Latest YouTube Video

Saturday, October 10, 2015

I have a new follower on Twitter


Disabled War Vet
I Make Vlogs about Mars One and current events. One of the first investors of the Mars One project. PTSD advocate.
America
https://t.co/EBVjyPlU4N
Following: 19741 - Followers: 25764

October 10, 2015 at 09:48PM via Twitter http://twitter.com/WarVet_MarsOne

USA, Mexico resume soccer rivalry in a Rose Bowl showdown

PASADENA, Calif. (AP) Jurgen Klinsmann realizes the Rose Bowl might feel like enemy turf when his U.S. men's soccer team takes the fabled field Saturday night.

from FOX Sports Digital http://ift.tt/1Orp51O
via IFTTT

Klinsmann starts veterans for Confed Cup playoff vs Mexico

PASADENA, Calif. (AP) U.S. coach Jurgen Klinsmann picked a veteran lineup for Saturday's night playoff against Mexico to determine a berth in the 2017 Confederations Cup, starting nine of the 11 players who opened last year's World Cup for the Americans against Ghana.

from FOX Sports Digital http://ift.tt/1hx9f7o
via IFTTT

US in danger of missing Olympic men's soccer again

SANDY, Utah (AP) The United States is in danger of missing its second straight men's Olympic soccer tournament.

from FOX Sports Digital http://ift.tt/1Pn7ZRU
via IFTTT

Osorio confirmed as new coach of Mexican national team

MEXICO CITY (AP) Mexico has confirmed it has hired Juan Carlos Osorio as the new head coach of its national soccer team.

from FOX Sports Digital http://ift.tt/1Mo3cyI
via IFTTT

Victory, City, Sydney FC open A-League season with draws

SYDNEY (AP) Last year's Grand Finalists the Melbourne Victory and Sydney FC opened their 2015 campaigns in Australian football's A-League with draws on Saturday.

from FOX Sports Digital http://ift.tt/1Loodsi
via IFTTT

Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability

[FD] Writing Cisco IOS Rootkits

This paper is about the work involved in modifying firmware images with the test case focused on Cisco IOS. It will show how it is a common misconception that doing such a thing involves advanced knowledge or nation state level resources. This paper provides sound methodologies, shows how to approach the subject, and walks the reader through the entire process while providing the necessary knowledge so that by the end of the paper, if the reader is to follow it completely through, they will have a basic but functional firmware rootkit. http://ift.tt/1G5vyws http://ift.tt/1K0tKA4 Luca

Source: Gmail -> IFTTT-> Blogger

[FD] DirectAdmin (1.44.3) CSRF Vulnerability

[FD] Exploit NetUSB CVE-2015-3036

Exploit NetUSB CVE-2015-3036. GitHub: http://ift.tt/1G5sMHE App Android: http://ift.tt/1jm2oyH

Source: Gmail -> IFTTT-> Blogger

Honduras beats US 2-0 in soccer to qualify for Olympics

SANDY, Utah (AP) The United States lost to Honduras 2-0 Saturday in a men's Olympic soccer qualifier, complicating the Americans' path to the Rio de Janeiro Games.

from FOX Sports Digital http://ift.tt/1Or7bfP
via IFTTT

Netherlands beats Kazakhstan to stay in race for Euro 2016

ASTANA, Kazakhstan (AP) The Netherlands kept alive its hopes of qualifying for next year's European Championship by beating Kazakhstan 2-1 on Saturday.

from FOX Sports Digital http://ift.tt/1WTD5Tu
via IFTTT

Critical Netgear Router Exploit allows anyone to Hack You Remotely

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 5000 Devices. This week, we reported about a Vigilante Hacker, who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password. Now within few days, a security researcher has discovered a serious vulnerability in Netgear routers that has been publicly


from The Hacker News http://ift.tt/1ZnRWYD
via IFTTT

faq

Ghostery MCM. Speed up, clean up, and lock down your websites and apps. See how it works. Ghostery Privacy. Get compliant with AdChoices, ...

from Google Alert - anonymous http://ift.tt/1MjRMI6
via IFTTT

Anonymous Peer Reviews Fix

I'd like to be able to assign anonymous peer reviews to students but still allow the instructor to have the comment option on the essay. The comment ...

from Google Alert - anonymous http://ift.tt/1hvQcKy
via IFTTT

CyberSpace — China arrested Hackers at U.S. Government Request

For the very first time in history, China has arrested hackers within its borders at the request of the United States government. The helping hands of China made me remind of recent Hollywood movie, The Martian, in which China's CNSA helped the United States' NASA to rescue astronaut Mark Watney who was mistakenly presumed dead and left behind on the planet Mars. Although China did


from The Hacker News http://ift.tt/1FXsliW
via IFTTT

Obama Encryption Policy: White House Will Not Force Companies To Decode Encrypted Data

After the revelations that Whistleblower Edward Snowden made about the United States National Security Agency (NSA), the U.S. citizens are in need of more transparent digital security. The Citizens of the United States have appealed to the Obama Administration through a campaign for rejecting any policy, mandate or law that stands against their security in the cyberspace and adopt strong


from The Hacker News http://ift.tt/1jV8lDx
via IFTTT

Google rewarded the Guy who Accidentally bought Google.com, But he Donated it to Charity

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12. However, Ved owned Google.com for one whole minute before the Mountain View company realized it was


from The Hacker News http://ift.tt/1VKHhrB
via IFTTT

The Moon Entering Earth s Shadow


On September 27/28, from all over the planet's nightside moon watchers enjoyed a total lunar eclipse. The dramatic celestial spectacle was widely imaged, but this lunar eclipse picture may look a little strange and unfamiliar, made with a point and shoot camera of a bygone era. Loaded with a 4x5 inch sheet of film, the Speed Graphic camera was fixed to a tripod on the Island of Cyprus. Its shutter locked open for 90 minutes, it recorded the trail of the Full Moon at perigee from the beginning of the partial eclipse phase (top) until mid-totality found the Moon near the western horizon. Entering Earth's shadow, the Moon grew dimmer and its moontrail narrower as the eclipse progressed. via NASA http://ift.tt/1JWT7Tt

Friday, October 9, 2015

USA, Mexico resume soccer rivalry in a Rose Bowl showdown

PASADENA, Calif. (AP) Jurgen Klinsmann realizes the Rose Bowl might feel like enemy turf when his U.S. men's soccer team takes the fabled field Saturday night.

from FOX Sports Digital http://ift.tt/1hvgmx8
via IFTTT

Anonymous

View real student profiles to see their academic background, extracurriculars, and college admissions chances. Sign up for Parchment to see your ...

from Google Alert - anonymous http://ift.tt/1VK5k4z
via IFTTT

Spain and Switzerland secure spots in Euro 2016

MADRID (AP) Spain will defend its European Championship title next year, while Switzerland is returning to the tournament for the first time since co-hosting it eight years ago.

from FOX Sports Digital http://ift.tt/1GB0vDM
via IFTTT

Spain clinches Euro 2016 spot with 4-0 win over Luxembourg

LOGRONO, Spain (AP) Santi Cazorla and Paco Alcacer scored two goals each to help Spain beat Luxembourg 4-0 on Friday and secure a spot for the holders in next year's European Championship.

from FOX Sports Digital http://ift.tt/1N4hjrw
via IFTTT

Russia beats Moldova to close in on Euro 2016 place

CHISINAU, Moldova (AP) Russia took a big step toward qualifying for Euro 2016 on Friday as a 2-1 win over Moldova strengthened its hold on second place in Group G.

from FOX Sports Digital http://ift.tt/1FWVoD7
via IFTTT

Switzerland joins England in qualifying for Euro 2016

LONDON (AP) Switzerland will return for the European Championship for the first time since co-hosting the tournament eight years ago after thrashing San Marino 7-0 on Friday with seven different scorers.

from FOX Sports Digital http://ift.tt/1WS9olN
via IFTTT

Argentina forward Aguero will miss next World Cup qualifier

BUENOS AIRES, Argentina (AP) Sergio Aguero will miss Argentina's World Cup qualifier against Paraguay next week with a left-leg injury.

from FOX Sports Digital http://ift.tt/1VJwj05
via IFTTT

Platini retains UEFA title, with no interim leader in place

LONDON (AP) Still defiant, UEFA is standing by its man.

from FOX Sports Digital http://ift.tt/1N3VgBk
via IFTTT

Sunderland appoints Sam Allardyce as manager on 2-year deal

SUNDERLAND, England (AP) Sunderland says it has hired Sam Allardyce as its new manager on a two-year contract.

from FOX Sports Digital http://ift.tt/1huA24f
via IFTTT

Fenerbahce chairman acquitted of match-fixing in re-trial

ISTANBUL (AP) A Turkish court has acquitted Fenerbahce's chairman of charges of match-fixing and organized crime in a re-trial.

from FOX Sports Digital http://ift.tt/1ZlDTCV
via IFTTT

UEFA opens disciplinary proceedings against Scotland, Poland

NYON, Switzerland (AP) UEFA says it has started disciplinary proceedings against Scotland and Poland after a number of rule breaches, including fighting with stewards, during their European Championship qualifier at Hampden Park.

from FOX Sports Digital http://ift.tt/1R2zTkK
via IFTTT

Argentina forward Aguero may miss next World Cup qualifier

BUENOS AIRES, Argentina (AP) Argentina forward Sergio Aguero could miss the team's World Cup qualifier next week at Paraguay.

from FOX Sports Digital http://ift.tt/1Nv4ycw
via IFTTT

Groin injury expected to rule Goetze out until 2016

BERLIN (AP) Germany forward Mario Goetze could be out until the end of the year with a groin injury he picked up in the loss to Ireland.

