SYDNEY (AP) Albania striker Besart Berisha scored in the last minute of regular time to give Melbourne Victory a 3-2 over Melbourne City in the second round of Australian football's A-League.
from FOX Sports Digital http://ift.tt/1OM6bS2
via IFTTT
Saturday, October 17, 2015
Neymar scores 4 times in Spain; Bayern remains perfect
MADRID (AP) Neymar helped Barcelona fans forget the absence of the injured Lionel Messi on Saturday by scoring four goals in the Spanish league, while Cristiano Ronaldo settled for one as Real Madrid went provisionally top of the standings.
from FOX Sports Digital http://ift.tt/1ju9pON
via IFTTT
from FOX Sports Digital http://ift.tt/1ju9pON
via IFTTT
Olympiakos trounces AEK 4-0, keeps perfect league record
ATHENS, Greece (AP) Three days before traveling to Dinamo Zagreb for a Champions League game, Olympiakos had no trouble beating visiting third-place AEK 4-0 in the Greek league Saturday despite resting some of its starters.
from FOX Sports Digital http://ift.tt/1VYddUh
via IFTTT
from FOX Sports Digital http://ift.tt/1VYddUh
via IFTTT
Fabian Johnson plays full game for 'Gladbach, hits post
MOENCHENGLADBACH, Germany (AP) After taking criticism from United States coach Jurgen Klinsmann, Fabian Johnson helped Borussia Moenchengladbach to a 5-1 win at Eintracht Frankfurt in the Bundesliga on Saturday.
from FOX Sports Digital http://ift.tt/1VY9B4o
via IFTTT
from FOX Sports Digital http://ift.tt/1VY9B4o
via IFTTT
Sanchez, Giroud and Ramsey guide Arsenal to win at Watford
LONDON (AP) Second-half goals from Alexis Sanchez, Olivier Giroud and Aaron Ramsey guided Arsenal to a 3-0 win at Watford on Saturday that kept the team in second place in the Premier League.
from FOX Sports Digital http://ift.tt/1OLxmwi
via IFTTT
from FOX Sports Digital http://ift.tt/1OLxmwi
via IFTTT
De Rossi scores in 500th game to help Roma beat Empoli 3-1
MILAN (AP) Daniele De Rossi marked his 500th game for Roma with a goal as he helped the capital side beat Empoli 3-1 in Serie A on Saturday.
from FOX Sports Digital http://ift.tt/1PpcDQp
via IFTTT
from FOX Sports Digital http://ift.tt/1PpcDQp
via IFTTT
Germany bid: From 'spirit of fair play' to FIFA bribes probe
BERN, Switzerland (AP) The verdict from FIFA on Germany's bid to host the 2006 World Cup was emphatic and gushing with praise. Germany, FIFA's bid inspectors concluded, ''demonstrated a true spirit of fair play.'' By contrast, rival bidder England's ''behavior was not always in compliance with the FIFA recommendations.''
from FOX Sports Digital http://ift.tt/1jLsGe9
via IFTTT
from FOX Sports Digital http://ift.tt/1jLsGe9
via IFTTT
Ibrahimovic scores 2 as league leader PSG wins 2-0 at Bastia
PARIS (AP) Zlatan Ibrahimovic scored twice as Paris Saint-Germain won 2-0 at Bastia in the French leauge on Saturday to keep its confidence high ahead of its Champions League meeting with Real Madrid.
from FOX Sports Digital http://ift.tt/1Lsbe5F
via IFTTT
from FOX Sports Digital http://ift.tt/1Lsbe5F
via IFTTT
Vardy scores 2 as Leicester rescues 2-2 draw at Southampton
SOUTHAMPTON, England (AP) Jamie Vardy scored twice to help Leicester recover from two goals down to draw 2-2 at Southampton on Saturday in the Premier League.
from FOX Sports Digital http://ift.tt/1VZWZiL
via IFTTT
from FOX Sports Digital http://ift.tt/1VZWZiL
via IFTTT
West Ham scores 2 late goals in 3-1 win vs Palace
LONDON (AP) Manuel Lanzini and Dimitri Payet scored two late goals for West Ham to snatch a 3-1 victory at 10-man Crystal Palace in the Premier League on Saturday.
from FOX Sports Digital http://ift.tt/1Xbhrua
via IFTTT
from FOX Sports Digital http://ift.tt/1Xbhrua
via IFTTT
Chelsea, Manchester United back to form in Premier League
LONDON (AP) Chelsea and Manchester United returned to winning ways in the Premier League on Saturday with victories against Aston Villa and Everton respectively.
from FOX Sports Digital http://ift.tt/1LrZArh
via IFTTT
from FOX Sports Digital http://ift.tt/1LrZArh
via IFTTT
Man City beats Bournemouth 5-1 in Premier League
MANCHESTER, England (AP) Raheem Sterling scored a first-half hat trick and Wilfried Bony netted twice as Manchester City beat Bournemouth 5-1 Saturday to maintain its grip on first place in the Premier League.
from FOX Sports Digital http://ift.tt/1LA5GJE
via IFTTT
from FOX Sports Digital http://ift.tt/1LA5GJE
via IFTTT
Ronaldo puts Real Madrid atop Spanish league standings
MADRID (AP) Cristiano Ronaldo set up a goal and scored another in a three-minute span on Saturday to help Real Madrid defeat Levante 3-0 and take the provisional lead in the Spanish league.
from FOX Sports Digital http://ift.tt/1NhsxsV
via IFTTT
from FOX Sports Digital http://ift.tt/1NhsxsV
via IFTTT
Bayern Munich claims 9th Bundesliga win for best ever start
BERLIN (AP) Thomas Mueller's first-half strike was enough for Bayern Munich to win 1-0 at Werder Bremen on Saturday and become the first side to start the Bundesliga with nine victories.
from FOX Sports Digital http://ift.tt/1ZLF0vN
via IFTTT
from FOX Sports Digital http://ift.tt/1ZLF0vN
via IFTTT
I have a new follower on Twitter
Alex Hibbert
29. Leads polar journeys, especially long, cold & dark ones. Supported by @BridgedaleSocks. Speaker, anti-theist, meritocrat, writer & photographer.
