Latest YouTube Video

Saturday, May 9, 2015

Ravens: John Harbaugh declines to comment on Wells report, says \"246 pages? No, I've been a little more busy than that\" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Benfica stays on course for title, Penafiel relegated

LISBON, Portugal (AP) Benfica moved one step closer to successfully defending its Portuguese league title after it sealed bottom-side Penafiel's relegation with a 4-0 win on Saturday.

from FOX Sports Digital http://ift.tt/1dUqpL2
via IFTTT

[FD] 0day Mailbird XSS ?

Hi, When you send email containing  http://ift.tt/1mgUi6K to a user using mailbird you will receive a great XSS :) Enjoy. PS I din't contact mailbird team. ( who cares ?)

Source: Gmail -> IFTTT-> Blogger

Orioles Highlight: Jimmy Paredes, Chris Davis and Alejandro De Aza each homer off Chase Whitley in 6-2 win over Yankees (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Morgan sits out Sunday's US match to rest knee

SAN JOSE, Calif. (AP) U.S. national team forward Alex Morgan won't play when the team hosts Ireland in an exhibition match on Sunday because of a bone bruise in her left knee.

from FOX Sports Digital http://ift.tt/1P8WNua
via IFTTT

Man United close to Champions League return, Burnley down

MANCHESTER, England (AP) Manchester United ended a three-match losing run to move within sight of Champions League qualification on Saturday, while Burnley became the first team to be relegated from the Premier League this season.

from FOX Sports Digital http://ift.tt/1cAWyH0
via IFTTT

Pogba scores as Juventus draws 1-1 against Cagliari

MILAN (AP) Paul Pogba marked his comeback with a goal as newly crowned Serie A champion Juventus drew 1-1 against relegation-threatened Cagliari on Saturday.

from FOX Sports Digital http://ift.tt/1Fc4s6e
via IFTTT

HBO wins libel case involving soccer ball-child labor report

NEW YORK (AP) HBO has won a libel case that was prompted by a report showing children stitching a British company's soccer balls.

from FOX Sports Digital http://ift.tt/1Erc26k
via IFTTT

Leicester beats Southampton to boost EPL survival bid

LEICESTER, England (AP) �?Leicester won its sixth English Premier League game in seven matches on Saturday, beating fading Southampton 2-0 to continue its march toward survival.

from FOX Sports Digital http://ift.tt/1IZHXAY
via IFTTT

Lyon's title hopes appear over with 3-0 defeat at Caen

PARIS (AP) Lyon's hopes of winning the French league appeared over Saturday after slumping to a 3-0 loss at Caen that left the seven-time champions six points behind leader Paris Saint-Germain with only two games left.

from FOX Sports Digital http://ift.tt/1KuQcDz
via IFTTT

Anonymous: Praeludium

Anonymous. Praeludium. Of the First and Second Tones in G. For Organ or Other Keyboard. B040Y027. Anonymous: Praeludium. Pages of music: 1.

from Google Alert - anonymous http://ift.tt/1JWLwt7
via IFTTT

Newcastle snatches point vs Burnley to end losing streak

NEWCASTLE, England (AP) Newcastle ended a disastrous run of eight straight Premier League defeats with a 1-1 draw against West Bromwich Albion on Saturday.

from FOX Sports Digital http://ift.tt/1ciZLdy
via IFTTT

Villa close to safety after 1-0 win over West Ham

BIRMINGHAM, England (AP) Tom Cleverley scored for the third straight game to earn Aston Villa a 1-0 win over West Ham that pushed his team further away from the Premier League's relegation zone on Saturday.

from FOX Sports Digital http://ift.tt/1FVTSir
via IFTTT

Stoke beats Tottenham 3-0 in Premier League

STOKE, England (AP) Tottenham's slim chances of securing a Champions League spot ended Saturday with a 3-0 loss at Stoke in the Premier League, continuing a late-season slump for the visitors.

from FOX Sports Digital http://ift.tt/1EXwGhM
via IFTTT

Burnley relegated from Premier League despite win at Hull

HULL, England (AP) Burnley was relegated from the Premier League despite a 1-0 win at Hull that dropped the home side into the bottom three on Saturday.

from FOX Sports Digital http://ift.tt/1FVSvQO
via IFTTT

Granada beats Cordoba 2-0 to move closer to safety in Spain

BARCELONA, Spain (AP) Granada beat already-relegated Cordoba 2-0 at home on Saturday to boost its chances of escaping the Spanish league's drop zone.

from FOX Sports Digital http://ift.tt/1cA80To
via IFTTT

'Gladbach defeats Leverkusen 3-0, Bayern loses to Augsburg

BERLIN (AP) Borussia Moenchengladbach defeated Bayer Leverkusen 3-0 to go provisionally second in the Bundesliga while Bayern Munich lost 1-0 to Augsburg on Saturday for the champions' fourth straight loss across all competitions.

from FOX Sports Digital http://ift.tt/1PxeKNM
via IFTTT

Sydney FC advances to A-League grand final against Victory

SYDNEY (AP) Captain Alex Brosque scored goals minutes before and after halftime Saturday to lead Sydney FC to a 4-1 win over Adelaide United and a berth in the A-League grand final against the Melbourne Victory.

from FOX Sports Digital http://ift.tt/1H8xcNy
via IFTTT

Windows 10 is the Last Version of Windows, Microsoft Confirmed

Microsoft just announced in its Ignite 2015 conference in Chicago that Windows 10 is set to be "the last version of Windows." "Right now [we are] releasing Windows 10, and because Windows 10 is the last version of Windows, [we are] all still working on Windows 10," said Microsoft's developer evangelist Jerry Nixon while speaking at the conference this week. What exactly does it mean?


from The Hacker News http://ift.tt/1Iro8SC
via IFTTT

Anweisung zum Generalbass

Anweisung zum Generalbass (Anonymous). Add File. Add Sheet MusicAdd Your Own ... Composer, Anonymous. Language, German. Piece Style ...

from Google Alert - anonymous http://ift.tt/1FVi4l7
via IFTTT

New GPU-based Linux Rootkit and Keylogger with Excellent Stealth and Computing Power

The world of hacking has become more organized and reliable over recent years and so the techniques of hackers. Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack. And there is something new to the list: A team of developers has created not one, but two pieces of malware that run on an infected computer’s graphics


from The Hacker News http://ift.tt/1zN1KBI
via IFTTT

[FD] Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability

[FD] Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429

Information

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2014-3440 - Symantec Critical System Protection RCE

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] DAVOSET v.1.2.4

Hello participants of Mailing List. After making public release of DAVOSET (http://ift.tt/1fhJX6H), I've made next update of the software. DAVOSET v.1.2.4 was released - DDoS attacks via other sites execution tool (http://ift.tt/1mQ7xNp). Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I GitHub: http://ift.tt/1H884q7 Download DAVOSET v.1.2.4: http://ift.tt/1PwmsYx In new version there were added support of site's engine in subfolder to WP method (for the cases, where WordPress is not in the root folder). Also there were added new services into full list of zombies and removed non-working services from full list of zombies. In total there are 165 zombie-services in the list. Best wishes & regards, MustLive Administrator of Websecurity web site http://ift.tt/1H884q9

Source: Gmail -> IFTTT-> Blogger

[FD] Capstone disassembly framework 3.0.3 is out!

Greetings, Version 3.0.3 of Capstone disassembly framework if officially out! I would like to dedicate this release to Prof. Yoshiyasu Takefuji, my former advisor, who is turning 60 years old this year 2015! For those who do not know, Capstone is an open source multi-arch, multi-platform disassembly engine. Find more about our project at http://ift.tt/MNrA0A Summary of important changes in v3.0.3: - Fixed a segfault of X86 engine. - Some bug fixes for X86, Arm & Sparc. - Fixed some issues for Python & Cython bindings. - Support to embed Capstone into Mac OS X kernel extensions. - Fixed compilation issue with older C compilers such as GCC 4.6. More details are available at http://ift.tt/1PwmsYr Thanks, Quynh

Source: Gmail -> IFTTT-> Blogger

Orioles Video: Miguel Gonzalez allows 5 R in 4 IP to put team in 5-0 hole in 5-4 loss to Yankees (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

When Vega is North


In only about 12,000 years Vega will be the North Star, the closest bright star to our fair planet's North Celestial Pole. By then, when you fix your camera to a tripod long exposures of the night sky will show the concentric arcs of star trails centered on a point near Vega as Earth rotates on its axis. Of course, presently the bright star conveniently near the North Celestial Pole is Polaris, but that will change as the Earth's axis of rotation precesses, like the wobble of a spinning top with a precession period of about 26,000 years. If your camera is ready now and you don't want to wait 12,000 years for Vega to be the North Star, consider this ingenious demonstration of contemporary star trails (left) versus star trails reminiscent of the year 14000 CE. Both were recorded this April at the Alqueva Dark Sky Reserve in Alentejo, Portugal. To produce the more Vega-centric star trails of the distant future, astronomer Miguel Claro combined the rotation of two startracking camera mounts to create the apparent shift in the North Celestial Pole. (Addendum: Thanks to APOD readers who note that when Vega is the North Star it will also appear near the same position that Polaris is now relative to the landscape.) via NASA http://ift.tt/1IlqaFp

