The Pwn2Own 2010 hacker contest will be held March 24 during the CsnSecWest security conference in Vancouver, British Columbia. The event offers contestants various pieces of technology such as phones and computers to hack. If a user successfully exploits their target they get to keep the device as well as a cash prize.

For the event’s fourth year, contestants will be asked to exploit two main technology categories: Web browsers and mobile phones. There will be $100,000 in cash prizes, and successfully hacking each phone or browser is worth $10,000.

Google has patched 11 vulnerabilities in the Windows version of Chrome, including one that earned its finder the first $1,337 check from the company's new bug bounty program.

Like Apple, which updated Safari last week, Google beefed up the security of its browser just days before the Pwn2Own browser hacking contest was to kick off in Canada.

The update to Chrome 4.1.249.1036 fixes six flaws rated "high," the second-most-severe ranking in Google's four-step threat system; plugs three "medium" holes; and quashes two "low" bugs.

Danish vulnerability tracker Secunia rated the update as "highly critical."

Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said today.

The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

Vodafone said it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's Web site in the same week as the first phone, according to Panda.

The Information Commissioner's Office (ICO) has reported that the Royal London Mutual Insurance Society lost eight laptops and the personal details of 2,135 people.

It has declared that the insurance provider breached the Data Protection Act when the laptops were stolen from the company's Edinburgh offices. Two of the laptops contained the information, and the individuals affected were employees of various firms that had sought pension scheme illustrations.

The ICO reported that the two laptops were unencrypted, but were password protected. An internal report established that the company was uncertain about the precise location of the laptops at any given time and that physical security measures were inadequate.

After an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers.

Troyak, which is believed to be based in eastern Europe, was knocked offline earlier this month after other networks supplying its connectivity to the Internet stopped carrying its traffic due to complaints it was complicit in cybercrime.

Since then the network has fought a cat-and-mouse game with network providers in 12 countries and international law enforcement, according to Jart Armin, the pseudonymous editor of the Hostexploit.com Web site, which has been involved in the action.

Law enforcement officials in the U.K. and U.S. are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system.

Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the U.K.'s Serious Organised Crime Agency (SOCA).

Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilitating botnets. Law enforcement often run into difficulty when investigating those domains, as criminals use false details and stolen credit cards.

A bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said today.

The flaw is in some of Microsoft's virtualization software, including Windows XP Mode, the free add-on for Windows 7 that lets users of the newer OS run older applications in a virtual machine.

Core Security went public with information about the flaw yesterday, seven months after reporting the problem, because Microsoft declined to patch it. "They don't believe this requires a patch," Ivan Arce, CTO of Core Security, said in an interview today. "They said that they would address it with an update or in a service pack some time in the future. We believe this needs to be fixed sooner."

Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

Millions of South Africans could be at risk of having their personal information hacked and misused, as SA moves from analogue television to a digital signal, warn industry experts.

The country is preparing for the global switchover to digital broadcasting in 2015. However, to watch the new signal, every one of the 10 million households that owns a television will need a decoder.

These decoders, or set-top boxes, not only have the ability to receive signal, but also to send information through a return path. Government's plan is for the boxes to be interactive, and allow citizens to fill in forms from their boxes, although it is unclear what types of forms this will include.

The US Federal Bureau of Investigation (FBI) may be using fake identities on social networks to investigate criminal activities, according to digital rights group Electronic Frontier Foundation (EFF).

The EFF cites a 33-page FBI presentation obtained through a Freedom of Information request that describes how investigators should collect and use evidence from social networking sites such as Facebook, MySpace and LinkedIn.

The document says undercover operations online are helpful for contacting suspected criminals and victims, accessing private information and mapping social networks.

Evidence gathered from social networks can help reveal personal communication links, establish motives and provide location information, the document says.