Cameron Diaz tops malware bait list

Cameron Diaz is the most dangerous celebrity on the Web, antivirus company McAfee said Thursday.

Search strings using Diaz's name have a one-in-ten chance of coming up with a site infected with or spreading malware, said Dave Marcus, McAfee's director of security research and communication. Search for "Cameron Diaz and screensavers," and the risk doubles, Marcus added.

As it has for the last three years, McAfee compiled search phrases that contained names of prominent celebrities, professional athletes, politicians and other newsmakers, then calculated the percentage of the resulting sites tagged as dangerous by the company's SiteAdvisor software.

United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says

Bug used in infamous 2007 defacement fixed, but additional SQL injection bugs remain

Three years after the United Nations' website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities.

Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities.

Hackers: 'ColdFusion bug more serious than Adobe says'

It works, and it's scary

A recently patched vulnerability in Adobe's ColdFusion application server may be more serious than previously thought following the public release of exploit code and blog posts claiming it can be used to take full control of systems running the software.

In a bulletin published last week, Adobe rated the directory traversal vulnerability “important,” the third-highest classification on its four-tier severity scale. “This directory traversal vulnerability could lead to information disclosure,” the company warned. The flaw affects version 9.0.1 and earlier of ColdFusion for machines running Windows, Mac OS X, and Unix operating systems.

Six Florida Colleges Victims Of Widespread Data Breach

SSNs, other personal data of 126,000 students, employees were inadvertently exposed -- and ultimately accessed -- online

Another day, another university data breach: Six colleges in Florida had their students' and employees' personal data exposed and, in some cases, accessed and posted online by outsiders when a library services firm serving the colleges inadvertently left the information in its database exposed for five days.

Students, faculty, and employees at Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and Tallahassee Community College all are at risk of exposed personal data, according to The College Center for Library Automation (CCLA), which provides automated library services and electronic resources to Florida public colleges. As many as 126,000 individuals' Social Security numbers and other personal information were accessed online by unauthorized people (PDF) after a software upgrade at the organization resulted in the database being left exposed.