London, UK
http://t.co/llwFVDyhhC
Following: 2353 - Followers: 67319
October 17, 2015 at 11:20AM via Twitter http://twitter.com/alexhibbert
Klopp's 1st Liverpool game ends 0-0 vs Tottenham
LONDON (AP) Juergen Klopp's first game since taking over as Liverpool manager ended in a 0-0 draw with Tottenham in the Premier League on Saturday.
from FOX Sports Digital http://ift.tt/1VZrk0K
via IFTTT
from FOX Sports Digital http://ift.tt/1VZrk0K
via IFTTT
Anonymous John
Anonymous John (IRE) 18 days. Breeding: Baltic King (UK) - Helibel (IRE) (Pivotal (UK)) 3-y-o grey gelding. Current trainer: P D Evans Current owner: ...
from Google Alert - anonymous http://ift.tt/1Lg12PN
via IFTTT
from Google Alert - anonymous http://ift.tt/1Lg12PN
via IFTTT
Former Everton manager Howard Kendall dies at age 69
LIVERPOOL, England (AP) Howard Kendall, who led Everton to two league championships and a European title in the mid-1980s in the first of three coaching spells with the English club, has died. He was 69.
from FOX Sports Digital http://ift.tt/1Lr9mtY
via IFTTT
from FOX Sports Digital http://ift.tt/1Lr9mtY
via IFTTT
Emergency Patch released for Latest Flash Zero-Day Vulnerability
Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player. The vulnerability was exploited in the wild by a well-known group of Russian hackers, named "Pawn Storm," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the
from The Hacker News http://ift.tt/1RNTZQH
via IFTTT
from The Hacker News http://ift.tt/1RNTZQH
via IFTTT
[FD] ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 1945215 Author: Alexander Polyakov (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP NetWeaver J2EE DAS service – Unauthorized Access Advisory ID: [ERPSCAN-15-017] Risk: High Advisory URL: http://ift.tt/1LUhGI1 Date published: 13.10.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Unauthorized Access [CWE-284] Impact: Unauthorized access to some functions Remotely Exploitable: Yes Locally Exploitable: No CVSS Information CVSS Base Score: 3.5 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) Single (S) C : Impact to Confidentiality Partial (P) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An authenticated user can use the functions of XML Data Archiving Service access to which should be restricted. This may result in privilege escalation. 4. VULNERABLE PACKAGES SAP NetWeaver AS JAVA Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 1945215. 6. AUTHOR Alexander Polyakov (ERPScan) 7. TECHNICAL DESCRIPTION It is possible to call some of the DAS files without authorization because they do not check if a user is authorized to access some of the JSPs. Most JSPs have authorization checks: String authorization = (String) session.getAttribute("AuthRequHead"); if (authorization == null) authorization = ""; But in 3 JSPs those checks are not included: http://SAP_IP/DataArchivingService/webcontent/cas/cas_enter.jsp http://SAP_IP/DataArchivingService/webcontent/cas/cas_validate.jsp http://SAP_IP/DataArchivingService/webcontent/aas/aas_store.jsp It means that an anonymous user can call those JSPs. The most critical one is cas_enter.jsp. We can create any archiving directory and also: 1) Check if there is any file or directory on the server by analyzing the response while creating an archive store 2) Perform an SMBRelay attack by putting something like \\remotehost\aa into the Windows root variable 3) Potentially make HTTP calls and other calls while using WebDav 8. REPORT TIMELINE Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 13.10.2015 9. REFERENCES http://ift.tt/1LUhGI1 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for exposing 400+ vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and were nominated for best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB as well as private trainings for SAP in several Fortune 2000 companies. ERPScan researchers lead project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and specialized info-sec publications worldwide: Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct research in SAP security. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, and Retail organizations to secure their mission-critical processes. Named an Emerging Vendor in Security by CRN, listed among TOP 100 SAP Solution Providers and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both cyber-attacks and internal fraud. Usually our clients are large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in Palo Alto and Amsterdam, to provide threat intelligence services and agile support, operate local offices and partner network spanning 20+ countries around the globe. USA address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Kashima beats Reysol to keep pace with Hiroshima in J-League
KASHIMA, Japan (AP) Mu Kanezaki and Yuma Suzuki scored second-half goals as Kashima Antlers beat Kashiwa Reysol 3-2 Saturday to keep pace with Sanfrecce Hiroshima in the J-League's second-stage standings.
from FOX Sports Digital http://ift.tt/1VXucWy
via IFTTT
from FOX Sports Digital http://ift.tt/1VXucWy
via IFTTT
ISIS Hacker who Passed U.S. Military Data to Terrorists Arrested in Malaysia
Malaysian authorities have arrested a Kosovo citizen in Kuala Lumpur on Computer hacking charges and allegedly providing personal data about United States military members to the Islamic State Terrorists group (also known as ISIS or ISIL). According to the US Department of Justice (DOJ) and the FBI, Kosovo citizen Ardit Ferizi allegedly hacked into the US web hosting company's servers and
from The Hacker News http://ift.tt/1KfqyAC
via IFTTT
from The Hacker News http://ift.tt/1KfqyAC
via IFTTT
Court stops Botswana deporting Eritrean soccer players
GABORONE, Botswana (AP) A court has stopped the Botswana government deporting 10 players from Eritrea's national football team who have refused to go home following a World Cup qualifier and are claiming asylum.