Friday, May 8, 2015

Anonymous

When collecting ideas we need to have more than just the title and description. Other fields, such as associated budget, problem analysis, etc. would ...

from Google Alert - anonymous http://ift.tt/1cxDARN
via IFTTT

Anonymous

Unweighted GPA: 0.00; Weighted GPA: 0.0; PSAT: 0; ACT: 0; SAT Critical Reading: 0; SAT Math: 0; SAT Writing: 0; Combined SAT: 0; Selectivity ...

from Google Alert - anonymous http://ift.tt/1FUnM6L
via IFTTT

Hamburg draw Freiburg to stay point away from relegation zone

BERLIN (AP) Gojko Kacar scored in the last minute for Hamburger SV to draw 1-1 with Freiburg and stay one point ahead of the relegation-threatened visitors in the Bundesliga on Friday.

from FOX Sports Digital http://ift.tt/1zRZjhC
via IFTTT

Espanyol keeps Eibar on brink of relegation zone in Spain

EIBAR, Spain (AP) Sergio Garcia and Christian Stuani scored to give Espanyol a 2-0 win at Eibar on Friday, dealing the Basque hosts a blow in their attempt to stay in Spain's topflight a second season.

from FOX Sports Digital http://ift.tt/1DWU3nz
via IFTTT

Cavani nets 3 as PSG routs Guingamp 6-0 to edge toward title

PARIS (AP) Edinson Cavani scored a hat trick and Zlatan Ibrahimovic grabbed two as Paris Saint-Germain thrashed Guingamp 6-0 on Friday to move provisionally six points clear of Lyon and take a step toward a third straight French title.

from FOX Sports Digital http://ift.tt/1EiFZGH
via IFTTT

Hamburg draws 1-1 with Freiburg in Bundesliga

BERLIN (AP) Gojko Kacar scored in the last minute for Hamburger SV to draw 1-1 with Freiburg and stay one point ahead of the relegation-threatened visitors in the Bundesliga on Friday.

from FOX Sports Digital http://ift.tt/1Ep2iJN
via IFTTT

Valencia left back Jose Gaya signs contract extension

VALENCIA, Spain (AP) Valencia says left back Jose Gaya has agreed to extend his contract for five seasons, tying him to the Spanish club until 2020.

from FOX Sports Digital http://ift.tt/1ImSfMC
via IFTTT

Doctors say tests show Pele has no tumors

SAO PAULO (AP) Brazilian doctors say tests conducted on Pele after he had prostate surgery this week showed he had a benign condition.

from FOX Sports Digital http://ift.tt/1zL8Er0
via IFTTT

Design News (@RedditDesign) favorited one of your Tweets!

@mistermcguire: [FD] MEDIA Web-Design HTML Injection Web Security Vulnerabilities   Design News favorited your Tweet. View   Patrick McGuire @mistermcguire =   [FD] MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities ift.tt/1Ip9MlC   Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Alienvault OSSIM/USM Multiple Vulnerabilities

[FD] Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

*Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities* Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities Product: Feed2JS Vendor: feed2js.org Vulnerable Versions: v1.7 Tested Version: v1.7 Advisory Publication: May 09, 2015 Latest Update: May 09, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing) *Proposition Details:* *(1) Vendor & Product Description:* *Vendor:* feed2js.org *Product & Vulnerable Versions:* Feed2JS v1.7 *Vendor URL & Download:* Feed2JS can be downloaded from here, http://ift.tt/1EVnmej *Source code:* http://ift.tt/iOSk4E *Product Introduction Overview:* "What is "Feed to JavaScript? An RSS Feed is a dynamically generated summary (in XML format) of information or news published on other web sites- so when the published RSS changes, your web site will be automatically changed too. It is a rather simple technology that allows you, the humble web page designer, to have this content displayed in your own web page, without having to know a lick about XML! Think of it as a box you define on your web page that is able to update itself, whenever the source of the information changes, your web page does too, without you having to do a single thing to it. This Feed2JS web site (new and improved!) provides you a free service that can do all the hard work for you-- in 3 easy steps: Find the RSS source, the web address for the feed. Use our simple tool to build the JavaScript command that will display it Optionally style it up to look pretty. Please keep in mind that feeds are cached on our site for 60 minutes, so if you add content to your RSS feed, the updates will take at least an hour to appear in any other web site using Feed2JS to display that feed. To run these scripts, you need a web server capable of running PHP which is rather widely available (and free). You will need to FTP files to your server, perhaps change permissions, and make some basic edits to configure it for your system. I give you the code, getting it to work is on your shoulders. I will try to help, but cannot always promise answers." *(2) Vulnerability Details:* Feed2JS web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Several other Feed2JS products 0-day vulnerabilities have been found by some other bug hunter researchers before. Feed2JS has patched some of them. "Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities. *(2.1)* The first programming code flaw occurs at "&url" parameter in "magpie_debug.php?" page. *References:* http://ift.tt/1EVnmel http://ift.tt/1zRKf3C http://ift.tt/1EVnkTL http://ift.tt/1EVnkTN http://ift.tt/1zRKgVe http://ift.tt/1zRKgVg http://ift.tt/1EVnkTR http://ift.tt/1zRKhbu http://ift.tt/1EVnmep

Source: Gmail -> IFTTT-> Blogger

[FD] Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security Vulnerabilities

*Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security Vulnerabilities* Exploit Title: Artnana Webboard version 1.4 Multiple XSS Security Vulnerabilities Product: Webboard Vendor: Artnana Vulnerable Versions: version 1.4 Tested Version: version 1.4 Advisory Publication: May 09, 2015 Latest Update: May 09, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing) *Proposition Details:* *(1) Vendor & Product Description:* *Vendor:* Artnana *Product & Vulnerable Versions:* Webboard version 1.4 *Vendor URL & Download:* Webboard can be obtained from here, http://ift.tt/1EVnme8 *Product Introduction Overview:* "Webboard is Thailand IT company that provide software service. Webboard can make your website easier and convenience. WebBoard is a discussion board where you post messages and participate in discussions with the other people in the course." *(2) Vulnerability Details:* Artnana Webboard web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Several other Artnana products 0-day vulnerabilities have been found by some other bug hunter researchers before. Artnana has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to XSS vulnerabilities. *(2.1) *The first programming code flaw occurs at "&keyword" parameter in "search_topic.php?" page. *(2.2) *The second programming code flaw occurs at "&keyword" parameter in "search_products.php" page. *References:* http://ift.tt/1zRKf3u http://ift.tt/1EVnkTE http://ift.tt/1zRKf3w http://ift.tt/1EVnmef http://ift.tt/1zRKf3y http://ift.tt/1GTRSU3 http://ift.tt/1EVnkTJ http://ift.tt/1zRKgVc http://ift.tt/1zRKf3A

Source: Gmail -> IFTTT-> Blogger

[FD] MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

*MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities* Exploit Title: MT.VERNON MEDIA Web-Design v1.12 "gallery.php?" &category parameter HTML Injection Security Vulnerabilities Product: Web-Design v1.12 Vendor: MT.VERNON MEDIA Vulnerable Versions: v1.12 Tested Version: v1.12 Advisory Publication: May 08, 2015 Latest Update: May 08, 2015 CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Wang Jing[Mathematics, Nanyang Technological University (NTU), Singapore] (@justqdjing) *Recommendation Details:* *(1) Vendor & Product Description:* *Vendor:* MT.VERNON MEDIA *Product & Vulnerable Versions:* Web-Design v1.12 *Vendor URL & Download:* MT.VERNON MEDIA can be obtained from here, http://ift.tt/1IWbCLm *Google Dork:* "developed by: Mt. Vernon Media" *Product Introduction Overview:* "In today's economy every business is more focused on ROI (Return On Investment) than ever before. We'll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication: Internet & Intranet sites Design concepts, layouts, and specifications Intuitive Graphical User Interface (GUI) design Dynamic navigation design Creation and manipulation of graphical design elements GIF Animation Flash development HTML hand-coding and debugging JavaScript for interactivity and error-checking ASP (Active Server Pages) Customized Perl CGI scripts (mailing lists, form submission, etc) Customized application development in varied programming languages Site publication and promotion On-going updating and maintenance Banner ads" *(2) Vulnerability Details:* MT.VERNON MEDIA web application has a computer security bug problem. It can be exploited by stored HTML Injection attacks. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust. Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, solutions details related to HTML vulnerabilities. *(2.1) *The first programming code flaw occurs at "&category" parameter in "gallery.php?" page. *References:* http://ift.tt/1GTRTas http://ift.tt/1IWbD24 http://ift.tt/1GTRTau http://ift.tt/1GTRTaw http://ift.tt/1IWbFqC http://ift.tt/1IWbDip http://ift.tt/1GTRS6m http://ift.tt/1CM6yly http://ift.tt/1GTRS6q

