Security Roundup: Steve Jobs, Apple and IT Security; DDoS Attacks Against VoIP; a Hot Week for SIEM

This week the respectful thoughts of many turned to Steve Jobs, the legendary co-founder of Apple, who passed away at the age of 56. When it comes to security, Apple computers were remarkable for the kinds of troubles they largely didn’t have in comparison to Microsoft-based computers with their high rate of enterprise adoption that the Apple Macintosh never achieved. Microsoft operating systems and applications over time have been relentlessly targeted by attackers if only because Microsoft products constituted a large field of malware opportunity due to their huge market acceptance, plus the number of vulnerabilities discovered in them month after month.

The Macintosh, though hardly perfect, was spared that. Apple’s Jobs was a creative force because he fiercely believed his ideas, turned into products, could compete. And competition remains one of the best hopes for product security because it works to offset the kind of software homogeneity that hackers prefer for mass exploitation. Jobs personified the defiant spirit of the early era of personal computing which, in some way, does seem to come to a close with his passing.

IN THE NEWS: Massive DDoS attacks a growing threat to VoIP services

Of course, for some, death is just something else on which to capitalize. In one case, as Sophos tells us, scammers are trying to exploit the death of Steve Jobs. As a way to lure victims into his malware trap, one scammer is saying, “In memory of Steve, a company is giving away 50 ipads tonight. R.I.P. Steve Jobs.”

DDoS attacks growing against telecom and service providers

It takes a lot of guts to stand up and talk candidly about getting hit by a distributed denial-of-service attack, but that’s exactly what Don Poe, vice president of network engineering at TelePacific Communications, did at the Comptel Plus Conference in Orlando, Fla.

Poe detailed how an attacker took down the local-exchange carrier’s VoIP services in a massive DDoS attack in March. It’s not known who the attacker was, but a lot of attack traffic was coming from China. Poe provided insight into how TelePacific has bolstered security since then. The trade group Comptel says it organized the session on DDoS because it’s learning that more and more of its membership is getting hit with DDoS attacks.

There’s national security significance in all this if the U.S. telecom industry is under attack constantly. But many in the telecom industry would rather not confront these problems directly and publicly. Botnets are a big part of the DDoS problems, but trying to get the service providers to play a coordinated role in trying to battle this plague is not easy to do. Various officials from the U.S. Department of Commerce and Department of Homeland Security last week tried to get the industry interested in voluntary efforts in this regard by holding a public discussion about it at the D.C.-based Center for Strategic and International Studies. However, auditors from the General Accounting Office last week pointed out the U.S. government agencies could do a lot better on cybersecurity, too.

Speaking of botnets, Check Point got in the anti-botnet mood last week with a new product it claims will detect and stop them.

The hot buy: Security information event management companies

SIEM (sometimes called “security-event management”) is a way to correlate security-related information from a wide range of sources ranging from intrusion-detection systems to servers, applications, network flows and anti-malware, to name a few, in order to get a big-picture view of a network threat, monitor internal usage of resources and support auditing and compliance goals.

Suddenly SIEM vendors has gotten hot, with IBM last week acquiring Q1 Labs and McAfee announcing a deal to acquire NitroSecurity. This follows HP late last year buying ArcSight and recently laying out plans for SIEM-based services. SIEM is an increasingly important tool. But everything in the tech industry seems to be a work in progress, and EMC/RSA earlier this year bought NetWitness, which specialized in detection of stealthy attacks, to augment its envision SIEM.

Cloud-based services on the rise

Symantec surveyed more than 5,000 information and security professionals from 38 countries regarding how far their organizations have gotten in deploying public and private cloud-based services. The independently conducted survey showed that the shift for at least some applications is proceeding apace — though sometimes the results aren’t what were hoped for. Interestingly, the survey appears to show that chief information security officers are largely as enthusiastic about trying cloud-based computing as chief information officers.

Symantec itself took a step into the cloud last week in making its single sign-on service called O3 available for corporate trials.

Some quick hits from the Ignorance is Bliss Department

* Wi-Fi users are blissfully ignorant about security, according to a survey.

* Biometrics scares people, though it doesn’t really hurt.

* Firefox last week advised users to disable the McAfee ScriptScan plug-in (which ships with the McAfee antivirus program for protecting against attacks aimed at Web browsers) because it allegedly can cause “stability or security problems.” McAfee said it was working to resolve the ScriptScan issues.

* Stanford Hospital and Clinics blames third-party billing services on a data breach that exposed the personal data of 20,000 patients.

Read more about wide area network in Network World’s Wide Area Network section.