Security roundup Steve Jobs Apple and IT security DDoS attacks against VoIP a hot week for SIEM
Post on: 2011-11-02 By: admin
This week the respectful thoughts of many turned to Steve Jobs, the legendary co-founder of Apple, who passed away at the age of 56. When it comes to security, Apple computers were remarkable for the kinds of troubles they largely didn't have in comparison to Microsoft-based computers with their high rate of enterprise adoption that the Apple Macintosh never achieved. Microsoft operating systems and applications over time have been relentlessly targeted by attackers if only because Microsoft products constituted a large field of malware opportunity due to their huge market acceptance, plus the number of vulnerabilities discovered in them month after month.The Macintosh, though hardly perfect, was spared that. Apple's Jobs was a creative force because he fiercely believed his ideas, turned into products, could compete. And competition remains one of the best hopes for product security because it works to offset the kind of software homogeneity that hackers prefer for mass exploitation. Jobs personified the defiant spirit of the early era of personal computing which, in some way, does seem to come to a close with his passing.IN THE NEWS: Massive DDoS attacks a growing threat to VoIP services
[ Stay connected with the latest on networks and the NBN in Computerworld's Networking newsletter ]
Of course, for some, death is just something else on which to capitalize. In one case, as Sophos tells us, scammers are trying to exploit the death of Steve Jobs. As a way to lure victims into his malware trap, one scammer is saying, "In memory of Steve, a company is giving away 50 ipads tonight. R.I.P. Steve Jobs." DDoS attacks growing against telecom and service providersIt takes a lot of guts to stand up and talk candidly about getting hit by a distributed denial-of-service attack, but that's exactly what Don Poe, vice president of network engineering at TelePacific Communications, did at the Comptel Plus Conference in Orlando, Fla.Poe detailed how an attacker took down the local-exchange carrier's VoIP services in a massive DDoS attack in March. It's not known who the attacker was, but a lot of attack traffic was coming from China. Poe provided insight into how TelePacific has bolstered security since then. The trade group Comptel says it organized the session on DDoS because it's learning that more and more of its membership is getting hit with DDoS attacks.There's national security significance in all this if the U.S. telecom industry is under attack constantly. But many in the telecom industry would rather not confront these problems directly and publicly. Botnets are a big part of the DDoS problems, but trying to get the service providers to play a coordinated role in trying to battle this plague is not easy to do. Various officials from the U.S. Department of Commerce and Department of Homeland Security last week tried to get the industry interested in voluntary efforts in this regard by holding a public discussion about it at the D.C.-based Center for Strategic and International Studies. However, auditors from the General Accounting Office last week pointed out the U.S. government agencies could do a lot better on cybersecurity, too.Speaking of botnets, Check Point got in the anti-botnet mood last week with a new product it claims will detect and stop them.The hot buy: Security information event management companiesSIEM (sometimes called "security-event management") is a way to correlate security-related information from a wide range of sources ranging from intrusion-detection systems to servers, applications, network flows and anti-malware, to name a few, in order to get a big-picture view of a network threat, monitor internal usage of resources and support auditing and compliance goals.Suddenly SIEM vendors has gotten hot, with IBM last week acquiring Q1 Labs and McAfee announcing a deal to acquire NitroSecurity. This follows HP late last year buying ArcSight and recently laying out plans for SIEM-based services. SIEM is an increasingly important tool. But everything in the tech industry seems to be a work in progress, and EMC/RSA earlier this year bought NetWitness, which specialized in detection of stealthy attacks, to augment its envision SIEM.Cloud-based services on the riseSymantec surveyed more than 5,000 information and security professionals from 38 countries regarding how far their organizations have gotten in deploying public and private cloud-based services. The independently conducted survey showed that the shift for at least some applications is proceeding apace -- though sometimes the results aren't what were hoped for. Interestingly, the survey appears to show that chief information security officers are largely as enthusiastic about trying cloud-based computing as chief information officers. Symantec itself took a step into the cloud last week in making its single sign-on service called O3 available for corporate trials.Some quick hits from the Ignorance is Bliss Department* Wi-Fi users are blissfully ignorant about security, according to a survey.* Biometrics scares people, though it doesn't really hurt.* Firefox last week advised users to disable the McAfee ScriptScan plug-in (which ships with the McAfee antivirus program for protecting against attacks aimed at Web browsers) because it allegedly can cause "stability or security problems." McAfee said it was working to resolve the ScriptScan issues.* Stanford Hospital and Clinics blames third-party billing services on a data breach that exposed the personal data of 20,000 patients.Read more about wide area network in Network World's Wide Area Network section.
