Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts.
Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it.
Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4".
Phishing attacks trick users into handing over sensitive data.
Paypal said some users were still using Internet Explorer 3 , released more than 10 years ago. It lacks many of the security and safety features needed to protect users from phishing and other online attacks.
Legitimate sites
Paypal said it supported the use of Extended Validation SSL Certificates. Browsers which support the technology highlight the address bar in green when users are on a site that has been deemed legitimate.
The latest version of Internet Explorer support EV SSL certificates, while Firefox 2 supports it with an add-on but Apple's Safari browser for Mac and PCs does not.
"By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they're on the site that they thought they were visiting," said Paypal.
The steps were outlined in a white paper on managing phishing, written by the firm's chief information security officer Michael Barrett and Dan Levy, director of risk management.
In it, they said: "In our view letting users view the PayPal site on [an unsafe] browser is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."
Paypal described the battle against phishing as a "fast-moving chess match with the criminal community".
Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it.
Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4".
Phishing attacks trick users into handing over sensitive data.
Paypal said some users were still using Internet Explorer 3 , released more than 10 years ago. It lacks many of the security and safety features needed to protect users from phishing and other online attacks.
Legitimate sites
Paypal said it supported the use of Extended Validation SSL Certificates. Browsers which support the technology highlight the address bar in green when users are on a site that has been deemed legitimate.
The latest version of Internet Explorer support EV SSL certificates, while Firefox 2 supports it with an add-on but Apple's Safari browser for Mac and PCs does not.
"By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they're on the site that they thought they were visiting," said Paypal.
The steps were outlined in a white paper on managing phishing, written by the firm's chief information security officer Michael Barrett and Dan Levy, director of risk management.
In it, they said: "In our view letting users view the PayPal site on [an unsafe] browser is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."
Paypal described the battle against phishing as a "fast-moving chess match with the criminal community".
Original Link:
Posts
No comments:
Post a Comment