Source: Gmail -> IFTTT-> Blogger

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities

*MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities* Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Security Vulnerabilities Product: Web-Design Vendor: MT.VERNON MEDIA Vulnerable Versions: v1.12 Tested Version: v1.12 Advisory Publication: May 08, 2015 Latest Update: May 08, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) Impact Subscore: 6.4 Exploitability Subscore: 10.0 Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] (@justqdjing) *Proposition Details:* *(1) Vendor & Product Description:* *Vendor:* MT.VERNON MEDIA *Product & Vulnerable Versions:* Web-Design v1.12 *Vendor URL & Download:* MT.VERNON MEDIA can be obtained from here, http://ift.tt/1IWbCLm *Google Dork:* "developed by: Mt. Vernon Media" *Product Introduction Overview:* "In today's economy every business is more focused on ROI (Return On Investment) than ever before. We'll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication: Internet & Intranet sites Design concepts, layouts, and specifications Intuitive Graphical User Interface (GUI) design Dynamic navigation design Creation and manipulation of graphical design elements GIF Animation Flash development HTML hand-coding and debugging JavaScript for interactivity and error-checking ASP (Active Server Pages) Customized Perl CGI scripts (mailing lists, form submission, etc) Customized application development in varied programming languages Site publication and promotion On-going updating and maintenance Banner ads" *(2) Vulnerability Details:* MT.VERNON MEDIA web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. "Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to SQL Injection vulnerabilities. *(2.1) *The first programming code flaw occurs at "section.php?" page with "&id" parameter. *(2.2) *The second programming code flaw occurs at "illustrated_verse.php?" page with "&id" parameter. *(2.3) *The third programming code flaw occurs at "image.php?" page with "&id" parameter. *References:* http://ift.tt/1GTRSU5 http://ift.tt/1IWbCLy http://ift.tt/1GTRSU3 http://ift.tt/1IWbCLA http://ift.tt/1GTRRQ2 http://ift.tt/1IWbCLC http://ift.tt/1IWbCLE http://ift.tt/1GTRSUa

Source: Gmail -> IFTTT-> Blogger

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

*MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities* Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple XSS Security Vulnerabilities Product: Web-Design Vendor: MT.VERNON MEDIA Vulnerable Versions: v1.12 Tested Version: v1.12 Advisory Publication: May 07, 2015 Latest Update: May 07, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] (@justqdjing) *Recommendation Details:* *(1) Vendor & Product Description:* *Vendor:* MT.VERNON MEDIA *Product & Vulnerable Versions:* Web-Design v1.12 *Vendor URL & Download:* MT.VERNON MEDIA can be obtained from here, http://ift.tt/1IWbCLm *Google Dork:* "developed by: Mt. Vernon Media" *Product Introduction Overview:* "In today's economy every business is more focused on ROI (Return On Investment) than ever before. We'll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication: Internet & Intranet sites Design concepts, layouts, and specifications Intuitive Graphical User Interface (GUI) design Dynamic navigation design Creation and manipulation of graphical design elements GIF Animation Flash development HTML hand-coding and debugging JavaScript for interactivity and error-checking ASP (Active Server Pages) Customized Perl CGI scripts (mailing lists, form submission, etc) Customized application development in varied programming languages Site publication and promotion On-going updating and maintenance Banner ads" *(2) Vulnerability Details:* MT.VERNON MEDIA Web-Design web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, solutions details related to XSS vulnerabilities. *(2.1) *The first programming code flaw occurs at "section.php?" page with "&id" parameter. *(2.2)* The second programming code flaw occurs at "illustrated_verse.php?" page with "&id" parameter. *(2.3)* The third programming code flaw occurs at "image.php?" page with "&id" parameter. *(2.4) *The forth programming code flaw occurs at "gallery.php?" page with "&np" parameter. *References:* http://ift.tt/1GTRSTW http://ift.tt/1IWbFa5 http://ift.tt/1IWbFa7 http://ift.tt/1GTRRPV http://ift.tt/1IWbCLq http://ift.tt/1GTRSU3 http://ift.tt/1IWbFaa http://ift.tt/1GTRRPY http://ift.tt/1IWbCLu

Source: Gmail -> IFTTT-> Blogger

Re: [FD] pydio vulnerabilities

Re: [FD] AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

Hi, PaX solution has actually 16 random bits for mmap objects in 32bit systems on non affected systems. On affected systems the random bits are degraded to 2^13. Unfortunately, depending on the PaX Kernel configuration sequence, some features may not be enabled. There are sequences of PaX configuration which does not give the expected result. The configuration sequence that results in a miss-configured system is: 1.- Starting from a clean Linux tree with PaX patch applied. 2.- Enabled the "Grsecurity" option (which sets "Security Method" to "Custom") and compile&test: Observed mmap entropy: 2^5 (as expected). 3.- Then set "Security Method" to "Automatic" (which sets "Required Priorities" to "Performance") and compile&test: Observed mmap entropy: 2^5. 4.- Last test: select "Security" on the "Required Priorities" option and compile&test: Observed mmap entropy: 2^5. 5.- At this point, it seems that the "Required Priorities" option has no effect, that is, switching from "Performance" to "Security" or the other way around (as may times as desired) does not enable/disable the expected features, including the mmap randomization. If steps 2 and 3, or 2 and 4 are configured at once (without exiting from the menuconfig), then the system gets properly configured. It seems that something in the PaX Kconfig files are not properly done. Could anyone check it ? So, if you are using PaX, it worth to ensure that you are not losing any PaX feature.

Source: Gmail -> IFTTT-> Blogger

Define your ideal virtual bank

Most banks build their customer base through brick and mortar locations, ATMs, and other in-person services. We believe the next wave of banks will ...

from Google Alert - anonymous http://ift.tt/1FagNb5
via IFTTT

[FD] Docker 1.6.1 - Security Advisory [150507]

Docker Engine version 1.6.1 has been released to address several vulnerabilities and is immediately available for all supported platforms. Users are advised to upgrade existing installations of the Docker Engine and use 1.6.1 for new installations. It should be noted that each of the vulnerabilities allowing privilege escalation may only be exploited by a malicious Dockerfile or image. Users are advised to run their own images and/or images built by trusted parties, such as those in the official images library. Please send any questions to security@docker.com. ==================================================================== [CVE-2015-3629] Symlink traversal on container respawn allows local privilege escalation ==================================================================== Libcontainer version 1.6.0 introduced changes which facilitated a mount namespace breakout upon respawn of a container. This allowed malicious images to write files to the host system and escape containerization. Libcontainer and Docker Engine 1.6.1 have been released to address this vulnerability. Users running untrusted images are encouraged to upgrade Docker Engine. Discovered by Tõnis Tiigi. ============================================================== [CVE-2015-3627] Insecure opening of file-descriptor 1 leading to privilege escalation ============================================================== The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. Libcontainer and Docker Engine 1.6.1 have been released to address this vulnerability. Users running untrusted images are encouraged to upgrade Docker Engine. Discovered by Tõnis Tiigi. ================================================================== [CVE-2015-3630] Read/write proc paths allow host modification & information disclosure ================================================================== Several paths underneath /proc were writable from containers, allowing global system manipulation and configuration. These paths included /proc/asound, /proc/timer_stats, /proc/latency_stats, and /proc/fs. By allowing writes to /proc/fs, it has been noted that CIFS volumes could be forced into a protocol downgrade attack by a root user operating inside of a container. Machines having loaded the timer_stats module were vulnerable to having this mechanism enabled and consumed by a container. We are releasing Docker Engine 1.6.1 to address this vulnerability. All versions up to 1.6.1 are believed vulnerable. Users running untrusted images are encouraged to upgrade. Discovered by Eric Windisch of the Docker Security Team. =============================================== [CVE-2015-3631] Volume mounts allow LSM profile escalation =============================================== By allowing volumes to override files of /proc within a mount namespace, a user could specify arbitrary policies for Linux Security Modules, including setting an unconfined policy underneath AppArmor, or a docker_t policy for processes managed by SELinux. In all versions of Docker up until 1.6.1, it is possible for malicious images to configure volume mounts such that files of proc may be overridden. We are releasing Docker Engine 1.6.1 to address this vulnerability. All versions up to 1.6.1 are believed vulnerable. Users running untrusted images are encouraged to upgrade. Discovered by Eric Windisch of the Docker Security Team. ======================== AppArmor policy improvements ======================== The 1.6.1 release also marks preventative additions to the AppArmor policy. Recently, several CVEs against the kernel have been reported whereby mount namespaces could be circumvented through the use of the sys_mount syscall from inside of an unprivileged Docker container. In all reported cases, the AppArmor policy included in libcontainer and shipped with Docker has been sufficient to deflect these attacks. However, we have deemed it prudent to proactively tighten the policy further by outright denying the use of the sys_mount syscall. Because this addition is preventative, no CVE-ID is requested.