from FOX Sports Digital http://ift.tt/1husgqR
via IFTTT

After leaving Bologna, NY lawyer Tacopina buys Venice's club

VENICE, Italy (AP) New York lawyer Joe Tacopina is leading a group of investors who have purchased Venice's fourth-division soccer club.

from FOX Sports Digital http://ift.tt/1GAvKyN
via IFTTT

Associate says Blatter hopes to be back within 10 days

LONDON (AP) Suspended and shamed, Sepp Blatter is still hoping to return to power as FIFA president within the next 10 days.

from FOX Sports Digital http://ift.tt/1L3SECG
via IFTTT

Elias Hernandez, Guemez added to Mexico roster

MIAMI BEACH, Fla. (AP) Mexico has replaced injured midfielder Jose Juan Vazquez and forward Giovani Dos Santos on its roster for Saturday's playoff game against the United States for a berth in the 2017 Confederations Cup.

from FOX Sports Digital http://ift.tt/1JXdoIu
via IFTTT

LWP-UserAgent-Anonymous-0.09

This Release, LWP-UserAgent-Anonymous-0.09, [Download] [Browse], 09 Oct 2015. Other Releases. LWP-UserAgent-Anonymous-0.08 -- 17 Jan ...

from Google Alert - anonymous http://ift.tt/1Mk8HP9
via IFTTT

Swiss agree to extradite ex-FIFA VP Webb's assistant to US

BERN, Switzerland (AP) Switzerland's justice ministry has granted an American request to extradite a former assistant to CONCACAF President Jeffrey Webb in the FIFA bribery case.

from FOX Sports Digital http://ift.tt/1NtKbwr
via IFTTT

WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs

Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS (content management system) platform. Researchers from security firm Sucuri have found a way to perform Brute Force amplification attacks against WordPress' built-in XML-RPC feature to


from The Hacker News http://ift.tt/1P304Ko
via IFTTT

[FD] FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability

Document Title: =============== FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/1MWHwZa Release Date: ============= 2015-10-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1613 Common Vulnerability Scoring System: ==================================== 7.2 Product & Service Introduction: =============================== Free YouTube to MP3 Converter is the world`s best software that lets you convert YouTube videos to MP3 and lossless. 300 Million people have enjoyed our software so far! It is the best choice to convert playlists and user channels to MP3. Download the music you love. Download your favorite artists music for a playback. Сonvert to MP3 keeping the best possible quality (up to 320 kbps). Music in bulk. Find playlists and YouTube channels to match your mood. Download and convert in a moment. Pure sound. Convert to lossless. Formats available: WAV, FLAC, ALAC. Perfect match. Convert YouTube to any device possible. Output formats: MP3, M4A, AAC, WMA, OGG. DVDVideoSoft`s products are freeware. In order to maintain product development and provide you with high-quality software, DVDVideoSoft may bundle links to other websites and third-party apps installations including toolbars in its products. Every time DVDVideoSoft products are installed, you have an obvious option to accept or opt-out of such installations. (Copy of the Vendor Homepage: http://ift.tt/1Lsn0Ml ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the official Free Youtube To MP3 Converter v4.0.1 software. Vulnerability Disclosure Timeline: ================================== 2015-10-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== DVDVideoSoft Ltd. Product: Free YouTube to MP3 Converter - Software (Windows) 4.0.1.1001 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A classic buffer overflow vulnerability has been discovered in the official Free Youtube To MP3 Converter v4.0.1 software. The local vulnerability allows to overwrite the registers of the software process to compromise the target computer system. The vulnerability is located in the `Go Menu > Tools > Options > Key Activation` module. Local attackers are able to include malicious unicode payload as `key` value (input) to crash the software via buffer overflow. Local attackers are able to takeover the system process by an escalate of privileges in the local target computer system. The windows version of the software is affected by the vulnerability. The vulnerable input is located in the activation key module. The security risk of the buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.2. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the local vulnerability results in system compromise by elevation of privileges via overwrite of the registers. Vulnerable Module(s): [+] Go Menu > Tools > Options > Key Activation Vulnerable Input(s): [+] Activation Key Affected Module(s): [+] Activate Proof of Concept (PoC): ======================= The security vulnerability can be exploited by local attackers with restricted account or system access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Execute Free-YouTube-To-MP3-Converter.exe 2. Copy the AAAA...string from bof.txt to clipboard 3. Go Menu -> Tools -> Options 4. Paste it the input Activation Key AAAA....string click Activate 5. Software will Crash 6. Successful reproduce of the local buffer overflow vulnerability!

Source: Gmail -> IFTTT-> Blogger

[FD] W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability

Document Title: =============== W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability References (Source): ==================== http://ift.tt/1OioP3E Release Date: ============= 2015-10-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1612 Common Vulnerability Scoring System: ==================================== 2.4 Product & Service Introduction: =============================== The Tenda W300D combines the function of an ADSL2+ modem, wireless router, switch and firewall. It supports the latest ADSL2+ standards to provide higher performance (up to 24Mbps downstream and 1Mbps upstream) and longer reach from your Internet Service Provider`s (Digital Subscriber Line Access Multiplexer (DSLAM). The device is also 802.11n-compliant devices that deliver a wireless speed of up to 300Mbps at farther range than the ordinary 802.11g/b products. Ideal for multiple users to go online, transfer large files, print, and stream stored media - all at once, all without wires at homes or small offices. (Copy of the Vendor Homepage: http://ift.tt/1LsmWwa & http://ift.tt/1ZkyICZ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a remote cross site request forgery issue in the official W150D wireless N 150 ADSL2+ Modem Routers. Vulnerability Disclosure Timeline: ================================== 2015-10-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Tenda - CN Product: Modem Router - (Wireless) W150D Wireless N 150 ADSL2+ Exploitation Technique: ======================= Remote Severity Level: =============== Low Technical Details & Description: ================================ A cross site request forgery web vulnerability has been discovered in the official W150D wireless N 150 ADSL2+ Modem Routers. The vulnerability allows remote attackers to manipulate client-side web-application to browser requests to compromise the reouter by execution of system specific functions without session protection. A remote attacker is able to delete configuration settings of Tenda Router with a cross site request forgery html script code. The vulnerability can be exploited by loading embedded html code in a site or page. The issue can also be exploited by attackers to external redirect an user account to malicious webpages. The issue requires medium user interaction in case of exploitation. The request method to execute is GET and the attack vector is located on the client-side of the router firmware. The security risk of the cross site request forgery web vulnerability is estimated as low with a cvss (common vulnerability scoring system) count of 2.4. Exploitation of the cross site request forgery web vulnerability requires no privilege web application user account and medium or high user interaction. Successful exploitation results in client-side account theft by client-side phishing, client-side external redirects and non-persistent manipulation of application functions that are in use. Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privilege application user account and with medium or high user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability 1. Install the router and login to the interface 1. Now inject or use the html code and add a valid cloned mac address via smac to url 2. When the user of the router opens the html code in site or other type of redirection. Router configuration will be erased! 4. Successful reproduce of the cross site request forgery vulnerability! PoC: Exploitcode
Note: By loading this html code all ppoe configuration will be erased and the router becomes finally misconfigured! PoC: Url http://localhost/dslatmTenda.cmd?action=add&mode=0&atmVpi=&atmVci=&provider=0&province=0&city=0&zone=0&pppUserName=&pppPassword=&wlSsid=&wlWpaPsk=&clonemac=00:e0:13:20:5f:89&sessionKey=161947387 Security Risk: ============== The security risk of the cross site request forgery web vulnerability in the firmware of the router is estimated as low. (CVSS 2.4) Credits & Authors: ================== Lawrence Amer - ( http://ift.tt/1LsmYUL ) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability

Document Title: =============== PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability References (Source): ==================== http://ift.tt/1O4UTb3 Release Date: ============= 2015-10-01 Vulnerability Laboratory ID (VL-ID): ==================================== 1610 Common Vulnerability Scoring System: ==================================== 2.4 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online. PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://ift.tt/rooU27] Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a client-side url redirect web vulnerability in the official PayPal Inc Notify online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-08-28: Researcher Notification & Coordination (Rui Silva) 2015-08-09: Vendor Notification (PayPal Security Team - Bug Bounty Program) 2015-09-08: Vendor Response/Feedback (PayPal Security Team - Bug Bounty Program) 2015-09-24: Vendor Fix/Patch (PayPal Inc Developer Team) 2015-10-01: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: PayPal - Online Service Web Application 2015 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== Low Technical Details & Description: ================================ A low severity and client-side url redirect web vulnerability has been discovered in the official PayPal Inc Notify online service web-application. The vulnerability allows remote attackers to form malicious links as client-side GET method requests to manipulate a return url. The vulnerability is located in the redirectUrl value of the main_home module. Remote attackers are able to prepare manipulated client-side application to browser requests. Thus results in a client-side context manipulation after the redirect itself. After some seconds the service refreshs and allows to load the url by a special crafted payload that bypass the validation procedure. The vulnerability can be exploited by remote attackers without privilege web-application user accounts and with low required user interaction. Successful exploitation results in client side phishing and client-side external redirect to malicious sources. Request Method(s): [+] GET Vulnerable Module(s): [+] PayPal (Notify) Vulnerable Parameter(s): [+] redirectUrl Affected Module(s): [+] http://ift.tt/1G27WsK Proof of Concept (PoC): ======================= The open redirect web vulnerability can be exploited by remote attackers without privilege web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. First go to: http://ift.tt/1Mi4KWS 2. Now you have to add after redirectUrl= parameter this: //google.pt 3. Edited URL will be like this: http://ift.tt/1G27Zog 4. You can add any site after // 5. Now open Edited Url on a new tab on broswer 6. Now choose option Login with Paypal 7. Wait 6/7 seconds and you will be redirected to google.pt Solution - Fix & Patch: ======================= 2015-09-10: Vendor Fix/Patch (PayPal Inc Developer Team) Security Risk: ============== The security risk of the client-side url redirect web vulnerability in the paypal notifyme service is estimated as low. (CVSS 2.4) Credits & Authors: ================== Rui Silva (http://ift.tt/1Mi4IOH) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability

Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References (Source): ==================== http://ift.tt/1QYFPLt Release Date: ============= 2015-10-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1614 Common Vulnerability Scoring System: ==================================== 8.3 Product & Service Introduction: =============================== Where quality & reliability converge. Web.Com (India) is an ISO 9001:2008 certified Software company specialising in custom software development, web design and development, mobile app development, SEO and SMO Services in Guwahati, Assam. Deploying the latest technologies, we deliver solutions that offer high levels of consistency in quality and performance. Our technological intelligence spans several platforms, languages and databases. As a leading IT solutions provider, our technical skill set is ever up-to-date, comprising of the latest and the quintessential. (Copy of the Vendor Homepage: http://ift.tt/1xkiUCb ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered an auth bypass vulnerability in the official WebComIndia Content Management System (web-application). Vulnerability Disclosure Timeline: ================================== 2015-10-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== WebComIndia Ltd Product: WebComIndia.Biz - Content Management System 2015 Q4 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ An auth bypass web vulnerability has been discovered in the official WebComIndia Content Management System 2015Q4. The vulnerability allows remote attackers to bypass the login mechanism of the web-application to compromise the service. The auth bypass web vulnerability has been discovered in the Username input field of the login module. Remote attackers are able to bypass the mechanism to unauthorized login to the web-application. The vulnerability is located in the code-line on the application-side of the online-service. The request method to inject/execute is POST and the injection point is the Username. The vulnerability is a classic login auth bypass that allows to finally compromise the dbms and web-application at the end. The security risk of the auth bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.3. Exploitation of the login form auth bypass web vulnerability requires no privilege web-application user account or user interaction. Successful exploitation of the vulnerability results in unauthorized access to the admin panel, defacement, web-application and dbms compromise. Request Method(s): [+] POST Vulnerable Module(s) [+] Login Affected Module(s) [+] Account System - (Admin Panel) Vulnerable Parameter(s): [+] Username Proof of Concept (PoC): ======================= The auth bypass vulnerability can be exploited by remote attackers without privilege application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the vulnerable website 2. Surf to the admin panel 3. Inject to the Username input the following content `admin'-- -` 4. Include any random value as Password input and save the form to continue 5. Click on Login and you will be able to bypass login Note: The Username input field and request is not sanitized properly 6. Successful reproduce of the remote auth bypass vulnerability! Website: http://[server].com/ Admin Panel: http://[server].com/admin PoC: (Input) Username: admin'-- - Password: purani > Login Bypass successful! Note: The password value can be choosen randomly by the attacker! Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure parse and encode or escape of the Username value input. Restrict the input and disallow special chars. Include an exception that prevents by usage of a prepared statement. Security Risk: ============== The security risk of the auth bypass vulnerability in the Username input field and login request is estimated as high. (CVSS 8.3) Credits & Authors: ================== Aaditya Purani - ( http://ift.tt/1FWaUPI ) [ http://ift.tt/1QdwMGl ] Special Thanks: Hell Shield Hackers | Ahmedabad University | Skysecura Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

Juergen Klopp wants to inject passion into Liverpool

LIVERPOOL, England (AP) Renowned for being flamboyant and emotional, Juergen Klopp is ready to inject some of that passion into the Liverpool team.

from FOX Sports Digital http://ift.tt/1GAbkWH
via IFTTT

ISS Daily Summary Report – 10/8/15

NanoRack Cubesat Deployer (NRCSD) #6 Operations:  Overnight, three unsuccessful attempts were made to retract the secondary latch associated with deployer # 6, which would have allowed the deployment of the remaining two cubesats for this operation.  The next troubleshooting attempt to launch the cubesats will involve cycling the latches during a Japanese Experiment Module Remote Manipulator System (JEMRMS) E-stop test to jolt the deployer.  A total of 14 cubesats have been deployed this week:  2 Danish satellites and 12 Planet Lab Doves.  The Danish satellite GOMX-3 has an advanced antenna-pointing system and a variety of communications capabilities. It contains radios to test reception and data downlink for GPS satellites, the military and for weather monitoring, air traffic control and other uses.  The Danish satellite AAUSAT-5 uses a student-designed and constructed Automatic Identification System (AIS) receiver to track ship signals in support of a space-based AIS system. The Dove nanosatellites enable imagery of the entire planet to be taken on a frequent basis, with humanitarian and environmental applications ranging from monitoring deforestation and the ice caps to disaster relief and improving agriculture yields in developing nations   Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Max:  For his Flight Day 195 Sprint VO2 session, Kelly attached Electrocardiogram (ECG) electrodes to himself, set up and donned Heart Rate Monitor hardware, performed Portable Pulmonary Function System calibrations, and then performed the VO2 protocol.  The Sprint VO2 investigation evaluates the use of high intensity, low volume exercise to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers while reducing total exercise time during long-duration space missions   Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) 2 Rack Interface Unit (RIU) Replacement:  This morning, Kelly replaced the failed MELFI 2 RIU.  Following the replacement, ground teams successfully activated MELFI 2.  On September 7th this unit stopped providing Health and Status updates and the temperature started to change, indicating a Brayton motor stop.   Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Vertigo Setup:  Yui reviewed procedures and participated in a conference with the SPHERES ground team in preparation for SPHERES Vertigo runs tomorrow.  This investigation uses the SPHERES free-flying satellites to demonstrate and test enhanced technologies and techniques related to visual inspection and navigation. This effort incorporates hardware and software that enables multiple SPHERES to construct 3D models of a target object and then perform relative navigation solely by reference to those 3D models.   Sleep Log:  Kelly continues a week-long set of Sleep Log entries by making a daily entry.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Multi-Purpose Small Payload Rack 2 (MSPR2) Video Recording Unit 2 (VRU2) Checkout:  Yui provided support for troubleshooting an issue with high rate data link data packets from the MSPR2 VRU2.  He connected two camcorders to the MSPR2 so that the ground can command downlink of images.   Node 1 Nadir Power Connections Part 1:  As part of USOS Reconfiguation, Lindgren and Yui changed out bulkhead feedthrough connectors in the Lab to Node 1 vestibule.  They then mated pre-routed jumper cables to the ISS 2 and 3 power domains.  An additional activity is scheduled tomorrow in order to mate an alternate set of jumper cables to the 1 and 4 power domains.  These cables will provide power to Node 1 Nadir Berthing Port and Galley Rack. Service Module (SM) 8.08 Software Transition:  Today, the Service Module Central Computers (ЦВМ) and Service Module Terminal Computers (TBM) were upgraded from the SM 8.07 software load to the SM 8.08 software load.  The new software will support new Russian Cargo and Soyuz vehicles as well as provide 20 new Pre-Determined Debris Avoidance Maneuver (PDAM) Modes and removes SM software related to Automated Transfer Vehicle (ATV).   Mobile Servicing System (MSS) Operations:  During MSS power-up today, the Special Purpose Dexterous Manipulator (SPDM) Arm-2 Shoulder Yaw joint failed to read the expected position and reported an Invalid Joint Position.  The flight control engineering teams are working to troubleshoot and gather data.   Robotics Refueling Mission (RRM) science operations for today have been postponed while they work the issue.   Today’s Planned Activities All activities were completed unless otherwise noted. NEIROIMMUNITET. Venous blood sample processing NEIROIMMUNITET. CORRECTSIA. Processing venous blood sample using Plasma-03 centrifuge NEIROIMMUNITET. CORRECTSIA. Handover to USOS for MELFI Insertion RUEXP – Blood Sample Insertion into MELFI Airlock Manual Valve Close MSPR2 – Video Checkout Node 1 – Nadir port prep – Big picture Battery Swap SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD Audio Session with the Participants of XIII Korolev Readings and “Science ABC” Festival Node 1 – Nadir port prep – Hardware Gathering SPRINT – Hardware Power On MRM2 comm config to support the P/L Ops ТКГ 429 (SM Aft) Transfers and IMS Ops Geophysical Experiment (ГФИ-1). Battery Charge for Relaksatsiya Experiment Plug in Plan (PiP) – Airlock – UOP Hardware Power Down Kulonovskiy Kristall Experiment Run ТКГ 429 (SM Aft) Transfers and IMS Ops MELF2 – RIU Transfer Node 1 nadir power path connections – Part 1 MRM2 Comm Reconfig for Nominal Ops CALCIUM. Experiment session 8 MELFI-2 Temperature Data Recorder (TDR) Battery Install/Replace Power down hardware downstream of NOD2 UOP2 per Plug in Plan (PiP) SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup Node 1 – Nadir port prep SPRINT Experiment Ops Soyuz 718 Samsung Tablet Computer Charge – start ТКГ 429 (SM Aft) Transfers and IMS Ops EXPRESS Rack Hard Drive Replacement EXPRESS RACK Laptop SW Load Monthly Inspection of T2 Treadmill System Battery Swap KULONOVSKIY KRISTALL. Copying data to removable hard drive On MCC GO Vozdukh Deactivation Airlock Manual Valve Open Plug in Plan (PiP) – Node 2 – Hardware Power-up downstream UOP2 SPRINT – Equipment Stowage Soyuz 718 Samsung tablet charging ALGOMETRIA. […]

from ISS On-Orbit Status Report http://ift.tt/1jgBrws
via IFTTT

Juergen Klopp wants to turn Liverpool 'into believers'

