Posted on Friday, February 29 2008 @ 11:25 CET by Thomas De Maesschalck
PayPal
is warning its users not to use the Apple Safari because this browser doesn't have two important anti-phishing security features:
"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."
Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac.
Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.
When it comes to fighting phishing, "Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that's it," he said. Apple representatives weren't immediately available to comment on this story.
An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. When IE 7 visits PayPal, the browser's address bar turns green -- a sign to users that the site is legitimate. Upcoming versions of Firefox and Opera are expected to support the technology.
