Security Web Digest: Experts expect attacks on mobile phones ... and More

New Oracle software has single sign-on, PKI House committee votes protection for data publishers Feds ask appeals court to reverse security whistleblower conviction Schumer pushes controversial "do-not-spam" list plan


Mobile phone operators say it is only a matter of time before the wireless world is hit by the same sorts of viruses and worms that attack computer software. Chris Bray, from IBM, said that while wireless technology is becoming more advanced, the number of potential threats is also increasing. "Theyre getting to a point where the networks are becoming more intelligent. There are more places within a network, within a PC, within a wireless network, that you can actually break-in and so its an increasingly difficult job to actually keep those people out."


Oracle unveiled Thursday security software that streamlines the process of controlling access to corporate applications and information. Oracle Identity Management enables system administrators to establish single sign-on for employees, partners or customers who need access to multiple business applications. The software also has user provisioning services for Oracle and non-Oracle applications, and public key infrastructure services, including a certificate authority to issue digital certificates for users.

Intellectual Property

An effort to protect school guides, news archives and other databases from wholesale copying won the approval of a congressional subcommittee on Thursday. The House of Representatives intellectual-property subcommittee voted 11-4 to provide a legal umbrella for publishers of factual information, such as courtroom decisions and professional directories, similar to the copyright laws that protect music, novels and other creative works. Business, consumer and library groups have blocked passage in previous sessions of Congress, saying database publishers can protect themselves through existing laws and terms-of-service agreements.


Federal prosecutors asked a San Francisco appeals court this week to reverse a computer-crime conviction that punished a California man for notifying a companys customers of a flaw in the companys e-mail service. Filed on Tuesday in San Franciscos Ninth District Court of Appeals, the unusual request conceded that federal prosecutors in Los Angeles erred in bringing a criminal case against, and obtaining the conviction of, 30-year-old Bret McDanel. The conviction stems from an incident in September 2000, when McDanel notified the customers of his former employer--Tornado Development, which has since closed its doors--that the companys Web-based e-mail system had a flaw that could allow an attacker to gain access to a users e-mail. The prosecutors successfully argued that that act--and the 5,600 e-mails sent to customers--had essentially damaged Tornados system.


Trying to spark interest in his plan to legislate a federal do not spam list akin to the already-in-place do not call registry for telemarketers, Sen. Charles Schumer (D-N.Y.) released a survey Wednesday that said three out of four Americans would sign up to such a list to keep spam out of their inboxes. But dont hold out much hope, even if one is created. Phone and e-mail systems, and the marketers who employ them, are fundamentally different. "I dont think anyone out there is going to tell you that a do-not-e-mail registry is going to be as effective as a do-not-call registry," said Matthew Prince, co-founder of Unspam LLC, a Chicago startup that developed technology to run such an anti-spam list.