HARRISON, N.J. (AP) Hulk scored in the 10th minute after an early stretch of Brazilian dominance and the five-time world champion beat Costa Rica 1-0 on Saturday in a World Cup qualifying tuneup match.
from FOX Sports Digital http://ift.tt/1Uzk3Pm
via IFTTT
Saturday, September 5, 2015
Over 80,000 fans turn up for Dede's Dortmund testimonial
DORTMUND, Germany (AP) More than 80,000 football fans attended a testimonial for former Borussia Dortmund left back Dede on Saturday.
from FOX Sports Digital http://ift.tt/1O4U56i
via IFTTT
from FOX Sports Digital http://ift.tt/1O4U56i
via IFTTT
Spain beats Slovakia 2-0 to tighten race in Euro qualifying
OVIEDO, Spain (AP) Spain beat Slovakia 2-0 to move level on points at the top of their European Championship qualifying group on Saturday.
from FOX Sports Digital http://ift.tt/1QgH3Sz
via IFTTT
from FOX Sports Digital http://ift.tt/1QgH3Sz
via IFTTT
Orioles Video: Mike Wright surrenders long HR to Jose Bautista in 5-1 loss to AL East-leading Blue Jays; lost 14 of 17 (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
South Sudan gets 1st competitive win, Ghana edges Rwanda
CAPE TOWN, South Africa (AP) Atak Lual's second-half goal gave South Sudan its first ever competitive victory as the world's newest nation beat Equatorial Guinea 1-0 in African Cup of Nations qualifying on Saturday.
from FOX Sports Digital http://ift.tt/1JKl6Je
via IFTTT
from FOX Sports Digital http://ift.tt/1JKl6Je
via IFTTT
England qualifies for Euro 2016, Rooney ties scoring record
SERRAVALLE, San Marino (AP) England became the first team to qualify for the 2016 European Championship by beating San Marino 6-0 on Saturday, with Wayne Rooney's opening goal tying him for first place on the country's all-time scoring list.
from FOX Sports Digital http://ift.tt/1JX04Za
via IFTTT
from FOX Sports Digital http://ift.tt/1JX04Za
via IFTTT
Resurgent Russia beats Sweden in Euro 2016 qualifying
MOSCOW (AP) Russia revived its hopes of qualifying for the 2016 European Championship by defeating Sweden 1-0 at home on Saturday.
from FOX Sports Digital http://ift.tt/1JX04Ze
via IFTTT
from FOX Sports Digital http://ift.tt/1JX04Ze
via IFTTT
10-Year-Old With Rare Disease Shamed by Anonymous Note Left on Car
After returning to their car parked at a Target in Westminster, Colorado, last week, Naomi Barringer and her 10-year-old daughter Kaitlyn found a note ...
from Google Alert - anonymous http://ift.tt/1PSzDEg
via IFTTT
from Google Alert - anonymous http://ift.tt/1PSzDEg
via IFTTT
Ryan Foerster
Best known for his abstract works characterized by extreme color and explosive alchemic gesture, Ryan Foerster often uses sunlight, natural weather, ...
from Google Alert - anonymous http://ift.tt/1PSndfD
via IFTTT
from Google Alert - anonymous http://ift.tt/1PSndfD
via IFTTT
Madrid donates 1 million euros to refugees
MADRID (AP) Real Madrid is donating 1 million euros ($1.1m) to help refugees ''taken in by Spain.''
from FOX Sports Digital http://ift.tt/1JJkIdV
via IFTTT
from FOX Sports Digital http://ift.tt/1JJkIdV
via IFTTT
Q&A with Nightline Adviser (anonymous)
Q&A with Nightline Adviser (anonymous). 4 September 2015. inspire-img. Nightline is a confidential listening, support and practical information service ...
from Google Alert - anonymous http://ift.tt/1Fp7IGz
via IFTTT
from Google Alert - anonymous http://ift.tt/1Fp7IGz
via IFTTT
Apple to Built Fuel Cell Battery that Could Power iPhones and Macbooks for Weeks
Nothing could be scarier than that little battery icon in our smart hits the red. All our focus shifts towards searching the nearest charging outlet – and it happens all too often. Yes, the short battery life is the worst thing about our smartphones. It forces us to always carry chargers and battery banks, as well as continually chase plugs walls. But don't worry; Apple is looking to
from The Hacker News http://ift.tt/1N9bH0d
via IFTTT
from The Hacker News http://ift.tt/1N9bH0d
via IFTTT
Fekir faces long spell out after rupturing knee ligaments
PARIS (AP) Rising Lyon star Nabil Fekir faces a long spell on the sidelines after rupturing his right knee ligaments playing for France in a friendly against Portugal on Friday.
from FOX Sports Digital http://ift.tt/1UtcaQO
via IFTTT
from FOX Sports Digital http://ift.tt/1UtcaQO
via IFTTT
Anonymous donor pledges $500000 in a matching gift challenge for the Dream Center
Exciting news! On August 14th, an anonymous foundation pledged $500,000 in matching funds to help us close out our Dream Center capital ...
from Google Alert - anonymous http://ift.tt/1hJUXAA
via IFTTT
from Google Alert - anonymous http://ift.tt/1hJUXAA
via IFTTT
Anonymous on Twitter: "MEDIA ALERT: Dec. 8, 2015, Nashville, Matt DeHart's trial begins. | https://t ...
Anonymous @YourAnonNews Sep 3. Anonymous retweeted Free Matt Dehart. MEDIA ALERT: Dec. 8, 2015, Nashville, Matt DeHart's trial begins.
from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/639492490605789185&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGo3DBnLEVfYgP45c5-Nykp1oZUAA
via IFTTT
from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/639492490605789185&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGo3DBnLEVfYgP45c5-Nykp1oZUAA
via IFTTT
Milky Way with Airglow Australis
After sunset on September 1, an exceptionally intense, reddish airglow flooded this Chilean winter night skyscape. Above a sea of clouds and flanking the celestial Milky Way, the airglow seems to ripple and flow across the northern horizon in atmospheric waves. Originating at an altitude similar to aurorae, the luminous airglow is instead due to chemiluminescence, the production of light through chemical excitation. Commonly captured with a greenish tinge by sensitive digital cameras, this reddish airglow emission is from OH molecules and oxygen atoms at extremely low densities and has often been present in southern hemisphere nights during the last few years. On this night it was visible to the eye, but seen without color. Antares and the central Milky Way lie near the top, with bright star Arcturus at left. Straddling the Milky Way close to the horizon are Vega, Deneb, and Altair, known in northern nights as the stars of the Summer Triangle. via NASA http://ift.tt/1PP1JQA
Mexico salvages 3-3 tie with Trinidad and Tobago
SANDY, Utah (AP) Hector Herrera scored on a long shot in the 84th minute to help Mexico salvage a 3-3 tie with Trinidad and Tobago in an exhibition game Friday night.
from FOX Sports Digital http://ift.tt/1M11y7b
via IFTTT
from FOX Sports Digital http://ift.tt/1M11y7b
via IFTTT
Friday, September 4, 2015
Messi scores twice, Argentina beats Bolivia 7-0
HOUSTON (AP) Lionel Messi scored less than a minute after coming on as a substitute and added another goal in Argentina's 7-0 victory over Bolivia on Friday night.
from FOX Sports Digital http://ift.tt/1UsJSWA
via IFTTT
from FOX Sports Digital http://ift.tt/1UsJSWA
via IFTTT
Orioles Highlight: Chris Davis hits 39th and 40th HRs, Matt Wieters and Adam Jones also homer in 10-2 rout of Blue Jays (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Altidore scores twice as US comes back to beat Peru 2-1
WASHINGTON (AP) Jozy Altidore scored a two second-half goals in his return to the U.S. team following an injury filled summer, as the Americans came back to beat Peru 2-1 in a friendly Friday.
from FOX Sports Digital http://ift.tt/1KQT9l8
via IFTTT
from FOX Sports Digital http://ift.tt/1KQT9l8
via IFTTT
Altidore scores twice as US rallies to beat Peru 2-1
WASHINGTON (AP) Jozy Altidore scored a pair of second-half goals in his return to the U.S. national team following an injury filled summer, and the Americans rallied to beat Peru 2-1 in an exhibition Friday night.
from FOX Sports Digital http://ift.tt/1NguxnJ
via IFTTT
from FOX Sports Digital http://ift.tt/1NguxnJ
via IFTTT
FFA aware of security situation ahead of World Cup match
SYDNEY (AP) Football Federation Australia says it is aware of the tense security situation in the Tajikistan capital of Dushanbe just four days before the Socceroos' World Cup qualifying match at the city's Central Stadium.
from FOX Sports Digital http://ift.tt/1hIMBJy
via IFTTT
from FOX Sports Digital http://ift.tt/1hIMBJy
via IFTTT
Jermaine Jones makes 1st US start since February
WASHINGTON (AP) Jermaine Jones was set to make his first appearance for the United States in seven months, one of seven changes U.S. coach Jurgen Klinsmann made to his starting lineup for Friday night's exhibition against Peru.
from FOX Sports Digital http://ift.tt/1JUPamR
via IFTTT
from FOX Sports Digital http://ift.tt/1JUPamR
via IFTTT
Germany moves top of Euro 2016 qualifying group
BERLIN (AP) Germany assumed top spot in its European qualifying group at Poland's expense, while Albania and Denmark could not take advantage of Portugal's competitive night off on Friday.
from FOX Sports Digital http://ift.tt/1FomnSf
via IFTTT
from FOX Sports Digital http://ift.tt/1FomnSf
via IFTTT
Hungary, Romania draw 0-0 in Euro 2016 qualifier
BUDAPEST, Hungary (AP) Hungary and Romania played to a 0-0 draw Friday in a European Championship qualifier as rival fans clashed before the game, with police using tear gas and water cannon.
from FOX Sports Digital http://ift.tt/1EGfrFg
via IFTTT
from FOX Sports Digital http://ift.tt/1EGfrFg
via IFTTT
Denmark, Albania draw 0-0 in European qualifier
COPENHAGEN, Denmark (AP) Denmark failed to take its chance to move away from Albania in their European Championship group with a 0-0 draw Friday, while Serbia beat Armenia 2-0.
from FOX Sports Digital http://ift.tt/1imn09Z
via IFTTT
from FOX Sports Digital http://ift.tt/1imn09Z
via IFTTT
France beats Portugal 1-0 in friendly; Martial makes debut
LISBON, Portugal (AP) France substitute Mathieu Valbuena scored from a late free kick to snatch a 1-0 win at Portugal in a friendly on Friday.
from FOX Sports Digital http://ift.tt/1VDLWYZ
via IFTTT
from FOX Sports Digital http://ift.tt/1VDLWYZ
via IFTTT
Goetze leads Germany to 3-1 win over Poland and top spot
FRANKFURT, Germany (AP) Mario Goetze scored twice to help Germany beat Poland 3-1 Friday in their European Championship qualifier and replace the visitors at the top of Group D.