from FOX Sports Digital http://ift.tt/1LTNyGF
via IFTTT
from FOX Sports Digital http://ift.tt/1LTNyGF
via IFTTT
Night Hides the World
Stars come out as evening twilight fades in this serene skyscape following the Persian proverb "Night hides the world, but reveals a universe." The scene finds the Sun setting over northern Kenya and the night will soon hide the shores of Lake Turkana, home to many Nile crocodiles. The region is also known for its abundance of hominid fossils. On that past November night, a brilliant Venus, then the world's evening star, dominates the starry skies above. But also revealed are faint stars, cosmic dust clouds, and glowing nebulae along the graceful arc of our own Milky Way galaxy. via NASA http://ift.tt/1RMjRfG
Friday, October 16, 2015
Sara Andreasson to illustrate next issue of The Anonymous Sex Journal
News has reached us that Sara Andreasson will be illustrating the next issue of _The Anonymous Sex Journal_. The publication's editor Alex ...
from Google Alert - anonymous http://ift.tt/1MJaw8x
via IFTTT
from Google Alert - anonymous http://ift.tt/1MJaw8x
via IFTTT
CONMEBOL head backs Platini as FIFA leader despite scandal
SANTIAGO, Chile (AP) The president of South American soccer's governing body said Friday he supports Michel Platini to succeed Sepp Blatter as FIFA president despite an ongoing investigation involving two of the most powerful men in world soccer.
from FOX Sports Digital http://ift.tt/1QBD3fd
via IFTTT
from FOX Sports Digital http://ift.tt/1QBD3fd
via IFTTT
Import content as anonymous user if user does not exist
If the user does not exist, maybe import the content as anonymous user instead of not importing it.
from Google Alert - anonymous http://ift.tt/1LprjsQ
via IFTTT
from Google Alert - anonymous http://ift.tt/1LprjsQ
via IFTTT
Mkhitaryan helps Dortmund to 2-0 win at Mainz in Bundesliga
BERLIN (AP) Henrikh Mkhitaryan scored and helped set up another goal as Borussia Dortmund beat Mainz 2-0 Friday to consolidate its second place in the Bundesliga.
from FOX Sports Digital http://ift.tt/1VWQaZX
via IFTTT
from FOX Sports Digital http://ift.tt/1VWQaZX
via IFTTT
Rafael helps Lyon to 1-1 draw with Monaco in French league
MONACO (AP) Rafael scored a late equalizer to give Lyon a 1-1 draw against 10-man Monaco on Friday in the French league.
from FOX Sports Digital http://ift.tt/1VWU6Kj
via IFTTT
from FOX Sports Digital http://ift.tt/1VWU6Kj
via IFTTT
Ex-Trinidad & Tobago captain submits poll candidacy to FIFA
BERNE, Switzerland (AP) David Nakhid's campaign team says the former Trinidad and Tobago captain has submitted his candidacy to FIFA to stand in February's emergency presidential election.
from FOX Sports Digital http://ift.tt/1OJufoG
via IFTTT
from FOX Sports Digital http://ift.tt/1OJufoG
via IFTTT
Ravens: Pro Bowl G Marshal Yanda signs 4-year extension - reports; 9th season in Baltimore, started 109 career games (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
How NSA successfully Broke Trillions of Encrypted Connections
Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently
from The Hacker News http://ift.tt/1VXdjRk
via IFTTT
from The Hacker News http://ift.tt/1VXdjRk
via IFTTT
Strachan stays in charge of Scotland
LONDON (AP) Scotland manager Gordon Strachan has signed a two-year contract extension, even though his team failed to qualify for the 2016 European Championship.
from FOX Sports Digital http://ift.tt/1LepMYE
via IFTTT
from FOX Sports Digital http://ift.tt/1LepMYE
via IFTTT
FIFA suspends Kuwaiti association in dispute over sports law
ZURICH (AP) FIFA suspended Kuwait's football association over government interference with immediate effect on Friday.
from FOX Sports Digital http://ift.tt/1NMBCwJ
via IFTTT
from FOX Sports Digital http://ift.tt/1NMBCwJ
via IFTTT
FIFA will investigate 'serious allegations' that Germany secured 2006 World Cup with bribes
ZURICH (AP) FIFA will investigate `serious allegations' that Germany secured 2006 World Cup with bribes.
from FOX Sports Digital http://ift.tt/1karQrR
via IFTTT
from FOX Sports Digital http://ift.tt/1karQrR
via IFTTT
Di Maria left out of PSG squad for Bastia game
PARIS (AP) Paris Saint-Germain winger Angel Di Maria has been left out of the squad for Saturday's French league game at Bastia.
from FOX Sports Digital http://ift.tt/1LSlutl
via IFTTT
from FOX Sports Digital http://ift.tt/1LSlutl
via IFTTT
NEWS RELEASE!
News Release!
The Wait is OVER! Bob Ross Now on iTunes!
