out Microsoft Corp.'s 1996 browser, Internet Explorer 3, and 1997's IE4, Barrett defined "unsafe browsers" as those "which do not have support for blocking phishing sites or for Extended Validation certificates."
On Friday, the company seemed to backtrack. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems," the company's spokeswoman specified. "An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98."
Microsoft dropped support for Windows 98 in July 2006 and dead-ended IE4 at the same time. IE3, which had been packaged with Windows 95, fell off Microsoft's support list with the demise of its parent operating system at the end of 2001.
Newer versions of IE, including IE5, IE6 and IE7, are still supported by Microsoft, although the first of the three -- IE 5.01, to be exact -- will be terminated in mid-2010 when Microsoft retires Windows 2000.
Meanwhile, Apple currently supports only Safari 3.0 with security updates and other patches. However, its predecessor, Safari 2.0, shipped with Mac OS X 10.4, alias "Tiger," an operating system that Apple still supports.
According to PayPal's revised criteria of "obsolete browsers on outdated or unsupported operating systems," it would not block IE5 until 2010 and would not bar Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5, a.k.a. "Leopard."
However, as of Sunday, PayPal had not replied to questions about when it would switch on its browser blocking. Apple has also not responded to queries asking for comment.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!