PayPal implements EV SLL to combat phishing
by Chris Dawson
PayPal have moved further ahead in the fight against phishing by implementing EV SSL certificate support. SSL has been standard in browsers for some time and stands for Secure Socket layer, the EV stands for Extended Validation. Other browsers are looking to follow, but Microsoft plans implementation by the end of the month for Internet Explorer 7.
PayPal are one of the very first sites to go live with EV SSL certificates, having just released Security devices it’s good to see they’re pushing ahead with more stringent security as well.
The big difference you’ll see with EV SSL certificates is the lock icon (the padlock or key depending on your browser) will be moved from the Status Bar at the bottom of your browser to the address bar at the top (where you type the web address). In addition the address bar will turn green for known safe sites, red for known phishing sites, and yellow for suspected phishing sites.
One issue for the Firefox (Mozilla based) browser is that it already changes the address bar yellow for standard SSL certificated websites. With users trained to associate yellow as “safe”, using it for “Suspect” on IE will take some getting accustomed to and may lesson the security awareness it may have otherwise had. EV SSL support is unlikely to appear in FireFox until version 3.0 is released later this year.
There are also concerns that smaller websites who have been unaffected by phishing attacks will be able to afford certification costs leaving users unsure which sites are secure and which are simply uncertified.
Comments
3 Responses to “PayPal implements EV SLL to combat phishing”
Related Posts:
- PayPal security compromised with XSS flaw
- Hackers compromise PayPal and eBay EV SLL protection
- 10 things to do before you die
- Hacking, taunting and eBay security
- PayPal Enhanced Seller Protection is close to launch
Recent Posts
- PayPal improve echeque notifications
- eBay.com changes : we’re no longer only a venue
- eBay UK fee changes : goodbye SIF and Gallery fees
- UK, US, Germany make major announcements today
- R.O.EYE to support eBay affiliates in the UK
For marketing purposes, it would have been better to give it a name that didn’t read like “evil”.
I keep thinking of Vicky Pollard going “don’t you give me evils!!!”
[...] Two events appear to have taken place, ongoing and persistent abuse of hijacked accounts and taunting of eBay by a Romanian hacker. eBay are constantly working to prevent account hijacks and educate users on how to stay safe online but it is a never ending battle. Even the new PayPal security tokens don’t give a 100% guarantee of security although they will certainly slow hackers down. The key for all users is never click links in emails, and be suspicious of all links on websites. The much maligned eBay toolbar will show if you are about to enter your user name and password into a non-eBay site, and new EV SLL enabled browsers will assist also. (eBay and PayPal are amongst the first websites to be EV SLL ready). [...]
[...] EV SLL built into the new Internet Explorer 7 was supposed to inform you when a phishing site was masquerading as a legitimate site such as eBay or PayPal. The title bar in your browser will turn green for known safe sites, red for known phishing sites, and yellow for suspected phishing sites. PayPal have implemented EV SSL with a security certificate issued by Verisign (who have a strategic alliance with eBay and PayPal). [...]