Source: Gmail -> IFTTT-> Blogger

[FD] Yet Another Related Posts Plugin (YARPP) 4.2.4 CSRF -> XSS -> RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to code execution/administrator actions when the injected code is triggered by an admin user. injected javascript code is triggered on any post page. Affected Versions <= 4.2.4 Vulnerability Scope XSS RCE (http://ift.tt/1GYK2Lr) Authorization Required: None Proof of Concept:
Fix: No Fix Available at The Moment. Timeline: Notified Vendor - No Reply Notified Vendor Again- No Reply Publish Disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] SAP vulnerabilities highlighted in many reports such as HP Cyber Risk Report 2015

Recently, HP published their yearly Cyber Risk Report 2015 (http://ift.tt/1OAjbMD ). Having many typical things spotlighted in this report such as growing number of ATM and IOT Security buzz you can find everywhere, ERPScan found some parts which are relevant to business application security. We have prepared deep article from this research, add all details and also collected information from different sources about growing number of SAP vulnerabilities and recent initiatives in helping SAP users to avoid issues (new security guidelines). http://ift.tt/1ALeNyF

Source: Gmail -> IFTTT-> Blogger

Nearly 95% of SAP Systems Vulnerable to Hackers

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely. According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis, the majority of cyber attacks against SAP applications in the


from The Hacker News http://ift.tt/1Ip1r1x
via IFTTT

Ravens: Jamison Hensley breaks down team's 15 undrafted rookie free agents; 1 has made 53-man roster 11 straight seasons (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Steven Gerrard: The one that got away for Jose Mourinho

LONDON (AP) Chelsea manager Jose Mourinho experiences pangs of regret each time he encounters Steven Gerrard, the player he spent much of his illustrious coaching career attempting to sign.

from FOX Sports Digital http://ift.tt/1DWzxUj
via IFTTT

[FD] Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities

Document Title: =============== Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities References (Source): ==================== http://ift.tt/1cf3JDW Release Date: ============= 2015-05-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1482 Common Vulnerability Scoring System: ==================================== 6.2 Product & Service Introduction: =============================== Pimcore is a powerful and robust Zend Framework based PHP content management system (CMS) for creating and managing digital content and assets licensed under the open-source BSD license. Create outstanding digital experiences on the most flexible content management platform available. Manage and edit any type of digital content, for any device and channel in a 100% flexible and personalized way. Pimcore features award-winning single-source and multi-channel publishing functionality making it easy to manage, update, and integrate content and data from various sources. With pimcore brands can create and manage rich digital experiences for all of their output channels at once: web, mobile, apps, social platforms, print and digital signage. With pimcore you can truly `edit once & reuse anywhere`. (Copy of the Homepage: http://ift.tt/1jbcb70 ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple vulnerabilities in the official PIM Core v3.0.5 Content Management System. Vulnerability Disclosure Timeline: ================================== 2015-05-01: Researcher Notification & Coordination (Alain Homewood - PwC New Zealand) 2015-05-01: Vendor Notification (PimCore CMS Security Team) 2015-05-05: Vendor Response/Feedback (PimCore CMS Security Team) 2015-05-07: Vendor Fix/Patch (PimCore Developer Team) 2015-05-08: Public Disclosure (Vulnerability Laboratory - Alain Homewood) Discovery Status: ================= Published Affected Product(s): ==================== Pimcore GmbH Product: PimCore - Content Management System 3.0.5 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ 1.1 A (time-based) blind sql injection web vulnerability has been discovered in the official Pimcore v3.0.5 Content Management System (web-application). The vulnerability allows remote attackers or privileged user accounts to execute own sql commands to compromise the affected web-server dbms. A blind authenticated SQL injection vulnerability exists in the filtering functionality of the HTTP error display in the administration panel. Authenticated is required to exploit this vulnerability, however low privilege users may have access to this functionality (i.e. its located under `Marketing - Search Engine Optimisation`). The request method to execute the malicious sql commands is GET and the issue is exists in the code line of the web-application. The security risk of the sql vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.2. Exploitation of the remote sql injection web vulnerability requires a low privilege application user account without user interaction. Successful exploitation of the sql injection vulnerability results in application and web-service or dbms compromise. Request Method(s): [+] GET Vulnerable Module(s): [+] ./misc/http-error-log Vulnerable Parameter(s): [+] _dc 1.2 A command execution web vulnerability has been discovered in the official Pimcore v3.0.5 Content Management System (web-application). The vulnerability allows remote attackers or local privilege user accounts to compromise the web-server by execution of malicious code. The newsletter sending functionality uses unsanitized user provided input as part of a shell command. Authenticated users can manipulate these values to execute arbitrary commands. Note that low privilege users are likely to have access to this functionality (e.g. marketing users). Authenticated is required to exploit this vulnerability. The request method to execute is POST and the attack vector is located on the application-side of the online service. The security risk of the arbitrary code execution vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the arbitrary code execution vulnerability requires no user interaction but a low privilege web-application user account. Successful exploitation of the remote vulnerability results in unauthorized execution of system specific codes. Request Method(s): [+] POST Vulnerable Module(s): [+] /reports/newsletter/send Vulnerable Parameter(s): [+] HOST 1.3 Two reflected cross site scripting web vulnerability has been discovered in the official Pimcore v3.0.5 Content Management System (web-application). The vulnerability allows remote attackers to inject own script code on the client-side to the user (browser) application requests. Two reflected cross site scripting vulnerabilities exist in the administration panel. The issues are located in the `id` value of the echo back through the `exportClassAction()` and `exportCustomLayOutDefinitionAction()` functions of the `userClassController.php` file. The request method to execute is GET and the issues are located on the client-side of the online-service web application. The security risk of the cross site scripting web vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.2. Exploitation of the arbitrary code execution vulnerability requires no user interaction or privileged web-application user account with password. Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects and persistent manipulation function or connected module context. Request Method(s): [+] GET Vulnerable Module(s): [+] exportClassAction() [+] exportCustomLayOutDefinitionAction() Vulnerable File(s): [+] userClassController.php Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= 1.1 The blind sql injection web vulnerability can be exploited by remote attackers with low privilege application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Get requests to /admin/misc/http-error-log fail to sanitise the value of the "limit" parameter which allows users to inject SQL statements. The unsanitized value of the parameter is included in the following SQL query in MiscController.php: $logs = $db->fetchAll("SELECT code,uri,`count`,date FROM http_error_log " . $condition . " ORDER BY " . $sort . " " . $dir . " LIMIT " . $offset . "," . $limit); PoC or Exploitcode: This vulnerability can be exploited with a time based technique as described on: http://ift.tt/1GHuA9l

Source: Gmail -> IFTTT-> Blogger

ISS Daily Summary Report – 05/07/15

Bone Densitometer (BD) Imaging On-orbit Replacement Unit (ORU) Remove and Replace (R&R): Following a failed checkout of the BD, ground controllers determined that the Imaging Unit had failed. Cristoforetti R&R’ed the unit today in advance of Rodent Research sample collections next Monday. Ground controllers successfully calibrated the unit and are ready to proceed with Rodent Research operations on Monday.  Per experiment requirements, ground controllers will perform another calibration within 24 hours of operation. Binary Colloidal Alloy Test-Low Gravity Phase Kinetics Platform (BCAT-KP) Sample Initiation: Cristoforetti transferred images taken from Sample #5, reset the intervelometer, and initialized Sample #3 for a three week session run.  Following this sample, two more samples are planned before all the BCAT-KP samples are initialized and stowed for approximately 6 months while the colloids are left undisturbed to allow for continued growth.  The BCAT-KP experiment aims to help materials scientists develop new consumer products with unique properties and longer shelf lives. Colloids are mixtures of small particles distributed throughout a liquid, which include milk, detergents and liquid crystals. Gravity affects how the particles clump together and sink, making the International Space Station an ideal platform to study their fundamental behaviors. Cell Mechanosensing-3 Thermal Container Reconfiguration: Virts configured the Thermal Container to the Microscope in the Multi-Purpose Small Payload Rack (MSPR) for the Cell Mechanosensing-3 experiment, scheduled for delivery on SpaceX-7.  Ground controllers received off-nominal health and status from the Microscope and Thermal containers and are investigating the cause prior to proceeding with the checkout.  The investigation identifies gravity sensors in skeletal muscle cells to develop countermeasures to muscle atrophy, a key space health issue. Scientists believe that the lack of mechanical stress from gravity causes tension fluctuations in the plasma membrane of skeletal muscle cells, which changes the expression of key proteins and genes, and allows muscles to atrophy. Muscle cells from rats, and kidney cells from African clawed frogs are tagged with fluorescent gene markers, and attached to an extracellular matrix to study their performance under different tensions, simulating use on earth.  Node 3 (N3) Carbon Dioxide Removal Assembly Bed Remove & Replace (R&R):  Today Virts and Kelly completed CDRA reassembly and installed CDRA back into the rack.  Tomorrow the crew will complete the maintenance by reconnecting the power/data and fluid lines.    Acoustic Dosimeters:  Kelly retrieved 3 acoustic dosimeters that were deployed in various locations throughout the ISS. He downloaded the data for review by ground teams and stowed the dosimeters. Mobile Servicing System (MSS) Operations: Today, the Robotics Ground Controllers powered up the MSS and reconfigured the Space Station Remote Manipulator System (SSRMS) and the Special Purpose Dexterous Manipulator (SPDM) for translation.  Next they translated the Mobile Transporter (MT) from Worksite 2 (WS2) to WS4.  Finally the Robotics Ground Controllers maneuvered the SSRMS/SPDM to a park position.  Today’s Planned Activities All activities were completed unless otherwise noted. HRF Urine Sample Collection HRF – Sample Collection and Prep for Stowage HRF – Sample MELFI Insertion COSMOCARD. Closeout Ops. r/g 8731 Video camera GoPro HERO3 Setup and Adjustment for Operation during ТК 715 Descent ABOUT GAGARIN FROM SPACE.  r/g 8744 Acoustic Dosimeter Stow HRF – Sample MELFI Insertion SM Ventilation System Preventive Maintenance. Group В2  r/g 8393 Measuring air flow speeds on 800А using anemometer. r/g 8669 WRM Condensate Pumping Start Charging GoPro HERO3 Camcorder Battery – start Crew Departure Prep WRM Condensate Pumping Terminate HRF Urine Sample Collection HRF – Sample MELFI Insertion CDRA Component Replacement IDENTIFIKATSIYA  r/g 8732 Crew Medical Officer (CMO) – Computer Based Training (OBT) Physical Fitness Evaluation (on treadmill)  r/g 8728 Applying Ultrasound gel to Bluetooth HRM electrodes to assist in acquiring better heart rate data Dust Filter Changeout  r/g 8393 BCAT-D2XS – Battery Charge Initiation Charging GoPro HERO3 Camcorder Battery – end ESA Weekly Crew Conference Life On The Station Photo and Video / r/g 8544 CDRA – NODE 3 CDRA Chassis Removal Changeout of СРВ-К2М purification column assembly (БКО) / r/g 8751 Stowage of Camcorder for Advanced Resistive Exercise Device (ARED) Exercise Video Dragon Transfer Ops RS Lights Audit (SM, MRM1, MRM2, DC1) / r/g 8737 BRI Log Dump from RSS1 HRF Urine Sample Collection Post-IFM CDRA Hardware Stowage HRF – Sample MELFI Insertion OTKLIK. Hardware Check / r/g 8408 Replacement of ИК0501 Gas Analyzer СО2 Filter Units  r/g 8729 MRLN2 – MERLIN Preparation for SpX-6 Descent VIBROLAB. Copy and Downlink Data / r/g 8739 Dragon Cargo Operations Conference IMS Delta File Prep Bone Densitometer Troubleshooting Part 2 Photography of Plume Impingement and Deposit Monitoring Unit Position on MRM2 r/g 8748 BCAT – Transfer of images from the camera BCAT – Sample Initialization FMK Deployment Ops Grab Sample Container (GSC) Sampling Operations THERM – Container Reconfiguration  Completed Task List Items ESA PAO Event Ground Activities All activities were completed unless otherwise noted. MT Translation BCAT ops SSRMS maneuver to park position Three-Day Look Ahead: Friday, 05/08: Rodents Research, TripleLux A, Dragon transfer ops, OBT CMO training, CDRA maintenance closeout Saturday, 05/09: Crew off duty, housekeeping, Twin Studies saliva collection Sunday, 05/10: Crew off duty, Space Aging, Bone Densitometer startup/calibration QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Standby Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Shutdown Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1zJA290
via IFTTT

