Amazon has identified the cause of the S3 server outage that rendered large swathes of the Internet unavailable Wednesday: a command entry error during debugging. The operator intended to remove some capacity, temporarily (a routine practice); unfortunately a typo caused the command to remove far too much capacity. Amazon is working on procedures to prevent a recurrence.
There's some welcome good news about vulnerabilities and risk mitigation today. First, Google has removed 132 Android apps from the Play Store. They contained hidden iFrames that linked to malicious domains. Those apps weren't in much position to do damage anyway: CERT-Polska had sinkholed the malicious domains back in 2013.
The Cloudbleed bullet also seems to have been dodged. CloudFlare says the vulnerability was triggered 1.2 million times, but that there was no evidence of malicious exploitation. The company has also engaged Veracode to conduct a third-party check of CloudFlare's software.
And Slack is getting good reviews for their swift patching of a vulnerability—a potentially serious one—that exposed user tokens to compromise. They responded to the bug disclosure in half an hour and had a fix out in five hours. A Detectify researcher reported the vulnerability under Slack's bug bounty program.
In industry news, Symantec has opened a venture arm. Yahoo!'s exit by sell-off to Verizon is concluding with whimpers as the Yahoo! board investigation of the company's breaches imposes costs on executives.
China warns of the dangers of cyber conflict.
The Wassenaar cyber arms control regime's future looks shaky (again).