LIVERPOOL, England (AP) Juergen Klopp says he wants to turn Liverpool ''from doubters into believers.''

from FOX Sports Digital http://ift.tt/1jSE6gq
via IFTTT

Samsung LoopPay Hacked, but 'Samsung Pay' is Safe

Samsung has been surrounded by a lot of controversies since the past few years, but that has not influenced its productivity. But this report has raised a few eyebrows... Samsung's mobile payment system company, LoopPay, was hacked back in March this year, just a month after Samsung bought it to help make Samsung Pay a reality. Samsung acquired LoopPay for more than $250 Million in


from The Hacker News http://ift.tt/1Rxofip
via IFTTT

Tearful Aguero injures hamstring, faces spell out

MANCHESTER, England (AP) Manchester City striker Sergio Aguero was carried off on a stretcher, in tears, with a hamstring injury during Argentina's 2-0 loss to Ecuador in a World Cup qualifier and faces a spell on the sidelines.

from FOX Sports Digital http://ift.tt/1jg0lfz
via IFTTT

Hackers Backdooring Cisco WebVPN To Steal Customers’ Passwords

Virtual Private Networks (VPNs), which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN product by Cisco Systems to install backdoors that collect employees' usernames and passwords used


from The Hacker News http://ift.tt/1GzV08q
via IFTTT

M83: The Thousand Ruby Galaxy


Big, bright, and beautiful, spiral galaxy M83 lies a mere twelve million light-years away, near the southeastern tip of the very long constellation Hydra. Prominent spiral arms traced by dark dust lanes and blue star clusters lend this galaxy its popular name, The Southern Pinwheel. But reddish star forming regions that dot the sweeping arms highlighted in this sparkling color composite also suggest another nickname, The Thousand-Ruby Galaxy. About 40,000 light-years across, M83 is a member of a group of galaxies that includes active galaxy Centaurus A. In fact, the core of M83 itself is bright at x-ray energies, showing a high concentration of neutron stars and black holes left from an intense burst of star formation. This sharp composite color image also features spiky foreground Milky Way stars and distant background galaxies. The image data was taken from the Subaru Telescope, the European Southern Observatory's Wide Field Imager camera, and the Hubble Legacy Archive. via NASA http://ift.tt/1WP9hHu

Thursday, October 8, 2015

Free Anonymous HIV Testing

Additional Information. Free Anonymous HIV Testing sponsored by the UCLA LGBT Campus Resource Center and the Aids Health Foundation.

from Google Alert - anonymous http://ift.tt/1Qcz0Wy
via IFTTT

Brazil loses without Neymar; Argentina falls with no Messi

RIO DE JANEIRO (AP) Brazil showed Thursday it can't win against the best without Barcelona star Neymar, losing 2-0 at Chile as qualifying in South America opened for the 2018 World Cup in Russia.

from FOX Sports Digital http://ift.tt/1NrwZrZ
via IFTTT

Portugal, Northern Ireland book Euro 2016 places

BERLIN (AP) Portugal and Northern Ireland booked their places at Euro 2016 on Thursday, while world champion Germany was made to wait after being upset 1-0 by Ireland in Dublin.

from FOX Sports Digital http://ift.tt/1L2zcGo
via IFTTT

[FD] Broken, Abandoned, and Forgotten Code, Part 13

Part 13 (the penultimate installment) of Broken, Abandoned, and Forgotten Code is up. In this first of two parts covering post exploitation, we cover how to customize the stage 1 firmware image the exploit will flash onto the target. It is the job of this minimized firmware image to bootstrap a fully functional, trojanized stage 2 firmware onto the Netgear R6200. Here's a link to part 13: http://ift.tt/1WPqlx2 If you missed my post to Full Disclosure where I introduced the series, here's that: http://ift.tt/1F6IUWA As always I welcome feedback via email or Twitter. I'm @zcutlip. I hope you enjoy it! Cheers, Zach

Source: Gmail -> IFTTT-> Blogger

[FD] Veeam Backup & Replication Local Privilege Escalation Vulnerability

US men embrace Mexico soccer rivalry heading to Rose Bowl

IRVINE, Calif. (AP) Clint Dempsey has been immersed in the U.S. soccer rivalry with Mexico pretty much from the moment he understood what the international game means to both nations.

from FOX Sports Digital http://ift.tt/1L9B26r
via IFTTT

Ireland upsets Germany 1-0 in Euro 2016 qualifier

DUBLIN (AP) Substitute Shane Long scored five minutes after coming on for Ireland to upset world champion Germany 1-0 and clinch at least a playoff place for Euro 2016 on Thursday.

from FOX Sports Digital http://ift.tt/1VHTKfE
via IFTTT

France beats Armenia 4-0 in friendly match

NICE, France (AP) Karim Benzema ended a one-year scoring drought for France in style, netting two goals and setting up another in a 4-0 friendly win over Armenia on Thursday.

from FOX Sports Digital http://ift.tt/1VHUUb9
via IFTTT

Portugal goes to Euro 2016; Denmark, Albania seek 2nd spot

BRAGA, Portugal (AP) Portugal beat Denmark 1-0 Thursday and clinched qualification for next year's European Championship, securing top place in Group I.

from FOX Sports Digital http://ift.tt/1LpjeDA
via IFTTT

Northern Ireland qualifies for its first Euros

BELFAST, Northern Ireland (AP) Northern Ireland qualified for its first European Championship on Thursday following a 3-1 win over Greece.

from FOX Sports Digital http://ift.tt/1VHQFMz
via IFTTT

After Dortmund deeds, Klopp has Liverpool dreaming again

BERLIN (AP) German football was left almost in a state of mourning when Juergen Klopp announced his departure from Borussia Dortmund after seven seasons in charge last April.

from FOX Sports Digital http://ift.tt/1MgQDkt
via IFTTT

With Platini suspended, FIFA election field more uncertain

LONDON (AP) From sure bet to suspended, Michel Platini's career in soccer politics could be over.

from FOX Sports Digital http://ift.tt/1OoDM46
via IFTTT

Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately

SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised by hackers in the next three months. The SHA-1 algorithm was designed in 1995 by the


from The Hacker News http://ift.tt/1VHnZhw
via IFTTT

Juergen Klopp arrives in Liverpool to take charge of club

LONDON (AP) Juergen Klopp arrived in Liverpool on Thursday to take over as manager of the Premier League club, a person familiar with the situation said Thursday.

from FOX Sports Digital http://ift.tt/1Zhv9h6
via IFTTT

Column: Sepp Blatter, hoisted by his own petard at FIFA

PARIS (AP) The delicious irony of it: Sepp Blatter tossed out of football, at least temporarily, by a FIFA policing body that he himself helped create when the world was still his oyster.

from FOX Sports Digital http://ift.tt/1L1XXml
via IFTTT

Microsoft Pays $24,000 Bounty to Hacker for Finding 'Account Hacking' Technique

A security researcher has won $24,000 from Microsoft for finding a critical flaw in its Live.com authentication system that could allow hackers to gain access to a user’s complete Outlook account or other Microsoft services. Microsoft's Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft


from The Hacker News http://ift.tt/1LBPucJ
via IFTTT

Serbian prime minister skips soccer match against Albania

ELBASAN, Albania (AP) Serbian Prime Minister Aleksandar Vucic declined an invitation to attend Thursday's qualifier for the European soccer championships in Albania, saying he doesn't want heated fan rivalry to undermine progress made in relations between the two Balkan countries.

from FOX Sports Digital http://ift.tt/1WPA6LS
via IFTTT

Practicing in a car park: WCup qualifying for Somalia's team

ADDIS ABABA, Ethiopia (AP) While revelations swirl of FIFA executives in expensive suits taking millions in bribes to award money-spinning World Cups, some of the poorest teams face near-impossible challenges to make it to soccer's biggest tournament, and try their hearts out anyway.

from FOX Sports Digital http://ift.tt/1LBLusS
via IFTTT

q2811

q2811



from Patrick McGuire http://ift.tt/1Oo5uhy
via IFTTT

AP Source: Klopp headed to Liverpool to become manager

LONDON (AP) A person familiar with the situation says Juergen Klopp is headed to Liverpool to take over as manager of the Premier League club.