Got more on this story? Email Computerworld
Follow Computerworld on twitter
More about: Apple, ArcSight, Bliss, Check Point, Comptel, EMC, Hewlett-Packard, HP, IBM, IBM Australia, Intel, LAN, McAfee, Microsoft, Pacific Communications, RSA, Sophos, Symantec, TelePacific Communications
How Apple conquered enterprise mobility, without even trying
So you think you know Apple?
Security Research Center - Network World
Microsoft Subnet: An independent Microsoft community
Applications Research Center - Network World
The Microsoft Update: Microsoft to fix 23 security holes in 8 patches on Tuesday
In face of massive cybersecurity threat, government security dawdles
Scammers waste no time in exploiting Steve Jobs's death
VoIP Research Center - Network World
Layer 8: Battling botnet blight:It's going to take a big village
Check Point software takes aim at botnets
Fail a security audit already -- it's good for you
IBM buys security intelligence minded Q1 Labs
Intel's McAfee unit agrees to buy NitroSecurity
In acquiring ArcSight, HP signals intent to be security leader
HP's 'Secure Boardroom' gives execs comprehensive view of corporate security posture
Is EMC/RSA poised to buy NetWitness?
Survey shows shift to cloud-based services, despite concerns
Symantec makes cloud-based security service available for corporate trials
WiFi users blissfully ignorant about real security, research finds
Biometrics scares people
Firefox advises users to disable McAfee plugin
Stanford Hospital blames contractor for data breach
LAN amp; WAN Research Center - Network World
The content of this field is kept private and will not be shown publicly.
If you enter anything in this field your comment will be treated as spam
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
stumbleuponstumbleupon
UK Foreign Secretary warns of 'darker' online scenario
Biden, Cameron hit out at Internet censorship, hacking
Researchers defeat CAPTCHA on popular websites
Standardizing the desktop: Strategies for success
Juniper brings security software to Samsung devices
Three business scenarios for cloud printing
Revolutionizing Enterprise Storage Infrastructure with Enterprise Flash Technology
Reducing Costs Through Better Server Utilisation
HP P6000 Enterprise Virtual Array performance
ESG: Information Security, Virtualization, and the Journey to the Cloud
Toyota's machines to help sick, elderly
How to find meaning in IT change management
Gillard to push for new technology at G20
Robot uses gecko power to climb walls
Enterprise storage buyer's guide: Market roundup
"Tim Lohman: Was Quigley in charge of the home insulation scheme?? No? ..."
We're not to blame for high wiring costs: NBN Co
"great stuff. thats just what the industry needs.. someone to put up ..."
Racing and Wagering Western Australia off and running for Melbourne Cup
"Hi, my standing is Jack, receive all in the forum! :)"
Samsung's Galaxy Tab makes a strong case for buying an iPad
"Best to ask the experts. These are generally Microsoft technicians but are ..."
Windows Event Viewer phishing scam remains active
"@Francis, sadly it seems that the only thing investigative journos want to ..."
We're not to blame for high wiring costs: NBN Co
Tags:security,Microsoft,Apple
USABILITY AS AN ERP SELECTION CRITERIA
Managing Governance in Microsoft SharePoint Environments
Best Practices for Energy Efficient Storage Operations Version 1.0
Microsoft Office PowerPoint 2007 International Student Edition (77-603)
Java Programming 10-Minute Solutions
Extreme Programming in Action - Practical Experiences From Real World Projects
Managing and Leading Software Projects
Outlook 2010 All-In-One for Dummies
Professional Infopath 2003
Macromedia Director MX 2004 Bible
Adobe Photoshop Lightroom for Digital Photographers Only
iPhone 5 rumour roll-up for the week ending October 28
DO NOT SHOW THIS BOX AGAIN [ x ]
We're not to blame for high wiring costs: NBN Co
Which tablet should I buy? iPad 2 vs Sony Tablet S
QA: Commonwealth Bank CIO, Michael Harte
China a minimal cyber security threat: Paper
Windows Event Viewer phishing scam remains active
Sign up now to get free exclusive access to reports, research and invitation only events.