Go To:
http://bit.ly/iTunesBobRoss
from The 'hotspot' for all things Bob Ross. http://ift.tt/1OyULT2
via IFTTT
UEFA punishes Lokomotiv Moscow over racism
MOSCOW (AP) UEFA has punished Russian club Lokomotiv Moscow with a partial stadium closure after finding the club guilty of racist behavior by fans.
from FOX Sports Digital http://ift.tt/1LSghBX
via IFTTT
from FOX Sports Digital http://ift.tt/1LSghBX
via IFTTT
Bilbao striker Aduriz extends contract until 2017
BILBAO, Spain (AP) Athletic Bilbao says striker Aritz Aduriz has agreed to extend his contract until the end of the 2016-17 season.
from FOX Sports Digital http://ift.tt/1VWmbkT
via IFTTT
from FOX Sports Digital http://ift.tt/1VWmbkT
via IFTTT
Blatter: Payment to Platini based on 'gentleman's agreement'
ZURICH (AP) Sepp Blatter says the payment to Michel Platini that led to them being suspended by FIFA was based on a ''gentleman's agreement.''
from FOX Sports Digital http://ift.tt/1MtLDZW
via IFTTT
from FOX Sports Digital http://ift.tt/1MtLDZW
via IFTTT
Report: Germany paid FIFA members bribes for 2006 World Cup
BERLIN (AP) Der Spiegel is reporting that Germany's bid to host the World Cup in 2006 was aided by bribes paid to FIFA executive committee members.
from FOX Sports Digital http://ift.tt/1GhIXSh
via IFTTT
from FOX Sports Digital http://ift.tt/1GhIXSh
via IFTTT
ISS Daily Summary Report – 10/15/15
Plant Gravity Sensing 2 (PGS2) Run 1: Following up on Lindgren’s treatment yesterday of the growing plants with a chemical reagent that induces a bioluminescence response, today Yui removed the reagent with an absorbent and placed them in a Photon Counting Unit (PCU). Photon measurements will be taken over the next 24 hours. Lindgren noted yesterday that one of the four culture dishes was contaminated and, after coordination with ground experts, he discarded that dish. Plant calcium concentrations have been shown to change in response to the direction of gravity: the treated plants will emit photons when the culture dishes they are growing in are rotated so that they are “upside down.” The PGS2 investigation supports the study of cellular formation of the plant’s gravity sensors and the molecular mechanism for gravity sensing in plants grown in microgravity conditions. MAGVECTOR: Today Lindgren completed the sixth run of the European Space Agency’s (ESA’s) MAGVECTOR experiment begun last Friday, October 9th, by transferring data from a jump drive to a Station Support Computer (SSC). MAGVECTOR qualitatively investigates the interaction between a moving magnetic field and an electrical conductor. The expected changes in the magnetic field structure on the ram and wake side of the electrical conductor are of interest for technical applications as well as for astrophysical research. SOLAR: Measurements continue to be taken for European Space Agency’s (ESA’s) SOLAR investigation during the current sun visibility window which is open from October 9th to October 19th. The goal of the SOLAR instruments is to measure solar spectral irradiance and variability. Journals: Kelly made Journals entries today. The Journals investigation obtains information on behavioral and human issues that are relevant to the design of equipment and procedures used during astronauts during extended-duration missions. Study results provide information used in preparation for future missions to low-Earth orbit and beyond. Space Headaches: Yui answered his weekly Space Headaches questionnaire today. Headaches can be a common complaint during spaceflight. The Space Headaches experiment will provide information that may help in the development of methods to alleviate associated symptoms and improvement in the well-being and performance of crew members in space. Extravehicular Activity (EVA) Preparation: Lindgren and Kelly obtained body measurements on each other as part of Extravehicular Mobility Unit (EMU) On-Orbit Fit Verification (OFV). The measurements will be used to confirm the correct sizing of the EMU suits prior to going EVA on October 28th. In addition, they installed Rechargeable EVA Battery Assemblies (REBA) on EMU suits 3003 and 3010. Once installed, they performed a checkout to verify the EMU Glove heaters were functional and helmet cameras were receiving power. Lastly, Lindgren replaced the gas trap on EMU 3010. Ocular Health: Yui and Lindgren executed their Medical Operations Flight Day 90 (FD90) Ocular Health activities with Kelly’s assistance. Both performed Optical Coherence Tomography (OCT) and fundoscope measurements with Kelly as operator. Today’s Planned Activities All activities were completed unless otherwise noted. HMS – OCT Hardware Setup Terminate EMU LIB Battery Charge Operations SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) Installation of СУБА Hardware (as part of КЛ-121/122Ц monoblock installation) Private Psychological Conference Start EMU Battery Charge WRS Water Sample Analysis Water Recovery System (WRS). WPA Waste Water Tank Offload into CWC (start) PILOT-T. Experiment Ops PGS2 – Equipment Gathering EHS MCD – In-flight Microbiology Water analysis and data