from FOX Sports Digital http://ift.tt/1jcJydj
via IFTTT

[FD] [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass

Advisory: Buffalo LinkStation Authentication Bypass An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk. Details ======= Product: Buffalo LinkStation Duo (LS-WXL), LS-CHL(v2), LS-XHL, LS-WVL, LS-WSX, LS-VL, LS-QVL, LS-XL Affected Versions: 1.34, 1.69, 1.70 Fixed Version: 1.71 Vulnerability Type: Authentication Bypass Security Risk: high Vendor URL: http://ift.tt/WKmbtL Vendor Status: fixed version released Advisory URL: http://ift.tt/1hswhw3 Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://ift.tt/1jQGmEN Introduction ============ LinkStation is a brand name of Network Attached Storage (NAS) devices manufactured by the Japanese company Buffalo. The stored data can be accessed via several protocols such as SMB, FTP, AFP and HTTP. A web interface is provided for management purposes. More Details ============ The web interface can be reached via HTTP in a web browser. On opening the web interface the user is first presented a login screen where a username and a password must be supplied. On submission, an HTTP POST request is performed by the browser: POST /dynamic.pl HTTP/1.1 Host: 192.168.1.2 [...] bufaction=verifyLogin&user=RedTeam&password=Pentesting In the request above, the username "RedTeam" and the password "Pentesting" were supplied. The chosen credentials are invalid as no user with that name exists. The application responds with a JSON-type reply: HTTP/1.0 200 OK [...] { "data": [ { "pageMode": 2, "sid": "5e0f9249a6cc5137d051514c47b2bb9b" } ], "errors": [], "success": false } On the contrary, if valid credentials of an administrative account are supplied, a reply similar to the following is received: HTTP/1.0 200 OK [...] { "data": [ { "pageMode": 0, "sid": "b9466fbff0c2f277449015d6e110b173" } ], "errors": [], "success": true } It was found that in both cases valid session IDs are generated and only the client-side JavaScript web interface restricts their usage. This is triggered by the key "success" within the reply. If the field is set to "false", an error is reported and the user is asekd to authenticate again. Otherwise, the user is allowed to use the web interface. Furthermore, the administrative functions are restricted only on the client-side as well. The key "pageMode" was found to be one of the three integers representing the type of the user account: 0 - administrator 1 - regular user without administrative privileges 2 - guest user without any privileges Thus, an attacker may simply provide invalid credentials while tampering the keys "success" and "pageMode" of the reply in transit (for example by using a proxy). The attacker may then use the web interface as an administrative user from the browser. Alternatively, a valid session ID may be requested using invalid credentials and then used directly to execute privileged operations by sending the appropriate POST requests. This eliminates the need for tampering the returned JSON-data. Such an attack is implemented in the Proof of Concept section. Proof of Concept ================ The following Python script exploits the described vulnerability and sets the password of the "admin"-account to an attacker supplied value.

Source: Gmail -> IFTTT-> Blogger

Kemoge: Latest Android Malware that Can Root Your Smartphone

Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable. Now, the latest is the 'Kemoge Malware' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of


from The Hacker News http://ift.tt/1LBnnKY
via IFTTT

Messi to stand trial in Spain on 3 counts of tax fraud

MADRID (AP) Lionel Messi will stand trial in Spain on three counts of tax fraud.

from FOX Sports Digital http://ift.tt/1FZyvP6
via IFTTT

South Sudan WCup qualifying debut ends day later in 1-1 draw

JUBA, South Sudan (AP) South Sudan earned a draw in its World Cup qualifying debut, holding Mauritania to 1-1 Thursday, a day after the game began and was then abandoned because of heavy rain.

from FOX Sports Digital http://ift.tt/1FUImWR
via IFTTT

Book Talk: 'Anonymous Soldiers: The Struggle for Israel, 1917-1947'

Bruce Hoffman, Professor and Director of the Center for Security Studies, will present on his new book Anonymous Soldiers: The Struggle for Israel, ...

from Google Alert - anonymous http://ift.tt/1jQrYfM
via IFTTT

The Latest: Hayatou takes over as FIFA's acting president

ZURICH (AP) The Latest from the FIFA investigation (all time local):

from FOX Sports Digital http://ift.tt/1L8zUzU
via IFTTT

ISS Daily Summary Report – 10/7/15

NanoRack Cubesat Deployer (NRCSD) Operations:  Yesterday evening two Dove cubesats were launched successfully from Deployer #5.  However, an overnight attempt to launch an additional two cubesats from Deployer #6 was not successful.  Subsequently, two cubesats from Deployer #7 were launched this morning.  Ground teams are investigating the launch failure for Deployer #6 and working the forward plan.   Integrated Resistance and Aerobic Training Study (SPRINT) Configuration:  Kelly configured the Portable Pulmonary Function System (PPFS) in advance of his Flight Day 195 Sprint Volume of Oxygen Utilized (VO2) Max session tomorrow.  The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions.   Large Format Motion Picture Camera (IMAX) Activities:  Kelly connect the IMAX Codex to a Station Support Computer (SSC) for downlink of recorded video files.  IMAX filmmakers intend to produce a three dimensional movie called A Perfect Planet, using ISS-based video and images to show how natural and human forces shape planet Earth. The film will also showcase NASA’s exploration efforts and highlight the ISS as a platform for scientific research and a stepping stone to deep space exploration.   Sleep Log:  Kelly and Kornienko continued a week-long set of Sleep Log entries by making daily entries.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Extravehicular Activity (EVA) Preparation:  Yui has configured Extravehicular Mobility Unit (EMU) suits 3005 and 3011 for loop scrubbing.  Samples containing 250 mL of the water were obtained after the loop scrub activity to determine the effectiveness of the filtering.  10 mL of this water sample were used for a conductivity test and the remaining water will be sent to the ground for chemical analysis.  After the samples were taken, Yui then reconfigured Loop Scrub hardware for Iodination of Ion Filters on both suits.  Later in the afternoon, Lindgren unstowed items from the Airlock that will not be required for the upcoming EVAs.  Kelly and Lindgren also worked to resize EMU 3003 and 3010 which will be used during the EVAs.  EMU 3003 was resized for Kelly and EMU 3010 for Lindgren.   Portable Emergency Provisions (PEPS) Inspection:  Lindgren conducted the regular inspection of the Portable Fire Extinguisher (PFE), Extension Hose Tee Kit (EHTK), Portable Breathing Apparatus (PBA), and Pre-Breathe Masks.  Pre-Breathe Masks are not emergency equipment, but have similar maintenance requirements and thus are included in this inspection.   Robotics Refueling Mission (RRM) Operations:  Overnight, Robotics Ground Controllers maneuvered the Space Station Remote Manipulator System (SSRMS) and the Special Purpose Dexterous Manipulator (SPDM) into position to start the TB4 Science Operations.  Next SPDM Arm2, using use the Multifunction Tool (MFT), acquired, checked out and unstowed the Blindmate Connector Adaptor (BCA).  They then maneuvered the BCA into position and inserted it into and mated it to the Electrical Test Port Panel (TTP) on TB4.  Today, the Robotics Ground Controllers released the MFT from the BCA and maneuvered the SSRMS and SPDM into position to perform the MFT Vision Task which consisted of calibrating the MFT cameras using a checkerboard target on TB4. Finally they commanded SSRMS and SPDM to overnight park ready to resume tomorrow.   Today’s Planned Activities All activities were completed unless otherwise noted. ISS Crew / SSIPC FD Conference IMAX – Connecting to SSC Crew replaces batteries for SPHERES session Start EMU cooling loop scrub CUBESAT – Deployment Photo Life On The Station Photo and Video ODF Books Update on IPAD [Aborted] OTKLIK. Hardware Monitoring RS1 Laptop Activation Test  of КЦП1-ЦВМ-ТВМ Command & Data Path RS1 Laptop Deactivation Test of Laptop RS3-КЦП2-ЦВМ-ТВМ Command & Data Path Formaldehyde Monitoring Kit (FMK) Removal ops Replacement of E-K Pre-treat Container and Hose in АСУ System ODF Books Update on IPAD [Aborted] Saving personal data from RSK2 Laptop prior to installation of a new SW version Opening JEMAL Outer Hatch and extending slide table to JEF side [Aborted] Installation of SW Version 4.1 on station Laptop RSK2. IMAX – Terminate Battery Charge Inspection of Portable Breathing Apparatus (PBA) and Portable Fire Extinguisher (PFE) Cleaning fan screens on FGB interior panels 116, 316, 231, 431 Node 1 – Cable Installation/Routing Ops Installing of closeout panels that require no hatch closure COSMOCARD. Closeout Ops EMU Cooling Loop Post Scrub Water Sample IMS Delta File Prep WRS – Recycle Tank Fill EMU – Cooling loop maintenance for iodination JEMRMS – Hardware Checkout [Aborted] SPRINT – Hardware Setup В3 Fan Screen Cleaning inDC1 Initiate condensate tank offload to CWC Changing Batteries for SPHERES IMAX – Terminate Codex 512 GB Drive charge Swap CWCs to allow for complete tank offload JEMAL- Hardware Removal [Aborted] JEMRMS RLT Laptop Deactivation [Aborted] Termination of Condensate Tank Offload to CWC EMU – Cooling Loop Maintenance – EMU Reconfig Weekly conference with the Program Management In Flight Maintenance (IFM) – Waste and Hygiene Compartment (WHC) – Full Fill Video Footage of Greetings Private Medical Conference IMAX – Power Down EMU – Long Dryout EMU-H2O – Conductivity Test In Flight Maintenance (IFM) – Waste and Hygiene Compartment (WHC) – Full Fill MRM2 comm config to support the P/L Ops Cleaning FGB Gas-Liquid Heat Exchanger (ГЖТ) Detachable Screens 1, 2, 3 Progress 429 (SM Aft) priority and US cargo transfers and IMS Ops Kulonovskiy Kristall Experiment Run EMU – Cooling Loop Scrub – Deconfiguration EMU Resizing Changing Batteries for SPHERES EMU Resizing MRM2 Comm Reconfig for Nominal Ops KULONOVSKIY KRISTALL. Copying data to removable hard drive СОЖ Maintenance EVA – Equipment transfer from Airlock VIZIR. Experiment Ops Ventilation grille cleaning on FGB interior panels (panels 201, 301, 401) EVA – Equipment transfer from Airlock CONTENT. Experiment Ops Terminate BSA Battery Stowage Assembly Maintenance Cycle EVA – Stow equipment used in conductivity test Psychological Evaluation Program (WinSCAT) PAO Event / See OPTIMIS Viewer for Procedure Preparation of […]

from ISS On-Orbit Status Report http://ift.tt/1jQdSLo
via IFTTT

The Latest: Blatter's lawyer says procedure not followed

ZURICH (AP) The Latest from the FIFA investigation (all time local):

from FOX Sports Digital http://ift.tt/1hscY6b
via IFTTT

Serbian PM skips match against Albania

ELBASAN, Albania (AP) Serbian Prime Minister Aleksandar Vucic says he will not attend a qualifier for the European soccer championships in Albania, saying he does not want heated fan rivalry to undermine progress made in relations between the two Balkan countries.

