IBM, BMC bring security technologies to the fore With the U.S. markets in low gear following the July 4 holiday, this week saw empty cubicles, crowded beaches and a hodgepodge of IT security news.The Burton Group Catalyst Conference in San Francisco brought a spate of announcements from companies operating in the hot area of identity management and data privacy.On Wednesday, Thor Technologies announced the availability of Xellerate adapters for Oracle’s Internet Directory, a user identity repository for the Oracle9i platform. The adapters will enable companies using Oracle products such as Oracle9i Application Server, E-Business Suite or Collaboration Suite together with third party products to synchronize user identity and resource provisioning among the different applications, Thor said.IBM used the Catalyst show to introduce EPAL, the Enterprise Privacy Authorization Language, an XML (Extensible Markup Language) derivative that translates business-to-customer privacy protections for applications and databases within an enterprise, IBM said.EPAL will enable companies to translate privacy policies such as those laid out in the World Wide Web Consortium’s Platform for Privacy Preferences into procedures for data handling that can be understood and executed by machines. When fully implemented and linked to new privacy enforcement tools, EPAL will make it easier and more cost effective for companies to extend privacy enforcement by reducing administrative tasks necessary to adapt complex business practices to comply with privacy policies, IBM said.Also on Wednesday, BMC Software, unveiled enhancements to Control-SA, the Houston company’s user-provisioning product. Control-SA will now support user provisioning based on the SPML (Service Provisioning Markup Language) open standard, developed by Organization for the Advancement of Structured Information Standards, BMC said.SPML enables different organizations using heterogenous provisioning products within a supply chain to provision employees on each others’ systems. In addition to supporting SPML, BMC announced a new interface for the Control-SA product that allows the product to take better advantage of LDAP (Lightweight Directory Access Protocol) connectivity. The changes will allow customers to use LDAP to access identity and security information managed by Control-SA, BMC said.Also on the identity management front, Entrust on Tuesday pulled the covers off Entrust GetAccess 7.0, the access control component of Entrust’s Secure Identity Management Solution software.The new release performs at double the speed of earlier GetAccess releases, as well as streamlined deployment and management. Entrust also introduced a new server-based pricing model for GetAccess that enables customers to purchase the product on a per-processor basis, then add capacity to support more applications and users, Entrust said.Finally, humans are innately curious creatures. What other lesson could we draw from FrontBridge Technologies Inc.’s release this week of their list of the “Top Ten Deceptive Spammer Subject Lines”?Despite the barrage of warnings and news coverage related to the spam problem, recipients still can’t help peeking at messages from people they don’t know with enticing subjects like “Check this out!” “Is this your email?” or the ever-seductive “hey,” FrontBridge said. The list was compiled by FrontBridge’s TrueProtect Spam Analyzer from messages sent to the 1,200 enterprise e-mail domains FrontBridge manages for its customers.Ever the masters of human psychology, spammers, use time-honored techniques to lure recipients into opening their messages.Those techniques include using basic, conversational subject line references to trick recipients, putting common names such as “Mary” and “Bob” in the From line to appear to be an acquaintance of the recipient, and creating doubt in the recipient’s mind about missed payments or other obligations, FrontBridge said. Spam e-mail can contain Trojan horse programs, viruses, or bothersome pop-up advertisements, the company said.While FrontBridge’s technology can’t make us less gullible or quench our thirst for friendly conversation, it can block spam messages by comparing messages to more than 10,000 proprietary rules that identify spam messages, the company said.In the meantime, FrontBridge is warning e-mail recipients to be wary of the tricks employed by spammers. Software Development