recording Water Recovery System (WRS). Terminate WPA Waste Water Tank Offload into CWC СОЖ Maintenance OCT Eye Examination, Operator OCT Eye Examination, Subject Ultrasound 2 HRF – Rack 1 Power Up Ultrasound – Scan Prep OCT Eye Examination, Operator OCT Eye Examination, Subject SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup Eye Examination (Operator) Study of cardiovascular system under graded physical load on VELO (Operator) Study of Cardiovascular System Under Graded Physical Load on VELO Eye Examination (Subject) / See OPTIMIS Viewer for Procedure Ultrasound 2 – Scan by CMO Ultrasound 2 – Scan (Subject) / See OPTIMIS Viewer for Procedure OCT Hardware Stowage TOCA Data Recording XF305– Camcorder Setup Plant Gravity Sensing (PGS2). Absorbing chemical solution Ultrasound 2 – Closeout Ops Ultrasound Data Export Acoustic Dosimeter Ops КЦП1 and Laptop RS1 Software Update Ultrasound 2 – Deactivation and Stowage Photography of ISS RS window 06, 07, 08, 09, 26 glass R/G review, search and gathering of required equipment prior to replacement of ПВ-12Р plug MAGVEC – Data Export Replacement of fuses in ПВ-12Р plug Journal Entry HMS – Food Frequency Questionnaire Water sample collection from SVO-ZV (EDV 1198) SHD – Weekly Questionnaire EMU On-Orbit Fit Check Node 1 Nadir – Connecting Power Cables Part 3 EMU On-Orbit Fit Check Replacement of damaged plug ПВ-12(#10Ю=А811) on БСКУ5-12 (#10ЮА781) with ПВ-12Р plug taken from onboard spares Installation of REBA batteries REBA powered equipment test CALCIUM. Experiment Session 9 MOTOCARD. Experiment Ops MOTOCARD. Operator Assistance with the Experiment EMU Gas Trap Remove and Replace EXPANDER Exercise ARED Exercise Video Equipment Stowage Fundoscope Hardware Setup Fundoscope – Eye Exam (Operator) Fundoscope Hardware Setup Fundoscope – Eye Examination Fundoscope Power Down and Stowage Preparation of reports for Roscosmos site ECON-M. Observations and Photography IMS Delta File Prep Completed Task List Items P/TV N1 Video Cable R&R 61P USOS cargo unpack [In work] Ground Activities All activities were completed unless otherwise noted. HCZ MDM Swap and EEPROM refresh Three-Day Look Ahead: Friday, 10/16: Fundoscope, Ocular Health, X2R14, IMAX, JEMAL Shielding, EVA LLB Battery Charge Saturday, 10/17: Weekly Cleaning, Crew Off Duty Sunday, 10/18: Crew Off Duty QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control […]
from ISS On-Orbit Status Report http://ift.tt/1LS0mgF
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1LS0mgF
via IFTTT
Former Russia player Filippenkov dies during friendly game
MOSCOW (AP) A former Russia international has died after collapsing on the field during a friendly game for ex-professional soccer players.
from FOX Sports Digital http://ift.tt/1VW4n9A
via IFTTT
from FOX Sports Digital http://ift.tt/1VW4n9A
via IFTTT
Suspended Platini loses England's support in FIFA campaign
LAUSANNE, Switzerland (AP) Michel Platini lost England's support for his FIFA presidential bid on Friday, signaling the first crack in the European unity behind the Frenchman that UEFA had sought to portray.
from FOX Sports Digital http://ift.tt/1ReDuw0
via IFTTT
from FOX Sports Digital http://ift.tt/1ReDuw0
via IFTTT
FIFA analyzing claim of irregularities in Neymar's transfer
MADRID (AP) FIFA says it is analyzing a Brazilian club's claim of irregularities involving Neymar's transfer to Barcelona two years ago.
from FOX Sports Digital http://ift.tt/1QzPmc5
via IFTTT
from FOX Sports Digital http://ift.tt/1QzPmc5
via IFTTT
Barcelona, Madrid start Copa del Rey against 3rd-tier teams
MADRID (AP) Defending champion Barcelona and Real Madrid will start their Copa del Rey campaigns against third-tier clubs.
from FOX Sports Digital http://ift.tt/1MH9U3a
via IFTTT
from FOX Sports Digital http://ift.tt/1MH9U3a
via IFTTT
German football association investigating payment to FIFA
BERLIN (AP) The German football federation says it is investigating whether a multi-million-euro payment it made to FIFA in 2005 was misused.
from FOX Sports Digital http://ift.tt/1OHN2AK
via IFTTT
from FOX Sports Digital http://ift.tt/1OHN2AK
via IFTTT
Windows 10 Upgrade Become More Creepy, No Option to Opt-Out
If you are running Windows 7 or Windows 8.1 and have no plans to switch to Windows 10, then Microsoft could force you to install Windows 10, making it harder for you to cancel or opt-out of upgrading. Reports are circulating that some Windows 7 and Windows 8.1 users are claiming that the latest Windows 10 OS has begun to automatically install itself on their PCs. According to
from The Hacker News http://ift.tt/1Lx6yPi
via IFTTT
from The Hacker News http://ift.tt/1Lx6yPi
via IFTTT
I have a new follower on Twitter
FreeDyn
DNS updater for iPhone, iPad and Macbook
http://t.co/RWGpMSd1zU
Following: 442 - Followers: 259
October 16, 2015 at 05:48AM via Twitter http://twitter.com/FreeDynApp
10 Eritrea soccer players seek asylum in Botswana after game
GABORONE, Botswana (AP) A group of 10 players from Eritrea's national soccer team have refused to go home and are seeking asylum in Botswana following a World Cup qualifier.