Melbourne Victory advance to A-League grand final

MELBOURNE, Australia (AP) The Melbourne Victory advanced to their first A-League grand final in five years with a 3-0 win over crosstown rival Melbourne City on Friday.

from FOX Sports Digital http://ift.tt/1EUGKYU
via IFTTT

Van Gaal: United signed Depay from under noses of PSG

MANCHESTER, England (AP) Manchester United manager Louis van Gaal was forced to personally intervene to clinch the signing of Memphis Depay ahead of schedule to prevent the Netherlands winger from joining Paris Saint-Germain.

from FOX Sports Digital http://ift.tt/1EUBxAo
via IFTTT

Free Tool Allows Anyone to View Facebook Users' Hidden Friends List

Facebook lets you control your every single information posted on the social media site by giving many options to make them private from others, even from your friends. But… There are some personal information on Facebook that you just cannot completely hide — Your friends list are among those, even if there is an option to hide it. The issue resides in the Facebook’s mutual-friends


from The Hacker News http://ift.tt/1GT7wPq
via IFTTT

Liverpool's Sturridge out until September after hip surgery

LIVERPOOL, England (AP) Liverpool manager Brendan Rodgers says Daniel Sturridge is expected to be out until September after the striker underwent hip surgery in New York this week.

from FOX Sports Digital http://ift.tt/1GT2pyI
via IFTTT

Call for Papers: The Lunar Reconnaissance Orbiter, Six Years of Science and Exploration at the Moon

Announcing a call for papers in a special issue of Icarus with a focus on lunar and solar system science that substantially rely on Lunar Reconnaissance Orbiter data. LRO, launched in 2009 has a suite of seven instruments, all of which have been depositing data in the Planetary Data System every three months. We are requesting submissions that rely on LRO data, but we encourage submissions that combine data from LRO with data from other missions.



from Icarus http://ift.tt/1P5yBZm
via IFTTT

LRO Lowers Periapsis

On May 4, 2015, Lunar Reconnaissance Orbiter (LRO) maneuvered into a new orbit that brings it closer than ever to the south pole of the Moon. The orbit is elliptical, with a closest approach, called periapsis, within 20 kilometers of the surface. The far end of the orbit (apoapsis) is roughly 165 kilometers above the north pole. The new orbit is relatively stable, requiring little fuel to maintain. The illustration shows LRO flying over the terrain of the south pole. The terrain is a visualization that uses digital elevation maps from LRO's laser altimeter.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1Qsde1P
via IFTTT

At the Limit of Diffraction


Did you ever want to just look through the eyepiece of a large telescope in space? If you could, you would see a sharp view that was diffraction limited. Unaffected by atmospheric blurring that ultimately plagues earthbound observers, the angular resolution of your diffraction limited view would be determined only by the wavelength of light and diameter of the telescope lens or mirror; the larger the diameter, the sharper the image. Still, in this working earth-based snapshot a new active adaptive optics system (MagAO) is being used to cancel out the atmospheric blurring in a visual observation of famous double star system Alpha Centauri. Testing the system at the eyepiece of the 6.5 meter diameter Magellan Clay Telescope at Las Campanas Observatory, astronomer Laird Close is enjoying a historic diffraction limited view (inset) and the wide apparent separation of the close binary star system ... without traveling to low earth orbit. via NASA http://ift.tt/1DToCL5

Thursday, May 7, 2015

Orioles Video: P Chris Tillman allows Alex Rodriguez's milestone 661st HR after RF Delmon Young robs A-Rod (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Graphical Potential Games. (arXiv:1505.01539v1 [cs.GT])

Potential games, originally introduced in the early 1990's by Lloyd Shapley, the 2012 Nobel Laureate in Economics, and his colleague Dov Monderer, are a very important class of models in game theory. They have special properties such as the existence of Nash equilibria in pure strategies. This note introduces graphical versions of potential games. Special cases of graphical potential games have already found applicability in many areas of science and engineering beyond economics, including artificial intelligence, computer vision, and machine learning. They have been effectively applied to the study and solution of important real-world problems such as routing and congestion in networks, distributed resource allocation (e.g., public goods), and relaxation-labeling for image segmentation. Implicit use of graphical potential games goes back at least 40 years. Several classes of games considered standard in the literature, including coordination games, local interaction games, lattice games, congestion games, and party-affiliation games, are instances of graphical potential games. This note provides several characterizations of graphical potential games by leveraging well-known results from the literature on probabilistic graphical models. A major contribution of the work presented here that particularly distinguishes it from previous work is establishing that the convergence of certain type of game-playing rules implies that the agents/players must be embedded in some graphical potential game.



from cs.AI updates on arXiv.org http://ift.tt/1FSDcII
via IFTTT

Best-First and Depth-First Minimax Search in Practice. (arXiv:1505.01603v1 [cs.AI])

Most practitioners use a variant of the Alpha-Beta algorithm, a simple depth-first pro- cedure, for searching minimax trees. SSS*, with its best-first search strategy, reportedly offers the potential for more efficient search. However, the complex formulation of the al- gorithm and its alleged excessive memory requirements preclude its use in practice. For two decades, the search efficiency of "smart" best-first SSS* has cast doubt on the effectiveness of "dumb" depth-first Alpha-Beta. This paper presents a simple framework for calling Alpha-Beta that allows us to create a variety of algorithms, including SSS* and DUAL*. In effect, we formulate a best-first algorithm using depth-first search. Expressed in this framework SSS* is just a special case of Alpha-Beta, solving all of the perceived drawbacks of the algorithm. In practice, Alpha-Beta variants typically evaluate less nodes than SSS*. A new instance of this framework, MTD(f), out-performs SSS* and NegaScout, the Alpha-Beta variant of choice by practitioners.



from cs.AI updates on arXiv.org http://ift.tt/1P4XNiW
via IFTTT

Structure Formation in Large Theories. (arXiv:1505.01620v1 [cs.LO])

Structuring theories is one of the main approaches to reduce the combinatorial explosion associated with reasoning and exploring large theories. In the past we developed the notion of development graphs as a means to represent and maintain structured theories. In this paper we present a methodology and a resulting implementation to reveal the hidden structure of flat theories by transforming them into detailed development graphs. We review our approach using plain TSTP-representations of MIZAR articles obtaining more structured and also more concise theories.



from cs.AI updates on arXiv.org http://ift.tt/1JuInO5
via IFTTT

LeoPARD --- A Generic Platform for the Implementation of Higher-Order Reasoners. (arXiv:1505.01629v1 [cs.LO])

LeoPARD supports the implementation of knowledge representation and reasoning tools for higher-order logic(s). It combines a sophisticated data structure layer (polymorphically typed {\lambda}-calculus with nameless spine notation, explicit substitutions, and perfect term sharing) with an ambitious multi-agent blackboard architecture (supporting prover parallelism at the term, clause, and search level). Further features of LeoPARD include a parser for all TPTP dialects, a command line interpreter, and generic means for the integration of external reasoners.



from cs.AI updates on arXiv.org http://ift.tt/1P4XcNZ
via IFTTT

Contextual Analysis for Middle Eastern Languages with Hidden Markov Models. (arXiv:1505.01757v1 [cs.CL])

Displaying a document in Middle Eastern languages requires contextual analysis due to different presentational forms for each character of the alphabet. The words of the document will be formed by the joining of the correct positional glyphs representing corresponding presentational forms of the characters. A set of rules defines the joining of the glyphs. As usual, these rules vary from language to language and are subject to interpretation by the software developers.

