The US Cyber Challenge in which Adair participated is a huge competition with the goal of hacking your opponents' computers while defending your own from attacks. It's not just a silly game for the sake of showing off either: The competition is designed to find talented individuals and recruit them to defend our country, companies, and computers from evil-doers' cyberattacks.

Neat competition, but I still wonder if Adair's frustration was because he didn't win or because of a lame joke. [CNN]

Update: Adair has emailed me to set the record straight. He explains that this isn't frustration or annoyance we're seeing. It's the "21st century's version of Rodin's The Thinker."

Apparently all that it took to terrify many Dutch iPhone users was a "trivial" port scanning technique and "a modicum of networking know-how." After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution:

If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.

This particular gentleman was almost kind. He didn't inflict any serious harm, only demanded a small optional payment, and limited his activity to the Netherlands. Whoever learns from his approach might not be as nice. The lesson, my darlings? Change your root passwords or disable SSH if you've got a jailbroken iPhone. I finally did. [Ars Technica]

Yes, McKinnon should pay for his crime somehow, he did break the law after all, but to pay to close security gaps he exposed while comitting the crime is a bit unreasonable. I'm happy that the ridiculous damages bill is being challenged by experts, because as Peter Sommer, professor of security at the London School of Economics, put it:

Damage assessments of computer security breaches should consider "whether the victims have taken reasonable steps to limit the damage".

According to what we're seeing about this series of intrusions, they would've been preventable, had Uncle Sam's security experts been on the ball. So really, they should be paying McKinnon a consultation fee for pointing out the security gaps in the first place. [Computer Weekly via Slashdot]

The iPhone certainly isn't as ubiquitous for corporate use as BlackBerry or even Windows Mobile, but that's starting to change, and Zdziarski is very concerned that the iPhone 3GS's security puts sensitive data at unnecessary risk. He claims that with easily-available software, anybody can break into an iPhone 3GS and start extracting data within two minutes, and access everything on the phone within 45. After reading this, we could see why companies might just be reluctant to trade their BlackBerrys in for a shiny new iPhone 3GS. [Wired]

Their method of hacking used spoofing to pretend the call originated from the victim's house. The team could then say all kinds of crazy stuff. For example:

On June 12, 2006, for example, another swatter, Guadalupe Martinez, dialed 911 using a spoof card to make it look as though he was calling from an Alvarado, Texas, phone number and told dispatchers that he was holding hostages and had killed family members with an AK47 while high on hallucinogenic drugs.

But what really got him and his buddies in trouble was the fact that he showed up at the home of the Verizon investigator that was gathering evidence against him and harassed him. He was arrested shortly after. [Yahoo]

It's startingly simple: It doesn't take very many votes at all to get a product flagged as "inappropriate" and booted off the rankings. He says he created a script that generated a list of product IDs for every gay and lesbian book on Amazon. From there, he just needed a whole bunch of people to flag the books as inappropriate, which wasn't hard, because simply getting someone to go the URL of a successful flag would count as another one. Using an invisible iframe on popular websites owned by friends and a group of "third-worlders" he hired to register accounts, he generated enough votes to de-list gay and lesbian books en masse.

Lending credence to his claims, Valleywag notes that the "flag as inappropriate" feature is currently disabled. Free reign for inappropriate books! [Livejournal via Valleywag]

The flaw affects only the G1's browser, and the "sandbox" nature of Android limits the potential damage to only that one program. Interestingly, Miller is just now releasing the (admittedly limited) information to the press, stating that he feels smartphone users are not adequately aware of how risk-prone their devices can be. Google is a bit annoyed at Miller's forthrightness, implying that "they believed that Mr. Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized."

Google, T-Mobile, and HTC are all working together to fix the flaw, but Google is emphasizing that the overall security of the phone is just fine, and a patch will be released as soon as possible. [New York Times]

The Mobile ID Reader boasts an 8GB capacity, so when hackers crack the “encrypted formats feature,” they'll have access to tons of personal and privileged data. Other features include a sunlight-safe touchscreen and a capacitive fingerprint sensor. The device is meant to be used by authorities at event checkpoints, like its first tryout at the Euro Cup 2008 soccer tournament, but it shouldn't be long before you see it at your local Trader Joe's, checking up on the hippies. [Wired]

All this hubbub and no nude pictures of Ashton Kutcher porking Demi Moore? I say he pays US $10,000 for getting our hopes up. – Jason Chen

T-Mobile hacker gets house arrest [Mobile Tracker]