from FOX Sports Digital http://ift.tt/1OHukJs
via IFTTT
from FOX Sports Digital http://ift.tt/1OHukJs
via IFTTT
I have a new follower on Twitter
XtremePush
Mobile marketing automation made simple. We provide actionable app analytics, layered with location tech to create a highly contextualized mobile experience
Born in Dublin, Growing Global
http://t.co/LQEM6haJeq
Following: 2705 - Followers: 3373
October 16, 2015 at 03:16AM via Twitter http://twitter.com/XtremePush
M16 and the Eagle Nebula
A star cluster around 2 million years young surrounded by natal clouds of dust and glowing gas, M16 is also known as The Eagle Nebula. This beautifully detailed image of the region includes cosmic sculptures made famous in Hubble Space Telescope close-ups of the starforming complex. Described as elephant trunks or Pillars of Creation, dense, dusty columns rising near the center are light-years in length but are gravitationally contracting to form stars. Energetic radiation from the cluster stars erodes material near the tips, eventually exposing the embedded new stars. Extending from the ridge of bright emission left of center is another dusty starforming column known as the Fairy of Eagle Nebula. M16 and the Eagle Nebula lie about 7,000 light-years away, an easy target for binoculars or small telescopes in a nebula rich part of the sky toward the split constellation Serpens Cauda (the tail of the snake). via NASA http://ift.tt/1OEGdzJ
[FD] Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
Qualys Security Advisory LibreSSL (CVE-2015-5333 and CVE-2015-5334) ======================================================================== Contents ======================================================================== Summary Memory Leak (CVE-2015-5333) Buffer Overflow (CVE-2015-5334) Acknowledgments ======================================================================== Summary ======================================================================== In order to achieve remote code execution against the vulnerabilities that we recently discovered in OpenSMTPD (CVE-2015-7687), a memory leak is needed. Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based). The vulnerable function OBJ_obj2txt() is reachable through X509_NAME_oneline() and d2i_X509(), which is called automatically to decode the X.509 certificates exchanged during an SSL handshake (both client-side, unless an anonymous mode is used, and server-side, if client authentication is requested). These vulnerabilities affect all LibreSSL versions, including LibreSSL 2.0.0 (the first public release) and LibreSSL 2.3.0 (the latest release at the time of writing). OpenSSL is not affected. ======================================================================== Memory Leak (CVE-2015-5333) ======================================================================== OBJ_obj2txt() converts an ASN.1 object identifier (the ASN1_OBJECT a) into a null-terminated string of numerical subidentifiers separated by dots (at most buf_len bytes are written to buf). Large subidentifiers are temporarily stored in a BIGNUM (bl) and converted by BN_bn2dec() into a printable string of decimal characters (bndec). Many such bndec strings can be malloc()ated and memory-leaked in a loop, because only the last one will be free()d, after the end of the loop: 489 int 490 OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) 491 { ... 494 char *bndec = NULL; ... 516 len = a->length; ... 519 while (len > 0) { ... 570 bndec = BN_bn2dec(bl); 571 if (!bndec) 572 goto err; 573 i = snprintf(buf, buf_len, ".%s", bndec); ... 598 } ... 601 free(bndec); ... 609 } This memory leak allows remote attackers to cause a denial of service (memory exhaustion) or trigger the buffer overflow described below. ======================================================================== Buffer Overflow (CVE-2015-5334) ======================================================================== As a result of CVE-2014-3508, OBJ_obj2txt() was modified to "Ensure that, at every state, |buf| is NUL-terminated." However, in LibreSSL, the error-handling code at the end of the function may write this null-terminator out-of-bounds: 489 int 490 OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) 491 { ... 516 len = a->length; 517 p = a->data; 518 519 while (len > 0) { ... 522 for (;;) { 523 unsigned char c = *p++; 524 len--; 525 if ((len == 0) && (c & 0x80)) 526 goto err; ... 528 if (!BN_add_word(bl, c & 0x7f)) 529 goto err; ... 535 if (!bl && !(bl = BN_new())) 536 goto err; 537 if (!BN_set_word(bl, l)) 538 goto err; ... 542 if (!BN_lshift(bl, bl, 7)) 543 goto err; ... 546 } ... 553 if (!BN_sub_word(bl, 80)) 554 goto err; ... 561 if (buf_len > 1) { 562 *buf++ = i + '0'; 563 *buf = '\0'; 564 buf_len--; 565 } ... 569 if (use_bn) { 570 bndec = BN_bn2dec(bl); 571 if (!bndec) 572 goto err; 573 i = snprintf(buf, buf_len, ".%s", bndec); 574 if (i == -1) 575 goto err; 576 if (i >= buf_len) { 577 buf += buf_len; 578 buf_len = 0; 579 } else { 580 buf += i; 581 buf_len -= i; 582 } ... 584 } else { 585 i = snprintf(buf, buf_len, ".%lu", l); 586 if (i == -1) 587 goto err; 588 if (i >= buf_len) { 589 buf += buf_len; 590 buf_len = 0; 591 } else { 592 buf += i; 593 buf_len -= i; 594 } ... 597 } 598 } 599 600 out: ... 603 return ret; 604 605 err: 606 ret = 0; 607 buf[0] = '\0'; 608 goto out; 609 } First, in order to trigger this off-by-one buffer overflow, buf must be increased until it points to the first out-of-bounds character (i.e., until buf_len becomes zero): - on the one hand, this is impossible with the code blocks at lines 561-564, 579-581, and 591-593; - on the other hand, this is very easy with the code blocks at lines 576-578 and 588-590 (the destination buffer is usually quite small; for example, it is only 80 bytes long in X509_NAME_oneline()). Second, the code must branch to the err label: - the "goto err"s at lines 574-575 and 586-587 are unreachable, because snprintf() cannot possibly return -1 here; - the "goto err" at lines 525-526 is: . very easy to reach in LibreSSL <= 2.0.4; . impossible to reach in LibreSSL >= 2.0.5, because of the "MSB must be clear in the last octet" sanity check that was added to c2i_ASN1_OBJECT(): 286 /* 287 * Sanity check OID encoding: 288 * - need at least one content octet 289 * - MSB must be clear in the last octet 290 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 291 */ 292 if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || 293 p[len - 1] & 0x80) { 294 ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); 295 return (NULL); 296 } - the remaining "goto err"s are triggered by error conditions in various BIGNUM functions: . either because of a very large BIGNUM (approximately 64 megabytes, which is impossible in the context of an SSL handshake, where X.509 certificates are limited to 100 kilobytes); . or because of an out-of-memory condition (which can be reached through the memory leak described above). This off-by-one buffer overflow allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. However, when triggered through X509_NAME_oneline() (and therefore d2i_X509()), this buffer overflow is stack-based and probably not exploitable on OpenBSD x86, where it appears to always smash the stack canary. ======================================================================== Acknowledgments ======================================================================== We would like to thank the LibreSSL team for their great work and their incredibly quick response, and Red Hat Product Security for promptly assigning CVE-IDs to these issues.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
