 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Mac Applications / March 2008PayPal: Steer clear of Safari
PayPal: Steer clear of Safari http://www.macworld.com/article/132285/2008/02/paypal.html If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer. "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera." Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac. Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site. When it comes to fighting phishing, "Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that's it," he said. Apple representatives weren't immediately available to comment on this story. An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. When IE 7 visits PayPal, the browser's address bar turns green -- a sign to users that the site is legitimate. Upcoming versions of Firefox and Opera are expected to support the technology. But EV certificates have their critics. Last year, researchers at Microsoft and Stanford University published a study showing that, without training, people were unlikely to notice the green address-bar notification provided by EV certificates. Still, Barrett says data compiled on PayPal's Web site show that the EV certificates are having an effect. He says IE 7 users are more likely to sign on to PayPal's Web site than users who don't have EV certificate technology, presumably because they're confident that they're visiting a legitimate site. Over the past few months, IE 7 users have been less likely to drop out and abandon the process of signing on to PayPal, he said. "It's a several percentage-point drop in abandonment rates," he said. "That number is... measurably lower for IE 7 users." Opera, IE, and Firefox are "safer, precisely because we think they are safer for the average consumer," he added. "I'd love to say that Safari was a safer browser, but at this point it isn't."  SignatureCivis Romanus Sum > PayPal: Steer clear of Safari > http://www.macworld.com/article/132285/2008/02/paypal.html [quoted text clipped - 52 lines] > safer for the average consumer," he added. "I'd love to say that Safari > was a safer browser, but at this point it isn't." This should only be an issue if you go to paypal from a link somewhere else. Like the email crapola we all get to see almost daily. Or from a web site that isn't all that good either. I can't see how Safari would be any worse than any other if you go to the site directly. That is the only way I go to paypal. > This should only be an issue if you go to paypal from a link somewhere > else. Like the email crapola we all get to see almost daily. Or from a > web site that isn't all that good either. > > I can't see how Safari would be any worse than any other if you go to > the site directly. That is the only way I go to paypal. Indeed. This is just another example of FUD... Don't want to fall for a phishing scam? Have more than five firing neurons and learn how to use them. SignatureHelp improve usenet. Kill-file Google Groups. http://improve-usenet.org/ >> I can't see how Safari would be any worse than any other if you go to >> the site directly. That is the only way I go to paypal. [quoted text clipped - 3 lines] >Don't want to fall for a phishing scam? Have more than five firing >neurons and learn how to use them. PayPal has a huge interest in killing off Phishing. Idiots who don't know how to be safe are avoiding using PayPal altogether, and that costs them money, as idiots are such a large population. > >> I can't see how Safari would be any worse than any other if you go to > >> the site directly. That is the only way I go to paypal. [quoted text clipped - 7 lines] > know how to be safe are avoiding using PayPal altogether, and that > costs them money, as idiots are such a large population. They're doing a f.cking piss-poor job of it, then. SignatureHelp improve usenet. Kill-file Google Groups. http://improve-usenet.org/ > PayPal has a huge interest in killing off Phishing. Idiots who don't > know how to be safe are avoiding using PayPal altogether, and that > costs them money, Indeed, they do charge a lot for their services. Good idea to avoid them anyway. As for not falling for Phishing, good spam filters are very helpful, because then you will most likely not see the emails that contain the phishing links. SpamSieve highly recommended, easy to install and use for anyone. see http://c-command.com/spamsieve/ HTH Marc Signatureremove bye and from mercial to get valid e-mail <http://www.heusser.com> In article <marc.heusser-719D29.22243201032008@news.uzh.ch>, Marc Heusser <marc.heusser@byeheusser.commercialspammers.invalid> wrote: > > PayPal has a huge interest in killing off Phishing. Idiots who don't > > know how to be safe are avoiding using PayPal altogether, and that [quoted text clipped - 13 lines] > > Marc In the case of Paypal, it really is easy to tell. If you have a link in email to Paypal, or email from Paypal, you can almost bet the bank that it is a phishing attempt. For that matter, anyone so dumb that they click a link in an unsolicited email has got to be just too damn dumb to use a computer these days. If you want to look at your bank, paypal or any other of the financial accounts you might have, ALWAYS go direct at the browser and not in email. > In article <marc.heusser-719D29.22243201032008@news.uzh.ch>, > Marc Heusser <marc.heusser@byeheusser.commercialspammers.invalid> [quoted text clipped - 26 lines] > accounts you might have, ALWAYS go direct at the browser and not in > email. The problem isn't unsolicited mail but authentic-seeming warnings from a