Upcoming PayPal anti-phishing measures may block Safari

2

Comments

  • Reply 21 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by cage123au View Post


    For now. We (Australia) are just the testing ground for some major changes ahead worldwide, just wait and see. Better to start with a small number of people and upset them, rather than a large number (insert US or Europe here) and have all them rebel.



    It's an island full of convicts anyway.





    <sarcasm>Bet you haven't heard that one before</sarcasm>
  • Reply 22 of 45
    lostkiwilostkiwi Posts: 639member
    Quote:
    Originally Posted by solipsism View Post


    It's an island full of convicts anyway.





    <sarcasm>Bet you haven't heard that one before</sarcasm>



    Apart from all the New Zealanders in Bondi and the Gold Coast classing up the place



    Looking forward to the new Apple Store in Sydney and Melbourne though!
  • Reply 23 of 45
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by mercury7 View Post


    Well the problem is that a lot of sellers have bought in to their BS and will not

    even accept checks or money orders so if you don't have paypal your simply out of luck.



    What BS again? All I remember is that it was a choice given to the seller, I didn't see a big case made next to the option. I think you're making it out to be something that it's not.
  • Reply 24 of 45
    derevderev Posts: 64member
    Quote:
    Originally Posted by solipsism View Post


    In Safari Preferences » Advanced you can turn on Show Develop Menu In Menu Bar. With this activated you get multiple options to adjust your User Agent. From there you should be able to access all the sites you mentioned above.



    Since they work with Netscape and Firefox they clearly don't require ActiveX and they aren't allowing Safari because the code was written to only allow select browsers; but Safari should work just dandy. It's been a long time since I couldn't use Safari to render an internal corporate site or government site after spoofing the User Agent.



    If you block javascript popups. many formfields will not work.
  • Reply 25 of 45
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by cage123au View Post


    For now. We (Australia) are just the testing ground for some major changes ahead worldwide, just wait and see. Better to start with a small number of people and upset them, rather than a large number (insert US or Europe here) and have all them rebel.



    Been a guest here for ages, thought it about time I registered, this one I could not let pass as I will now be leaving Paypal, they have lost me, and I think a lot of Aussies will not be far behind me, there are a lot of peeved people here with this change.



    Running things by a test market is generally a good idea.



    If the test fails, I doubt they'd push the changes elsewhere. It's smart to test things out, even if there is a high confidence for success.



    Quote:
    Originally Posted by derev View Post


    If you block javascript popups. many formfields will not work.



    User agent strings and javascript are completely different things.
  • Reply 26 of 45
    Quote:
    Originally Posted by JeffDM View Post


    User agent strings and javascript are completely different things.



    of course they are.



    The similarity is that both can lead to problems with a webpage operating as expected.
  • Reply 27 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Walter Slocombe View Post


    of course they are.



    The similarity is that both can lead to problems with a webpage operating as expected.



    But how does blocking JS function as a workaround for sites that check the User Agent for approved browsers? My reply to HyteProsector is a method to allow him to use Safari on sites that try to tell him he can't.
  • Reply 28 of 45
    areseearesee Posts: 776member
    Quote:
    Originally Posted by Axcess99 View Post


    Short answer, nope. No more secure. They use the same encryption/validation technologies. The only distinctions are that:

    A) they cost more

    B) in theory, there is a more thorough background check on the company receiving it



    Since the normal screening process has proven effective so far... what's the point.

    Also due to A, it would become harder for small businesses to afford them to be seen as "legitimate".



    http://en.wikipedia.org/wiki/Extende...ty_to_Phishing



    The same if they do not like you or want you to be in business.
  • Reply 29 of 45
    Quote:

    "In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," the expert says.



    Umm, I think his metaphor is flawed. A better metaphor be "Letting users view the PayPal site on one of these browsers [one without anti-phishing features] is equal to a car manufacturer allowing drivers to drive without seatbelts."



    Which, they do allow people to not wear seatbelts (just because it's against the law doesn't mean you have to wear it). It's not the car manufacturer's responsibility to make me use my seatbelt, just as it's not PayPal's responsibility to make me use a browser that helps identify phishing scams.
  • Reply 30 of 45
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by macjunkie82 View Post


    just as it's not PayPal's responsibility to make me use a browser that helps identify phishing scams.



    If you have a problem with it, I say vote with your money if they follow through and your favorite doesn't support it by then. A reduction in losses & potentially fewer lawsuits may well more than offset the lost customers.



    I really don't see the fuss.
  • Reply 31 of 45
    swiftswift Posts: 436member
    Recent episodes of Security Now! from grc.com have shown that a) there's a lot of breach of privacy going on between Paypal and Doubleclick -- the mere presence of an ad banner on a Paypal page exposes you to a Doubleclick cookie that follows you everywhere -- and is there sharing of Paypal's info with their "partner"? And they expose a lot of your personal banking info on a regular basis. Just go to grc.com, look in the menus for Security now, then do a site search for Paypal Double-click and Paypal privacy, and read it and weep.



