Wondering why your PC has been infested with malware, random popups, intermittent shut downs and all sorts of other atypical garbage since the day you installed that downloaded copy of Windows 7 ? In case you aren’t capable of determining that your copy of Windows isn’t genuine (as in, you didn’t buy it from a legitimate source), Microsoft is about to lend you a serious hand. In the “coming days,” the software behemoth will be pushing out a new update for Windows Activation Technologies, which will look for over “70 known and potentially dangerous activation exploits.” It sounds as if the update is intended to alert folks who purchased complete PCs from the back of their local White Van that they may have gotten ripped off, but either way, we’re not particularly stoked about having yet another item running in the background, consuming system resources and telling us that we’ve been naughty. Thankfully it’s a voluntary update, but keep your eyes peeled if you don’t want to okay the installation accidentally. [Thanks, Troy] Windows 7 Activation Technologies Update coming down the pike, will tell you things you (should) already know originally appeared on Engadget on Thu, 11 Feb 2010 20:59:00 EST. Please see our terms for use of feeds .

Matthew Delorey’s business idea was to sell hacked Comcast modems which allow free Internet access. He just forgot to avoid FBI agents, conspiracy, wire fraud, and $250,000 fines. Now he may get 20 years in prison to rethink things. Delorey wasn’t doing anything insanely difficult.

This next item’s for any rogue states out there that might be planning a comprehensive wave of cyber-attacks: It looks like Microsoft has admitted that indeed it was a security flaw in Internet Explorer that hackers based in China exploited in the recent attacks on Google . As is often the case, the flaw is neatly summed up in the title of the advisory: “Vulnerability in Internet Explorer could allow remote code execution.” According to news agency AFP, the incident (which targeted Chinese human rights activists) shows “a level of sophistication above that of typical, isolated cyber criminal efforts.” (Which is, evidently, how we like to think of our own cyber criminal efforts.) Microsoft has yet to release a formal software update. In the meantime, if you think your machine could be at risk, hit the source link for all the details. Or just switch to Firefox. IE security flaw exploited in recent Google attacks originally appeared on Engadget on Fri, 15 Jan 2010 14:02:00 EST. Please see our terms for use of feeds

I wonder what’s going through Mitch “oorange3″ Adair’s head in this picture. Is he annoyed that someone made yet another joke about hacking the Gibson or did he just lose the US Cyber Challenge ? Either way, that’s one unhappy-looking hacker. The US Cyber Challenge in which Adair participated is a huge competition with the goal of hacking your opponents’ computers while defending your own from attacks. It’s not just a silly game for the sake of showing off either: The competition is designed to find talented individuals and recruit them to defend our country, companies, and computers from evil-doers’ cyberattacks

I wonder what’s going through Mitch “oorange3″ Adair’s head in this picture. Is he annoyed that someone made yet another joke about hacking the Gibson or did he just lose the US Cyber Challenge ? Either way, that’s one unhappy-looking hacker. The US Cyber Challenge in which Adair participated is a huge competition with the goal of hacking your opponents’ computers while defending your own from attacks.

Many of us have jailbroken our iPhones, but did everyone remember to change the default root password? Those guilty of that oversight are vulnerable to the simple intrusion method this guy used to hold iPhones hostage in the Netherlands. Updated. Apparently all that it took to terrify many Dutch iPhone users was a “trivial” port scanning technique and “a modicum of networking know-how.” After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution: If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone. This particular gentleman was almost kind.

Gary McKinnon hacked into 97 military computers searching for UFO secrets and now he’s liable for $700,000 in security checks that were done afterward. As some say, why should he pay for a lock if the door was open? Yes, McKinnon should pay for his crime somehow, he did break the law after all, but to pay to close security gaps he exposed while comitting the crime is a bit unreasonable. I’m happy that the ridiculous damages bill is being challenged by experts, because as Peter Sommer, professor of security at the London School of Economics, put it: Damage assessments of computer security breaches should consider “whether the victims have taken reasonable steps to limit the damage”. According to what we’re seeing about this series of intrusions, they would’ve been preventable, had Uncle Sam’s security experts been on the ball.

Noted iPhone security destroyer Jonathan Zdziarski has cracked the iPhone 3GS encryption security, which is to be expected, but the ease and speed with which he did it is worrisome. Zdziarski claims the iPhone 3GS is thus “useless” to businesses. The iPhone certainly isn’t as ubiquitous for corporate use as BlackBerry or even Windows Mobile, but that’s starting to change, and Zdziarski is very concerned that the iPhone 3GS’s security puts sensitive data at unnecessary risk. He claims that with easily-available software, anybody can break into an iPhone 3GS and start extracting data within two minutes, and access everything on the phone within 45. After reading this, we could see why companies might just be reluctant to trade their BlackBerrys in for a shiny new iPhone 3GS. [ Wired ]

It looks like a nefarious cyber-attack which affected several federal websites in the United States was a little more far-reaching than initially thought. The attack — which started on the 4th of July — targeted websites in both South Korea and the United States, including the Treasury Department, Federal Trade Commission and Secret Service. Various problems were still being reported days later, and while there’s no official word on who the attackers were, those “people familiar with the matter” we know and love seem to be pointing their fingers at North Korea. So far as we know, no irreparable damage has been done, but we’re not sure anyone would tell us if it had. Filed under: Internet Mysterious cyber-attacker hits at federal websites, crisis averted? originally appeared on Engadget on Wed, 08 Jul 2009 18:28:00 EST

A 19-year-old who was part of a swatting group—hacking the phone system to get 911 to respond with a SWAT team to potentially dangerous situations in order to harass people—just got sentenced to 11 years in prison. Their method of hacking used spoofing to pretend the call originated from the victim’s house. The team could then say all kinds of crazy stuff. For example: On June 12, 2006, for example, another swatter, Guadalupe Martinez, dialed 911 using a spoof card to make it look as though he was calling from an Alvarado, Texas, phone number and told dispatchers that he was holding hostages and had killed family members with an AK47 while high on hallucinogenic drugs. But what really got him and his buddies in trouble was the fact that he showed up at the home of the Verizon investigator that was gathering evidence against him and harassed him