service to which I voluntarily subscribe. There is so much phishing seeming to come from Paypal and its parent eBay, that I forward all mail from them to <spoof@paypal.com> or <spoof@ebay.com> and they are very good at notifying me of the character of the forwarded mail, unlike others who only acknowledge receipt of a forwarded message without further comment. I hope this keeps them aware of what is going on in the outside word in their name. Occasionally they do send out an authentic mailing, Signature++====+=====+=====+=====+=====+====+====+=====+=====+=====+=====+====++ ||Arnold VICTOR, New York City, i. e., <arvimideQ@Wearthlink.net> || ||Arnoldo VIKTORO, Nov-jorkurbo, t. e., <arvimideQ@Wearthlink.net> || ||Remove capital letters from e-mail address for correct address/ || || Forigu majusklajn literojn el e-poŝta adreso por ĝusta adreso || ++====+=====+=====+=====+=====+====+====+=====+=====+=====+=====+====++ NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice. They may do this without any judicial or legislative oversight. You have no recourse or protection. > > In article <marc.heusser-719D29.22243201032008@news.uzh.ch>, > > Marc Heusser <marc.heusser@byeheusser.commercialspammers.invalid> [quoted text clipped - 36 lines] > outside word in their name. Occasionally they do send out an authentic > mailing, But usually they say don't use links in email to get to them. I know for a fact Paypal does because I've gotten the email from them saying so. As for Ebay, there is almost zero mail from them unless I'm selling or buying. If I get something out of the blue, then I go to ebay directly and check the mail there. If it isn't there, it isn't legitimate. Literally the same thing with Paypal. If it isn't in the messaging at Paypal, it isn't legit. I mean come on, even the banks don't send out mail saying check this or other hogwash that has a link, or at least not any I deal with. All email is info only, no links. So a link is a clue... And yes, you can get spam filters and such and they work to a greater or lesser extent, but they cannot and don't totally protect, only give the impression they are. >>> In article <marc.heusser-719D29.22243201032008@news.uzh.ch>, >>> Marc Heusser <marc.heusser@byeheusser.commercialspammers.invalid> [quoted text clipped - 14 lines] > But usually they say don't use links in email to get to them. I know > for a fact Paypal does because I've gotten the email from them saying so. Quite right. I only meant to praise their responsiveness. > As for Ebay, there is almost zero mail from them unless I'm selling or > buying. If I get something out of the blue, then I go to ebay directly > and check the mail there. If it isn't there, it isn't legitimate. > Literally the same thing with Paypal. If it isn't in the messaging at > Paypal, it isn't legit. Quite right again. I use both very seldom, so it is easier to forward suspicious mail to the addresses I indicated rather than going to a browser and logging in to an infrequently visited site. Often I look at the links and note "misspelled" addressees. > I mean come on, even the banks don't send out mail saying check this or > other hogwash that has a link, or at least not any I deal with. All > email is info only, no links. So a link is a clue... The banks I use are much less responsive than Paypal and eBay. Actually, the filters I use are very effective, and I seldom get more than three phishing expeditions a week getting through the filters. The most effective way to beat the filter is using a permitted address, like AOL or my ISP itself, so that in itself awakens suspicion. > And yes, you can get spam filters and such and they work to a greater or > lesser extent, but they cannot and don't totally protect, only give the > impression they are. Right again. The price of liberty from SPAM is eternal vigilance. My experience is that the seemingly familiar needs more vigilance than the unsolicited, which only reaches me through poorly moderated message groups. The content is usually so wildly at variance with the topics of the group that it is easily spotted, i. e., an English-language offer of prurient interest in a foreign language practice group. Signature++====+=====+=====+=====+=====+====+====+=====+=====+=====+=====+====++ ||Arnold VICTOR, New York City, i. e., <arvimideQ@Wearthlink.net> || ||Arnoldo VIKTORO, Nov-jorkurbo, t. e., <arvimideQ@Wearthlink.net> || ||Remove capital letters from e-mail address for correct address/ || || Forigu majusklajn literojn el e-poŝta adreso por ĝusta adreso || ++====+=====+=====+=====+=====+====+====+=====+=====+=====+=====+====++ NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice. They may do this without any judicial or legislative oversight. You have no recourse or protection. Hell! avoid PayPal if you can. I bought what I thought was an eight foot length of aluminum channel. To my surprise, I received two four-foot pieces. PayPal sided with the vendor by saying that I got what was advertised. No explanation. No appeal. Whatever explanation was given is equivalent to two one-carat diamonds being equivalent to one two-carat diamond. Bill > Indeed, they do charge a lot for their services. Who charges less to let me accept payments by credit card? Signature<http://designsbymike.net/shop/mac.cgi> Mac and geek T-shirts & gifts <http://designsbymike.net/shop/musings.cgi> Muckraking T-shirts <http://designsbymike.net/shop/prius.cgi> Prius shirts/bumper stickers <http://bogart-tribute.net> Tribute to Humphrey Bogart |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.