French, check. Unemployed, check. Obvious hacker name of “HackerCroll,” check. The FBI has nailed their cuplrit, believed to have “gained control of Twitter” by hacking into both Obama’s and Britney Spears’s Twitter accounts last year. More

It’s a story tailor-made for the fear-mongering subset of news media. This week, a pair of gentlemen lured an unsuspecting virgin iPhone to a malicious website and — with no other input from the user — stole the phone’s entire database of sent, received and even deleted text messages in under 20 seconds, boasting that they could easily lift personal contacts, emails and your naughty, naughty photos as well. Thankfully for us level-headed souls, those gentlemen were Vincenzo Iozzo and Ralf-Philipp Weinmann, security researchers performing for the 2010 Pwn2Own hacking contest, and their $15,000 first prize ensures that the winning formula will go to Apple (and only Apple) for further study. Last year, smartphones emerged from Pwn2Own unscathed even as their desktop counterparts took a beating , but this makes the third year in a row that Safari’s gotten its host machines pwned .

Over the years, a number of optional technologies have allowed new auto buyers to remotely disable and / or recover their vehicles after purchase, but these devices aren’t always optional, and it might not even be the buyer who activates them. According to Threat Level , a man has been charged in Austin, Texas for allegedly hacking into the computer of his employer, Texas Auto Center, and activating WebTeck remote horn triggers and kill devices installed in over 100 cars owned by the company’s customers — all from the comfort of home. After Texas Auto Center reset the offending software’s passwords and figured out what’s what, the Austin High Tech Crime Unit quickly traced access back to one Omar Ramos-Lopez and made an arrest — but for many, the damage (in terms of missed work, school and tow-truck calls) had already been done. Care to form an opinion?

Wondering why your PC has been infested with malware, random popups, intermittent shut downs and all sorts of other atypical garbage since the day you installed that downloaded copy of Windows 7 ? In case you aren’t capable of determining that your copy of Windows isn’t genuine (as in, you didn’t buy it from a legitimate source), Microsoft is about to lend you a serious hand. In the “coming days,” the software behemoth will be pushing out a new update for Windows Activation Technologies, which will look for over “70 known and potentially dangerous activation exploits.” It sounds as if the update is intended to alert folks who purchased complete PCs from the back of their local White Van that they may have gotten ripped off, but either way, we’re not particularly stoked about having yet another item running in the background, consuming system resources and telling us that we’ve been naughty. Thankfully it’s a voluntary update, but keep your eyes peeled if you don’t want to okay the installation accidentally. [Thanks, Troy] Windows 7 Activation Technologies Update coming down the pike, will tell you things you (should) already know originally appeared on Engadget on Thu, 11 Feb 2010 20:59:00 EST. Please see our terms for use of feeds .

Matthew Delorey’s business idea was to sell hacked Comcast modems which allow free Internet access. He just forgot to avoid FBI agents, conspiracy, wire fraud, and $250,000 fines. Now he may get 20 years in prison to rethink things. Delorey wasn’t doing anything insanely difficult.

This next item’s for any rogue states out there that might be planning a comprehensive wave of cyber-attacks: It looks like Microsoft has admitted that indeed it was a security flaw in Internet Explorer that hackers based in China exploited in the recent attacks on Google . As is often the case, the flaw is neatly summed up in the title of the advisory: “Vulnerability in Internet Explorer could allow remote code execution.” According to news agency AFP, the incident (which targeted Chinese human rights activists) shows “a level of sophistication above that of typical, isolated cyber criminal efforts.” (Which is, evidently, how we like to think of our own cyber criminal efforts.) Microsoft has yet to release a formal software update. In the meantime, if you think your machine could be at risk, hit the source link for all the details. Or just switch to Firefox. IE security flaw exploited in recent Google attacks originally appeared on Engadget on Fri, 15 Jan 2010 14:02:00 EST. Please see our terms for use of feeds

I wonder what’s going through Mitch “oorange3″ Adair’s head in this picture. Is he annoyed that someone made yet another joke about hacking the Gibson or did he just lose the US Cyber Challenge ? Either way, that’s one unhappy-looking hacker. The US Cyber Challenge in which Adair participated is a huge competition with the goal of hacking your opponents’ computers while defending your own from attacks. It’s not just a silly game for the sake of showing off either: The competition is designed to find talented individuals and recruit them to defend our country, companies, and computers from evil-doers’ cyberattacks

I wonder what’s going through Mitch “oorange3″ Adair’s head in this picture. Is he annoyed that someone made yet another joke about hacking the Gibson or did he just lose the US Cyber Challenge ? Either way, that’s one unhappy-looking hacker. The US Cyber Challenge in which Adair participated is a huge competition with the goal of hacking your opponents’ computers while defending your own from attacks.

Many of us have jailbroken our iPhones, but did everyone remember to change the default root password? Those guilty of that oversight are vulnerable to the simple intrusion method this guy used to hold iPhones hostage in the Netherlands. Updated. Apparently all that it took to terrify many Dutch iPhone users was a “trivial” port scanning technique and “a modicum of networking know-how.” After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution: If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone. This particular gentleman was almost kind.

Gary McKinnon hacked into 97 military computers searching for UFO secrets and now he’s liable for $700,000 in security checks that were done afterward. As some say, why should he pay for a lock if the door was open? Yes, McKinnon should pay for his crime somehow, he did break the law after all, but to pay to close security gaps he exposed while comitting the crime is a bit unreasonable. I’m happy that the ridiculous damages bill is being challenged by experts, because as Peter Sommer, professor of security at the London School of Economics, put it: Damage assessments of computer security breaches should consider “whether the victims have taken reasonable steps to limit the damage”. According to what we’re seeing about this series of intrusions, they would’ve been preventable, had Uncle Sam’s security experts been on the ball.