XSS in Youtube

XSS Vulnerability in Interactive YouTube API Demo Beta

There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma" Inform us about this XSS Vulnerability with proof of concept.
Proof Of Concept :

• Open http://gdata.youtube.com/
• Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area.
• Press ADD

What is OSSAMS?

As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to solve this problem, and we are calling it Open Source Security Assessment Management System (OSSAMS). OSSAMS is a framework for putting configuration files, security scan data files (like Nessus), and other data collected, during a security assessment or penetration test, into a RDBMS.


The framework is going to be designed in a fashion similar to Metasploit, SNORT, or other systems that allow the security community to create plugins for new tasks as needed. The primary goal of OSSAMS is to normalize the data, there by allowing the security professional to better assess the current state of security for an organization.

Completed:
acunetix, burp, grendel, nessus, netsparker, nexpose community, nikto, nmap, ratproxy, retina community, skipfish, sslscan, w3af, wapiti, watcher, websecurify, zap.
Roadmap:
Appscan, arachni, core impact, fierce, httprint, iss, languard, metasploit, ncircle, nexpose, n-stalker, ntospider, openvas, proxystrike, retina, saint, sandcat, webcruiser, webinspect, wsfuzzer…
Requires:
Python > 2.5;
Python-mysqldb; and
Lxml.

Download OSSAMS Alpha

Metasploit Community Edition released!

 Rapid7 launched Metasploit Community Edition: a new free addition to the Metasploit family of software solutions, which help security and IT professionals identify and understand real security threats.


Metasploit Community combines the open source Metasploit Framework with a basic version of the robust commercial user interface available in Metasploit Pro to provide an entry-level response to the evolving threat landscape.

The solution offers a simplified approach to vulnerability verification and penetration testing, enabling organizations of any size to begin the process of understanding and addressing their security posture without the need for deep technical knowledge.

Cyber criminals are successful in breaching networks of enterprises and government agencies every day, creating huge security concerns and compliance issues. Penetration testing is a critical step in assessing the risk posture of the IT infrastructure by complementing vulnerability scans to identify gaps, verify known vulnerabilities for prioritization and decrease false positives, and ensure proper remediation.

Metasploit Community makes security assessments more accessible to individual and commercial users through an intuitive interface that offers simplified network discovery and vulnerability verification for specific exploits. This increases the effectiveness of vulnerability scanners such as Nexpose to provide true security risk intelligence.

The capabilities of Metasploit Community include:

A simple graphical user interface, which makes it much easier to get started with vulnerability verification and security assessments than command-line based alternatives.

Network discovery, enabling users to map their networks by identifying hosts, scanning for open ports and fingerprinting their operating systems and services.

Integration with vulnerability scanners, so scan data from Rapid7 Nexpose, Nmap and a dozen other solutions can be imported directly into Metasploit Community. Nexpose scans can also be initiated and sites imported directly from within Metasploit Community.

Basic exploitation, enabling users to verify which vulnerabilities are actually exploitable and must be remediated - and which ones don't. This increases productivity and reduces the cost of a vulnerability management program and helps prevent data breaches.

Module browser, leveraging the world's largest database of quality-assured exploits so users can easily find the right exploit. Each module includes a reliability ranking, indicating its typical success rate and impact on the target system.

Security and IT professionals can easily upgrade from Metasploit Community to Metasploit Pro, continuing to work with the familiar interface on the existing installation. Metasploit Pro adds more powerful capabilities, including smart exploitation, password auditing, Web application scanning, post-exploitation, social engineering, team collaboration, comprehensive reporting and enterprise-level support.

Check your Browser security

Microsoft launched a website today designed to give users a detailed look at how secure their browser is. The site, called Your Browser Matters, automatically detects the visitor's browser and returns a browser security score on a scale of four points.

When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you’re using. Well, if you’re using IE, Chrome, or Firefox—other browsers are excluded. Not surprisingly, Microsoft’s latest release, Internet Explorer 9, gets a perfect 4 out of 4:

If you visit the site with the most recent public releases of Firefox or Google Chrome, however, the results are less than perfect. Here, for example, are the detailed results for Chrome 14 and Firefox 7:

Microsoft's new site is primarily intended to encourage users of older versions of Internet Explorer to upgrade. The bane of the existence of Web developers everywhere, Internet Explorer 6, only gets one point. To its credit, Microsoft has gone to great lengths to ensure that the next version of its browser is both secure and compliant with Web standards.

Hacking wallpapers

Hacking Wallpaper Collection

Your wallpaper is the great source of motivation for everything you do in  computers. You should set your wallpaper such that it reflects your goal. Its better if you use selfmade wallpapers. Amoung below wallpapers there is one wallpaper created by me, quated “This is my world , im the creator “.

hacking wallpapers.