from FOX Sports Digital http://ift.tt/1VGdekG
via IFTTT

FIFA suspends Sepp Blatter and Michel Platini for 90 days

ZURICH (AP) FIFA has provisionally banned President Sepp Blatter and UEFA President Michel Platini for 90 days in the wake of a Swiss criminal investigation.

from FOX Sports Digital http://ift.tt/1GxIohZ
via IFTTT

FIFA suspends Sepp Blatter and Michel Platini for 90 days

ZURICH (AP) FIFA has provisionally banned President Sepp Blatter and UEFA President Michel Platini for 90 days in the wake of a Swiss criminal investigation.

from FOX Sports Digital http://ift.tt/1MfRgut
via IFTTT

North Korea's perfect qualifying record ends with 0-0 draw

SEOUL, South Korea (AP) North Korea's perfect record in World Cup qualifying came to an end Thursday after being held to a 0-0 draw by the Philippines.

from FOX Sports Digital http://ift.tt/1jbxKrL
via IFTTT

How to Auto-BackUp Your WhatsApp Data to Google Drive with Encryption

What if your phone suddenly slips into a bathtub? Maybe you'll end up losing all your important data, more specifically, your WhatsApp photos, videos, Voice Notes and Chat Data that flows through your chats. Sounds scary, isn't it?  <!-- adsense --> But, now you need not worry if your phone suddenly died or broke – Thanks to the new integration to your favorite messaging app WhatsApp


from The Hacker News http://ift.tt/1VGknMN
via IFTTT

Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

Re: [FD] DDos Attack To Drop The Internet

Given enough bandwidth and a unique idea, anything is possible, it is true. You provided a 2MB text list of DNS servers, approximately 200,000 of them. They sit across most of the v4 IP ranges available (and some IPV6 ones). This means upstream links won't likely be saturated, and filtering can likely be done on the server based on heuristics. If you're going to ask for 100% random non-existent domains you're easy to beat - if( failed_request() > 99% ) { drop_packet() }. If you're going to ask for TLDs that exist, they're already cached by anyone running a half-decent server, and they're going to send you elsewhere. You might cause issues for individual downstream ranges as people get heavy-handed with filtering, but you've included google's servers in there and I'm guessing the roots are there too. They're anycast and backed by some crazy bandwidth. Of course it might work once, for a short time, but you've just told some spectacular engineers out there to think about this problem, and they've definitely already considered it ;) James On Tue, 6 Oct 2015, at 01:39, Jeffrey Roberts wrote: > If you were to have a botnet which were to flood random DNS queries > for domains that did not exist to the list of DNS servers hosted on > http://ift.tt/1KWK74y then the root dns servers and > the tld dns servers would be overwhelmed without any way to filter the > packets, if they were to filter the packets of the DNS servers, they > themselves would be turning off DNS, hence they can not do that... If > the botnet only hits the DNS servers on the list a few times, > filtering those packets would be insignificant. This attack should in > essence turn off DNS for the world, hence, turning off the internet as > the public knows it today. > >

Source: Gmail -> IFTTT-> Blogger

Re: [FD] DDos Attack To Drop The Internet

This used to be a problem, 10+ years ago, since then there has been a lot of work done to protect larger DNS services (root servers in particular) against DDoS: http://ift.tt/1FYHb8m P.

Source: Gmail -> IFTTT-> Blogger

[FD] A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE

Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Huawei 3G routers is posted here: http://ift.tt/1OkQG33 === text-version of the advisory ===

Source: Gmail -> IFTTT-> Blogger

Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability

[FD] Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

[FD] CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

*Introduction* *Oracle E*–*Business Suite* is a fully integrated, comprehensive suite of business applications for the enterprise. Following purposes most of organization uses Oracle E-business. 1. Customer Relationship Management 2. Financial Management 3. Human Capital Management 4. Project Portfolio Management 5. Advanced Procurement 6. Supply Chain Management 7. Service Management *Vulnerable Version* Oracle E-Business Suite, version(s) 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 *Brief About bug * The unauthenticated upload vulnerability resides in Oracle Marketing component. If you search in Google for Oracle E-business, you will find more than 30K unique search results. The file is uploaded into a table in the E-Business Suite database schema. The attacker,however, can use it to fill up the existing table space. Upload functionality allows the attacker to upload any arbitrary file types(All executables) and also allows to execute the uploaded code. ​ *POC Raw code for feeding files files to server to :* for ($x=1; $x < 100; $x++): curl -i -s -k -X 'POST' \ -H 'Origin: http://Oracle-Application:Port' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36' -H 'Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information

Source: Gmail -> IFTTT-> Blogger

[FD] TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information

Source: Gmail -> IFTTT-> Blogger

[FD] CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello list! After all my advisories about vulnerabilities in Callisto 821+ (http://ift.tt/1LVftKX) and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devices are vulnerable as well, so I disclosed vulnerabilities in Callisto 821+R3 ADSL Router. These are Cross-Site Request Forgery vulnerabilities. The whole control panel is vulnerable to CSRF, here are two vulnerabilities. SecurityVulns ID: 11700.

Source: Gmail -> IFTTT-> Blogger

[FD] [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

[FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

############################################################# # # COMPASS SECURITY ADVISORY # http://ift.tt/JChVZk # ############################################################# # # Product: Netgear Router Firmware N300_1.1.0.31_1.0.1.img # and N300-1.1.0.28_1.0.1.img # Vendor: NETGEAR # CVE ID: requested # Subject: Authentication Bypass # Risk: High # Effect: Remotely exploitable over LAN/WLAN # Author: Daniel Haake (daniel.haake@csnc.de) # Date: 06.10.2015 # ############################################################# Introduction:

Source: Gmail -> IFTTT-> Blogger

Torres scores in 65th minute, Mexico beats Honduras 2-1

COMMERCE CITY, Colo. (AP) Erick Torres scored in the 65th minute to help Mexico beat 10-man Honduras 2-1 on Wednesday night and wrap up Group B in the CONCACAF Olympic qualifying tournament.

from FOX Sports Digital http://ift.tt/1RuVLWG
via IFTTT

Torres scores in 65th minute, Mexico beats Honduras 2-1

COMMERCE CITY, Colo. (AP) Erick Torres scored in the 65th minute to help Mexico beat 10-man Honduras 2-1 on Wednesday night and wrap up Group B in the CONCACAF Olympic qualifying tournament.

from FOX Sports Digital http://ift.tt/1ZeynBU
via IFTTT

La Palma Eclipse Sequence


At left, a dramatic image sequence follows late September's total lunar eclipse above a rugged landscape and sea of clouds from the Canary island of La Palma. Composited in a circular fisheye projection, the brightness of the Full Perigee Moon changes drastically in transition from outside the total eclipse phase compared to its dim glow during the 72 minute long totality. At right, a single frame captures the dark red lunar disk in a moment during the total eclipse phase, the Moon deep within Earth's shadow. In fact, the size of the eclipsed Moon image at right approximately illustrates the relative size of Earth and Moon, when compared to the circular projection of the eclipse sequence. via NASA http://ift.tt/1KZrkp6

IMERG Global Precipitation Rates (New Colorbar)

NASA's Global Precipitation Measurement mission has produced its first global map of rainfall and snowfall. The GPM Core Observatory launched one year ago on Feb. 27, 2014 as a collaboration between NASA and the Japan Aerospace Exploration Agency and acts as the standard to unify precipitation measurements from a network of 12 satellites. The result is NASA's Integrated Multi-satellitE Retrievals for GPM data product, called IMERG, which combines data from all 12 satellites into a single, seamless map. The map covers more of the globe than any previous precipitation data set and is updated every half hour, allowing scientists to see how rain and snow storms move around nearly the entire planet. As scientists work to understand all the elements of Earth's climate and weather systems, and how they could change in the future, GPM provides a major step forward in providing the scientific community comprehensive and consistent measurements of precipitation.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1JU4Ba6
via IFTTT

Wednesday, October 7, 2015

Flores scores in 82nd minute, Costa Rica ties Haiti 1-1

COMMERCE CITY, Colo. (AP) Dylan Flores scored in the 82nd minute and Costa Rica tied Haiti 1-1 on Wednesday night in their Group B finale in the CONCACAF Olympic qualifying tournament.

from FOX Sports Digital http://ift.tt/1Ze8MZU
via IFTTT

Towards a general framework for an observation and knowledge based model of occupant behaviour in office buildings. (arXiv:1510.01970v1 [cs.AI])

This paper proposes a new general approach based on Bayesian networks to model the human behaviour. This approach represents human behaviour withprobabilistic cause-effect relations based not only on previous works, but also with conditional probabilities coming either from expert knowledge or deduced from observations. The approach has been used in the co-simulation of building physics and human behaviour in order to assess the CO 2 concentration in an office.



from cs.AI updates on arXiv.org http://ift.tt/1L7v9qd
via IFTTT

Budget Constraints in Prediction Markets. (arXiv:1510.02045v1 [cs.GT])

We give a detailed characterization of optimal trades under budget constraints in a prediction market with a cost-function-based automated market maker. We study how the budget constraints of individual traders affect their ability to impact the market price. As a concrete application of our characterization, we give sufficient conditions for a property we call budget additivity: two traders with budgets B and B' and the same beliefs would have a combined impact equal to a single trader with budget B+B'. That way, even if a single trader cannot move the market much, a crowd of like-minded traders can have the same desired effect. When the set of payoff vectors associated with outcomes, with coordinates corresponding to securities, is affinely independent, we obtain that a generalization of the heavily-used logarithmic market scoring rule is budget additive, but the quadratic market scoring rule is not. Our results may be used both descriptively, to understand if a particular market maker is affected by budget constraints or not, and prescriptively, as a recipe to construct markets.



from cs.AI updates on arXiv.org http://ift.tt/1jOX33w
via IFTTT

Towards AI-Complete Question Answering: A Set of Prerequisite Toy Tasks. (arXiv:1502.05698v7 [cs.AI] UPDATED)

One long-term goal of machine learning research is to produce methods that are applicable to reasoning and natural language, in particular building an intelligent dialogue agent. To measure progress towards that goal, we argue for the usefulness of a set of proxy tasks that evaluate reading comprehension via question answering. Our tasks measure understanding in several ways: whether a system is able to answer questions via chaining facts, simple induction, deduction and many more. The tasks are designed to be prerequisites for any system that aims to be capable of conversing with a human. We believe many existing learning systems can currently not solve them, and hence our aim is to classify these tasks into skill sets, so that researchers can identify (and then rectify) the failings of their systems. We also extend and improve the recently introduced Memory Networks model, and show it is able to solve some, but not all, of the tasks.



from cs.AI updates on arXiv.org http://ift.tt/1ApWocn
via IFTTT

Jointly Learning Multiple Measures of Similarities from Triplet Comparisons. (arXiv:1503.01521v3 [stat.ML] UPDATED)

Similarity between objects is multi-faceted and it can be easier for human annotators to measure it when the focus is on a specific aspect. We consider the problem of mapping objects into view-specific embeddings where the distance between them is consistent with the similarity comparisons of the form "from the t-th view, object A is more similar to B than to C". Our framework jointly learns view-specific embeddings exploiting correlations between views. Experiments on a number of datasets, including one of multi-view crowdsourced comparison on bird images, show the proposed method achieves lower triplet generalization error when compared to both learning embeddings independently for each view and all views pooled into one view. Our method can also be used to learn multiple measures of similarity over input features taking class labels into account and compares favorably to existing approaches for multi-task metric learning on the ISOLET dataset.



from cs.AI updates on arXiv.org http://ift.tt/1Bd8Lcd
via IFTTT

Dinamo Zagreb player fails doping test after Arsenal match

ZAGREB, Croatia (AP) Dinamo Zagreb says midfielder Arijan Ademi failed a doping test after the Croatian side's Champions League win over Arsenal last month.

from FOX Sports Digital http://ift.tt/1MfDmgz
via IFTTT

Blatter awaiting fate after ethics committee investigation

LONDON (AP) Sepp Blatter could be facing a 90-day suspension.

from FOX Sports Digital http://ift.tt/1VEeDsf
via IFTTT

jobs from Anonymous

Anonymous. We are looking for an experienced Setter to join our busy team. Someone who can help us role out best practice and a quality focused ...

from Google Alert - anonymous http://ift.tt/1N0mjgM
via IFTTT

Anonymous events should be able to have 4 indexed arguments

Anonymous events should be able to have 4 indexed arguments #120. Open. chriseth opened this Issue 9 minutes ago · 0 comments ...

from Google Alert - anonymous http://ift.tt/1N0mjgI
via IFTTT

Anonymous Crime Tips to the Police

Use this service to report anonymous crime tips to the Tampa Police Department. Please use the form below to send information you might have about ...

from Google Alert - anonymous http://ift.tt/1MeLcmd
via IFTTT

Groups of men and women playing bridge in Manhattan Alcoholics Anonymous club room

Photos, Prints, Drawings [Groups of men and women playing bridge in Manhattan Alcoholics Anonymous club room] ...

from Google Alert - anonymous http://ift.tt/1LkPnMg
via IFTTT

FIFA ethics panel meets to discuss Sepp Blatter, Platini

LONDON (AP) A member of the FIFA ethics committee says they are meeting in Zurich to discuss cases involving FIFA President Sepp Blatter and UEFA President Michel Platini.

from FOX Sports Digital http://ift.tt/1LyFtx3
via IFTTT

Honduran soccer club president arrested in US

TEGUCIGALPA, Honduras (AP) The president of Honduras' most famed soccer club has been arrested by U.S. authorities in Miami on money laundering charges.

from FOX Sports Digital http://ift.tt/1VDHiO0
via IFTTT

Lorenzo Insigne pulls out of Italy squad with injury

FLORENCE, Italy (AP) Napoli forward Lorenzo Insigne has pulled out of the Italy squad for the upcoming European Champions qualifiers against Azerbaijan and Norway with a knee injury.

from FOX Sports Digital http://ift.tt/1hqyZlT
via IFTTT

British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The spying agencies have special tools that let them take over your smartphones with just a text message, said Edward Snowden, and


from The Hacker News http://ift.tt/1JSnqdP
via IFTTT

How to Activate GodMode in Windows 10

Microsoft's Windows 10, the latest version of Windows Operating System, has been creating waves since it rolled out, and reached to 110 million devices within just 2 months. If you are a long-time Windows user, you may remember a trick called, 'God Mode'. God Mode is an inbuilt, but hidden feature of Windows that provides additional customization options for the operating system. With Windows 10,


from The Hacker News http://ift.tt/1ZbzP7W
via IFTTT

Ugandan soccer federation investigated for money laundering

KAMPALA, Uganda (AP) The Ugandan soccer federation is being investigated by the country's financial crimes authority for money laundering.

from FOX Sports Digital http://ift.tt/1Q7iVBz
via IFTTT

ISS Daily Summary Report – 10/6/15

NanoRack Cubesat Deployer (NRCSD) #6 Operations:  Yesterday, two Danish cubesats and the first 4 Dove cubesats of the “Flock 2” fleet of satellites were launched.  This morning an additional 4 Dove cubesats were launched and the final 6 Dove cubesats will be launched tonight.  The Dove nanosatellites enable imagery of the entire planet to be taken on a frequent basis, with humanitarian and environmental applications ranging from monitoring deforestation and the ice caps to disaster relief and improving agriculture yields in developing nations.  A total of 16 cubesats will be deployed this week:  14 Planet Lab Doves and the 2 Danish satellites.   Sleep Log:  Kelly and Kornienko continued a week-long set of Sleep Log entries by making daily entries.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Node 1, 2 and 3 Cable Routes:  As part of USOS Reconfiguration, Lindgren finished an activity he started yesterday to install power and data cables within Node 1.  Once complete, he re-installed all of the closeout panels he had removed in support of this activity.  Yui, routed power cables from the Node 2 DC-to-DC Converter Unit (DDCU) Rack to the Node 2 Aft Bulkhead.  The cables will eventually provide redundant power to Node 1 Nadir Berthing Port and Node 1 Galley Rack.  Kelly re-routed a Node 3 Sample Delivery System (SDS) power cable which will provide power to a new Node 1 Deck SDS Valve. This cable was previously routed, however laid short of the connection point.  The Node 3 cable routing called for a widespread powerdown of Node 3 systems, including the Node 3-1 MDM, OGA, MCA, and CDRA.  The Lab CDRA was activated for CO2 removal.   Remote Power Control Module (RPCM) N31B4A F1 Change Out:  Kelly replaced RPCM N31B4A F1 which is located behind Node 3 Avionics Rack #1.  The RPCM had experienced a switch anomaly in March 2015 which prevented power distribution to Audio Bus Coupler (ABC)-5, an Orbital Replacement Unit (ORU) that provides a redundant Audio path for voice and Caution/Warning Tones to and from Node 3 and Cupola Modules.   Russian Treadmill (БД-2) Repair:  Today, Kornienko and Kononenko have replaced a broken Thrust Compensator Bracket on the Russian Treadmill (БД-2).  The bracket was reported as broken last month.  With no onboard spares available, Russian Ground Teams manifested a replacement bracket onboard Progress 61P.  Mission Control Center (MCC)-M has given the Russian Crew a go for БД-2 exercise.  The Russian Crew had been using the US Treadmill 2 (T2) while БД-2 was out of service.   Robotics Refueling Mission (RRM):  Yesterday, the Robotics Ground Controllers maneuvered Special Purpose Dexterous Manipulator (SPDM) Arm2 into position to continue the Robotics Refueling Mission (RRM) payload Task Board 3 (TB3) Science Operations.  All objectives for TB3 were completed. This evening and overnight, ground controllers will begin TB4 science operations.   Today’s Planned Activities All activities were completed unless otherwise noted. Node 2 – Cable Installation/Routing Ops Geophysical Experiment ГФИ-1. Charging battery for Relaksatstiya experiment Node 2 – Cable Installation/Routing Ops – Hardware gathering for cable installation/routing On MCC GO Vozdukh Deactivation БД-2 Repair CARDIOVECTOR. Experiment Ops Node 2 – Cable Installation/Routing Ops – Cable Installation HOPA –  Operations COSMOCARD. Preparation Ops. Starting 24-hr ECG Recording CUPOLA Window Shutter Close Node 3 – Cable Installation/Routing Ops В3 Fan Screen Cleaning in MRM2 Node 1 – Cable Installation/Routing Ops NOD3 UOP1 & UOP44 Hardware Powerdown Node 2 – Cable Installation/Routing Ops Vacuum Cleaning В1, В2 air ducts in MRM2 RPCM R&R NOD3O4 N31B4A F1 Air Heater Fan [БВН] Screen Cleaning in ТК 718 Node 3 Cable Routing/Installation Power Up NOD2 CQ-1 (Crew Quarter 1) Equipment ISS SRVR1 – Loading backup Hard Drives Psychological Evaluation Program (WinSCAT) On MCC GO Vozdukh Atmosphere Purification System [СОА] Activation Filling (separation) of EDV (KOV) for Elektron or EDV-SV. MRM2 comm config to support the P/L Ops KULONOVSKIY KRISTALL. Hardware Setup and Configuration OBT – HTV Rendezvous and Docking Conference ISS EMU Swap ISS SRVR1 – Stowage of loaded b/u hard drives KULONOVSKIY KRISTALL. Experiment Ops Kulonovskiy Kristall Experiment Photography INTERACTION-2. Experiment Ops HAM radio session from Columbus MRM2 Comm Reconfig for Nominal Ops CONTENT. Experiment Ops NOD3 UOP1 & UOP 4 Hardware Powerup RELAKSATSIYA. Mounting hardware on CQ window No.1 Saving personal data from RSK2 Laptop prior to installation of a new SW version RELAKSATSIYA. Parameter Settings Node 1 – Cable Installation/Routing Ops PMM Hygiene Questionnaire RELAKSATSIYA. Observation Saving personal data from RSK2 Laptop prior to installation of a new SW version OGS – Mating QD connectors Evening Work Prep RELAKSATSIYA. Closeout Ops Preparation of reports for Roscosmos site ECON-M. Observations and Photography IMS Delta File Prep KULONOVSKIY KRISTALL. Copy and Transfer Data to Hard Drive   Completed Task List Items Safety Video Followup [In Work] 61P Unpack [In Work]   Ground Activities All activities were completed unless otherwise noted. JEMRMS Operations in support of CubeSat deploys System Safing in preparation for RPCM N31B4A F1 Change Out Robotics Refueling Mission Science Operations [In Work]   Three-Day Look Ahead: Wednesday, 10/07:  NRCSD #6 Deploys, RRM Ops, EMU Loop Scrubs, EMU resizing Thursday, 10/08:  SPHERES, Node 1 Nadir Power Connections Part 1, MELFI-2 RIU replacement Friday, 10/09:  SPHERES, Node 1 Nadir Power Connections Part 2   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Standby Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Shutdown Oxygen Generation Assembly (OGA) Stop Urine Processing Assembly (UPA) Shutdown Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Off    