In this paper, we propose a machine learning approach for contextual analysis based on the first order Hidden Markov Model. We will design and build a model for the Farsi language to exhibit this technology. The Farsi model achieves 94 \% accuracy with the training based on a short list of 89 Farsi vocabularies consisting of 2780 Farsi characters.

The experiment can be easily extended to many languages including Arabic, Urdu, and Sindhi. Furthermore, the advantage of this approach is that the same software can be used to perform contextual analysis without coding complex rules for each specific language. Of particular interest is that the languages with fewer speakers can have greater representation on the web, since they are typically ignored by software developers due to lack of financial incentives.



from cs.AI updates on arXiv.org http://ift.tt/1ElNvzu
via IFTTT

Effects of Nonparanormal Transform on PC and GES Search Accuracies. (arXiv:1505.01825v1 [cs.AI])

Liu, et al., 2009 developed a transformation of a class of non-Gaussian univariate distributions into Gaussian distributions. Liu and collaborators (2012) subsequently applied the transform to search for graphical causal models for a number of empirical data sets. To our knowledge, there has been no published investigation by simulation of the conditions under which the transform aids, or harms, standard graphical model search procedures. We consider here how the transform affects the performance of two search algorithms in particular, PC (Spirtes et al., 2000; Meek 1995) and GES (Meek 1997; Chickering 2002). We find that the transform is harmless but ineffective for most cases but quite effective in very special cases for GES, namely, for moderate non-Gaussianity and moderate non-linearity. For strong-linearity, another algorithm, PC-GES (a combination of PC with GES), is equally effective.



from cs.AI updates on arXiv.org http://ift.tt/1JuIYiJ
via IFTTT

Online Context-Dependent Clustering in Recommendations based on Exploration-Exploitation Algorithms. (arXiv:1502.03473v3 [cs.LG] UPDATED)

We investigate two context-dependent clustering techniques for content recommendation based on exploration-exploitation strategies in contextual multiarmed bandit settings. Our algorithms dynamically group users based on the items under consideration and, possibly, group items based on the similarity of the clusterings induced over the users. The resulting algorithm thus takes advantage of preference patterns in the data in a way akin to collaborative filtering methods. We provide an empirical analysis on extensive real-world datasets, showing scalability and increased prediction performance over state-of-the-art methods for clustering bandits. For one of the two algorithms we also give a regret analysis within a standard linear stochastic noise setting.



from cs.AI updates on arXiv.org http://ift.tt/1Dn3PTW
via IFTTT

Policemen detained in case of fans slayed in Brazil

SAO PAULO (AP) Authorities say a policeman and a former policeman have been detained by officials investigating the killings of eight people at the fan club of a popular Brazilian soccer club.

from FOX Sports Digital http://ift.tt/1zPtCWj
via IFTTT

Orioles: SS J.J. Hardy batting 7th in return from DL on Thursday against Yankees (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Brazil hospital says Pele recovering from prostate surgery

SAO PAULO (AP) Pele is recovering from prostate surgery in a Sao Paulo hospital.

from FOX Sports Digital http://ift.tt/1KPZRVX
via IFTTT

Dnipro scores late for 1-1 draw at Napoli in Europa League

NAPLES, Italy (AP) Ukrainian side Dnipro equalized late in the second half for a 1-1 draw at Napoli in the opening leg of the Europa League semifinals on Thursday.

from FOX Sports Digital http://ift.tt/1zGYibO
via IFTTT

Sevilla beats Fiorentina 3-0 in Europa League semifinal

SEVILLE, Spain (AP) Sevilla right back Aleix Vidal scored two goals and set up another to lead the titleholders to a 3-0 win over Fiorentina in their Europa League semifinal first leg on Thursday.

from FOX Sports Digital http://ift.tt/1KPUAOb
via IFTTT

Mum-of-one with invisible disability gets abusive anonymous note after parking in disabled bay

Another article that highlights the fact that not all disabilities can be seen, but are still there. A mother-of-one is campaigning for better awareness of.

from Google Alert - anonymous http://ift.tt/1ISYJle
via IFTTT

I have a new follower on Twitter


Legal Design Init.
The Legal Design Initiative, currently living at Stanford's d.school & Center on the Legal Profession
Stanford, CA
http://t.co/51vRmD5N3M
Following: 498 - Followers: 1160

May 07, 2015 at 03:56PM via Twitter http://twitter.com/LegalTechDesign

Greece approves amended sports law after UEFA objections

ATHENS, Greece (AP) Greece has adopted an amended version of a new sports law aimed at fighting soccer violence and match-fixing, after initial objections from UEFA which threatened to suspend Greece from international competition.

from FOX Sports Digital http://ift.tt/1Rh7SaS
via IFTTT

US Court Rules NSA Phone surveillance Program is illegal

US Court rules NSA Phone surveillance Program is illegal United States’ National Security Agency (NSA) Spying program that systematically collects data about Millions of Americans' phone calls in bulk is illegal – Yes illegal. The NSA Phone surveillance program, first disclosed by the former NSA employee and whistleblower of global surveillance Edward Snowden, ruled illegal by a New


from The Hacker News http://ift.tt/1zGkfYo
via IFTTT

Blatter says he's been 'godfather' for women's soccer

ZURICH (AP) Describing himself as a ''godfather'' to women's soccer at FIFA, Sepp Blatter has acknowledged its appeal still trails that of the men's game.

from FOX Sports Digital http://ift.tt/1FS2ruy
via IFTTT

Ramos leaves open US U20 roster spot for Arsenal's Zelalem

NEW YORK (AP) U.S. coach Tab Ramos has left a spot open on his roster for the Under-20 World Cup, hoping to add Gedion Zelalem if FIFA allows the Arsenal midfielder to play for the Americans.

from FOX Sports Digital http://ift.tt/1F814t0
via IFTTT

FIFA adviser expresses sympathy for Palestinians

RAMALLAH, West Bank (AP) FIFA's anti-racism adviser says he hopes to work to resolve the crisis between the Palestinian and Israeli soccer federations.

from FOX Sports Digital http://ift.tt/1cb5h1P
via IFTTT

Champions League return on horizon for Man United

MANCHESTER, England (AP) The reversal in fortunes of England's two most successful clubs could be underlined this weekend as Manchester United looks to secure a return to the Champions League and end Liverpool's brief stay in Europe's top competition.

from FOX Sports Digital http://ift.tt/1zFqOKN
via IFTTT

[FD] Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References (Source): ==================== http://ift.tt/1FJUPu0 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1420 Common Vulnerability Scoring System: ==================================== 6.7 Product & Service Introduction: =============================== Grindr, which first launched in 2009, has exploded into the largest and most popular all-male location-based social network out there. With more than 5 million guys in 192 countries around the world -- and approximately 10,000 more new users downloading the app every day -- you’ll always find a new date, buddy, or friend on Grindr. Grindr is a simple app that uses your mobile device’s location-based services to show you the guys closest to you who are also on Grindr. How much of your info they see is entirely your call. (Copy of the Vendor Homepage: http://ift.tt/1dXsnmS ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered the well known Breach Attack issue in the official Grindr v2.1.1 iOS mobile application and connected account system. Vulnerability Disclosure Timeline: ================================== 2015-01-23: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security) 2015-01-23: Vendor Notification (Grinder - Bug Bounty Program) 2015-02-12: Vendor Response/Feedback (Grinder - Bug Bounty Program) 2015-04-01: Vendor Fix/Patch (Grindr Developer Team - Reward: x & Manager: x) 2015-05-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ The grindr v2.1.1 & connected account system is vulnerable to the famous `breach attack`. Remote and local attackers can leverage data leaked by compression to recover targeted sections of the plain-text, inject partial plain-text into application-side or client-side victim requests or aeasure the data size of encrypted traffic of the mobile application and connected account system. The following conditions must match to become a target of the issue ... - Become served from a server that uses HTTP-level compression - Reflection of user-inputs in HTTP responses (context body) - Reflect a secret data (token, csrf-x) in HTTP response bodies The vulnerability affects the ./user module of the server online-service. The following issues are matching to grant the successful exploitation ... - We verified that the page content is served via HTTPS protocol - We verified that the server is using the HTTP-level compression - We verified that URL encoded GET input locale was reflected into the HTTP response context body - We verified that the HTTP response contains in the body a secret token named authenticity_token that is already known as broken of the reports due to the pentest Proof of Concept (PoC): =======================

