“I can understand why Pay Pal is choosing this course, but one would think that Pay Pal would work with the browser developers to solve the problem.”

What could PayPal possibly do to work with browser vendors to solve the problem?

The two leading browsers have stepped up and implemented EV Certificates and phishing protection mechanisms — that is, Mozilla and Microsoft have.

The problem here is that Apple hasn’t stepped up to implement these features. There’s no mystery around how to add support for these features. There’s no “working with the vendors” that PayPal could do to help Apple implement these two features. It’s simply something Apple needs to do.

Phishing is the single biggest security threat on the web today. The old days of bad guys having to crack encryption schemes or mount man in the middle attacks are mostly gone. It’s so much easier to just impersonate a legitimate business and ask people to freely give over their credentials.

That’s why EV Certs and phishing protection are so important.

There’s no further “work” that PayPal or any other online financial service should have to do with browser vendors to get them to implement these two existing and well understood features .

Older versions of browsers, or browsers that refuse or otherwise fail to add support for EV Certs and phishing protection should go the way of the dinosaur.

If PayPal’s warning to its users causes them to update their IE or Firefox browsers to the latest version that does support these critical security features and that either pushes Apple to support the features or pushes Safari users to move to browsers that do support the features, that’s a good thing for users and a good thing for the web.

- A

Hello Asa,
Thanks for dropping by and sharing this information with us. It is appreciated.
Best Regards, Ron

This isn’t what the article says at all! Yes, they are considering blocking old versions of IE and firefox etc. They are not just blocking firefox as you said - “In a bizarre twist, Pay Pal has stated that they will no longer support the Firefox browser. Pay Pal states that in their opinion it is because Firefox is not secure enough and the company is exposing themselves to an alarming number of phishing attacks.”

Did you read the article?

Pay-Pal was specific about versions 3 & 4 for IE, but made no mention which versions of Firefox THEY considered unsafe.

The clue is in the word “older” in the title. “Older browsers”. Firefox updates itself automatically anyway. If you compare the versions of firefox available back when versions 3 and 4 were out, if firefox was even out back then, can’t remember that far back… you’ll find that nobody uses them, it’s a non-issue.

“The payment site said it will refuse browsers that lack the latest technology for blocking phishing sites and do not support Extended Validation Certificates.”

The latest firefox browsers do support the latest technology for blocking phishing sites and do support extended validation certificates, so there’s nothing to worry about.

I hope you are right.

Hi Stephan,
I did some further research. It seems that Pay Pal is targeting browsers older than IE 6 and Firefox older than 2.0.

Thanks for alerting me to this. It is unfortunate that this info wasn’t included in the original article. The way it was worded gave the impression it was Firefox with out mentioning versions specifically.

Thanks again, Ron

Hi,

Cool. Sorry for being a pain/difficult about this, I was in a bad mood earlier on today :-S So I guess they’re considering blocking IE 1, 2, 3, 4, 5 and firefox 1. That’s ok I guess.

Hi Stephan,
No problem. As long as IE 6 and above and Firefox 2 and above work, that seems a minor inconvenience.

Hope your day is better tomorrow.

I just visited PayPal using safari 3.1.1 and had no problem.

Paypal would be blocking FF and allowing IE only because of security concerns?

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH!!!!!

Obviously a joke. Upon further reading, facts simply misstated.

Still made my day with the belly laugh.

Hello Charlie,
I don’t believe the policies are in place as of yet.

Hi Ron E.
“Still made my day with the belly laugh”
You are most welcome.

Regards to you both, Ron

I read that it was only for Firefox prior to ver. 2 and IE5 and earlier. Basically browsers without phishing filters.

Hi Rocker452,
That makes sense.