from FOX Sports Digital http://ift.tt/1JUruyY
via IFTTT
from FOX Sports Digital http://ift.tt/1JUruyY
via IFTTT
Robben out for 4 weeks with groin injury
MUNICH (AP) Bayern Munich winger Arjen Robben has been ruled out for four weeks with a groin injury sustained while playing for the Netherlands.
from FOX Sports Digital http://ift.tt/1EFxqv6
via IFTTT
from FOX Sports Digital http://ift.tt/1EFxqv6
via IFTTT
Italy's Serie B to introduce green cards for fair play
MILAN (AP) Dragged down by fan violence and match-fixing in recent seasons, Italy's Serie B is introducing virtual green cards to award instances of fair play on the pitch.
from FOX Sports Digital http://ift.tt/1ilUmpv
via IFTTT
from FOX Sports Digital http://ift.tt/1ilUmpv
via IFTTT
Porto wants Champions League donations to migrants
PORTO, Portugal (AP) Porto wants clubs in the group stage of the lucrative Champions League to donate money from ticket sales to help thousands of migrants and refugees currently trying to enter Europe.
from FOX Sports Digital http://ift.tt/1VD6eBI
via IFTTT
from FOX Sports Digital http://ift.tt/1VD6eBI
via IFTTT
Rubin Kazan to fire coach after poor start to Russian league
MOSCOW (AP) Russian Premier League club Rubin Kazan says coach Rinat Bilyaletdinov will be fired after a poor start to the season.
from FOX Sports Digital http://ift.tt/1NRMlWd
via IFTTT
from FOX Sports Digital http://ift.tt/1NRMlWd
via IFTTT
St. Pauli to play Dortmund with motto 'Refugees Welcome'
HAMBURG, Germany (AP) German second-division side St. Pauli has given its club friendly against Borussia Dortmund on Tuesday the motto ''Refugees Welcome.''
from FOX Sports Digital http://ift.tt/1KPfAXX
via IFTTT
from FOX Sports Digital http://ift.tt/1KPfAXX
via IFTTT
Chinese energy firm acquires majority stake in Slavia Prague
PRAGUE (AP) Slavia Prague says CEFC China Energy Company has acquired a majority 59.97 percent stake in the oldest Czech football club.
from FOX Sports Digital http://ift.tt/1JH4DWm
via IFTTT
from FOX Sports Digital http://ift.tt/1JH4DWm
via IFTTT
Bayern midfielder Javi Martinez supporting migrants
MUNICH (AP) Bayern Munich midfielder Javi Martinez has been visiting migrants at Munich train station to offer his support.
from FOX Sports Digital http://ift.tt/1fZ4O4h
via IFTTT
from FOX Sports Digital http://ift.tt/1fZ4O4h
via IFTTT
ISS Daily Summary Report – 09/3/15
44 Soyuz (44S) Docking: 44S, carrying Aidyn Aimbetov, Andreas Mogensen and Sergey Volkov, is scheduled to dock to the ISS tomorrow, Friday, September 4 at 2:42 am CDT. Human Research Program (HRP) Operations: Body Measures: Lindgren, with Kelly as the operator, completed his Flight Day 45 (FD45) Body Measures data collection. Lindgren set up cameras and video and donned the body marker instrumentation, collected the calibration and body pose photographs and the circumference measurements, then doffed the body markers, and finally collected the Neutral Body Posture video with operator assistance. Currently, NASA does not have sufficient in-flight anthropometric data (body measurements) gathered to assess the impact of physical body shape and size changes on suit sizing. This study collects anthropometric data (body measurements) using digital still and video imagery and a tape measure to measure segmental length, height, depth, and circumference data for all body segments (i.e., chest, waist, hip, arms, legs, etc.) from astronauts for pre-, post-, and in-flight conditions. Cognition: Yui completed his FD46 Cognition. Individualized Real-Time Neurocognitive Assessment Toolkit for Space Flight Fatigue (Cognition) is a battery of tests that measures how spaceflight-related physical changes, such as microgravity and lack of sleep, can affect cognitive performance. Cognition includes ten brief computerized tests that cover a wide range of cognitive functions, and provides immediate feedback on current and past test results. The software allows for real-time measurement of cognitive performance while in space. Cell Biology Experiment Facility (CBEF) Reconfiguration: Yui performed Day 4 of the CBEF reconfiguration, installing the Mouse Habitat Unit (MHU) into the CBEF. The JAXA operations team will now conduct functional checkout commanding. Multi-Purpose Small Payload Rack-2 (MSPR-2): Yui continued with MSPR-2 setup and commissioning. Today’s operations included connection and configuration of the Experiment Laptop Terminal (ELT), Local Area Network (LAN) checkout, and USB communication checkout. NanoRack Cubesat Deployer (NRCSD) #6 Imaging: Kelly collected images of the NRCSD #6 delivered on HTV-5. Based on issues with previous NRCSDs, ground teams requested these images to capture the existing tolerances in the Secondary Release Mechanisms. Images were downlinked for ground analysis. NRCSD #6 is scheduled to be installed in the JEM Airlock (JEMAL) and deployed during Increment 45. Area Passive Dosimeter for Life-Science Experiments in Space (PADLES) Removal: Yui removed the 17 Increment 43/44 PADLES from the JEM Pressurized Module (JPM) and Japanese Experiment Logistics Module – Pressurized Section (JLP) and provided them to Padalka for packing in the 42S for return. Area PADLES is an investigation that uses area dosimeters to continuously monitor the radiation dose aboard the ISS. Radiation exposure can have significant biological effects on living organisms including the biological investigations being done on ISS in the JEM/Kibo. By installing area dosimeters at 17 fixed locations inside the Kibo Module, continuous area radiation monitoring can be provided throughout the ISS Kibo program. Capillary Effects of Drinking in the Microgravity Environment (Capillary Beverage): Kelly and Lindgren performed sessions of Capillary Beverage to observe fluid interface and critical wetting behavior during drinking and draining activities. Microgravity affects the way fluids behave, and as such, crew members must drink from special sealed bags instead of using straws or normal cups. Capillary Beverage studies the process of drinking from specially designed Space Cups that use fluid dynamics to mimic the effect of gravity. Today’s Planned Activities All activities were completed unless otherwise noted. SLEEP. Questionnaire data entry Mouse Habitat Unit (MHU) – Hardware Setup Body Measures – Equipment Setup BRI Log Dump from RSS1 DOSIMETER – Area Dosimeter Removal BIODEGRADATSIYA. Sample collection from structure surfaces and photography Body Measures – Experiment Ops MATRYOSHKA-R. Transfer of PADLE detectors for return MATRYOSHKA-R. Photos of Transfer XF305 – Camcorder Setup CBEF – Hardware Setup PILOT-T. Experiment Ops. EXPOSE-R. Copy and Downlink Data Water Recovery System (WRS). WPA Waste Water Tank Offload into CWC. Start Columbus Jettison Stowage Bag Relocation XF305 – Camcorder Setup MSPR – Connecting Cables and Laptop Activation BIODEGRADATSIYA. Sample collection from structure surfaces and photography Water Recovery System (WRS). Terminate WPA Waste Water Tank Offload into CWC PILOT-T. Experiment Ops. MSPR2 – Closeout Ops CBEF – Installation of Mouse Habitat Cage and CBEF CAPBEV – Preparation of Maintenance Work Area surface WRS – Recycle Tank Fill CAPBEV – Hardware Setup MSPR2 – Memory Card Checkout ТК 716 Transfer Ops СОЖ maintenance HTV Transfers Ops MSPR2 – Closeout Ops CAPBEV – Test Ops HTV – Cargo Transfer Tagup WRS – Recycle Tank Fill CAPBEV – Hardware Setup IMS and Stowage Conference CAPBEV – Test Ops JRNL – Journal Entry Private Psychological Conference Pre-pack US Cargo Items for Return in 42S CAPBEV – Stowage NRCSD-6 – Photography Closing USOS Window Shutters Private Exercise Conference (PEC) JEM RSU Battery R&R [Deferred] COGN – Experiment Ops and Filling Questionnaire COGN – Documentation Photo Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. Body Measures support Capillary Beverage support OPM to -XVV [In Work] Three-Day Look Ahead: Friday, 09/04: 44S dock, CBEF MHU removal, Body Measures, MSPR2 video recording unit checkout Saturday, 09/05: Emergency roles & responsibilities review, Change of Command Ceremony Sunday, 09/06: OBT Soyuz drill, crew off duty QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up
from ISS On-Orbit Status Report http://ift.tt/1JGWZes
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1JGWZes
via IFTTT
Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code
After, Facebook open sourced Thrift Technology (an internally used tool by Facebook) in 2007, rival entity Twitter brings Diffy, an internal Twitter service to the world. Yesterday, Twitter introduced "Diffy," an open source tool, acting as a helping hand for the software developers to catch bugs, test and compare results without writing much code. Diffy plays a vital part in Twitter's
from The Hacker News http://ift.tt/1JGQE2L
via IFTTT
from The Hacker News http://ift.tt/1JGQE2L
via IFTTT
How to Fix Chrome Massive Memory Usage? Simply Try 'Chrome 45' for Faster Performance
Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with it because it uses too much memory and power. Google has now solved these problems. The
from The Hacker News http://ift.tt/1JSZewH
via IFTTT
from The Hacker News http://ift.tt/1JSZewH
via IFTTT
Caution! Hackers Can Easily Hijack Popular Baby Monitors to Watch Your Kids
Several video baby monitors from six different manufacturers were under scrutiny for in-depth security testing, and the outcome was negative. Yes, they lacked in serving basic security through their devices. At the High Technology Crime Investigation Association (HTCIA) conference on September 2, 2015, a critical security research was made public by Rapid7 after following a disclosure
from The Hacker News http://ift.tt/1EFaGvR
via IFTTT
from The Hacker News http://ift.tt/1EFaGvR
via IFTTT
Buy Safe and Secure VPN
Buy a VPN account from a reputable provider. Buy VPN tunnel services for strong encryption and privacy. VPN account gateways powered by Gigabit ...
from Google Alert - anonymous http://ift.tt/1L96IIn
via IFTTT
from Google Alert - anonymous http://ift.tt/1L96IIn
via IFTTT
MAVEN Stellar Occultation Atmospheric Coverage
NASA's Mars Atmosphere and Volatile Evolution mission, or MAVEN, is the first spacecraft specifically designed to study the Mars upper atmosphere. MAVEN's goal is to understand how Mars lost its thick, early atmosphere to space, and how this in turn caused it to lose its once hospitable climate. MAVEN's orbit gives it the most comprehensive view of the Martian atmosphere to date. Circling the red planet every 4.5 hours on an elliptical path, MAVEN passes close to the north and south poles at an inclination of 75 degrees. This allows MAVEN to gather a north-south swath of data with each pass. At the same time, Mars itself rotates eastward beneath MAVEN, giving the orbiter longitudinal coverage. The combination of MAVEN's orbit and Mars' daily rotation provides a complete picture of the Martian atmosphere every day. While previous Mars orbiters have peered down at the planet's surface, MAVEN is spending part of its time gazing at the stars, observing the Martian atmosphere through a series of stellar occultations. As Mars rolls beneath MAVEN, due to the spacecraft's own orbital motion, background stars rise and set behind the planet. Their light dims as it passes through the tenuous atmosphere, with specific gases absorbing specific wavelengths. MAVEN uses its Imaging Ultraviolet Spectrograph to break apart this light and see which wavelengths are absorbed, allowing it to determine atmospheric composition at varying altitudes.
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1IO2HqZ
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1IO2HqZ
via IFTTT
Meet World's Fastest Wi-Fi Router (Looks Like an Alien)
In above picture, Have you noticed those numerous crazy spikes? The Device looks like an Alien artifact, which is actually the World's fastest wireless Wi-Fi router for the Game of Thrones generation. Unveiled at IFA 2015, Asus has launched its uniquely designed RT-AC5300 Wi-Fi router, which they said would offer the fastest connection speed ever. <!-- adsense --> Asus RT-AC5300 Wi-Fi
from The Hacker News http://ift.tt/1NejpYD
via IFTTT
from The Hacker News http://ift.tt/1NejpYD
via IFTTT
New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers
Remember StingRays? The controversial cell phone spying tool, known as "Stingrays" or "IMSI catchers," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of Stingrays to spy on cell phones. Thanks to the new policy announced Thursday by the US
from The Hacker News http://ift.tt/1FmY6Mp
via IFTTT
from The Hacker News http://ift.tt/1FmY6Mp
via IFTTT
Arp 159 and NGC 4725
Pointy stars and peculiar galaxies span this cosmic snapshot, a telescopic view toward the well-groomed constellation Coma Berenices. Bright enough to show off diffraction spikes, the stars are in the foreground of the scene, well within our own Milky Way. But the two prominent galaxies lie far beyond our own, some 41 million light-years distant. Also known as NGC 4747, the smaller distorted galaxy at left is the 159th entry in the Arp Atlas of Peculiar Galaxies, with extensive tidal tails indicative of strong gravitational interactions in its past. At about a 100,000 light-years across, its likely companion on the right is the much larger NGC 4725. At first glance NGC 4725 appears to be a normal spiral galaxy, its central region dominated by the yellowish light of cool, older stars giving way to younger hot blue star clusters along dusty spiral outskirts. Still, NGC 4725 does look a little odd with only one main spiral arm. via NASA http://ift.tt/1N4dIuG
Anonymous on Twitter: "New #Anonymous video: http://ift.tt/1OfpDo5;
Signal boost for Anonymous operations, resistance movements, & journalism. Who is ... @YourAnonNews Great, anonymous is back into trolling again.
from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/639166072495718400/photo/1&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGCk2CKuaw071sYMN8KMxqCrciOfg
via IFTTT
from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://twitter.com/YourAnonNews/status/639166072495718400/photo/1&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNGCk2CKuaw071sYMN8KMxqCrciOfg
via IFTTT
Thursday, September 3, 2015
Meeting Directory
The Gamblers Anonymous International Directory has been prepared with the most current information made available to us by participating groups.
from Google Alert - anonymous http://ift.tt/1NdPT5d
via IFTTT
from Google Alert - anonymous http://ift.tt/1NdPT5d
via IFTTT
Ravens: WR Marlon Brown (3 catches for 64 yards) resurfaced in preseason finale, writes Jamison Hensley (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Generating Weather Forecast Texts with Case Based Reasoning. (arXiv:1509.01023v1 [cs.AI])
Several techniques have been used to generate weather forecast texts. In this paper, case based reasoning (CBR) is proposed for weather forecast text generation because similar weather conditions occur over time and should have similar forecast texts. CBR-METEO, a system for generating weather forecast texts was developed using a generic framework (jCOLIBRI) which provides modules for the standard components of the CBR architecture. The advantage in a CBR approach is that systems can be built in minimal time with far less human effort after initial consultation with experts. The approach depends heavily on the goodness of the retrieval and revision components of the CBR process. We evaluated CBRMETEO with NIST, an automated metric which has been shown to correlate well with human judgements for this domain. The system shows comparable performance with other NLG systems that perform the same task.
from cs.AI updates on arXiv.org http://ift.tt/1XmR0CO
via IFTTT
Building a Truly Distributed Constraint Solver with JADE. (arXiv:1509.01040v1 [cs.AI])
Real life problems such as scheduling meeting between people at different locations can be modelled as distributed Constraint Satisfaction Problems (CSPs). Suitable and satisfactory solutions can then be found using constraint satisfaction algorithms which can be exhaustive (backtracking) or otherwise (local search). However, most research in this area tested their algorithms by simulation on a single PC with a single program entry point. The main contribution of our work is the design and implementation of a truly distributed constraint solver based on a local search algorithm using Java Agent DEvelopment framework (JADE) to enable communication between agents on different machines. Particularly, we discuss design and implementation issues related to truly distributed constraint solver which might not be critical when simulated on a single machine. Evaluation results indicate that our truly distributed constraint solver works well within the observed limitations when tested with various distributed CSPs. Our application can also incorporate any constraint solving algorithm with little modifications.
from cs.AI updates on arXiv.org http://ift.tt/1XmR0mi
via IFTTT
Semi-described and semi-supervised learning with Gaussian processes. (arXiv:1509.01168v1 [stat.ML])
Propagating input uncertainty through non-linear Gaussian process (GP) mappings is intractable. This hinders the task of training GPs using uncertain and partially observed inputs. In this paper we refer to this task as "semi-described learning". We then introduce a GP framework that solves both, the semi-described and the semi-supervised learning problems (where missing values occur in the outputs). Auto-regressive state space simulation is also recognised as a special case of semi-described learning. To achieve our goal we develop variational methods for handling semi-described inputs in GPs, and couple them with algorithms that allow for imputing the missing values while treating the uncertainty in a principled, Bayesian manner. Extensive experiments on simulated and real-world data study the problems of iterative forecasting and regression/classification with missing values. The results suggest that the principled propagation of uncertainty stemming from our framework can significantly improve performance in these tasks.
from cs.AI updates on arXiv.org http://ift.tt/1POCo9y
via IFTTT
For US, roster spots up for grabs in Friday match vs Peru
WASHINGTON (AP) U.S. center back John Brooks plays in Germany's top pro league and has even scored a winning goal in a World Cup match.
from FOX Sports Digital http://ift.tt/1VAkz1O
via IFTTT
from FOX Sports Digital http://ift.tt/1VAkz1O
via IFTTT
Pelle leads Italy to 1-0 win over Malta again in qualifying
FLORENCE, Italy (AP) Graziano Pelle saved Italy from embarrassment against Malta again, securing a 1-0 win against the 160th-ranked opponent to put the Azzurri in command of their European Championship qualifying group on Thursday.
from FOX Sports Digital http://ift.tt/1QbEKQI
via IFTTT
from FOX Sports Digital http://ift.tt/1QbEKQI
via IFTTT
Iceland beats Netherlands 1-0 in Euro 2016 qualifier
AMSTERDAM (AP) Iceland beat the 10-man Netherlands 1-0 on Thursday to take a big step toward qualifying for next year's European Championship.
from FOX Sports Digital http://ift.tt/1O0Mq9a
via IFTTT
from FOX Sports Digital http://ift.tt/1O0Mq9a
via IFTTT
Bale powers Wales closer to 1st tournament in 58 years
NICOSIA, Cyprus (AP) With a late bullet-header, Gareth Bale powered Wales closer to the European Championship and ending a 58-year wait to qualify for a major tournament again.
from FOX Sports Digital http://ift.tt/1Oe3hmW
via IFTTT
from FOX Sports Digital http://ift.tt/1Oe3hmW
via IFTTT
Italy-Malta match to observe minute's silence for migrants
FLORENCE, Italy (AP) A moment of silence will be observed before Italy's European Championship qualifier against Malta for the European migrant crisis.
from FOX Sports Digital http://ift.tt/1hDKOpe
via IFTTT
from FOX Sports Digital http://ift.tt/1hDKOpe
via IFTTT
Villas-Boas banned 6 games in Russia for striking official
MOSCOW (AP) Zenit St. Petersburg coach Andre Villas-Boas was suspended for six games by the Russian Football Union on Thursday for striking a match official.
from FOX Sports Digital http://ift.tt/1JEb788
via IFTTT
from FOX Sports Digital http://ift.tt/1JEb788
via IFTTT
German soccer clubs, fans rush to support migrants
BERLIN (AP) A training camp for migrant children. A $1.1 million donation. German lessons.
from FOX Sports Digital http://ift.tt/1KMeMmy
via IFTTT
from FOX Sports Digital http://ift.tt/1KMeMmy
via IFTTT
New Pics Added to the Blog Gallery (September 3, 2015)
New Pics Added to the Blog Gallery! (September 3, 2015)
Click link below to visit gallery now!
http://ift.tt/1HAGoHC
from The 'hotspot' for all things Bob Ross. http://ift.tt/1KLTC80
via IFTTT
Arsenal striker Danny Welbeck has surgery on left knee
LONDON (AP) Arsenal says striker Danny Welbeck will be ''out for a period of months'' after having surgery on his left knee.
from FOX Sports Digital http://ift.tt/1hCWecJ
via IFTTT
from FOX Sports Digital http://ift.tt/1hCWecJ
via IFTTT
Bayern Munich sets up training camp for refugee children
MUNICH (AP) Bayern Munich is to create a training camp for refugee children and adolescents while donating a further 1 million euros ($1.1 million) toward refugee projects in response to the European migrant crisis.
from FOX Sports Digital http://ift.tt/1hWUdsL
via IFTTT
from FOX Sports Digital http://ift.tt/1hWUdsL
via IFTTT
Violin Concerto in D major, S-Skma (Anonymous)
Violin Concerto in D major, S-Skma (Anonymous). Add File. Add Sheet MusicAdd Your Own ArrangementAdd Your Own CompositionAdd Your Own ...
from Google Alert - anonymous http://ift.tt/1hWU8oI
via IFTTT
from Google Alert - anonymous http://ift.tt/1hWU8oI
via IFTTT
Salve Jesu sancte sponse (Anonymous)
Salve Jesu sancte sponse (Anonymous). Add File. Add Sheet MusicAdd Your Own ArrangementAdd Your Own CompositionAdd Your Own EditionAdd ...
from Google Alert - anonymous http://ift.tt/1Ocffxd
via IFTTT
from Google Alert - anonymous http://ift.tt/1Ocffxd
via IFTTT
ISS Daily Summary Report – 09/2/15
44 Soyuz (44S) Launch: 44S launched successfully from Baikonur last night at 11:37pm CDT carrying Aidyn Aimbetov, Andreas Mogensen and Sergey Volkov to the ISS which will increase the crew complement to 9 members. Docking is scheduled for Friday, September 4 at 2:42am CDT. Human Research Program (HRP) Operations: Fine Motor Skills (FMS): Kornienko completed his FD160 Fine Motor Skills session. During the Fine Motor Skills experiment crew members perform a series of interactive tasks on a touchscreen tablet. The investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. The goal of Fine Motor Skills is to answer how fine motor performance in microgravity trend/vary over the duration of a six-month and year-long space mission; how fine motor performance on orbit compare with that of a closely matched participant on Earth; and how performance trend/vary before and after gravitational transitions, including the periods of early flight adaptation, and very early/near immediate post-flight periods. Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Max: Kelly performed his Sprint VO2 Max exercise session on the Cycle Ergometer with Vibration Isolation and Stabilization (CEVIS). He donned Electrocardiogram (ECG) electrodes, Heart Rate Monitor (HRM) hardware, and Portable Pulmonary Function System (PPFS) calibrations then executed the VO2 protocol. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. This will provide valuable information in support of investigator’s long term goal of protecting human fitness for even longer space exploration missions. Human Research Facility (HRF) Pulmonary Function System (PFS) Gas Management System (GMS) Calibration: Lindgren completed regular maintenance on the HRF PFS GMS. He set up the Gas Delivery System (GDS), started the Pulmonary Function System/Photoacoustic Analyzer Module (PFM/PAM) and performed a gas concentration verification. Following the calibration, the crew completed a data drive mapping and transferred all files located on the partition, including setup and deactivation of the Pulmonary Function System (PFS). Kubik 5 Endothelial Setup: Yui configured the Kubik5 in support of the Endothelial Cells experiment planned for the Short Duration Mission. The goal of Effects of Spaceflight on Endothelial Function: Molecular and Cellular Characterization of Interactions Between Genome Transcription, DNA Damage and Induction of Cell Senescence (Endothelial Cells) is to better understand the reaction of cultured endothelial cells to spaceflight. This is to be characterized in space-flown samples through analysis of different parameters including DNA damage, end of cell division (senescence), and variations of cell cycle combined with additional in-depth genetic analysis. Because endothelial cells are responsible for the integrity of the vascular wall, a better understanding of the modulation of endothelial functions in space might help in the development of potential countermeasures to prevent cardiovascular deconditioning in astronauts. Multi-Purpose Small Payload Rack (MSPR)-2 Power Checkout: Yui completed a power supply checkout for Multi-purpose Small Payload Rack 2 (MSPR2) Work Volume, Small Experiment Area, Work Bench and DC/DC Converter Unit. JSL Playbook Checkout: Kelly successfully tested access and functionality of the Playbook web application on both the SSC and iPad platforms. This application is scheduled to be used by Mogensen. Waste and Hygiene Compartment (WHC) Status: Last night the crew reported a WHC Pre-Treat Bad Qual Light (PTBQL). The crew changed out the pre-treat tank which did not fix the problem and the crew was given a go to use the Russian [ACY]. Ground teams concluded that the likely issue was a failed dose pump. Kelly Removed & Replaced (R&R) the bad pump and the WHC is now operating nominally. HTV5 Cargo Transfer Status: Lindgren and Yui completed 3 hours of HTV-5 Cargo transfer operations today. Today’s Planned Activities All activities are on schedule unless otherwise noted. Self-Reaction Test. Reaction Time Test (morning) Sleep ISS-12 Experiment – Sleep Log Entry – Subject SPRINT – Hardware Warmup SPRINT Experiment Ops ISS Crew / SSIPC FD Conference ECLSS Recycle Tank Remove and Replace JEMRMS Laptop Reboot Cell Biology Experiment Facility (CBEF) – Equipment Gathering CBEF – Equipment Attachment ARED Photo/TV Camcorder Setup Verification Fine Motor Skills – Subject CBEF- Equipment Attachment FINEMOTR – Photography SPRINT-PPFS – Partial Stow HABIT – Questionnaire Completion [Deferred] БД-2 Treadmill R&R. OASIS – Camera Adjustment WHC dose pump R&R Psychological Evaluation Program (WinSCAT) XF305 – Camcorder Setup MSPR2 – Experiment and Closeout Ops WRS – Recycle Tank Fill HTV Transfers Ops [Deferred] Video Camera Assembly (VCA1) Adjustment VCA1 Camera Adjustment CBEF – Demating Cables WRS – Recycle Tank Fill Actiwatch Spectrum data download to ISS12 and configuration setup to continue with data gathering СОЖ maintenance VCA1 Camera Adjustment WRS – Recycle Tank Fill ENDO – Hardware Setup RGN – Start Water Transfer to EDV CAPBEV – Preparation of Maintenance Work Area surface [Deferred] CAPBEV – Hardware Setup [Deferred] HRF2 – Procedure Review ENDO – KUBIK 5 Preparation and Parameter Check CAPBEV – Photography [Deferred] RGN – Terminate water drain into EDV CAPBEV – Test Ops [Deferred] XF305 – Camcorder Setup CBEF – Cable Connection HRF2 – Camcorder Setup CBEF – Cable Connection HRF2 – Hardware Setup and Activation CBEF- Hardware Checkout ELT2 – Closeout Ops CBEF – Hardware Removal CAPBEV – Stowage RGN REC-TNK – Removal of depress hose for nominal operations CBEF – Hardware Removal Crew Checkout of the Playbook Application CBEF – Closeout Ops HRF2 – Hardware Test ENERGY – Copying files to Laptop Psychological Evaluation Program (WinSCAT) [Deferred] HRF2 – Hardware Deactivation SPRINT – Close-out Ops and Stowage CMS – HRM – iPAD File Transfer ARED Exercise Video Equipment Stowage Crew conference with Astronaut Office HTV – Cargo Transfer Tagup WRS – Recycle Tank Fill ENDO – KUBIK Check Flight Director / ISS […]
from ISS On-Orbit Status Report http://ift.tt/1JAWbWr
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1JAWbWr
via IFTTT
Popular Belkin Wi-Fi Routers vulnerable to Hackers
US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU#201168 (Vulnerability ID) said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlier versions are packed with multiple and critical vulnerabilities. The targeted router is
from The Hacker News http://ift.tt/1Oc8age
via IFTTT
from The Hacker News http://ift.tt/1Oc8age
via IFTTT
26 Android Phone Models Shipped with Pre-Installed Spyware
Bought a brand new Android Smartphone? Don't expect it to be a clean slate. A new report claims that some rogue retailers are selling brand-new Android smartphones loaded with pre-installed software. Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi, Huawei and Lenovo — that have pre-installed spyware
from The Hacker News http://ift.tt/1LWRmwn
via IFTTT
from The Hacker News http://ift.tt/1LWRmwn
via IFTTT
Derby's American owners sell to 'Candy Crush' entrepreneur
DERBY, England (AP) Derby's American owners have sold the English second-tier club to a local businessman who made a fortune through the ''Candy Crush Saga'' mobile game.
from FOX Sports Digital http://ift.tt/1VyGlTu
via IFTTT
from FOX Sports Digital http://ift.tt/1VyGlTu
via IFTTT
Using Android 'AppLock' to Protect Your Privacy? — It's Useless
Widely popular Android AppLock application by DoMobile Ltd. is claimed to be vulnerable to Hackers. AppLock Android app enables users to apply a security layer to their devices, which locks and hides the SMS, Gallery, Gmail, Facebook, Calls and any app installed on the device. <!-- adsense --> Few of its features are: Protecting apps either in a PIN number form or a pattern lock
from The Hacker News http://ift.tt/1hWsA2S
via IFTTT
from The Hacker News http://ift.tt/1hWsA2S
via IFTTT
Toure missing as Ivory Coast launches African title defense
CAPE TOWN, South Africa (AP) Ivory Coast begins the defense of its African title this weekend without Yaya Toure after the team captain asked not to be selected while he considers his international future.
from FOX Sports Digital http://ift.tt/1NOYmMb
via IFTTT
from FOX Sports Digital http://ift.tt/1NOYmMb
via IFTTT
American owners of English football club Derby sell up
DERBY, England (AP) Derby's American owners have sold the English second-tier club to a local businessman.
from FOX Sports Digital http://ift.tt/1EDbdhP
via IFTTT
from FOX Sports Digital http://ift.tt/1EDbdhP
via IFTTT
Germany midfielder Marco Reus breaks toe in left foot
FRANKFURT, Germany (AP) Borussia Dortmund attacking midfielder Marco Reus has been ruled out of Germany's European Championship qualifiers against Poland and Scotland after breaking his big toe in his left foot.
from FOX Sports Digital http://ift.tt/1LMSgsv
via IFTTT
from FOX Sports Digital http://ift.tt/1LMSgsv
via IFTTT
Critical OS X Flaw Grants Mac Keychain Access to Malware
Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet. The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security
from The Hacker News http://ift.tt/1NbWgpA
via IFTTT
from The Hacker News http://ift.tt/1NbWgpA
via IFTTT
Chile rises in top 10 of FIFA rankings led by Argentina
ZURICH (AP) Copa America winner Chile rises two places to No. 8 in the FIFA rankings still led by Argentina.
from FOX Sports Digital http://ift.tt/1KKNPjh
via IFTTT
from FOX Sports Digital http://ift.tt/1KKNPjh
via IFTTT
FIFA World Rankings List
ZURICH (AP) FIFA world rankings published Thursday (August position in parentheses):
from FOX Sports Digital http://ift.tt/1ijHeRI
via IFTTT
from FOX Sports Digital http://ift.tt/1ijHeRI
via IFTTT
Soccer players suspended for game after blackface incident
SPOKANE, Wash. (AP) Five members of the women's soccer team at a private Christian university in Washington state were suspended for one match Wednesday after a social media post surfaced showing them dressed in blackface and afro wigs.
from FOX Sports Digital http://ift.tt/1JAmSue
via IFTTT
from FOX Sports Digital http://ift.tt/1JAmSue
via IFTTT
Violin Concerto in G minor, S-Skma (Anonymous)
Musik- och teaterbiblioteket, Stockholm (S-Skma): Od-R. The score does not contain violin 2 or viola parts. Purchase: Recordings.
from Google Alert - anonymous http://ift.tt/1UouA56
via IFTTT
from Google Alert - anonymous http://ift.tt/1UouA56
via IFTTT
September 27, 2015 Total Lunar Eclipse: View from the Moon
On September 28, 2015 Universal Time (the evening of the 27th for the Americas), the Moon enters the Earth's shadow, creating a total lunar eclipse. When viewed from the Moon, as in this animation, the Earth hides the Sun. A red ring, the sum of all Earth's sunrises and sunsets, lines the Earth's limb and casts a ruddy light on the lunar landscape. With the darkness of the eclipse, the stars come out. The city lights of North and South America and of western Europe and Africa are visible on the night side of the Earth. The part of the Earth visible in this animation is the part where the lunar eclipse can be seen.
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1JOfO0y
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1JOfO0y
via IFTTT
[FD] Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
Details ================ Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://ift.tt/1ObfuJ3 Advisory report: http://ift.tt/1KsXHzA CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description ================ Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can Vulnerability ================ An attacker able to convince an admin to visit a link of their choosing (e.g. via a phishing attack) is able to execute arbitrary JavaScript. This makes use of a CSRF vulnerability (no nonce protection on the levels form) Proof of concept ================ If a logged-in administrator user clicks the submit button on this form, a JavaScript alert will display on /wp-admin/admin.php?page=watuproplay_levels (in a real attack the form can be made to auto-submit using JavaScript):
Mitigations ================ Disable the plugin until a new version is released that fixes this bug Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-08-11: Discovered 2015-08-26: Reported to vendor by email 2015-08-26: Requested CVE Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin)
Details ================ Software: Watu PRO Version: 4.8.8.4 Homepage: http://ift.tt/1iXJoVn Advisory report: http://ift.tt/1hVRwaE CVE: Awaiting assignment CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N) Description ================ CSRF in Watu PRO allows unauthenticated attackers to delete quizzes Vulnerability ================ An attacker able to convince an admin to visit a link of their choosing is able to delete quizzes. Proof of concept ================ Assuming there is a quiz with ID 1, the following link will delete it when visited by a logged-in admin: http://localhost/wp-admin/admin.php?page=watupro_exams&action=delete&quiz=1 Mitigations ================ This issue has been discussed with the author, who disagrees that there is an exploitable issue. We maintain that the above proof of concept demonstrates this issue. Nonetheless, the author has told us that they have made changes to address the problem in version 4.9.0.8 of this plugin. We have not verified these changes, so our recommendation is to upgrade to version 4.9.0.8 or later, and ideally conduct your own security assessment of this plugin. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-08-11: Discovered 2015-08-11: Reported to Author via email 2015-08-11: Author responded 2015-08-26: Author reported fixed in version 4.9.0.8 2015-09-01: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
Details ================ Software: Watu PRO Version: 4.8.8.4 Homepage: http://ift.tt/1iXJoVn Advisory report: http://ift.tt/1UorjTn CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description ================ Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can Vulnerability ================ An attacker able to convince an admin to visit a link of their choosing (e.g. through phishing) is able to execute arbitrary JavaScript. This makes use of a CSRF vulnerability (no nonce protection on the options form) Proof of concept ================ If a logged-in administrator user clicks the submit button on this form, a JavaScript alert will display on /wp-admin/admin.php?page=watupro_options (in a real attack the form can be made to auto-submit using JavaScript):
Mitigations ================ This issue has been discussed with the author, who disagrees that there is an exploitable issue. We maintain that the above proof of concept demonstrates this issue. Nonetheless, the author has told us that they have made changes to address the problem in version 4.9.0.8 of this plugin. We have not verified these changes, so our recommendation is to upgrade to version 4.9.0.8 or later, and ideally conduct your own security assessment of this plugin. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-08-11: Discovered 2015-08-11: Reported to Author via email 2015-08-11: Author responded 2015-08-26: Author reported fixed in version 4.9.0.8 2015-09-01: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4
So we have the first bona fide research casualty of the new Wassenaar Agreement wording (ugh). HP and counsel are concerned over Japanese implementation of it, so they will not be involved with Pwn2Own Mobile in Japan. Given typical Japanese government bureaucracy, I don't think I can fault them. However, I still like hacker circuses, so I've ordered up my own RF isolation cage, and am interested in other folks to be involved (so contact me) in the competition which will continue. I'm basically passing the hat around to folks who might be interested in bug bounties for phones, so here is one of the limited chances we get to re-write the rules and patterns. My new plan is to hand over the bugs directly to local representatives in Japan, without the ZDI need to feed the bugs back to the US first - and make like the internet and route around the issues with export. Shortly, when we finalize the new bounties, we'll publish the new rules and registration process, which in all likelihood, will be much less complex. In related matters some folks complained about getting us mail for the PacSec CFP while I was at CCC Camp, and some office renovations yanked a cable and reinforced my belief that VLAN tagging is still bunk to be eliminated. So we'll be accepting proposals until the end of the week, just to make sure. Get your mail to us (secwest15@pacsec.jp) before Friday, all networks firing on all cylinders here now. Cheers, --dr
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Serendipity 2.0.1 - Blind SQL Injection
Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: http://ift.tt/1JOaWIW Vendor Contact: serendipity@supergarv.de Vulnerability Type: Blind SQL Injection Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There is a blind SQL injection in Serendipity 2.0.1 when approving comments. It can be exploited content-based, but this requires an Email token. Timing-based exploitation does not require a token and is thus easier to exploit. To prepare for the attack, an attacker has to visit the Configuration and set "Use Tokens for Comment Moderation" to true. Please note that admin credentials are required. 3. Proof of Concept http://localhost/serendipity/serendipity_admin.php?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=pending&serendipity[id]=8' AND IF(SUBSTRING(version(), 1, 1)='5',BENCHMARK(50000000,ENCODE('MSG','by 5 seconds')),null) %23&serendipity[token]=ValidAntiCSRFToken -> true http://localhost//serendipity/serendipity_admin.php?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=approve&serendipity[id]=8' AND IF(SUBSTRING(version(), 1, 1)='4',BENCHMARK(50000000,ENCODE('MSG','by 5 seconds')),null) %23&serendipity[token]=ValidAntiCSRFToken -> false Note that the id must be that of an existing comment, the action must be acceptable - ie only pending comments can be approved and only approved comments can be set to pending - and the CSRF token must be valid. 4. Code /include/admin/comments.inc.php serendipity_approveComment($serendipity['GET']['id'], $rs['entry_id']); <- user input /include/functions_comments.inc.php function serendipity_approveComment($cid, $entry_id, $force = false, $moderate = false, $token = false) { global $serendipity; $goodtoken = serendipity_checkCommentToken($token, $cid); <- not secured [...] } function serendipity_checkCommentToken($token, $cid) { global $serendipity; $goodtoken = false; if ($serendipity['useCommentTokens']) { // Delete any comment tokens older than 1 week. serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800) ); // Get the token for this comment id $tokencheck = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = 'comment_" . $cid . "' LIMIT 1", true, 'assoc'); <- still not secured [...] } 5. Solution To mitigate this issue please upgrade at least to version 2.0.2: http://ift.tt/1JOaWIW Please note that a newer version might already be available. 5. Report Timeline 07/21/2015 Informed Vendor about Issue 07/24/2015 Vendor releases Version 2.0.2 09/01/2015 Disclosed to public 6. Blog Reference: http://ift.tt/1ECKMJ3
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Serendipity 2.0.1 - Persistent XSS
Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: http://ift.tt/1JOaWIW Vendor Contact: serendipity@supergarv.de Vulnerability Type: Persistent XSS Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There is a persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click of the victim to trigger. The problem exists because the theme reads out the name field of a comment using the jQuery .text() function, which decodes the previously properly encoded name. It then inserts the result back into the DOM. 3. Proof of Concept Add comment with name 
Click "reply" on that comment The admin may be tricked into clicking on reply by leaving a question as comment or via ClickJacking. 4. Code include/functions_comments.inc.php:180 function serendipity_displayCommentForm [...] 'commentform_replyTo' => serendipity_generateCommentList($id, $comments, ((isset($data['replyTo']) && ($data['replyTo'])) ? $data['replyTo'] : 0)), include/functions_comments.inc.php:306 function serendipity_generateCommentList( [...] $retval .= '' . str_repeat(' ', $level * 2) . '#' . $indent . $i . ': ' . (empty($comment['author']) ? ANONYMOUS : serendipity_specialchars($comment['author'])) js/2k11.min.js a("#serendipity_replyTo :selected").text() 5. Solution To mitigate this issue please upgrade at least to version 2.0.2: http://ift.tt/1JOaWIW Please note that a newer version might already be available. 5. Report Timeline 07/21/2015 Informed Vendor about Issue 07/24/2015 Vendor releases Version 2.0.2 09/01/2015 Disclosed to public 6. Blog Reference http://ift.tt/1IMn5cd
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Serendipity 2.0.1 - Code Execution
Serendipity 2.0.1: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: http://ift.tt/1JOaWIW Vendor Contact: serendipity@supergarv.de Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description Serendipity 2.0.1 does not allow the upload of .php, .php4, .php5, .phtml files, or files starting with a dot - eg .htaccess files. However, files with extension .pht can be uploaded by registered users, and will be executed by most default Apache configurations. The file upload is located here: http://localhost/serendipity/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect User registration either requires an admin to create the user, or the plugin serendipity_plugin_adduser being activated. The default setting for this plugin does not require an admin to accept the registration of that user. 3. Proof of Concept #!/usr/local/bin/php
[FD] NibbleBlog 4.0.3 - Code Execution - Not fixed
NibbleBlog 4.0.3: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://ift.tt/1hf8205 Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description When uploading image files via the "My image" plugin - which is delivered with NibbleBlog by default - , NibbleBlog 4.0.3 keeps the original extension of uploaded files. This extension or the actual file type are not checked, thus it is possible to upload PHP files and gain code execution. Please note that admin credentials are required. 3. Proof of Concept Obtain Admin credentials (for example via Phishing via XSS which can be gained via CSRF, see advisory about CSRF in NibbleBlog 4.0.3) Activate My image plugin by visiting http://localhost/nibbleblog/admin.php?controller=plugins&action=install&plugin=my_image Upload PHP shell, ignore warnings Visit http://localhost/nibbleblog/content/private/plugins/my_image/image.php. This is the default name of images uploaded via the plugin. 4. Code if( $plugin->init_db() ) { // upload files foreach($_FILES as $field_name=>$file) { $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); $destination = PATH_PLUGINS_DB.$plugin->get_dir_name(); $complete = $destination.'/'.$field_name.'.'.$extension; // Upload the new file and move if(move_uploaded_file($file["tmp_name"], $complete)) { // Resize images if requested by the plugin if(isset($_POST[$field_name.'_resize'])) { $width = isset($_POST[$field_name.'_width'])?$_POST[$field_name.'_width']:200; $height = isset($_POST[$field_name.'_height'])?$_POST[$field_name.'_height']:200; $option = isset($_POST[$field_name.'_option'])?$_POST[$field_name.'_option']:'auto'; $quality = isset($_POST[$field_name.'_quality'])?$_POST[$field_name.'_quality']:100; $Resize->setImage($complete, $width, $height, $option); $Resize->saveImage($complete, $quality, true); } } } unset($_POST['plugin']); // update fields $plugin->set_fields_db($_POST); Session::set_alert($_LANG['CHANGES_HAS_BEEN_SAVED_SUCCESSFULLY']); } } 5. Solution This issue was not fixed by the vendor. 6. Report Timeline 07/21/2015 Informed Vendor about Issue 07/22/2015 Vendor Replied 08/18/2015 Reminded Vendor of release date (no reply) 09/01/2015 Disclosed to public 7. Blog Reference http://ift.tt/1JAcwdU
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] NibbleBlog 4.0.3 - CSRF - Not fixed
NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://ift.tt/1hf8205 Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description NibbleBlog 4.0.3 does not have CSRF protection. This means that an attacker can perform actions for an admin if the admin is logged in and visits an attacker controlled website. In the case of NibbleBlog, this can for example lead to persistent XSS via the creation of a new post, which in turn allows for phishing attacks or the injection of JavaScript keyloggers. 3. Proof of Concept Create new Post (for Spam and XSS):
4. Solution This issue was not fixed by the vendor. 5. Report Timeline 07/21/2015 Informed Vendor about Issue 07/22/2015 Vendor Replied 08/18/2015 Reminded Vendor of release date (no reply) 09/01/2015 Disclosed to public 6. Blog Reference http://ift.tt/1VxZoNX
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Chung says AFC broke election rules ahead of FIFA vote
SEOUL, South Korea (AP) South Korean billionaire Chung Mong-joon has accused the Asian Football Confederation of breaking rules by lobbying for rival candidate Michel Platini in the upcoming FIFA presidential election.
from FOX Sports Digital http://ift.tt/1LWh8Rk
via IFTTT
from FOX Sports Digital http://ift.tt/1LWh8Rk
via IFTTT
The Flare and the Galaxy
Is this person throwing a lightning bolt? No. Despite appearances, this person is actually pointing in the direction of a bright Iridium flare, a momentary reflection of sunlight off of a communications satellite in orbit around the Earth. As the Iridium satellite orbits, reflective antennas became aligned between the observer and the Sun to create a flash brighter than any star in the night sky. Iridium flares typically last several seconds, longer than most meteors. Also unlike meteors, the flares are symmetric and predictable. The featured flare involved Iridium satellite 15 and occurred over southern Estonia last week. In this well-planned image, a spectacular night sky appears in the background, complete with the central band of our Milky Way Galaxy running vertically up the image center. via NASA http://ift.tt/1N1A2VF
Violin Concerto in B-flat major, S-Skma (2) (Anonymous)
Violin Concerto in B-flat major, S-Skma (2) (Anonymous). Add File. Add Sheet MusicAdd Your Own ArrangementAdd Your Own CompositionAdd Your ...
from Google Alert - anonymous http://ift.tt/1NOyvDU
via IFTTT
from Google Alert - anonymous http://ift.tt/1NOyvDU
via IFTTT
Wednesday, September 2, 2015
Orioles Highlight: Steve Pearce spectacular catch, Chris Davis 2 HRs, including massive walk-off blast in win vs. Rays (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Heu mihi Domine (Anonymous)
Heu mihi Domine (Anonymous). Add File. Add Sheet MusicAdd Your ... Misc. Comments. Anonymous piece from the Düben collection. Retrieved from ...
from Google Alert - anonymous http://ift.tt/1KsMUW0
via IFTTT
from Google Alert - anonymous http://ift.tt/1KsMUW0
via IFTTT
College soccer players suspended after blackface incident
SPOKANE, Wash. (AP) A private Christian university in Spokane says it has suspended five members of the women's soccer team after a social media post surfaced showing them dressed in blackface and afro wigs.
from FOX Sports Digital http://ift.tt/1KsGqGG
via IFTTT
from FOX Sports Digital http://ift.tt/1KsGqGG
via IFTTT
Trio Sonata in D major, S-Skma (Anonymous)
Trio Sonata in D major, S-Skma (Anonymous). Add File. Add Sheet MusicAdd Your Own ArrangementAdd Your Own CompositionAdd Your Own ...
from Google Alert - anonymous http://ift.tt/1KJLll2
via IFTTT
from Google Alert - anonymous http://ift.tt/1KJLll2
via IFTTT
Turing's Imitation Game has been Improved. (arXiv:1509.00584v1 [cs.AI])
Using the recently introduced universal computing model, called orchestrated machine, that represents computations in a dissipative environment, we consider a new kind of interpretation of Turing's Imitation Game. In addition we raise the question whether the intelligence may show fractal properties. Then we sketch a vision of what robotic cars are going to do in the future. Finally we give the specification of an artificial life game based on the concept of orchestrated machines. The purpose of this paper is to start the search for possible relationships between these different topics.
from cs.AI updates on arXiv.org http://ift.tt/1KsxH7h
via IFTTT
A Neural Attention Model for Abstractive Sentence Summarization. (arXiv:1509.00685v1 [cs.CL])
Summarization based on text extraction is inherently limited, but generation-style abstractive methods have proven challenging to build. In this work, we propose a fully data-driven approach to abstractive sentence summarization. Our method utilizes a local attention-based model that generates each word of the summary conditioned on the input sentence. While the model is structurally simple, it can easily be trained end-to-end and scales to a large amount of training data. The model shows significant performance gains on the DUC-2004 shared task compared with several strong baselines.
from cs.AI updates on arXiv.org http://ift.tt/1LM9FRX
via IFTTT
A Fuzzy Approach for Feature Evaluation and Dimensionality Reduction to Improve the Quality of Web Usage Mining Results. (arXiv:1509.00690v1 [cs.DB])
Web Usage Mining is the application of data mining techniques to web usage log repositories in order to discover the usage patterns that can be used to analyze the users navigational behavior. During the preprocessing stage, raw web log data is transformed into a set of user profiles. Each user profile captures a set of URLs representing a user session. Clustering can be applied to this sessionized data in order to capture similar interests and trends among users navigational patterns. Since the sessionized data may contain thousands of user sessions and each user session may consist of hundreds of URL accesses, dimensionality reduction is achieved by eliminating the low support URLs. Very small sessions are also removed in order to filter out the noise from the data. But direct elimination of low support URLs and small sized sessions may results in loss of a significant amount of information especially when the count of low support URLs and small sessions is large. We propose a fuzzy solution to deal with this problem by assigning weights to URLs and user sessions based on a fuzzy membership function. After assigning the weights we apply a Fuzzy c-Mean Clustering algorithm to discover the clusters of user profiles. In this paper, we describe our fuzzy set theoretic approach to perform feature selection (or dimensionality reduction) and session weight assignment. Finally we compare our soft computing based approach of dimensionality reduction with the traditional approach of direct elimination of small sessions and low support count URLs. Our results show that fuzzy feature evaluation and dimensionality reduction results in better performance and validity indices for the discovered clusters.
from cs.AI updates on arXiv.org http://ift.tt/1KsxFwg
via IFTTT
What to talk about and how? Selective Generation using LSTMs with Coarse-to-Fine Alignment. (arXiv:1509.00838v1 [cs.CL])
We present an end-to-end, domain-independent neural encoder-aligner-decoder model for selective generation, i.e., the joint task of content selection and surface realization. Our model first encodes the full set of over-determined database event records (e.g., in weather forecasting and sportscasting) via a memory-based recurrent neural network (LSTM), then utilizes a novel coarse-to-fine (hierarchical), multi-input aligner to identify the small subset of salient records to talk about, and finally employs a decoder to generate free-form descriptions of the aligned, selected records. Our model achieves up to 54% relative improvement over the current state-of-the-art on the benchmark WeatherGov dataset, despite using no specialized features or resources. Using a simple k-nearest neighbor beam helps further. Finally, we also demonstrate the generalizability of our method on the RoboCup dataset, where it gets results that are competitive with state-of-the-art, despite being severely data-starved.
from cs.AI updates on arXiv.org http://ift.tt/1LM9FRU
via IFTTT
Class-Anonymous-0.02
Class::Anonymous, Truly private classes with private data for Perl5, 0.02. Class::Anonymous::Instance. Class::Anonymous::Utils ...
from Google Alert - anonymous http://ift.tt/1ILtGU2
via IFTTT
from Google Alert - anonymous http://ift.tt/1ILtGU2
via IFTTT
Class-Anonymous-0.01
Provides. Class::Anonymous::Instance in lib/Class/Anonymous/Instance.pm; Class::Anonymous::Utils in lib/Class/Anonymous/Utils.pm ...
from Google Alert - anonymous http://ift.tt/1L6sAUV
via IFTTT
from Google Alert - anonymous http://ift.tt/1L6sAUV
via IFTTT
Anonymous donor delivers check for $30000
Calendar ». Community · Concerts · Contests · Tune Shop · Contact · Home Local News Anonymous donor delivers check for $30,000 ...
from Google Alert - anonymous http://ift.tt/1hV2Nbe
via IFTTT
from Google Alert - anonymous http://ift.tt/1hV2Nbe
via IFTTT
England a magnet for players as clubs flex financial muscle
LONDON (AP) For the final months of 2015, clubs in continental Europe can relax: English clubs cannot plunder their top talent until January.
from FOX Sports Digital http://ift.tt/1KJd1Xg
via IFTTT
from FOX Sports Digital http://ift.tt/1KJd1Xg
via IFTTT
After hiatus, Tim Howard won't be US starter vs Mexico
WASHINGTON (AP) United States goalkeeper Tim Howard won't earn his starting job back before a big playoff match against Mexico.
from FOX Sports Digital http://ift.tt/1NYvn7O
via IFTTT
from FOX Sports Digital http://ift.tt/1NYvn7O
via IFTTT
Dortmund's Grosskreutz heads to Galatasaray but can't play
DORTMUND, Germany (AP) Borussia Dortmund says midfielder Kevin Grosskreutz is heading to Galatasaray immediately even though he will not be able to play competitive football for his new club until the next transfer window in January.
from FOX Sports Digital http://ift.tt/1LLFp9Z
via IFTTT
from FOX Sports Digital http://ift.tt/1LLFp9Z
via IFTTT
French amateur club hits jackpot with Martial move to United
PARIS (AP) Anthony Martial's record-breaking move to Manchester United will not only catapult the teenager onto the world's biggest footballing stage, it will also transform the finances of a tiny sixth-tier club in the Paris suburbs.
from FOX Sports Digital http://ift.tt/1hz8cnA
via IFTTT
from FOX Sports Digital http://ift.tt/1hz8cnA
via IFTTT
Carrard panel starts reform work for crisis-hit FIFA
BERN, Switzerland (AP) A FIFA panel steering reforms of football's crisis-hit governing body began working on Wednesday.
from FOX Sports Digital http://ift.tt/1NY95CW
via IFTTT
from FOX Sports Digital http://ift.tt/1NY95CW
via IFTTT
Take the Bob Ross Quiz (September 2015)
Test your knowledge of the Bob Ross TV show, painting techniques and general Bob Ross trivia!
from The 'hotspot' for all things Bob Ross. http://ift.tt/1O92zaz
via IFTTT
Bob’s Tips & Tricks (September 2015)
Bob’s Tips & Tricks (September 2015)
Click inside the box below to enlarge.
from The 'hotspot' for all things Bob Ross. http://ift.tt/1KIe61G
via IFTTT
Berbatov signs with Greek club PAOK Thessaloniki
THESSALONIKI, Greece (AP) Former Monaco and Manchester United striker Dimitar Berbatov has signed a 10-month contract with Greek club PAOK.
from FOX Sports Digital http://ift.tt/1O8nn1N
via IFTTT
from FOX Sports Digital http://ift.tt/1O8nn1N
via IFTTT
ISS Daily Summary Report – 09/1/15
44 Soyuz (44S) Launch: 44S is scheduled to launch from Baikonur tonight at 11:37pm CDT carrying Aidyn Aimbetov, Andreas Mogensen and Sergey Volkov to the ISS which will increase the crew complement to 9 members. Docking is scheduled for this Friday, September 4 at 2:42am CDT. Human Research Program (HRP) Operations: Fluid Shifts Flight Day 150 (FD150) Baseline Imaging Measurement: Today, Kornienko completed his Flight Day 150 (FD150) baseline imaging for the Fluid Shifts experiment. Kelly acted as the onboard imager and with ground remote guidance, ultrasound imaging was taken of arterial and venous measures of the head and neck, cardiac, ophthalmic and portal vein, and tissue thickness of lower and upper body. Additional measurements using the Cerebral and Cochlear Fluid Pressure (CCFP), Distortion Product Otoacoustic Emissions (DPOAE), Optical Coherence Tomography (OCT), ESA’s Cardiolab (CDL) Holter Arterial Blood Pressure Device, and Intraocular Pressure (IOP) using the tonometer will be taken later today. The imagery session was within the 10 day requirement following last week’s dilution measurements. Fluid Shifts is a joint NASA-Russian experiment that investigates the causes for severe and lasting physical changes to astronaut’s eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage. Fine Motor Skills (FMS): Kelly completed his FD160 Fine Motor Skills session. During the Fine Motor Skills experiment crew members perform a series of interactive tasks on a touchscreen tablet. The investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. The goal of Fine Motor Skills is to answer how fine motor performance in microgravity trend/vary over the duration of a six-month and year-long space mission; how fine motor performance on orbit compare with that of a closely matched participant on Earth; and how performance trend/vary before and after gravitational transitions, including the periods of early flight adaptation, and very early/near immediate post-flight periods. Cell Biology Experiment Facility (CBEF) Reconfiguration: Yui continued with the CBEF reconfiguration, removing and replacing the CBEF Incubator Unit (IU) 1G door. Today’s operations also included connecting the Incubator Unit (IU) 1G Door Sensor and 1G Vent Fan Cable, and replacing the CO2 Sensor and finally attaching the IU 1G Sample Centrifuge Foam. These modifications are in support of the Mouse Habitat Unit (MHU) has 3 features; individual breeding, artificial gravity and live return. It supports to evaluate more precise effects of the long-term microgravity exposure, which results can be applied to human being. CBEF reconfiguration will continue tomorrow. Multi-Purpose Small Payload Rack (MSPR)-2 Installation and Checkout: Lindgren completed the post-transfer reconfigurations of the MSPR-2 rack. He will be removing launch locks, installing and mating connections for power, water, and argon gas lines. Following the reconfiguration, Lindgren performed the checkout the Rack Power Switch, Fire Indication, and High Rate Data Multiplexer System (HRMS). MSPR-2 commissioning continues tomorrow. Mobile Servicing System (MSS) Operations: Robotics Ground Controllers powered up the MSS and maneuvered the Space Station Remote Manipulator System (SSRMS) and Special Purpose Dexterous Manipulator (SPDM) Arm 2 to position Orbit Replaceable Unit (ORU) Tool Changeout Mechanism 2 (OTCM2) to grasp the Micro-Square Fixture (MSF) of Space Test Program – Houston 4 (STP-H4) and uninstall it from External Logistics Carrier (ELC) 1. After maneuvering into position, the SSRMS and SPDM then mated STP-H4 to the H-II Transfer Vehicle (HTV) External Platform (EP). SPDM release of STP-H4 was followed by a pre-disposal survey using SPDM and ISS cameras. SPDM was then configured for stow and maneuvered to the Mobile Base System (MBS) where it was stowed on Power and Data Grapple Fixture 2 (PDGF2). During the mating the SPDM LEE safed and lost calibration and mating was not reported complete although the umbilicals were connected. The Robotics Ground Controllers used manual latching to ensure the umbilicals were fully mated, then reset the SPDM LEE calibration and continued with the SPDM base change and release. Finally, the SSRMS was maneuvered to a Mobile Transporter (MT) translate configuration. HTV Cargo Transfer Status: Lindgren completed 3.25 hours of HTV-5 Cargo transfer operations today. A total of 25 hours remain to complete HTV-5 cargo operations. Today’s Planned Activities All activities are on schedule unless otherwise noted. Reaction Self-Test. Reaction Time Test (morning) ВКС Laptops Antivirus Scan Check and Status Report / r/g 8247 XF305 – Camcorder Setup FS – Hardware Setup CBEF – Experiment Ops Part 1 USND2 – Hardware Activation HTV Transfers Ops FINEMOTR – Testing OTKLIK. Hardware Monitoring / r/g 9774 Removal of Go Pro camera in ТПК 716. Transfer of Video to Hard Drive Fluid Shifts – Donning Holter Arterial BP Hardware – Subject Fluid Shifts – Baseline Scan – Subject ABOUT GAGARIN FROM SPACE. Experiment Ops / r/g 9776 SM Ventilation System Preventive Maintenance. Group В2 r/g 8393 Hardware prepack for return and disposal on ТК 716 / r/g 9646, 9711 Fluid Shifts – Scanning Operator BAR. Ultrasound Analyzer АУ-1 R&R / r/g 9778 CBEF – Experiment Ops Part 2 Fluid Shifts – Hardware Connection and Power up Fluid Shifts – Exam Operator Fluid Shifts – Exam Assistance FS – OCT Equipment Stowage Fluid Shifts – Hardware Installation and Calibration Start Tropical Cyclone P/L Closeout Ops USND2 – Hardware Deactivation Fluid Shifts – Photography HAM radio session from Columbus БД-2 R&R. / r/g 9779 Fluid Shifts – Camcorder and tonometer hardware setup for exam CBEF – Cable Reconfiguration HTV Transfers Ops TOCA Waste Water Bag (WWB) Changeout WRS Water Sample Analysis BIOEMULSIYA. Installation of Cryogem-03 / r/g 9772 Fluid Shifts – Tonometer Exam Fluid Shifts – Tonometer Exam Fluid Shifts – Hardware Removal and Stowage FS – Tonometry Equipment Stowage BIOSIGNAL. TBU-V No.2 Incubator Setup / r/g 9773 Fluid Shifts – Hardware Removal and Stowage HTV – Cargo Transfer Tagup XF305 – […]
from ISS On-Orbit Status Report http://ift.tt/1KHFdtv
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1KHFdtv
via IFTTT
Government minister takes over Russian football
MOSCOW (AP) Russian Sports Minister Vitaly Mutko has taken over control of the country's football association ahead of the 2018 World Cup, with promises of government money for the sport.
from FOX Sports Digital http://ift.tt/1JxRnB5
via IFTTT
from FOX Sports Digital http://ift.tt/1JxRnB5
via IFTTT
Ex-Nigeria player Odegbami wants to run for FIFA president
LAGOS, Nigeria (AP) Former Nigeria international Segun Odegbami says he wants to run for the FIFA presidency and succeed Sepp Blatter.
from FOX Sports Digital http://ift.tt/1fUQeLl
via IFTTT
from FOX Sports Digital http://ift.tt/1fUQeLl
via IFTTT
[FD] PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability
*(o_O)! Document Title: =============== PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability References (Source): ==================== http://ift.tt/1JBcftp Video: http://ift.tt/1Krnzf9 Watch Video: https://www.youtube.com/watch?v=Gzq8TD2Co9Y EIBBP-31865 Vulnerability Magazine: http://ift.tt/1KrpSig Download (full pdf report with resource): http://ift.tt/1JMQpjB Release Date: ============= 2015-09-02 Vulnerability Laboratory ID (VL-ID): ==================================== 1486 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://ift.tt/rooU27] Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS. Vulnerability Disclosure Timeline: ================================== 2015-04-30: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2015-05-02: Vendor Notification (PayPal Inc - Security & Bug Bounty Team) 2015-05-13: Vendor Response/Feedback (PayPal Inc - Security & Bug Bounty Team) 2015-**-**: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-09-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: Mobile Web Application (API) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ By processing multiple login we saw a bug in the mobile app api next to the identity check. Normally an user account logs in and if the account is restricted by several requests a stable form popup to call paypal or write a ticket mail. By processing to request the form multiple times with an existing account (x01445@gmail.com:chaos666) we was able to bypass the auth verification check to approve the account owner. The api loads the website context and the user is able to include inside of the identity check with a browser engine the own user account. Even if the account is restricted the user can access via mobile api with the exisiting cookies. The security identity check to approve has been included to verify that no user logs in to unauthorized- or restricted accounts. In that case we demonstrate in the video how we bypass the validation and how it should look normally with the final request. Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers with low privileged application user account and without user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. The video demonstrates a flaw inside of the mobile app api that redirects an user account with restricted credentials inside of the app to the original website source. The cookies authorize the account to login even if the regular portal denies it because of the identity approval. The issue is not connected to the 6 month ago reported restriction bypass and reveals a signifanct risk to user accounts because of fraud and account theft. The video deomstrates a security bug in the official paypal mobile ios api. The bug allows to bypas the account restriction by usage of a validation flaw inside of the service. The identity check approves restricted user accounts. In the first released issue we demonstrated how to bypass the auth. In case of the new issue the researcher demonstrates how to bypass the identity check that approves the paypal account. The attacker bypass the validation by multiple requests and dumps the real website for login inside the app with cookies and co. Video Demonstration: https://www.youtube.com/watch?v=Gzq8TD2Co9Y Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure redirect of a multi requesting source to the main mobile api. Disallow to load the website context with the app cookies after a successful login through a restricted account to prevent. Security Risk: ============== The security risk of the remote mobile api identity approval check bypass is estimated as high. (CVSS 6.1) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [http://ift.tt/1jnqRwA] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
FBI’s Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack
In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM). These attacks resulted in 21 million current and former Federal government employees’ information being stolen. After months of investigation, the FBI’s Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the
from The Hacker News http://ift.tt/1JxMszT
via IFTTT
from The Hacker News http://ift.tt/1JxMszT
via IFTTT
France to face Russia at Stade de France in March
PARIS (AP) France will host Russia next year in a friendly at the Stade de France as part of its preparations for the 2016 European Championship.
from FOX Sports Digital http://ift.tt/1NMZr79
via IFTTT
from FOX Sports Digital http://ift.tt/1NMZr79
via IFTTT
How to add Team Calendars with anonymous access in the Dashboard
Choose Add Space on the left-hand panel on the Dashboard; Set the Space Name and the Space Key; Allow Anonymous access on Who can use this ...
from Google Alert - anonymous http://ift.tt/1ihxqrx
via IFTTT
from Google Alert - anonymous http://ift.tt/1ihxqrx
via IFTTT
Distant Neutrinos Detected Below Antarctic Ice
From where do these neutrinos come? The IceCube Neutrino Observatory near the South Pole of the Earth has begun to detect nearly invisible particles of very high energy. Although these rarely-interacting neutrinos pass through much of the Earth just before being detected, where they started remains a mystery. Pictured here is IceCube's Antarctic lab accompanied by a cartoon depicting long strands of detectors frozen into the crystal clear ice below. Candidate origins for these cosmic neutrinos include the violent surroundings of supermassive black holes at the centers of distant galaxies, and tremendous stellar explosions culminating in supernovas and gamma ray bursts far across the universe. As IceCube detects increasingly more high energy neutrinos, correlations with known objects may resolve this cosmic conundrum -- or we may never know. via NASA http://ift.tt/1KZafJn
Tuesday, September 1, 2015
Orioles Video: Cal Ripken Jr. honored on 20th anniversary of breaking Lou Gehrig's record prior to 11-2 loss to Rays (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
No pressure for Japan coach ahead of World Cup qualifiers
SEOUL, South Korea (AP) Despite a disappointing start to his tenure as Japan coach, Vahid Halilhodzic has been told by the Japan football association that his job is not under threat ahead of Thursday's World Cup qualifier against Cambodia.
