In an effort to battle security threats Paypal announced today that it will block "unsafe browsers" from using its services. It is trying to step up its anti-phishing efforts. Older web browsers are considered unsafe because the lack many security features the newer browsers have. Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4". Some users were still using Internet Explorer 3 (a browser more than 10 years old).

The federal government is starting to realize the real threats of botnets around the world. U.S. homeland security secretary Michael Chertoff speaking at the RSA conference said that the US government has launched a cyber security "Manhattan Project."

The US is realizing that online attacks can be a form of "devastating warfare", and equivalent in damage to "physical destruction of the worst kind."

Sophos claims that new and creative malware will push the total number of viruses/malware to one million by year's end. According to a report about 25 percent of unique malware has been created in the last six months of its 20 year history.

Virginia has become the first state to require that all public schools teach "Internet Safety" classes for all grade levels. Their goal is to educate young Web users from the dangers associated with using the Internet.

This shows us that Virginia is able to adapt with the changing times. They realize the public danger the Internet can pose to a community and have taken some action to mitigate the risk. This is the right thing to do.

A new study shows that men are more prone to Internet fraud than women. IC3 received 206,884 complaints of online crimes during 2007. Their findings show that men lost $1.67 to every $1 lost by women in online fraud. This is a $40 million increase in reported losses to law enforcement when compared to 2006.

Gizmodo is reporting that Apple's recent iPhone firmware update has been hacked. This comes after the most recent hack allowing the iphone to be unlocked and used on different carrier networks (called jailbreaking).

This hack is not considered a "jailbreak" hack, but rather a complete hack that allows you to run _any_ app and use _any_ compatible carrier you want in the world.

A survey from Symantec and Applied Research-West reported by Baseline show that younger workers (those born after 1980) pose a greater risk to corporate networks because of their tendency to want to run almost any device and install almost any software on their work machines.

Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared that BD+ is so strong that it would not be breached for at least 10 years.

Well a company named Slysoft and makers of AnyDVD claim to have cracked BD+ encryption (only eight months after Doherty's statement/dare) and have included the decryption tool in the latest release of their software. Slysoft claims that Blu-ray owners will now be able to "backup" their disks using AnyDVD.

Marshal, and Email and Internet content security company, analyzes spam traps it has placed throughout the Internet and looks for trends in spam creation, distribution, and origination.

I came across an article from Microsoft a few weeks back that claimed setting a blank password is more secure than setting simple passwords that most users choose.

A group at Princeton University has discovered a way to steal keys from memory even after a computer has been shutdown. The technique described here involves freezing a computer memory chip using quick blasts from an air can. This enabled the researchers access to the chips contents allowing it to obtain keys that could be used to decrypt data on a users hard drive.

Click Forensics has published a heat map showing countries where the most click fraud is originating. (Red is bad, green is good). The biggest sources of click fraud are India (4.3 percent), Germany (3.9 percent), and South Korea (3.7 percent). Mexico is also in the red.

IBM released their X-Force 2007 report today. The report details a rise and sophistication of organized crime units dedicated to capitalizing on Web vulnerabilities. These criminals are mainly after stealing identities and hijacking consumer's PCs.

According to the report, an complex underground network has been developed to aid in distributing tools and assist with camouflaging attacks so they can escape current detection mechanisms.

Baseline has published the top 25 data security breaches of 2007 . This is just the reported cases. I'm sure the actual number of breaches is much higher than this. This number will climb every year and the need for better security measures will always be there.

The top three data breaches in terms of affected records include:
1) TJX (19M+ affected records)
2) Dai Nippon Printing Company (8.6M records)
3) Fidelity National Information Services Check (8.5M records)