The Chesapeake Bay in 661 Million Pixels
This gallery was created for Earth Science Week 2015 and beyond. It includes a quick start guide for educators and first-hand stories (blogs) for learners of all ages by NASA visualizers, scientists and educators. We hope that your understanding and use of NASA's visualizations will only increase as your appreciation grows for the beauty of the science they portray, and the communicative power they hold. Read all the blogs and find educational resources for all ages at: http://ift.tt/1OKWxQV. Imagine you're flying 438 miles above the Earth taking pictures and collecting information of everything below. What do you see? Now imagine you've been doing this non-stop for over 40 years. Do you notice any change? A satellite series named Landsat has been doing exactly that. As a NASA scientist, I've been using Landsat-8 (the current satellite) data for a long time. Yet it's still amazing to create images of salt reflecting a brilliant white in a natural color scene, or seeing it turn a beautiful cyan using an infrared perspective. With the right tools I can discern patterns in the salt or make visible the phytoplankton dancing on the blue ocean. I've observed cities grow, forests recover from fire, islands form, and more. Our world is constantly changing. When sunlight hits the Earth's surface, it is absorbed, reflected, or scattered, resulting in different wavelengths of light leaving the Earth. Landsat-8 measures the visible and infrared wavelengths in 30-meter pixels and in order to "see" the image, we assign particular colors to different wavelengths. Recently, I was asked to create a Landsat mosaic of the entire Chesapeake Bay watershed. I've created Landsat mosaics using twelve Landsat scenes, but this mosaic would dwarf them all at well over forty! Creating even a small mosaic is difficult depending on the day or season the image was acquired, cloud cover, projections and satellite age (i.e., whether the data is from one of the newer or older Landsat satellite.) To minimizes these impacts, projects such as the Global Land Survey selects the best cloud-free images from Landsat satellites to generate a completely cloud-free scene every five years. So when asked how long this would take I responded, "a few months and I'll need a much better computer!" I began creating a composite of the Landsat scene, adjusting settings and matching colors to create the most natural and detailed image possible. I softened borders of the scene using the erase tool and began to see individual scenes flow into the next as boundaries disappeared. Due to the image size we tapped our friends over at the U.S. Geological Survey WELD project (Web-enabled Landsat Data) to help create a mosaic. But while the land images flowed seamlessly the water had many artifacts, discolorations and clouds that unnaturally ended at the edges of the water bodies. The last thing I wanted was the water to look unnatural — the Bay was the focus of the mosaic! And so began my arduous task of masking these imperfections (often zooming so far in that I had only a few pixels on my screen.) After this, I layered a true color USGS image of the Bay and Eastern Shore onto my mosaic and used another mask to crop out the water. Where they didn't align, I matched up the water layers as best I could with my WELD mosaic. I played around with color vibrancy and contrast using an Adobe product called "Lightroom" which boosted the greens, reds and contrast to reflect a color closer to leaves for the land. After a month of hard work, it was finally time to print and do a final check! This is the largest single image I've worked on to date, and while I always spot something I can improve, I couldn't be more proud. Knowing scientists and non-scientists will appreciate this image is one of the most rewarding aspects of my work. -- Mike Taylor, Outreach Scientist (SSAI/NASA Goddard Space Flight Center)
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OamWWy
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OamWWy
via IFTTT
How Did We Tile Greenland?
This gallery was created for Earth Science Week 2015 and beyond. It includes a quick start guide for educators and first-hand stories (blogs) for learners of all ages by NASA visualizers, scientists and educators. We hope that your understanding and use of NASA's visualizations will only increase as your appreciation grows for the beauty of the science they portray, and the communicative power they hold. Read all the blogs and find educational resources for all ages at: http://ift.tt/1OKWxQV. I am a visualizer at NASA's Scientific Visualization Studio. It is my job to combine a variety of data to generate scientific visualizations of changes affecting our planet. I regularly use Earth science datasets from a variety of sources. Some data is from NASA's Distributed Active Archive Centers (the public data centers that store NASA's satellite data.) Data also comes from NASA scientists or scientists at universities or other research institutions. But whether I'm visualizing sea ice in the Arctic and Antarctic, glacier retreat, or seasonal snow cover and fires, the steps needed to handle the data are for all of these are similar. Data comes in all sorts of shapes and sizes. For example, a dataset for the same geographic region may be in different geographic projections. Or the same data may have been collected and processed at different resolutions. I put these datasets together to show them in layers. I need to handle the data in such a way that they correctly overlay one on to another. For example, I would not want our topography data showing the terrain around a mountain lake to be shifted or misregistered from the image data showing the blue region covered by the water. That would obviously be wrong! We use software that follows the exact mathematical rules defined for each type of projection. We can then align the geographic features of multiple datasets, transforming all of the datasets so that they accurate match one another. I'm sure many of you are familiar with the difference in the quality of pictures taken by cell phone cameras. The higher number of megapixels* (MP) captured by the camera usually means that the camera takes higher quality pictures. The same is true with data collected by satellite. Satellites take their "pictures" from directly overhead looking down as they orbit the Earth. But can you take a picture of a friend standing on a mountain hundreds of kilometers away? Of course not! Satellites gather many different kinds of data as they circle our planet from hundreds of kilometers above the surface. But how much surface detail can they obtain from such a distance as this? Satellite instruments may not cover a small area (like your back yard) in as much detail as your camera phone, but they are vastly improving. For many satellite instruments, a pixel value represents every 6, 10 or 12 kilometers, but for higher-resolution data a pixel value could represent as little as 15, 20 or 30 meters across. When we examine an area as large as Greenland, that covers more than 2 million square kilometers, this amount of data is enormous! To map Greenland, we used the topography, ice mask, and ocean mask datasets from the Greenland Ice Mapping Project. Each one of these were broken into 36 tiles that were 16,620 by 30,000 pixels in resolution or 498.6 MP per tile. That turns out to be 17,949.6 MP per dataset or 17.9 gigapixels (GP.)