    The idea of a blacklist for bad sites is just stupid. Anybody who wants to see the list can, and the bad guys just switch their identities. And the brand-new, special security certs are a moneymaker, purely and simply. Those new certificates come at a high price, and who says they can't be spoofed?
  • Reply 32 of 45
    haggarhaggar Posts: 1,568member
    Quote:
    Originally Posted by JeffDM View Post


    I think they've only forced Paypal use in Australia. They do offer sellers a means to require PayPal, but the default is "off", a seller has to specifically turn it on. But it's just so much more convenient for both buyer and seller. When I sold, most would pay by PayPal anyway.



    I don't like how they forbid PayPal competitors though.



    eBay sellers already have to pay a percentage of the final sale amount on items sold. Then they have to pay a percentage of the transaction amount for PayPal payment, on top of the eBay seller fees. Since PayPal is owned by eBay, people who sell on eBay are being charged twice.
  • Reply 33 of 45
    http://www.macdailynews.com/index.ph..._safari_users/



    Not true. Safari rules. Behind Firefox... and Camino...



    Quote:
    Originally Posted by AppleInsider View Post


    As part of a multi-tiered approach to guarding against online fraud on its site, PayPal says it will block the use of any web browser that doesn't provided added validation measures, potentially restricting the current version of Safari from the e-commerce site.



    The money transfer service's Chief Information Security Officer, Michael Barrett, makes the new policy clear in a white paper (PDF) posted this week, which highlights the browser as a key means of putting an end to phishing (false website) scams alongside such steps as blocking fraudulent e-mail messages and criminal charges.



    When addressing web access, Barrett argues that any user visiting a financial site such as PayPal should know not only that their browser will block fake sites meant to steal information, but also that the browser can properly indicate a legitimate site. Without either precaution, visitors may not only be victims of scams but may lose all trust in an otherwise safe business. This doubly harmful outcome is likened to a car crash without protection.



    "In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," the expert says.



    To that end, PayPal is said to be implementing steps that will first provide warnings against, and eventually block, any browser that doesn't meet these criteria.



    Most modern web browsers, including Firefox and newer versions of Microsoft's Internet Explorer, are able to support at least basic blocking of phishing sites. The newest, such as Internet Explorer 7 or the upcoming Firefox 3, also support a new feature known as an Extended Validation Secure Socket Layer (EV SSL) certificate. The measure of authenticity turns the address bar green and identifies the company running the site, letting the user know any secure transactions are genuine.



    Safari, however, lacks either of these features and so could fall prey to the blocks and warning messages. Barrett doesn't mention the browser by name but notes that any "very old and vulnerable" software would ultimately be blacklisted from the future update to PayPal's service, placing Safari in the same category of dangerous clients as Microsoft's ten-year-old Internet Explorer 4.



    Apple's approach to browser security has so far been tentative. The Mac maker has briefly incorporated Google's database of fraudulent sites into a beta builds of Mac OS X Leopard this past fall, only to pull the feature in later test versions. Release builds of the stand-alone browser for both Macs and Windows PCs have also gone without the anti-phishing warnings, but notably leave code traces inside the software that raise the possiblity of improvements through a later update.



    Apple hasn't responded to the white paper but is likely to face pressure as PayPal and similar institutions ask for an all-encompassing approach to fighting scams that involves EV SSL and other software techniques. Internet Explorer 7's debut has already had a demonstrated effect on customers, who are more likely to finish signing up for PayPal knowing that the web browser has authenticated the registration page.



    "We couldn?t eradicate this problem on our own ? to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and government around the world," Barrett explains.



  • Reply 34 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by MacNewb View Post


    http://www.macdailynews.com/index.ph..._safari_users/



    Not true. Safari rules. Behind Firefox... and Camino...



    Why do people quote the entire article? And why do some put the quoted text below their response so you have to read the thread like a yo-yo?
  • Reply 35 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Haggar View Post


    eBay sellers already have to pay a percentage of the final sale amount on items sold. Then they have to pay a percentage of the transaction amount for PayPal payment, on top of the eBay seller fees. Since PayPal is owned by eBay, people who sell on eBay are being charged twice.



    But they are being charged for different services. And the seller has the option to choose other payment methods.
  • Reply 36 of 45
    Quote:
    Originally Posted by solipsism View Post


    Why do people quote the entire article? And why do some put the quoted text below their response so you have to read the thread like a yo-yo?



    ... I'm the MacNEWB!
  • Reply 37 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by MacNewb View Post


    ... I'm the MacNEWB!



    I apologize for the angry emoticons. I do now see you are new to AI and your name, well, does say you are a newb. I guess I let my pet peeve get the bette of me. Welcome to AI.
  • Reply 38 of 45
    21122112 Posts: 36member
    I noticed I just received an email from eBay the other day saying my account has been accessed illegally approx. 5X from a certain IP address. Is this phishing?
  • Reply 39 of 45
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by 2112 View Post


    I noticed I just received an email from eBay the other day saying my account has been accessed illegally approx. 5X from a certain IP address. Is this phishing?



    Probably. You can check the email address by hovering over the link and seeing where it actually takes you.
  • Reply 40 of 45
    tri3tri3 Posts: 20member
    Being someone who has had a lot of transactions with both Ebay and Paypal. I got to say I really like PayPal, for the simple fact that it is extremely easy to conduct a transaction. I will often use Craigslist as well, but I usually don't get the return as I would with Ebay, even with all the fees.
Sign In or Register to comment.