Source: Gmail -> IFTTT-> Blogger

[FD] Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability

Document Title: =============== Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/1IjeyRH Yahoo Security ID (H1): #55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1491 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California. It is widely known for its web portal, search engine Yahoo! Search, and related services, including Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Finance, Yahoo! Groups, Yahoo! Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo! websites every month. Yahoo! itself claims it attracts `more than half a billion consumers every month in more than 30 languages. (Copy of the Vendor Homepage: http://www.yahoo.com ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a client-side cross site scripting web vulnerability in the official Yahoo eMarketing online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-05-03: Vendor Notification (Yahoo Security Team - Bug Bounty Program) 2015-05-05: Vendor Response/Feedback (Yahoo Security Team - Bug Bounty Program) 2015-05-06: Vendor Fix/Patch (Yahoo Developer Team) 2015-05-06: Bug Bounty Reward (Yahoo Security Team - Bug Bounty Program) 2015-05-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non-persistent input validation web vulnerability has been discovered in the official Yahoo eMarketing online service web-application. The security vulnerability allows remote attackers to manipulate client-side application to browser requests to compromise user/admin session information. The vulnerability is located in the `id` value of the `eMarketing` module. Remote attackers are able to inject malicious script codes to client-side GET method application requests. Remote attackers are able to prepare special crafted web-links to execute client-side script code that compromises the yahoo user/admin session data. The execution of the script code occurs in same module context location by a mouse-over. The attack vector of the vulnerability is located on the client-side of the online service and the request method to inject or execute the code is GET. The security risk of the non-persistent cross site vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the non-persistent cross site scripting web vulnerability requires no privileged web application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing, non-persistent external redirects, non-persistent load of malicious script codes or non-persistent web module context manipulation. Request Method(s): [+] GET Vulnerable Module(s): [+] Yahoo > eMarketing Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privilege application user account and low user interaction (click). For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC Payload(s): "onmouseenter="confirm(document.domain) (http://ift.tt/1IRJnxn) PoC: eMarketing ID
覺得這篇文章有幫助? 分享給更多頭家!


Source: Gmail -> IFTTT-> Blogger

[FD] Album Streamer v2.0 iOS - Directory Traversal Vulnerability

Document Title: =============== Album Streamer v2.0 iOS - Directory Traversal Vulnerability References (Source): ==================== http://ift.tt/1KNZj2Q Release Date: ============= 2015-05-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1481 Common Vulnerability Scoring System: ==================================== 6.6 Product & Service Introduction: =============================== 1 Tap - Quick, Album Streamer, best Photo/Video Transfer app ever! Quick way to share your Album Photos and Videos to your computer. It takes only single tap to stream and download all/selected photos or videos. You can even view or play slide show of all your photos directly on the computer without downloading. (Copy of the Homepage: http://ift.tt/1IRJpp8 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a directory traversal web vulnerability in the official Album Streamer v2.0 iOS mobile web-application. Vulnerability Disclosure Timeline: ================================== 2015-05-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Spider Talk Product: Album Streamer - iOS Mobile Web Application (Wifi) 2.0 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A Path Traveral web vulnerability has been discovered in the official Album Streamer v2.0 iOS mobile web-application. The security vulnerability allows a remote attacker to unauthorized request system path variables to compromise the mobile application or apple iOS device. The vulnerability is located in the `id` request to the `path` value of the photoDownload module. The vulnerability can be exploited by local or remote attackers without user interaction. The attacker needs to replace the picture assets id path request of the photoDownload module with a malicious payload like ./etc/passwd ./etc/hosts. The attack vector is located on the application-side of the service and the request method to execute is GET (client-side). The security risk of the path traversal web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.6. Exploitation of the directory traversal web vulnerability requires no privileged application user account or user interaction. Successful exploitation of the vulnerability results in mobile application compromise Request Method(s): [+] GET Vulnerable Module(s): [+] photoDownload Vulnerable Parameter(s): [+] id Affected Module(s): [+] photoDownload Item Index Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged application user account or user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC: http://localhost/photoDownload?id=[DIRECTORY TRAVERSAL]../../../../../../../etc Vulnerable Source(s): localhost/photoDownload

Videos



Source: Gmail -> IFTTT-> Blogger

FIFA imposes new passport rule for World Cup qualifiers

ZURICH (AP) FIFA has tightened player eligibility rules for the World Cup after eight African qualifying matches were defaulted for the 2014 tournament.

from FOX Sports Digital http://ift.tt/1cqKpnS
via IFTTT

FIFA official expresses sympathy for Palestinians

RAMALLAH, West Bank (AP) FIFA's anti-racism adviser says he hopes to work to resolve the crisis between the Palestinian and Israeli soccer federations.

from FOX Sports Digital http://ift.tt/1AHF9la
via IFTTT

PSG looks to take a step closer to 3rd straight French title

PARIS (AP) With three games to go, only three points separate Paris Saint-Germain and Lyon at the top of the French league standings.

from FOX Sports Digital http://ift.tt/1Ed1BEg
via IFTTT

Strike puts finale of Spanish soccer season in doubt

BARCELONA, Spain (AP) The biggest obstacle to Barcelona winning the Spanish league title may not be Real Madrid after all.

from FOX Sports Digital http://ift.tt/1KOUmGZ
via IFTTT

ISS Daily Summary Report – 05/06/15

Gene, Immune and Cellular Responses to Single and Combined Space Flight Conditions – A (Triplelux-A): Cristoforetti installed the three Triplelux Reservoir A into the Automatic Ambient Stowage (AAS) inserts. She retrieved the second Culture Tube A from Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI), thawed it in the Biolab glovebox and installed it in the EC. Following crew activities, ESA ground control teams performed bioluminescence measurements. Triplelux-A uses a rat macrophage cell line to investigate and compare the ability of macrophages to kill pathogens under normal gravity and microgravity conditions.  The goal is to gain a better understanding of immune suppression in spaceflight. Cell Mechanosensing-3 Preparation: Virts configured and performed a checkout of the Multi-Purpose Small Payload Rack (MSPR) Thermal Container and the Microscope in the rack in advance of the Cell Mechanosensing experiment launching on SpX-7. The experiment clarifies the mechanism of how tension fluctuation in cell membrane regulates activities of such transducers during microgravity conditions. The experiment cultures L6 myotubes/myoblastic cells on extracellular matrix with different rigidity in ‘Kibo’ module of the ISS so that microgravity conditions induce distinct tension fluctuation in cell membranes. JEM Airlock (JEMAL) Operations: Virts repressurized the JEMAL and performed a leak check. The Robotics Refueling Mission (RRM) Task Board-2 and Safety Cap Tool (SCT) will be brought into the ISS habitable volume and removed from the JEMAL Slide Table later in May. Urine Processing Assembly (UPA) Hose Install:  Due to recent high pressure signuatures the UPA has not been processing.  The data indicates that there is a restriction preventing the Pressure Control Pump Assembly (PCPA) to maintain the purge to the Distillation Assembly (DA) during operation. Since the DA is new with only 29 hours of operation, the restriction is expected to be in the purge line between the DA and PCPA.  This morning Kelly replaced this purge line with a pristine contingency hose.  UPA is currently processing nominally. Node 3 (N3) Carbon Dioxide Removal Assembly Bed Remove & Replace (R&R):  Virts continued CDRA maintenance operations by removing both of the N3 CDRA Adsorbent/Desorbent (AD/DES) beds and installing the new beds that arrived on SpX-6. The old CDRA beds will be returned on SpX-6 for refurbishment. ISS Reboost:  This morning, the ISS performed a reboost using 58P thrusters to set up phasing requirements for 41S landing scheduled on May 13. Burn duration was 12 minutes, 17 seconds with a Delta-V of 1.34 meters/second. SpaceX (SpX)-6 Cargo Transfer Operations: The crew continued loading return cargo and trash into the Dragon vehicle. As of tonight’s crew report we are approximately 67% complete with SpX-6 cargo operations.   Today’s Planned Activities All activities were completed unless otherwise noted. THERM – Container Insertion CARDIOVECTOR. Experiment Ops Fine Motor Skills – Experiment Ops Crew prep for departure Crew Departure Prep PAO Hardware Setup Crew Prep for PAO TPLXA – Hardware Retrieval TV Conference with Russia Today TV Channel Correspondent TPLXA – EC Removal from Incubator COSMOCARD. Preparation Ops. Starting 24-hr ECG Recording Dragon Transfer Ops COSMOCARD. Photography of the Experiment Ops Bone Densiometer troubleshooting [Aborted] JEMAL – Pressurization BAR. Testing Ultrasound Analyzer [АУ-1] and Leak Indicator [УТ].  Acoustic Dosimeter Ops Symbolic Activity [Deferred] TPLXA – Installation of Glove Box PAO Hardware Setup JEMAL – Leak Check after Pressurization Crew Prep for PAO Crew prep for departure – Virts [Aborted] MSPR Activation PAO Event ТК 715 Transfer Ops EHS – In-flight Microbiology Water analysis and data recording Physical Fitness Evaluation (on treadmill) TPLXA – Installation of Reservoir ТК 715 Loading of Equipment for Disposal Completion Report Sokol Space Suit leak check Sokol Suit Drying – Set up Suits 1 and 2 for Drying Crew OBT – Crew Medical Officer (CMO) – Computer Based Training TPLXA – Preparation Ops TPLXA – Retrieval of Culture Tube from MELFI TPLXA – Tube insertion into the Glovebox Review procedure on measuring air flow speeds using anemometer THERM – Thermal container check Crew prep for departure Photography of SM Power Supply System Devices РТ-50-1М Dust Filter Replacement and В1, В2 Fan Grille Cleaning in DC1 TPLXA – Installation of Culture Tube into EC Dragon Transfer Ops VIBROLAB. Clearing Sinus-Accord P/L Card.r/g 8738 CDRA – Bed R&R in Node 3 TPLXA – Equipment Stowage Filling EDV-SV No.1142 From SM Rodnik Water Tank 2 Crew Departure Prep ESA Weekly Crew Conference EXPOSE-R БСПН (Payload Server) data download to RSS1 Laptop HRF – Hardware Setup Terminate Drying of Suits 1,2 СОЖ Maintenance Start Drying Spacesuit 3 and Set Up the 1st Pair of Gloves for Drying VZAIMODEISTVIYE-2. Experiment Ops Dragon Cargo Operations Conference PAO TV Hardware Setup Finish drying the first pair of gloves and start drying the second pair Video Footage of Address HRF – Hardware Setup TWIN – Saliva Collection Hardware Setup Terminate drying the second pair of gloves Applying Ultrasound gel to Bluetooth HRM electrodes TV PAO Event (Ku + S-band) VZAIMODEISTVIYE-2. Experiment Ops IMS Delta File Prep Dragon -Installation of Door Panels and internal rear closeout Finish Drying the 3rd suit, Start Drying the 3rd Pair of Gloves Terminate drying the 3rd pair of gloves Cognition – Experiment Ops Stow suits and gloves after drying Completed Task List Items KTO Replace  Ground Activities All activities were completed unless otherwise noted. JEMAL pressurization monitoring ACE ops Three-Day Look Ahead: Thursday, 05/07: CDRA chassis replace, BCAT, MERLIN prep for SpX-6 return Friday, 05/08: Rodents Research, TripleLux A, Dragon transfer ops, OBT CMO training Saturday, 05/09: Crew off duty, housekeeping QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Standby Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1KOKZHy
via IFTTT

