Malicious attacks against power system state estimation are considered. It has been recently observed that if an adversary is able to manipulate the measurements taken at several meters in a power system, it can sometimes change the state estimate at the control center in a way that will never be detected by classical bad data detectors. However, in cases when the adversary is not able to perform this attack, it was not clear what attacks might look like. An easily computable heuristic is developed to find bad adversarial attacks in all cases. This heuristic recovers the undetectable attacks, but it will also find the most damaging attack in all cases. In addition, a Bayesian formulation of the bad data problem is introduced, which captures the prior information that a control center has about the likely state of the power system. This formulation softens the impact of undetectable attacks. Finally, a new L∞ norm detector is introduced, and it is demonstrated that it outperforms more standard L2 norm based detectors by taking advantage of the inherent sparsity of the false data injection.