PayPal to Block Unsafe Browsers
If you run an old version of a browser attacks on it are more likely to succeed I think we can all agree on that. Recent browser versions include fixes for security vulnerabilities so that they are protected against these kind of attacks while old browsers are not necessarily.
It is also true that attackers exploit known vulnerabilities regularly because users don't update their applications regularly to protect them against these.
So, if you do not run the latest version of your favorite browser you have a higher risk of being attacked successfully than someone who runs the latest version.
That's what PayPal (thanks Lee for the email) mentioned in a Whitepaper and I have to agree with it. There is virtually no reason why someone would still use Internet Explorer 3 or 4 to surf the Internet for example. Those browsers probably have so many known security holes and lack so many security features that it's highly likely that they will get successfully attacked eventually.
This does not take into account the user as another deciding factor when it comes to protecting a computer, identifying attacks and not doing stupid things on the Internet.I always like to say that if you do not understand basic security concepts, for instance the ability to differentiate between http and https websites, then you should not be doing security related stuff on the Internet including banking but also eBay, Amazon or PayPal.
The battle against Phishing is something that companies cannot win alone. Companies can't do anything about a user who cannot differentiate between fake and original websites. Systems like Extended Validation SSL Certificates which highlight the address bar in green will surely help those users in the long run but training is definitely required to get them there.
What should not happen though is the exclusion of a browser simply because it is being used by a smaller community. Say Safari for Mac or Opera. When I worked at one of the biggest German financial corporations I always had to tell Mac users that their browser was not officially supported. Security is not an excuse to lock out some users who work with "exotic" browsers.
Advertisement
A very interesting video. Thx 4 the link.
eBay is preparing to test fly its new policy of locked in payments through PayPal in Australia (the Guinea Pigs)as the possible basis for world wide changeover…!
eBay is using this test to see how the eBay population in Australia will respond before moving it onto the world platform…and so far it has been not good for eBay…. YOUTUBE CLIP LINK BELOW – Channel 9 TV in Sydney Australia, broadcast this on the evening of 16th April ’08, The eBay rep in this news story shows all the classic eBay spin that we have all loved to hate and by his (eBay’s)tone, they don’t really care….THIS IS A MUST SEE.
As of June ’08, ALL sellers will be required to offer PayPal as the EXCLUSIVE payment method for most sellers, the only other alternative will be a full business merchant accounts, an expensive alternative for the bulk of sellers and totally unreasonable…
Below is a link to the news article on YouTube…. watch it as it WILL affect you at some time in the future…
http://au.youtube.com/watch?v=YDqpNsIg9vA
Dante I never meant to say that Paypal should allow “minority” browsers only because they are used by a minority. If they are insecure they should naturally be blocked. Now translate that to real world politics ;)
This is a great idea on PayPal’s part. They are already up there as the preferred method of online payment for a lot of people, and this just seems to push them to the forefront even more.
Now all that’s left is educating everyone who THINKS they know what they’re doing with computers, and all will be well.
I have to disagree with you on this one Martin. Paypal is perfectly right in blocking Safari. Not because it’s a “minority” browser, but because it’s inherently unsafe. In the latest PWN 2 OWN hack-a-thon, OS X was the first and fastest hacked once it’s Safari browser logged on line – no user stupidity required (like downloading) either, just log on line.
Now Apple did issue a patch two days ago, but that’s only because there’s been so much publicity on it. Apple tends to first sue the person who discovered the hole, than tries to downplay it, than tries to patch it years later, if ever.
And Paypal, or any other financial institution, should not be made responsible for idiots who insists on using unsafe browsers just because it’s cool. Financial institutions has lost millions reimbursing these kind of imbeciles for their own stupidy.
What?? PayPal blocks all browsers but Opera?? JK :D :D Though, there is something to it ;)
Seriously, I must agree entirely. It’s from the greatest part about the users. You know that old joke, the error is in most cases situated between the chair and the keyboard… :)
Also, blocking more “exotic” browsers is surely no solution either, especially when these are more secure than those “non-exotic”.