Column: Pep Guardiola, too clever for his own good?

PARIS (AP) There is such a thing as being too clever for your own good.

from FOX Sports Digital http://ift.tt/1F7A6lo
via IFTTT

Android M — Latest Google Android OS to be Unveiled This Month

While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco. Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the "Android for Work Update"


from The Hacker News http://ift.tt/1Rg1xwC
via IFTTT

Spanish football league takes FA to court over strike

BARCELONA, Spain (AP) The Spanish league is taking legal measures against the country's football federation for suspending all domestic matches from May 16.

from FOX Sports Digital http://ift.tt/1Ikbu80
via IFTTT

Blatter says he's been 'godfather' for women's football

ZURICH (AP) Sepp Blatter says he has been a ''godfather'' to women's football at FIFA, but that it is still ''limping behind'' the men's game.

from FOX Sports Digital http://ift.tt/1Eczh4Z
via IFTTT

I have a new follower on Twitter


Bravo



Following: 312 - Followers: 46

May 07, 2015 at 08:12AM via Twitter http://twitter.com/Karan16_fcb

Hurting Bayern hosts Augsburg after 3 straight defeats

FRANKFURT, Germany (AP) The Bundesliga title race is over. The Champions League may be over for Bayern Munich now too, meaning the team may not have anything to play for come next week.

from FOX Sports Digital http://ift.tt/1GQUQbZ
via IFTTT

Roma, Lazio and Napoli fighting for 2nd place in Serie A

ROME (AP) With Juventus having sealed its fourth successive Serie A title last weekend, attention turns to the three-way battle for second place and the final direct Champions League berth.

from FOX Sports Digital http://ift.tt/1zEJ477
via IFTTT

Barcelona hosts Sociedad with Spanish title near

BARCELONA, Spain (AP) Still basking in its 3-0 win over Bayern Munich, Barcelona now needs to protect its lead in the Spanish league.

from FOX Sports Digital http://ift.tt/1KOmMRq
via IFTTT

WordPress Vulnerability Puts Millions of Websites At Risk

Millions of WordPress websites are at risks of being completely hijacked by the hackers due to a critical cross-site scripting (XSS) vulnerability present in the default installation of the widely used content management system. The cross-site scripting (XSS) vulnerability, uncovered by the security researcher David Dedes from Web security firm Sucuri. Wordpress vulnerability resides in


from The Hacker News http://ift.tt/1PqJuQl
via IFTTT

Former England striker Greaves out of hospital after stroke

LONDON (AP) The family of Jimmy Greaves says the former England striker is out of intensive care following a severe stroke.

from FOX Sports Digital http://ift.tt/1dPmSxq
via IFTTT

Anonymous Italy on Twitter: "http://t.co/bvbVVtMUX5 & http://t.co/k2t4CjUY00 'Houston, we have a ...

http://ift.tt/1H0Z0Rd & http://ift.tt/1zNYA11 'Houston, we have a problem'! #Renzi #labuonascuola #Anonymous.

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/OperationItaly/status/596069018974425088&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGA_gNas67zvWgHl5Z1ujAROxTa2A
via IFTTT

[FD] pydio vulnerabilities

Does anyone have any info on the two pydio vulnerabilities announced today? They have been given CVE-2015-3431 and CVE-2015-3432 but a search on mitre just says those are reserved. There is no information or explanation about what the issues are. http://ift.tt/1IQfOMG Thanks for any info anyone has. Robot

Source: Gmail -> IFTTT-> Blogger

Summer Triangles over Japan


Have you ever seen the Summer Triangle? The bright stars Vega, Deneb, and Altair form a large triangle on the sky that can be seen rising in the early northern early spring during the morning and rising in the northern fall during the evening. During summer months, the triangle can be found nearly overhead near midnight. Featured here, the Summer Triangle asterism was captured last month from Gunma, Japan. In the foreground, sporting a triangular shape of its own, is a flowering 500 year old cherry tree, standing about 15 meters tall. The triangular shape of the asterism is only evident from the direction of Earth -- in actuality the stars are thousands of light years apart in space. via NASA http://ift.tt/1EfbIr9

Wednesday, May 6, 2015

Orioles Video: Ubaldo Jimenez lasts just 4 innings, allows 3 ER in 5-1 loss to Mets (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

The Configurable SAT Solver Challenge (CSSC). (arXiv:1505.01221v1 [cs.AI])

It is well known that different solution strategies work well for different types of instances of hard combinatorial problems. As a consequence, most solvers for the propositional satisfiability problem (SAT) expose parameters that allow them to be customized to a particular family of instances. In the international SAT competition series, these parameters are ignored: solvers are run using a single default parameter setting (supplied by the authors) for all benchmark instances in a given track. While this competition format rewards solvers with robust default settings, it does not reflect the situation faced by a practitioner who only cares about performance on one particular application and can invest some time into tuning solver parameters for this application. The new Configurable SAT Solver Competition (CSSC) compares solvers in this latter setting, scoring each solver by the performance it achieved after a fully automated configuration step. This article describes the CSSC in more detail, and reports the results obtained in its two instantiations so far, CSSC 2013 and 2014.



from cs.AI updates on arXiv.org http://ift.tt/1KN5LY4
via IFTTT

Fast Differentially Private Matrix Factorization. (arXiv:1505.01419v1 [cs.LG])

Differentially private collaborative filtering is a challenging task, both in terms of accuracy and speed. We present a simple algorithm that is provably differentially private, while offering good performance, using a novel connection of differential privacy to Bayesian posterior sampling via Stochastic Gradient Langevin Dynamics. Due to its simplicity the algorithm lends itself to efficient implementation. By careful systems design and by exploiting the power law behavior of the data to maximize CPU cache bandwidth we are able to generate 1024 dimensional models at a rate of 8.5 million recommendations per second on a single PC.



from cs.AI updates on arXiv.org http://ift.tt/1KN5JPH
via IFTTT

Output-Sensitive Adaptive Metropolis-Hastings for Probabilistic Programs. (arXiv:1501.05677v2 [cs.AI] UPDATED)

We introduce an adaptive output-sensitive Metropolis-Hastings algorithm for probabilistic models expressed as programs, Adaptive Lightweight Metropolis-Hastings (AdLMH). The algorithm extends Lightweight Metropolis-Hastings (LMH) by adjusting the probabilities of proposing random variables for modification to improve convergence of the program output. We show that AdLMH converges to the correct equilibrium distribution and compare convergence of AdLMH to that of LMH on several test problems to highlight different aspects of the adaptation scheme. We observe consistent improvement in convergence on the test problems.



from cs.AI updates on arXiv.org http://ift.tt/1BbMxEB
via IFTTT

Ravens: Nine-time Pro Bowl S Ed Reed officially announces retirement; team to hold news conference Thursday 2 pm ET (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Orioles seek 6th win in 8 games, visit Mets at 7 pm ET on ESPN/WatchESPN; Ubaldo Jimenez on the mound (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles seek 6th win in 8 games, visit Mets at 7 pm ET on ESPN/WatchESPN; Ubaldo Jimenez on the mound (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Jacob deGrom attempts to rebound from worst start of season as Mets face Orioles at 7 pm ET on ESPN/WatchESPN (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT