Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.

A new set of vulnerabilities came to light this week at Black Hat DC, and its appearance provides a good look at our bleak "next-gen" security future.

You might want your product to be in the news every day, and for your PR to create miracles for you. But if you want attention, then your company must speak out on big security issues and news.

Yesterday was David Litchfield's last day at NGS Software, and he commemorated the milestone by dropping a zero-day vulnerability in Oracle's 11g database at Black Hat DC. He also surprised the audience -- and possibly himself -- by awarding Oracle a "B+" final grade for security in 11g, after nearly 10 years of keeping Oracle on its toes by calling out vulnerabilities in its database technology.

Security issues surrounding social networking sites make me cringe. I understand their practical applications, but they are also the platform for easy delivery of exploits through social engineering. I've seen many systems compromised by the unconscious click on a Facebook link that users' nonchalance on similar sites and their trust in the Internet frustrates me to no end.

When I see an event like the Haiti earthquake, I worry that we treat disaster preparedness much like we do data backup -- we don't really think about it until it's too late. We are faced with putting in place a plan to deal with disaster, and then realize we don't aren't properly prepared. But I might have found a tool that can help.

Hearing about how many companies were hacked during the Aurora attacks due to a software vulnerability in Microsoft's Internet Explorer (IE) is frustrating. Now another attack is ready to be unveiled at Black Hat DC that also uses an IE "feature." The thought of what can and has happened because of these flaws is scary -- theft of personal information, espionage, identity theft, etc. -- but what happens when software glitches lead to death?

New research published by Sophos today reveals a 70 percent increase in the number of companies reporting spam and malware attacks via social networks.

Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.

Technology blog TechCrunch has been hacked for the second time in 24 hours.

The immensely popular blog TechCrunch has been compromised by hackers who posted an offensive message on its home page.

An Internet rumor that Hollywood superstar Johnny Depp has died in a French car crash is being taken advantage of by cybercriminals, who have planted malware posing as video footage of the accident.

I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.

Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.

The IT world sighed with relief at the news that Microsoft is releasing an out-of-band patch for Internet Explorer on Thursday, Jan. 21.

Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.

I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.

I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.

Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.

The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?

China's No. 1 Website has fallen victim to a group of hackers calling themselves the "Iranian Cyber Army," who replaced the site's home page with a political message.

A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.

It's getting harder to protect our users from threats coming at them from seemingly trusted places. The Websites they've been using for years are suddenly the source of attacks through malicious advertisements being pushed to the "trusted" site by a third-party advertising service. File format attacks against Adobe's Flash and Acrobat are becoming the exploit du jour for attackers.