PayPal to Block Unsafe Browsers

Posted by Martin in Browsing, Security, The Web  Tags: , , ,

19

Apr



If you run an old version of a browser you will more likely be subject of an attack, that’s a fact I think that we can all agree on. The latest browser versions are not as vulnerable as old versions, especially if you take into consideration that known vulnerabilities are much easier to exploit than finding new ones. So, if you do not run the latest version of your favorite browser you are a security risk.

That’s what PayPal (thanks Lee for the email) mentioned in a Whitepaper and I have to agree with it. There is virtually no reason why someone would still use Internet Explorer 3 or 4 to surf the Internet for example. Those browsers probably have so many known security holes and lack so many security features that it’s highly likely that the browser will get successfully attacked eventually.

This still does not take care of the user who is working with the computer which is in my opinion the greatest security risk of them all. I always like to say that if you do not understand basic security concepts, for instance the ability to differentiate between http and https websites, then you should not be doing security related stuff on the Internet including banking but also eBay, Amazon or PayPal.

The battle against Phishing is something that companies cannot win alone. Companies cannot do anything about a user who cannot differentiate between fake and original websites. Systems like Extended Validation SSL Certificates which highlight the address bar in green will surely help those users in the long run.

What should not happen though is the exclusion of a browser simply because it is being used by a smaller community. Say Safari for Mac. When I worked at one of the biggest German financial corporations I always had to tell Mac users that their browser was not officially supported. Security is not an excuse to lock out some users with more “exotic” browsers.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

6 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Tobey says, April 19th, 2008   

What?? PayPal blocks all browsers but Opera?? JK :D :D Though, there is something to it ;)

Seriously, I must agree entirely. It’s from the greatest part about the users. You know that old joke, the error is in most cases situated between the chair and the keyboard… :)

Also, blocking more “exotic” browsers is surely no solution either, especially when these are more secure than those “non-exotic”.

Dante says, April 19th, 2008   

I have to disagree with you on this one Martin. Paypal is perfectly right in blocking Safari. Not because it’s a “minority” browser, but because it’s inherently unsafe. In the latest PWN 2 OWN hack-a-thon, OS X was the first and fastest hacked once it’s Safari browser logged on line - no user stupidity required (like downloading) either, just log on line.

Now Apple did issue a patch two days ago, but that’s only because there’s been so much publicity on it. Apple tends to first sue the person who discovered the hole, than tries to downplay it, than tries to patch it years later, if ever.

And Paypal, or any other financial institution, should not be made responsible for idiots who insists on using unsafe browsers just because it’s cool. Financial institutions has lost millions reimbursing these kind of imbeciles for their own stupidy.

Angelo R says, April 19th, 2008   

This is a great idea on PayPal’s part. They are already up there as the preferred method of online payment for a lot of people, and this just seems to push them to the forefront even more.

Now all that’s left is educating everyone who THINKS they know what they’re doing with computers, and all will be well.

Martin says, April 19th, 2008   

Dante I never meant to say that Paypal should allow “minority” browsers only because they are used by a minority. If they are insecure they should naturally be blocked. Now translate that to real world politics ;)

Allan says, April 20th, 2008   

eBay is preparing to test fly its new policy of locked in payments through PayPal in Australia (the Guinea Pigs)as the possible basis for world wide changeover…!
eBay is using this test to see how the eBay population in Australia will respond before moving it onto the world platform…and so far it has been not good for eBay…. YOUTUBE CLIP LINK BELOW - Channel 9 TV in Sydney Australia, broadcast this on the evening of 16th April ‘08, The eBay rep in this news story shows all the classic eBay spin that we have all loved to hate and by his (eBay’s)tone, they don’t really care….THIS IS A MUST SEE.
As of June ‘08, ALL sellers will be required to offer PayPal as the EXCLUSIVE payment method for most sellers, the only other alternative will be a full business merchant accounts, an expensive alternative for the bulk of sellers and totally unreasonable…

Below is a link to the news article on YouTube…. watch it as it WILL affect you at some time in the future…

http://au.youtube.com/watch?v=YDqpNsIg9vA

Tobey says, April 20th, 2008   

A very interesting video. Thx 4 the link.

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.