If you’re looking for a safe browser for Internet commerce, PayPal says you should stay away from Apple’s Safari.

In an interview with Michael Barrett, PayPal’s chief information security officer, the focus was on two specific features: phishing filters and EV-SSL support. Both Firefox and IE7 have phishing filters built in and turned on by default. IE7 has support built in for Extended Validation (EV-SSL), which shows a green address bar for authenticated sites; Firefox and Opera will in upcoming versions.

Safari has no phishing filter and Apple does not participate in the CA/Browser Forum, the group that developed EV-SSL.

“Apple, unfortunately, is lagging behind what they need to do, to protect their customers,” Barrett said. “Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.”

Barrett went further, echoing the thrust of VeriSign’s No More Abandoned Carts campaign, that the green bar instills confidence in users, claiming that IE7 users are noticeably less likely to abandon the login process. Confidence isn’t the same thing as security, but it’s not nothing. VeriSign says that similar effects have been observed by Overstock.com, DebtHelp.com, and now Scribendi.

When the kids were little you installed safety outlets, put a lock on the knife drawer, and padded sharp-edged furniture. Now that they’re older you can get rid of those old gadgets–and install a whole new round of safety tools on the computer. Parental control software lets you steer kids away from bad Web sites and bad choices.

There are plenty of different products for different parenting styles. You can lock the kids out of adult Web sites, control when they can use the computer, and limit their instant messaging to parentally-approved pals. Or you can eschew limits but log their every activity silently. Many of the products can send violation notifications while you’re away from home and even let you tweak parental control settings remotely. Which one’s right for you? Check out PC Magazine’s roundup of 12 Tools to Keep Kids Safe Online.

Following orders to take down content deemed offensive by the government, Pakistan’s telecom company went the extra mile and took down the whole YouTube site.

They did this using an abusive networking trick called “BGP Injection” in which they told the world that the IP address listed in DNS for YouTube was on their network. When YouTube requests came in to the Pakistani network they were, of course, not satisfied. The problem lasted about 2 hours before the rest of the world caught on and undid the changes.

BGP Injection is impossible to prevent and difficult to address, and you only see it if you’re looking for it. In many ways it’s the ultimate phishing tool. If the right people in Pakistan had gone further and put up a fake YouTube site to satisfy incoming requests it would have been hard for users to see the problem.

It’s not a secret, but it hasn’t gotten that much attention. Now perhaps a rogue network operator will be inspired to use this technique to its ultimate, malicious ends.

The latest IRS phishing e-mails redirects victims to sites hosted in Russia, and they mimic the actual Internal Revenue Service web site almost perfectly. And to complete the illusion, as soon as you’ve entered your personal and financial information you get redirected to the actual IRS site. Fiendish! Message Labs reports that this type of spam spiked in January, hitting ten times the normal level.The IRS isn’t unaware of this problem - in fact it has a page devoted to warning about scams. They point out that “The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.” If you’re wondering how your refund is doing, go directly to www.irs.gov and check the “Where’s My Refund?” page. Don’t click any links in email that claims to come from the IRS–it doesn’t!

They’re called “servers that lie.” Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

read more | digg story

PassPub generates unique passwords to give individuals increased security. Passwords are used everyday to gain access to personal information e.g. email, banking, online shopping. Standard guidance given on selecting secure passwords is to use a combination of letters and numbers. This is a task ideally suited to a computer generated process.

PassPub provides many easy ways to obtain a randomly generated unique password to protect your personal information.

https://www.passpub.com

Browser Security Test is a registration-free service that scans your browser for security issues. It works on Firefox, Internet Explorer and Opera browsers. The service is free and takes a couple minutes, depending on your connection speed.

http://bcheck.scanit.be