Thursday, February 28, 2008

Dear PayPal, Safari Isn’t The Security Problem

After I read that PayPal says don't use Safari (via MacCentral), I thought about clueing them in that users don't know about EV certificates, and most of the anit-phishing stuff is annoying, but Jeremiah has done it for me. These extremely subtle pieces of chrome around the actual pages are just one more things users ignore. I have turned off the anit-phising in IE, and I didn't even know/remember that a green address bar meant that EV certificates where being used, but maybe I am a stupid user :-). One thing I want to call out though in Jeremiah's post is that he says technical solutions are most likely not the answer, but then says as long as it's part of his DNS (which is a link to OpenDNS, then its OK). OpenDNS sounds like a really cool idea, but you know it blocks phishing sites, which is a technological solution:
OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We block phishing sites, give you the power to filter out adult sites and proxies among more than 40 categories, and provide the precision to block individual domains.

This sounds like a better solution than anti-phishing that is application specific, and of course it would obviate the need for anti-phishing in Safari.