Lost+Found: Password games, DDoS ads and smartphone worries

Too short for news, too good to lose; Lost+Found is a round up of useful security news. This time: memorise passwords like you ride a bike, buy DDoS attacks like you buy bread, expert knowledge in form of a fairy tale, a trojan app store, and a sniffer dog that barks up the wrong tree.

• According to researchers at Stanford University, memorising passwords can be as easy as riding a bike: the researchers have developed a method that allows users to memorise passwords as tacit knowledge through implicit learning – which uses the same area of the brain that intuitively allows us to keep our balance on a bicycle. Users memorise their passwords via a simple game without ever knowing what it is, and password input is also designed as a game.

• If a series of YouTube commercials are to be believed, having the web pages of pesky competitors blown off the net requires only a minimum investment of $5 per hour. What may at first glance seem like the parody of a cheap TV commercial appears to have a serious background: Gwapo's Professional DDOS Service offers its services on various relevant underground forums, where it has attracted numerous comments from satisfied customers.

• Melissa Elliott playfully demonstrates how to explain a complex scenario using a virtual box of continuous paper and a couple of digital pens. She turned an abstract Man-in-the-Middle attack into "How Sally Got Owned".

• The malware situation for Android users is deteriorating slowly but surely: there are now whole app stores whose sole purpose is to deploy infected apps. Microsoft reports that one portal offered more than 50 bogus apps, including one for Skype. Once installed, the apps sent out expensive premium-rate SMS text messages.

• Apple has banned anti-virus company Bitdefender's Clueful anti-sniffer app from its App Store. Bitdefender is currently investigating the reasons; they could be related to the fact that Clueful, as we have previously observed, occasionally produced alerts about apps that weren't even installed.

(djwm)