from FOX Sports Digital http://ift.tt/1N8Nhp3
via IFTTT
from FOX Sports Digital http://ift.tt/1N8Nhp3
via IFTTT
Australia coach retracts comments over football pay dispute
PERTH, Australia (AP) Coach Ange Postecoglou has retracted comments he made about a pay dispute between Football Federation Australia and its players affecting Australia's preparations for Thursday's World Cup qualifier against Bangladesh.
from FOX Sports Digital http://ift.tt/1JAeux4
via IFTTT
from FOX Sports Digital http://ift.tt/1JAeux4
via IFTTT
Value function approximation via low-rank models. (arXiv:1509.00061v1 [cs.LG])
We propose a novel value function approximation technique for Markov decision processes. We consider the problem of compactly representing the state-action value function using a low-rank and sparse matrix model. The problem is to decompose a matrix that encodes the true value function into low-rank and sparse components, and we achieve this using Robust Principal Component Analysis (PCA). Under minimal assumptions, this Robust PCA problem can be solved exactly via the Principal Component Pursuit convex optimization problem. We experiment the procedure on several examples and demonstrate that our method yields approximations essentially identical to the true function.
from cs.AI updates on arXiv.org http://ift.tt/1FiiVso
via IFTTT
GR2RSS: Publishing Linked Open Commerce Data as RSS and Atom Feeds. (arXiv:1509.00190v1 [cs.IR])
The integration of Linked Open Data (LOD) content in Web pages is a challenging and sometimes tedious task for Web developers. At the same moment, most software packages for blogs, content management systems (CMS), and shop applications support the consumption of feed formats, namely RSS and Atom. In this technical report, we demonstrate an on-line tool that fetches e-commerce data from a SPARQL endpoint and syndicates obtained results as RSS or Atom feeds. Our approach combines (1) the popularity and broad tooling support of existing feed formats, (2) the precision of queries against structured data built upon common Web vocabularies like schema.org, GoodRelations, FOAF, VCard, and WGS 84, and (3) the ease of integrating content from a large number of Web sites and other data sources in RDF in general.
from cs.AI updates on arXiv.org http://ift.tt/1PKcmUO
via IFTTT
Partial Sum Minimization of Singular Values in Robust PCA: Algorithm and Applications. (arXiv:1503.01444v2 [cs.CV] CROSS LISTED)
Robust Principal Component Analysis (RPCA) via rank minimization is a powerful tool for recovering underlying low-rank structure of clean data corrupted with sparse noise/outliers. In many low-level vision problems, not only it is known that the underlying structure of clean data is low-rank, but the exact rank of clean data is also known. Yet, when applying conventional rank minimization for those problems, the objective function is formulated in a way that does not fully utilize a priori target rank information about the problems. This observation motivates us to investigate whether there is a better alternative solution when using rank minimization. In this paper, instead of minimizing the nuclear norm, we propose to minimize the partial sum of singular values, which implicitly encourages the target rank constraint. Our experimental analyses show that, when the number of samples is deficient, our approach leads to a higher success rate than conventional rank minimization, while the solutions obtained by the two approaches are almost identical when the number of samples is more than sufficient. We apply our approach to various low-level vision problems, e.g. high dynamic range imaging, motion edge detection, photometric stereo, image alignment and recovery, and show that our results outperform those obtained by the conventional nuclear norm rank minimization method.
from cs.AI updates on arXiv.org http://ift.tt/1Nex0O7
via IFTTT
Orioles: Cal Ripken Jr. believes his record of 2,632 consecutive games can be broken, but doesn't have candidate in mind (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Boavista introduces Rivaldo's son as its newest player
LISBON, Portugal (AP) First-division Portuguese club Boavista has introduced Rivaldo's son as its newest signing on Tuesday.
from FOX Sports Digital http://ift.tt/1JLGpHp
via IFTTT
from FOX Sports Digital http://ift.tt/1JLGpHp
via IFTTT
Transfer window: Club rifts, failed moves, record spend
LONDON (AP) A record $1.3 billion was spent by English Premier League clubs in the summer transfer window.
from FOX Sports Digital http://ift.tt/1N8pDJk
via IFTTT
from FOX Sports Digital http://ift.tt/1N8pDJk
via IFTTT
honeysuckle
Coral Honeysuckle. In 1 Album; 0 Comments. HGTVGardens Crew. anonymous via HGTVGardens Crew in Coral Honeysuckle (Original Photo).
from Google Alert - anonymous http://ift.tt/1PJVAW3
via IFTTT
from Google Alert - anonymous http://ift.tt/1PJVAW3
via IFTTT
[FD] KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Uruguay set to rescind rights deal over bribery probe
MONTEVIDEO, Uruguay (AP) The Uruguay football association looks set to rescind a television contract for the national team's 2018 World Cup qualifying matches, as the rights company involved has been targeted by a U.S. investigation into corruption in world football.
from FOX Sports Digital http://ift.tt/1FhnQtt
via IFTTT
from FOX Sports Digital http://ift.tt/1FhnQtt
via IFTTT
[FD] KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
United-Madrid blame game after De Gea deadline-day debacle
MADRID (AP) The deadline arrived, but the announcement never did.
from FOX Sports Digital http://ift.tt/1Q6RqIE
via IFTTT
from FOX Sports Digital http://ift.tt/1Q6RqIE
via IFTTT
[FD] [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
1. Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://ift.tt/1LIz8M7 Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet Release mode: Coordinated release 2. Vulnerability Information Class: Information Exposure [CWE-200], Write-what-where Condition [CWE-123], Exposed Dangerous Method or Function [CWE-749], Exposed IOCTL with Insufficient Access Control [CWE-782] Impact: Code execution Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2015-4077, CVE-2015-5735, CVE-2015-5736, CVE-2015-5737 3. Vulnerability Description Fortinet FortiClient [1] extends the power of FortiGate's Unified threat management to endpoints on your network. Desktops, laptops, tablets and smartphones, FortiClient enables every device - local or remote, stationary or mobile - to integrate with your FortiGate. With no per-seat license fees, FortiClient takes the headaches out of managing multiple endpoints so your users and guests can work efficiently anywhere, without compromising your security. FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges. 4. Vulnerable packages FortiClient 5.2.3.633 Other versions may probably be affected too, but they were not checked. 5. Vendor Information, Solutions and Workarounds Fortinet released an updated version of FortiClient 5.2.4.0650 [2] that fixes the reported issues. 6. Credits These vulnerabilities were discovered and researched by Enrique Nissim from Core Security's Consulting Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Security's Advisories Team. 7. Technical Description / Proof of Concept Code [CVE-2015-4077] The vulnerability lies in the drivers "mdare64_48.sys", "mdare32_48.sys", "mdare32_52.sys" and "mdare64_52.sys". By using the IOCTL 0x22608C with the proper parameters, an attacker is able to read arbitrary memory content from kernelspace. [CVE-2015-5735] The vulnerability lies in the drivers "mdare64_48.sys", "mdare32_48.sys", "mdare32_52.sys" and "mdare64_52.sys". By using the IOCTL 0x226108, the attacker is able to call ZwEnumerateValueKey and write its output to an arbitrary memory location. [CVE-2015-5736] The vulnerability lies in "Fortishield.sys", which is a minifilter filesystem driver that hooks filesystem operations. IOCTL 0x220024 and 0x220028 both allow establishing callbacks that will be called during any IRP_MJ_WRITE and IRP_MJ_SET_INFORMATION, respectively. Consequently, any user in the system can set an arbitrary function as a callback and execute code with kernel privileges. [CVE-2015-5737] The vulnerability lies in the drivers "mdare64_48.sys", "mdare32_48.sys", "mdare32_52.sys", "mdare64_52.sys" and "Fortishield.sys". All of these drivers expose an API to manage processes and the Windows registry. For instance, the IOCTL 0x2220c8 of the "mdareXX_XX.sys" driver returns a full privileged handle to a given process PID. This same function is replicated inside "Fortishield.sys". 8. Report Timeline 2015-06-25: Core Security notified Fortinet of the vulnerabilities. Publication date set for July 27th, 2015. 2015-06-30: Fortinet replied that they received Core Security's email and that they would like to receive the draft version of the advisory. 2015-07-01: Core Security sent Fortinet the draft version of the advisory and requested a tentative schedule for releasing the updates. 2015-07-01: Fortinet replied that they received the draft version of the advisory and that they would review it. 2015-07-15: Core Security requested an update from Fortinet regarding the reported vulnerabilities and a tentative schedule. 2015-07-19: Fortinet replied and confirmed the reported bugs, but stated that they were only able to trigger them with administrative privileges. They requested a PoC from Core Security. 2015-07-20: Core Security replied, explaining to Fortinet that they were able to trigger the vulnerabilities as a non-privileged user. They sent Fortinet a PoC code that opens a handle with read/write permissions to LSASS process and then uses it to allocate memory in its virtual address space. 2015-07-20: Fortinet replied that they would review the PoC. 2015-07-20: Fortinet asked if Core Security researchers could review an interim build when available. 2015-07-21: Core Security confirmed that they would be willing to review an interim build when available. 2015-08-03: Core Security requested an update from Fortinet regarding the availability of the interim build, and asked if there was a specific date Fortinet was planning to release the fix. 2015-08-04: Fortinet replied that their current release date was August 17. 2015-08-05: Fortinet updated the schedule, explaining that the interim build wouldn't include the MDARE fixes therefore delaying the release until the end of August. 2015-08-07: Core Security asked Fortinet if the interim build was going to be published by Fortinet, because if so, that would force Core Security to publish their findings as well. If that wasn't the case, Core Security recommended publishing everything together later that month. 2015-08-07: Fortinet replied that the interim build was private and therefore there wasn't a need to publish ahead of schedule. 2015-08-10: Fortinet sent Core Security a link to download the interim build and requested feedback. 2015-08-10: Core Security replied that they received and downloaded the interim build and would send feedback. Additionally, Core Security requested an updated ETA. 2015-08-18: Core Security requested the specific date Fortinet would release the patched version of their product so they could schedule their security advisory publication accordingly. 2015-08-20: Core Security again requested for a specific date for the publication of the updates and informed Fortinet them that if they didn't receive and answer in the following days they would be forced to schedule the advisory publication. 2015-08-20: Fortinet replied that the scheduled release date for the updated version of FortiClient was August 31. They asked if they had an opportunity to review the interim build andif they had any feedback. 2015-08-24: Core Security replied that they were able to review the interim build and that they could confirm that those bugs were no longer exploitable.Core Security requested and updated ETA of the updated version. 2015-08-24: Fortinet replied that the scheduled release seemed to be confirmed and that the estimated time of availability would be roughly 5 p.m. Pacific Time. 9. References [1] http://ift.tt/qdfL5e. [2] http://ift.tt/1gueHs8. 10. About CoreLabs CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://ift.tt/140w507. 11. About Core Security Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://ift.tt/S1vZdb. 12. Disclaimer The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://ift.tt/q9c1Zu 13. PGP/GPG Keys This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://ift.tt/1B0HTZY.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Subscribe to:
Posts (Atom)