from ISS On-Orbit Status Report http://ift.tt/1LhKgB8
via IFTTT

Albania fans arrested with weapons before Serbia match

TIRANA, Albania (AP) Police in Albania say they have arrested a man who claimed to have flown a drone carrying a nationalist banner over a stadium in Serbia last year during a European qualifier, in an incident that prompted fan violence and a diplomatic spat between the two countries.

from FOX Sports Digital http://ift.tt/1QYSEW0
via IFTTT

This Secure Operating System Can Protect You Even if You Get Hacked

Hackers, Government Agencies and sophisticated malware, are collecting every piece of Digital data that we transmit through our Computers, Smartphones or Internet-enabled Gadgets. No matter how secure you think you might be, something malicious can always happen. Because, "With the right tools and Talent, a Computer is an open book." Many people ask, How to stay safe and secure online?


from The Hacker News http://ift.tt/1KZtdCs
via IFTTT

How A Drone Can Infiltrate Your Network by Hovering Outside the Building

Imagine you are sitting in your office and working on something confidential. Once you are done, you send a command to print that document. But, What if...  ...the whole confidential document send to a hacker attacking from the air? Sounds pity but may be your Boss fires you immediately if that confidential data is leaked or misused. This is no more an imagination now, as a group of


from The Hacker News http://ift.tt/1VEsjhv
via IFTTT

FIFA presidential contender Chung calls Blatter 'hypocrite'

LONDON (AP) FIFA presidential contender Chung Mong-joon says Sepp Blatter is a ''hypocrite and a liar,'' and says he is planning to sue the outgoing president.

from FOX Sports Digital http://ift.tt/1MYVj1h
via IFTTT

Former France goalkeeper Dominique Dropsy dies aged 63

PARIS (AP) Former France goalkeeper Dominique Dropsy has died. He was 63.

from FOX Sports Digital http://ift.tt/1QYD3pv
via IFTTT

Phishing for Anonymous Alligators

Shared Google Docs are being used in phishing campaigns to lure visitors to fake login pages that steal credentials, with anonymous users viewing ...

from Google Alert - anonymous http://ift.tt/1JRLRrY
via IFTTT

Cisco Takes Down Ransomware Operation Generating $30 Million in Revenue For Hackers

This will blow the minds of every single cyber criminal group out there – Researchers have discovered a group of hackers that is making an estimated $30 Million a year from their online criminal operation. Yes, $30 MILLLLLLION annually. Researchers from cyber security firm Cisco announced that they discovered a large ransomware campaign connected to the Angler Exploit Kit, one of the


from The Hacker News http://ift.tt/1OkQjXV
via IFTTT

Americans use 2nd-half surge to beat Panama 4-0

COMMERCE CITY, Colo. (AP) Sluggish in the first half, the Americans needed some kind of catalyst.

from FOX Sports Digital http://ift.tt/1MdLfPc
via IFTTT

Americans use 2nd-half surge to beat Panama 4-0

COMMERCE CITY, Colo. (AP) Substitute Jerome Kiesewetter sparked the offense with a goal and an assist in the second half, and the United States beat Panama 4-0 in CONCACAF Olympic qualifying on a rainy Tuesday night.

from FOX Sports Digital http://ift.tt/1OkvcoI
via IFTTT

Tuesday, October 6, 2015

I have a new follower on Twitter


Thomas Poulsen
Renowned consultant for complex strategy issues. MBA graduate - now PhD fellow; Big hip-hop/rap/RnB fan; renewable energy, wind, logistics, shipping, M&A expert
Copenhagen
http://t.co/NPqCIH2nih
Following: 9447 - Followers: 9682

October 06, 2015 at 11:30PM via Twitter http://twitter.com/ThomasPoulsen

Mora helps Cuba tie Canada, 2-2

COMMERCE CITY, Colo. (AP) Arichel Hernandez Mora scored twice, including in the 87th minute, and Cuba tied Canada 2-2 on Tuesday night in Group A Pool Play of the CONCACAF Olympic qualifying tournament.

from FOX Sports Digital http://ift.tt/1Z9iMU2
via IFTTT

Within-Brain Classification for Brain Tumor Segmentation. (arXiv:1510.01344v1 [cs.CV])

Purpose: In this paper, we investigate a framework for interactive brain tumor segmentation which, at its core, treats the problem of interactive brain tumor segmentation as a machine learning problem.

Methods: This method has an advantage over typical machine learning methods for this task where generalization is made across brains. The problem with these methods is that they need to deal with intensity bias correction and other MRI-specific noise. In this paper, we avoid these issues by approaching the problem as one of within brain generalization. Specifically, we propose a semi-automatic method that segments a brain tumor by training and generalizing within that brain only, based on some minimum user interaction.

Conclusion: We investigate how adding spatial feature coordinates (i.e. $i$, $j$, $k$) to the intensity features can significantly improve the performance of different classification methods such as SVM, kNN and random forests. This would only be possible within an interactive framework. We also investigate the use of a more appropriate kernel and the adaptation of hyper-parameters specifically for each brain.

Results: As a result of these experiments, we obtain an interactive method whose results reported on the MICCAI-BRATS 2013 dataset are the second most accurate compared to published methods, while using significantly less memory and processing power than most state-of-the-art methods.



from cs.AI updates on arXiv.org http://ift.tt/1KYPobS
via IFTTT

Local Rademacher Complexity Bounds based on Covering Numbers. (arXiv:1510.01463v1 [cs.AI])

This paper provides a general result on controlling local Rademacher complexities, which captures in an elegant form to relate the complexities with constraint on the expected norm to the corresponding ones with constraint on the empirical norm. This result is convenient to apply in real applications and could yield refined local Rademacher complexity bounds for function classes satisfying general entropy conditions. We demonstrate the power of our complexity bounds by applying them to derive effective generalization error bounds.



from cs.AI updates on arXiv.org http://ift.tt/1Z99VC2
via IFTTT

Disjunctive Answer Set Solvers via Templates. (arXiv:1510.01599v1 [cs.AI])

Answer set programming is a declarative programming paradigm oriented towards difficult combinatorial search problems. A fundamental task in answer set programming is to compute stable models, i.e., solutions of logic programs. Answer set solvers are the programs that perform this task. The problem of deciding whether a disjunctive program has a stable model is $\Sigma^P_2$-complete. The high complexity of reasoning within disjunctive logic programming is responsible for few solvers capable of dealing with such programs, namely DLV, GnT, Cmodels, CLASP and WASP. In this paper we show that transition systems introduced by Nieuwenhuis, Oliveras, and Tinelli to model and analyze satisfiability solvers can be adapted for disjunctive answer set solvers. Transition systems give a unifying perspective and bring clarity in the description and comparison of solvers. They can be effectively used for analyzing, comparing and proving correctness of search algorithms as well as inspiring new ideas in the design of disjunctive answer set solvers. In this light, we introduce a general template, which accounts for major techniques implemented in disjunctive solvers. We then illustrate how this general template captures solvers DLV, GnT and Cmodels. We also show how this framework provides a convenient tool for designing new solving algorithms by means of combinations of techniques employed in different solvers.



from cs.AI updates on arXiv.org http://ift.tt/1Z99Tdj
via IFTTT