PayPal: We won't block Safari
Clarification or backtracking?
"We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our Web site," a company spokeswoman said in an e-mail late Friday.
PayPal was reacting to reports of a research paper released the week before by Michael Barrett, the firm's chief information security officer, that said the payment service would ban browsers that lacked a way to block known or suspected phishing sites and didn't support Extended Validation (EV) certificates.
Safari does not have an antifraud blocker and does not support EVs, the relatively new digital certificates meant to reassure consumers that the site has been vetted and is legitimate.
"It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," Barrett said in the paper, which was released at the RSA Conference on April 10. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
Although the PayPal paper only called out Microsoft Corp.'s 1996 browser, Internet Explorer 3, and 1997's IE4, Barrett defined "unsafe browsers" as those "which do not have support for blocking phishing sites or for Extended Validation certificates."
On Friday, the company seemed to backtrack. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems," the company's spokeswoman specified. "An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98."
Microsoft dropped support for Windows 98 in July 2006 and dead-ended IE4 at the same time. IE3, which had been packaged with Windows 95, fell off Microsoft's support list with the demise of its parent operating system at the end of 2001.
Newer versions of IE, including IE5, IE6 and IE7, are still supported by Microsoft, although the first of the three -- IE 5.01, to be exact -- will be terminated in mid-2010 when Microsoft retires Windows 2000.
Meanwhile, Apple currently supports only Safari 3.0 with security updates and other patches. However, its predecessor, Safari 2.0, shipped with Mac OS X 10.4, alias "Tiger," an operating system that Apple still supports.
According to PayPal's revised criteria of "obsolete browsers on outdated or unsupported operating systems," it would not block IE5 until 2010 and would not bar Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5, a.k.a. "Leopard."
However, as of Sunday, PayPal had not replied to questions about when it would switch on its browser blocking. Apple has also not responded to queries asking for comment.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts