MacDailyNews - Where Mac news comes first

You can avoid phishing attacks by pointing your DNS to openDNS. I really don't think that it is fair to say a browser is unsecure because it doesn't offer phishish protection.

Feb 29, 08 - 11:05 am Comment from: ABQ Peter

i just love it when people say "very unique." end of their credibility.

Feb 29, 08 - 11:07 am Comment from: Macdoc

I always advise Mac users not to use PayPal.

Feb 29, 08 - 11:08 am Comment from: Rich Apple person

Regardless of "what you could do" this could be a serious issue for newbees to the Mac. This should be adressed in the next release of Safari ASAP..

Feb 29, 08 - 11:09 am Comment from: smyhre

sigh I hate the antiphishing filter in IE it takes so bloody long to antiphish. Good thing I dont have to worry about it on my mac. Besides not like I surf stupidly anyway so im not worried at all.

Feb 29, 08 - 11:18 am Comment from: pr

Looks like I won't be using PayPal anymore, as if I did. If this really becomes an issue I trust Apple will take the necessary measures to make Safari as secure as it needs to be.

Feb 29, 08 - 11:19 am Comment from: Demon

Yes, Safari doesn't have anti fishing filters and that is why I use it. The only anti fishing filter that works is the user. Everyone what to create software to protect the user for the user's own stupidity.
I say let the stupid learn the hard way, it's called tough love. The ones that never learn the lessons, they really should be using the internet in the first place or their banks and Credit card companies should just not let them have to their account information or even access to spend anything on-line at all.

Is using my brain an option or a requirement?

Feb 29, 08 - 11:23 am Comment from: Predrag

An anti-phishing filter should be something very similar to the pop-up blocker on Safari. Shift-Cmd-K toggles it on or off when needed. Clearly, Apple can make a very smooth and elegant solution to this, which would be intuitive and unobtrusive to users, and provide the type of safety blanket that ignorant users (and with expanding Mac user base, greater and greater numbers of them) need very much.

Telling us to point our DNS to openDNS is redundant. Those of us who are skilled enough to actually do it (practically everyone reading MDN) will never fall for a phishing lure.

On that subject, I must say, I always click on those phishing links. Out of curiosity, I go to the root of the web server masquerading as a bank, ebay, paypal, etc. Oftentimes, it is an unsuspecting website for crocheting patterns, or some Guatemalan hiking, or some small, semi-amateur work where password was hacked and phisher's site uploaded. I usually try to notify the site owner that they had been hacked. It doesn't help much, though, since these phishing sites need no more than two days to stay up to collect what they're looking for.

Anyway, back on the subject; next rev of Safari will have to have a phishing filter.

Feb 29, 08 - 11:23 am Comment from: grh

I'm a Mac user and I depend on PayPal for my income. There has never been a more-frustrating experience! But it is very difficult or impossible these days for a webmaster based outside the US, to get an account with a payment gateway. I'm trying very hard to set up an opposition company that will take its customers seriously and provide a professional service but potential investors don't understand the situation and are unwilling to commit. So far! In the meantime, I recommend no one take seriously anything that PayPal says.

Feb 29, 08 - 11:23 am Comment from: CandTsmac

My web browsing feels a bit faster with a switch to OpenDNS.

Thanks for the link and info Dutch, nice one.

http://www.aboutpaypal.org/

http://www.paypalsucks.com/

Feb 29, 08 - 11:26 am Comment from: Ampar

"Is using my brain an option or a requirement?"

That depends on whether you are vertical or horizontal.

I don't even use Paypal anymore.
I keep getting Spam claiming its from Paypal.
It's just not worth the risk ... not sure what's legit anymore.

What a load of crap... the Extended Validation certificates don't protect from phishing if the underlying site happens to be vulnerable... see this big story on the subject.

EV Certificates and XSS considered harmful!

The average user of a Mac is not like people here. They usually don't know their way around a computer.

Firefox is a much better browser anyhow.

Are they nuts?
It's anti-phishing... it requires a brain, not software with alerts.

And plus, the iPhone is slowly conquering the world... no ebay or paypal on iPhone... it's their loss

Wouldn't the easiest way for Safari users, and Macusers, to avoid this, is to avoid using PayPal altogether?

I keep getting spam/bullshit emails on my MacMail account. I've NEVER visisted PayPal EVER.

Feb 29, 08 - 01:31 pm Comment from: Altivec Guru

Avoid PayPal like the plague! They will eventually freeze your account, take your funds, and make it near impossible to get your money back. Don't give them access to your bank accounts either! It is a criminal organization.

Notice to PayPal: I have a better solution; I will not use PayPal.

Feb 29, 08 - 01:40 pm Comment from: donnie

Smart users check for SSL/ padlock symbol, follow anti-phishing practices, use their own links to bank-sites, etc.
For those interested, PithHelmet has an option to check host spoofing on Safari.

Feb 29, 08 - 01:45 pm Comment from: Spark

I've read that PayPal owns the company that issues the EV Certs. Very self-serving announcement about Safari. Looks like their form of coercion: "We're going to issue scary press releases about Safari, Apple, until you pay us some dough for one of certifications."

Don't answer the fricken emails you get asking for your password.

I use Paypal all the time and have never had one problem. I do get those phishing emails and just report them to "Spoof@paypal.com".

Am I missing something? Isn't it just about engaging the brain a bit?

Feb 29, 08 - 02:09 pm Comment from: Predrag

So many people here on their high horse! Solutions like "Don't use PayPal!" or, "Never click on links" are obviously never going to work. PayPal is the most popular money transfer site in the world for a good reason. They are cheap (as in: free for most users), they allow you what no other service does (instantly send money between two persons without highway robbery-type charges like Western Union or MoneyGram) and have presence in about 140 countries (out of 192 official UN members). You may choose not to use it, but there is a huge number of people who do and will continue.

Same goes for people who don't know what is phishing. If you have never heard of it, you can easily fall for the lure. While EV certification may be dubious, Apple can easily implement their own filtering solution and build it in. They should.

As for iPhone, PayPal works on it (as well as eBay). As a matter of fact, PayPal has mobile site that works even with crappy WAP browsers on all other cellphones.

Feb 29, 08 - 02:20 pm Comment from: Brau

The last time I used Paypal Safari wouldn't work anyway so I had no choice but to use Firefox to complete the transaction. As the default browser on Macs, Apple needs to be much more active at keeping it up to date. The folks at Mozilla are doing a great job with Firefox, why can't Apple keep up with Safari?

Feb 29, 08 - 02:52 pm Comment from: misanthrope

I use Safari mostly out of habit -- when I engage my brain I use Firefox. The anti-phishing pheature is nice but the coolest feature for me is its ability to return you to where you were before an OS crash which was a frequent event with Leopard 10.5.1.

PayPal isn't my MacPal

Feb 29, 08 - 03:33 pm Comment from: effwerd

I have a very nice bridge to sell you. Please click here.

If PayPal has some reluctance for Safari... it should, at least, forbit the use of Internet Explorer!

Does AllofMP3 and other Mafia-like orgs have a presence around the world too?
Do I smell straw?

Does the glorious view from your turret preoccupy you so, as to not notice the thousands of un-satisfied PP users — south of the tip of your nose?

Which Phishing lures not to buy?
Is an uninformed person, STUPID? Or, are they uninformed?
Why not shake down a box or two of educational pellets?

Feb 29, 08 - 06:38 pm Comment from: Spark

@Brau
I use PayPal on Safari, no problem.

Hey ReD GRAPE,

Did you ever use allofmp3.com? No, you're just spouting IFPI/RIAA propaganda. I happily used the service for over two years and never had a problem, never lost a cent and on the occasion that I got damaged tracks they replaced them within 24 hours. In fact I'd argue that the service was actually superior to to Apple's iTunes Store.

Likewise, before you or others start up the "starving musicians' story" 15 percent of allofmp3 sales were there for the IFPI to claim on behalf of the record companies. They never did make a claim because that would legitimise allofmp3, but it also meant they didn't pass on the remittances to musicians

ReD GRAPE, perhaps you stay off the grape before you start spouting BS. And for the record my spam levels never increased using allofmp3, just paypal!

Just say no...,

ReD GRAPE is an anagram. Well, almost

Just because it's not illegal for you to use a service, doesn't mean it's not run by a criminal organisation. [wink, wink, MS, nudge, nudge] If you feel confident giving your Visa number to AoM, good for you.

BTW, where was the money for the IFPI held? Where did the RIAA have to get the cheque/check from? Do you really believe that the artists got 15% of each 10¢ per song that AoM sold? And, why would an org like AoM need to be 'legitimised', if they weren't already? Why would an org like the RIAA be the ones to do so? Just because the RIAA are frauds, doesn't mean AoM are ethical. Or, that they're your friends. Two wrongs...

As for your accusation that I'm an RIAA shill. Well, hardly. But, I understand your use of redirection?

WRT what I actually wrote about, thanks for not addressing those ideas. And instead getting your knickers in a bunch because it took you more than 700 days to feel any misgivings with your association with AoM. Are you truly under some warped delusion that I could give a flying-fsck where you do business?

"Hey-buddy-these-mp3s-fell-off-the-back-of-a-truck-and-I-can-let-them-go-for-cheap!"

Anyway, I'm sorry that you got upset, but my post was in regards to PayPal. Your ravings are non-sequitor.

When you address the issues I raised then I'll make another reply to your logic. Thus far I don't know WTF you're on except that I don't want any of it. My questions are:

1. Why didn't the IFPI take the money given to ROMS by allofmp3?
2. Can you prove that allofmp3 are a criminal organisation when there have been no convictions under Russian law? You can allege criminality but nothing more than that.

What's MDN's take? Does PayPal have a legitimate beef or is this just bashing?

the best thing I DON'T do is fill in the autofill feature. That is by far the worst thing to do

YOU go on about an off topic.

YOU accuse me of being drunk or on drugs. — very weak

My 1st post barely mentioned AoM. Look up the word: rhetorical.

YOU made it an defendable issue. A raving non-sequitor.

YOU demand that I answer your questions. Uh, after me — you're first.


Again, I could give a flying-fsck where you do business?

Don't bother to reply. I'll ignore you, as I should have your first post.

Mar 02, 08 - 01:15 pm Comment from: MacSmiley

Is it possible that Safari has some blocking capability PayPal is not aware of?

MDN's site keeps telling me my comment has errors and it can not post my comment. I've received no response from MDN personnel to my contact with them about this problem.

Therefore, I've posted my comment to my tumblelog:

http://macsmiley.tumblr.com/post/27721329