Stickam, the webcam site the New York Times says is backed by Japanese pornographers and Stickam PR says isn't, has a spam problem. CEO Steve Fruchter says last November, hackers broke into "an old community forum system" and stole 2 million Stickam user email addresses. Now users keep getting email from a company called SlickCam. A Stickam flack told the Times its contacted "the Secret Service and a specialized Internet security research firm" in effort to halt the onslaught. Is it working?

The distorted images websites use for logins, known as captchas, or Completely Automated Public Turing test to Tell Computers and Humans Apart, work by distorting a set of numbers and letters in such a way that only humans would recognize them. For blind Internet users, websites use audible captchas, which do the same thing with sound. For a while, both types effectively prevented spammers from registering Gmail addresses with automated scripts. But Russians looking for a little extra cash — about $3 a day — helped crooks break Google's image captchas earlier this year. Now Wintercore Labs says Google's audio captchas are broken too. IDG reports:

Over the last few months, wily spammers may have figured out how to crack the security feature known as "captchas." With an army of compromised Windows PCs known as botnets, they've been using their new power to flood Google's Blogger with spam. Why Blogger?

Blog host Tumblr almost apologized to its users for leaving a big door open to hackers for 40 minutes today. "We screwed up today, and we cannot possibly express our remorse," a company blog said, offering some consolation to anonymous bloggers like Fake Nick Denton who may have had their (hopefully anonymous) email addresses exposed when the hacker or hackers peered at 27 registration records. But Tumblr groveled a little harder for Star editor-at-large Julia Allison, whose blog was the only one defaced, and fairly horrendously at that. An italicized section at the end of Tumblr's post read, "We'd also like to make a special apology to Julia Allison, whose account was temporarily affected by our mistake." See, Julia? Not everyone treats you like a jerk! [Davidville]

Don't visit the site unless you want to furiously close the window, but a gang of hackers who call themselves the "Gay Nigger Association of America" have taken over the dating columnist's blog, making the window rotate wildly and the speakers shout "Hey everyone, I'm looking at gay porn." Thank god everyone in my cafe is used to my laptop doing that. [NSFW: It's Me Julia]

Google's boast page for tools built on App Engine was struck by script kiddies with a relatively simple JavaScript-based exploit known as cross-site scripting. Yes, not exactly a high-level attack, but another black eye for a project that, like most of Google, will linger in beta for the next few years.

The "rent party" for hacker collective Resistor's downtown Brooklyn space was awesomely nerd-tastic. We woke up with a hangover from the Bar-bot, a robot programmed to make mixed drinks in beakers. Also a mystery: a diagram of a circuit drawn in permanent marker across our entire forearm that we're still trying to explain, as well as wash off. "It's basically just a device that would blink on and off. See the LED?" said one charming hacker. Naturally. Click to see the Bar-bot!

Back in 1999, Cristophe Bisciglia was a teenage programming prodigy in the sleepy seaside town of Gig Harbor on Washington State's Olympic Peninsula. He was already doing web development work for clients, like Visnet, a tiny ISP in Port Orchard. But a dispute with the owner left a chip on his shoulder. So Bisciglia hacked into the ISP's servers and borked them by sending out thousands of emails, including emails to Visnet's customers pointing out the company's security flaws, according to the Kitsap Sun. While his record was probably cleared once he turned 18, he was convicted of a misdemeanor at the time.

Medical researchers were able to deliver shocks and stop a Medtronic pacemaker without using the control box. The box, sold only to the doctors of pacemaker recipients, communicates with the device via radio waves. But the lab workers were able to duplicate the signals remotely, and figured out how to get the private medical information from it as well. Just think of the fun some really creepy people could have with spinal cord simulators and drug delivery pumps! [Wall Street Journal]

Too much viral video can make you sick. And your computer, too. CollegeHumor, Barry Diller's funny-clips compendium, has been caught infecting viewers with at least two categories of virus, Generic.dx and JS/Wonka. They're mild but annoying infections — the chlamydia and gonorrhea of the online world. One expects to find Trojans littering CollegeHumor's offices, not its website. The likely source?

IMPORTANT NEWS VIA E-MAIL: "There's a new owner of Hamiltonnolan.com. Guess who? Since you seem obsessed with me I will make sure to remind you daily. Hugs & Kisses, Ronn." AWESOME. I finally have something in common with all those famous PR people whose domain names he squatted on in '06. [UPDATE: A tipster points out that someone has played this same trick with www.ronntorossianpr.com. It wasn't us!]

You know those distorted letters and numbers you have to retype to log into websites? They're called captchas, for Completely Automated Public Turing Test to Tell Computers and Humans Apart. One thing they're good for is preventing spambots from signing up for Yahoo email accounts. Or at least that's one thing they used to be good for.

Logo designer David Airey took a monthlong trip to India starting in late November. About three weeks in, hackers took over his Web domain, davidairey.com. How'd it happen? Airey blames a Gmail security flaw he read about. Something to do with going to a malicious website that inserts forwarding filters into a user's Gmail settings. Totally messed up his life, he says, not to mention his rank in Google search results. Google says it's fixed this particular flaw, but here's how to make sure you haven't been affected.

Google is the target of a trojan that could be more damaging than the worm that has affected literally dozens of Orkut users. This new trojan, however, hits Google where it hurts — its ever-swelling advertising revenues. It redirects Web ads from the AdSense program to a rival ad provider. Bitdefender, the Romanian security-software maker which identified the trojan, does not specify who is serving these third-party ads or how the trojan is propagating. Researchers do say that Google may be powerless to stop the attack, because the malware affects personal computers, not the company's ad servers. Google is unlikely to lose substantial sums, but the search giant cannot enjoy being this helpless. No wonder it's pushing antivirus software.

A relatively harmless worm has rampaged through Google's social network, Orkut. You probably haven't noticed. That's because Orkut, while popular in Brazil and India, is an also-ran in the U.S. Hundreds of thousands of Orkut users saw their accounts overwhelmed by spam on their "scrapbooks," Orkut's equivalent of Facebook's Wall.

Sandra Soroka, the New York videoblogger who dumped her boyfriend through her Facebook status message may not have had her Flickr account hacked by outraged Digg users, as we previously reported. Some now suggest she staged the hack, hoping it would stem the tide of invective flooding her Facebook inbox, according to Underwire. "You can't write anything because I'm not saying anything," Soroka told fellow videoblogger Sarah Meyers, who reported Soroka was closing all her online accounts. Doesn't look like that worked, hmm?

A tipster told us that SourceForge had been hacked yesterday, with the site unavailable for part of the morning, so we pinged people at the open-source code repository to see what went down. Says Ross Turk, the site's "community manager":

British spy agency MI5 has warned financial and legal institutions of a security threat from state-sponsored Chinese hackers. The Chinese government, of course, has denied any involvement. [The Register]

STUCK IN A CAB ON FIFTH AVE, NEW YORK — New York cabbies don't like change, unless it's the kind you tell them to keep. Nevertheless, if you hit New York for the holidays this year, you might find yourself in a cab with a computer display installed in the barrier between you and the driver. It's not very useful, featuring a little local TV, Zagat ratings and a lot of advertisements. But some of you out there might find they're good for a perverse pleasure. Hacking around. That's the stuck-in-traffic entertainment blogger Billy Chasen went for.

New Zealand police say they've apprehended a hacker known by the online handle Akill caused for more than $20 million in economic losses. Akill, whose name the police have withheld because he's only just turned 18, allegedly masterminded schemes to steal credit card information and manipulate stock markets by taking over thousands of computers and directing them all toward the same dirty deed.