Last week's distributed denial-of-service attack against Spamhaus has largely subsided. As large as the attack was, most Internet users found their experience little affected. A Guardian op-ed sniffs that the whole episode was a put-up job "spun by shoddy journalism," but this is surely wrong. Some coverage was unduly breathless, but the attack was significant for at least three reasons beyond its sheer size: 1) it exposed the extent to which DNS servers were unsecured, 2) it revealed deeper vulnerabilities in DNS, and 3) it suggested the difficulties legal systems encounter when faced with transnational exploits. (The market for DDoS defenses will also grow—IDC already forecasts 18.2% compound annual growth through 2017.)
A Rapid7 researcher finds vulnerabilities in Amazon Simple Storage Service (S3) buckets, due apparently to customer service misconfiguration. iMessage prank texts show the service's vulnerability to DDoS-like disruption. Islamist groups (al Qaeda Electronic Army and Hamas' Izz ad-Din al-Qassam Cyber Fighters, respectively) disrupt First National Bank Texas and American Express. An Indian hacker defaces a Pakistani election site.
Anonymous interposes itself into Korean tensions with attacks on North Korean websites. Attribution of the "cyber rampage" South Korea recently endured remains unclear, but Symantec believes the evidence points to centrally directed "hired guns," not hacktivists.
Sino-American tensions rise as US strictures against Chinese hardware begin to bite. The Chinese government also disputes British accusations of cyber espionage.
The Saudi government warns of "suitable measures" against services like Skype, What'sApp, and Viber if they don't comply with censorship laws.