Heads up all who produce or trade in oil: Anonymous says it will resume #OpPetrol today. It may fizzle again, or perhaps not: the story is developing.
The lethal (in a business sense) attack on Code Spaces (see yesterday's issue for discussion and links) contains useful if discouraging lessons. The online collaboration platform was probably a target of opportunity, simply proving softer than other marks the criminals prospected. It's also worth reviewing your own security practices if you use a service like Amazon EC2. Note that the attack began with denial-of-service, followed by extortion, completed with data destruction triggered by the company's attempt to remediate compromise of its EC2 credentials. The DDoS itself didn't bring Code Space down — they could have handled DDoS.
DDoS incidents are on the rise (both Move and Ancestry.com sustained them this week) and they're increasingly being used in conjunction with other kinds of attack: observers compare them to smokescreens or misdirection.
Columbia University researchers crawl Google Play apps and find, disturbingly, thousands of authentication tokens in source code. Enterprises take note: the finding has implications for your BYOD policy.
Servers containing Supermicro motherboards are found broadcasting admin passwords in the clear.
More bad news on user security slackness: researchers at Carnegie Mellon, Penn State, and NIST find that many (most) subjects in an experiment were willing to download an unknown executable when offered a small payment (a dollar or less).
California and Missouri court decisions send diverse messages about banks' liability for customer data loss.