Bad Security Advice from PayPal :

Bad Security Advice from PayPal

Monday November 28 2011 - web, ecommerce, online-safety, security, fail

I get annoyed by out-of-date recycled wisdom. You’d think PayPal would know better. I was checking my account today and I saw a banner ad for the PayPal Phishing Quiz. I thought I’d take the quiz and they scored me 6 out of 7, but I disagree with their answer.

Current versions of Internet Explorer and Google Chrome have NO status bar by default. The status bar is not the correct place to look for the lock icon. It is next to the address bar, as these clips from Internet Explorer 9 and Google Chrome 15.0 show:

PayPal's advice may have been correct five years ago. In those days, it was a common ploy for malicious web sites to use some JavaScript to position a fake lock icon over the address bar, but that hasn’t been possible in Internet Explorer for several versions. I believe IE6 was the last version to be vulnerable to that particular exploit. These days, it is impossible for a script to affect the window ‘chrome’, it can only write to the content area.

Perhaps PayPal believes that we are all still using Internet Explorer 6?

Tweets

Weird science that turns out to be really useful: Preventing vortex shedding with a helical strake http://t.co/tWjQlZhD
@patrick_bond67 Hi Patrick, yes I'll still be around at GTi about once a month I would guess.
I highly recommend free e-crime Wales summit in Cardiff, this is a world-leading initiative and well worth your time http://t.co/TjYizvf
Follow Me on Twitter

Bad Security Advice from PayPal

Tags

Tweets

TiGra Blog