We're not to blame for high wiring costs: NBN Co
NBN may diminish regional broadband services: Internode
Windows Event Viewer phishing scam remains active
Microsoft at a loss over Event Viewer scam
Vodafone upgrading customer service platform
The State of PrivacyData Security Compliance
With the plethora of new privacy and data security regulations, we believe it is time to ask whether regulations help or hinder an organization’s ability not only to protect sensitive and confidential information assets, but to be competitive in the global marketplace. Further, how difficult is it to be in compliance, who is the typical person or functional leader accountable for compliance? What is the value to the organization? Finally, what differences (if any) exist in security practices between compliant and non-compliant organizations?
Get Serious About SOA Governance: A Five-Step Action Plan for Architects
Shifting Focus, Shifting Results | A Joint Research Initiative by the CIO Executive CouncilCapability Management
Improving the Management and Sharing of Massive Data Volumes
UltraISO is an ISO CD/DVD image file tool that creates, edits and converts. It is also a bootable CD/DVD maker that has the ability to ...
HP Converged Storage Zone
EMC Next Generation Backup – Backup & Recovery Solutions
HP Business Efficiency - Money Payback Guarantee Resource Centre
HP Application Lifecycle Management Resources
HP Data Protection Zone
Most Popular Whitepapers
Boldly navigating towards IT-as-a-Service
The Passage to ITaaS via Virtualisation and the Cloud It’s hard to find a CIO who hasn’t started along the path towards virtualisation. Yet while the first leg of the journey delivers impressive gains, CIOs with the vision to deliver ITaaS stand to reap far greater rewards. Read on.
2Five Tips for Effective Backup and Recovery in Virtual Environments
3Unified Storage Strategy guide
4Storage Virtualisation - What to Know and What to Look For
5CIO Perspectives: Best-Practice Approaches to Deploying Video Collaboration Across the Enterprise
CCBusiness AnalystACT
FTTibco Solution Architect - Sydney Based - Permanent Tibco Solutions ArchitectNSW
FTBusiness Analyst - Strong Excel SkillsVIC
CCStorage Systems AdministratorACT
CCBusiness AnalystNSW
CCSenior Business Process AnalystNSW
FTBusiness AnalystACT
FTProcess Improvement AnalystVIC
FTTibco Solution Architect - Sydney Based - Permanent Tibco Solutions ArchitectNSW
CCLead Teradata Architect - leading finance company - lead 10 + Architects - CBDNSW
FTOperations ManagerNSW
FTSenior Technical Support ConsultantNSW
FTB2B Database CoordinatorVIC
CCIntegration Developer - Java / webMethodsVIC
FTQuality Technology Management Co - Systems EngineerNSW
FTOperations OfficerWA
FTBusiness AnalystVIC
FTInformation Services Manager - Teradata - MUST have TeradataNSW
FTIT Operations ManagerNSW
CCBusiness Analyst - Temporary - PermanentNSW
CCOperations Support ManagerNSW
FTSenior Business AnalystNSW
Computerworld newsletter
Join the most dedicated community for IT managers, leaders and professionals in Australia
NEC. The communications systems integrator.
Business IT event iTmatters 2011 9-10 Nov - Melbourne, visit AustralianBusinessForum.com.au
Backup to the Future - Visit the EMC BackupRecovery Zone for next generation backup
How to Implement, Serve and Use Cloud Storage - Control costs and manage data growth
2nd National Cyber Warfare Conference | ONLY 2 weeks to go | Download the program today
Join the Computerworld Community
Check out the latest reviews
Join the community conversation
Editorial ContactsAdvertising InformationPrivacy PolicyRSSNewsletters
EventsWhitepapersNewsWebinarsZones
IT Media ReleasesSlideshowsVideos
Copyright 2011 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.
Computerworld Australia |
Article original from: http://www.computerworld.com.au/article/403462/security_roundup_steve_jobs_apple_it_security_ddos_attacks_against_voip_hot_week_siem/?utm_medium=rss&utm_source=taxonomyfeed
