So, PayPal has thrown down the gauntlet on the safe browser war. According to an InfoWorld article, they have declined to add Apple’s Safari browser to their list of safe browsers due to the lack of native anti-phishing technology.
I find it interesting that one of the features they explicitly mention in the InfoWorld article as being a reason behind this is the use (or lack thereof) of the Extended Validation Certificate (EV).
Firefox 2 does not currently support this, however the possibility of having the browser warn you to a possible phishing attack is apparently enough for PayPal. According to the Mozilla developer’s, FireFox 3 will support the EV technology.
Personally I think that the automated protection schemes are great, when they work. One of the first things I did when installing IE7 on my virtual machine was to disable the anti-phishing filter. It is nice to have the automated systems, but there is nothing like a little user education to make the world a safer place. According to a NetworkWorld article:
In one study, three groups of 14 participants each received e-mail messages that included spam and phishing attacks as well as legitimate mail. Two of the groups were presented with educational material about how to prevent being phished; but only one group received the material after having fallen for the phishing e-mails and entered personal information into a fraudulent Web site.
The group that was given educational materials but hadn’t been phished were no better at spotting phishing attacks that the third group, which received no educational materials at all, researchers say.
Besides, who is to be the arbiter of whether or not the site really deserves being declared a phishing site? Sure sometimes it is patently obvious, like when the site is dressed up to look like Citibank, but the URL is really something like “www.citibank.secure.orangecrush.cz”. However, there is no such thing as a perfect system, and we don’t need to train the users to rely completely on the built-in safeguards.
When reading an article from ScienceDaily that was referenced on Slashdot, I noticed that at the end of the article there was an option to copy a citation reference for either the MLA or APA style. At first I thought that this might be unique to that particular article, but then after more investigatio, it turns out that this is a standard feature.
This quite nice for people using this site as a source for their research. I wish that this was a trend that more online news outlets were taking. For instance, it would be great if the Atlanta-Journal Constitution would do this, since you can no longer purchase the AJC in it’s traditional format in Valdosta due to having drastically cut its delivery area recently.