Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paypal Advises Users To Stop Using Safari

Posted by Zonk on from the watch-where-you-click dept.

eldavojohn writes "Over concerns for lack of an anti-phishing mechanism for Safari, Paypal is telling its Mac users to use another browser. An author from Ars Technica reveals that he has been using Camino and has fallen victim to a Paypal related phishing scam via e-mail so this story must hit home for him. 'Currently the Apple browser does not alert users to sites that could be phishing for your info, and it lacks support for Extended Validation. PayPal is, of course, a popular site among phishers in their neverending search for personal information, user IDs, and passwords. While it's not entirely fair singling out Safari (other Mac browsers like Camino also lack this support), it is perhaps at least a helpful reminder of the threat.'"

4 of 362 comments (clear)

  1. Re:Maybe Apple should... by Jeremiah+Cornelius · · Score: 5, Insightful

    C'mon.

    Apple is deficient here - no doubt about it. If you want Mom & Pop to click "pay now", you don't expect 'em to be able to parse "http://www.barclays.validation.co.uk". You don't have to be an "idiot" to fall for this - just outside your area of expertise.

    I have replaced Safari with FireFox on every friend and family mac I get my hands on. Re-theme it, copy and paste the icon resource, and they don't notice the change!

    Except for the missing ads - thanks to Ad Block+

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  2. Oh, stop whining. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    All Paypal did was have a faq containing a list of anti-phishing features & browsers that support those features.

    They don't recommend against Safari, they just recommend browsers that support anti-phishing features.

    No doubt when Apple gets around to adding these features (pity Safari's not OSS, or it could be added easily by third parties), PayPal will add them to the list.

    --
    There are shills on slashdot. Apparently, I'm one of them.
  3. Re:How good Ars Technica writers at tech and revie by Niten · · Score: 5, Insightful

    I'm very happy for you, that you've never made a single careless mistake in your life. However, please do try to have a little mercy on those of us who are merely human, especially when we're honest enough to admit it.

  4. Re:Maybe Apple should... by MacDork · · Score: 5, Insightful

    C'mon.

    Apple is deficient here - no doubt about it.

    Deficient eh? I use Omniweb. Same issues I'm sure, but I'm comfortable with it. I have something I feel is far more secure than a colored URL bar and Extended Validation box that begs for attention... I have an encrypted system wide keychain that is not going to have a username/password for paypa|.com. I might not catch that pipe as a lower case L... I my not catch a cyrillic character that looks just like an 'a' in there, but my keychain aware browser certainly will. It won't have a password for that domain, and that will instantly alert me to the fact that something is fishy. Proceed to open a new window and manually enter the address as a test... I rely on my keychain so much, I generally don't know the password for most websites I use, so I therefore cannot be suckered into revealing it. I'm sure Safari can be configured the same way.

    Instead of railing on Apple for not adopting the technologically deficient solution of other browser makers, perhaps they should instead focus on what is IMHO a superior approach to security... No dice on Windows Safari, sure, but on the Mac I have no fear of phishers.