** We used the ocean and ice datasets to color RadarSat data from the Canadian Space Agency. Each of these were broken down into 25 tiles each about 421.8 GP. Every year generates a whopping 10,545 MP or 10.5 GP. But we had 6 years plus a mosaic dataset, which came out to 73.8 GP! Combining this data tile by tile into a single visualization would take a very, very long time for one person (or even a team!) to correct, so we developed a method that automated this process. We created a computer program that automatically extracts the coordinate and projection information from the geotiff images. For each image tile, this routine then passes the correct parameters to a projection routine that accurately positions the related texture tile. Using this method, our team successfully created a high-resolution Greenland visualization and accurately mapped 87 GP of data. This visualization was created for SIGGRAPH 2015.For more information, see: http://ift.tt/1VVqGMq -- Cindy Starr, Scientific Visualizer at Global Science & Technology / NASA GSFC (SVS) * 1 megapixel (MP) = 1 million pixels ** 1 gigapixel (GP) = 1 billion pixels
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OH001s
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1OH001s
via IFTTT
Nebraska Water Usage
Water managers in 15 states across the U.S. currently use Metric technology to track agricultural water use. Metric measures evapotranspiration (ET)--the amount of water evaporating from the soil and transpiring from a plant's leaves. The thermal band data on Landsat satellites allows water specialists to measure ET. This process cools the plant down so irrigated farm fields appear cooler (bluer) in Landsat satellite images. The latest evolution of METRIC technology--an application called EEFLUX, will allow anyone in the world to produce field-scale maps of water consumption, including on mobile devices. Metric was developed in the early 2000s and to date EEFLUX has been introduced to the California Department of Water Resources, the California Water Control Board, and the World Bank.
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1VVqGMo
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1VVqGMo
via IFTTT
Thursday, October 15, 2015
I have a new follower on Twitter
Data WH Automation
Following: 1983 - Followers: 1894
October 15, 2015 at 11:37PM via Twitter http://twitter.com/DWAutomation
Narrative Science Systems: A Review. (arXiv:1510.04420v1 [cs.AI])
Automatic narration of events and entities is the need of the hour, especially when live reporting is critical and volume of information to be narrated is huge. This paper discusses the challenges in this context, along with the algorithms used to build such systems. From a systematic study, we can infer that most of the work done in this area is related to statistical data. It was also found that subjective evaluation or contribution of experts is also limited for narration context.
from cs.AI updates on arXiv.org http://ift.tt/1MsMn1q
via IFTTT
Layer-Specific Adaptive Learning Rates for Deep Networks. (arXiv:1510.04609v1 [cs.CV])
The increasing complexity of deep learning architectures is resulting in training time requiring weeks or even months. This slow training is due in part to vanishing gradients, in which the gradients used by back-propagation are extremely large for weights connecting deep layers (layers near the output layer), and extremely small for shallow layers (near the input layer); this results in slow learning in the shallow layers. Additionally, it has also been shown that in highly non-convex problems, such as deep neural networks, there is a proliferation of high-error low curvature saddle points, which slows down learning dramatically. In this paper, we attempt to overcome the two above problems by proposing an optimization method for training deep neural networks which uses learning rates which are both specific to each layer in the network and adaptive to the curvature of the function, increasing the learning rate at low curvature points. This enables us to speed up learning in the shallow layers of the network and quickly escape high-error low curvature saddle points. We test our method on standard image classification datasets such as MNIST, CIFAR10 and ImageNet, and demonstrate that our method increases accuracy as well as reduces the required training time over standard algorithms.
from cs.AI updates on arXiv.org http://ift.tt/1MsMkma
via IFTTT
Language Models for Image Captioning: The Quirks and What Works. (arXiv:1505.01809v3 [cs.CL] UPDATED)
Two recent approaches have achieved state-of-the-art results in image captioning. The first uses a pipelined process where a set of candidate words is generated by a convolutional neural network (CNN) trained on images, and then a maximum entropy (ME) language model is used to arrange these words into a coherent sentence. The second uses the penultimate activation layer of the CNN as input to a recurrent neural network (RNN) that then generates the caption sequence. In this paper, we compare the merits of these different language modeling approaches for the first time by using the same state-of-the-art CNN as input. We examine issues in the different approaches, including linguistic irregularities, caption repetition, and data set overlap. By combining key aspects of the ME and RNN methods, we achieve a new record performance over previously published results on the benchmark COCO dataset. However, the gains we see in BLEU do not translate to human judgments.
from cs.AI updates on arXiv.org http://ift.tt/1F8NVQj
via IFTTT
Distributed Deep Q-Learning. (arXiv:1508.04186v2 [cs.LG] UPDATED)
We propose a distributed deep learning model to successfully learn control policies directly from high-dimensional sensory input using reinforcement learning. The model is based on the deep Q-network, a convolutional neural network trained with a variant of Q-learning. Its input is raw pixels and its output is a value function estimating future rewards from taking an action given a system state. To distribute the deep Q-network training, we adapt the DistBelief software framework to the context of efficiently training reinforcement learning agents. As a result, the method is completely asynchronous and scales well with the number of machines. We demonstrate that the deep Q-network agent, receiving only the pixels and the game score as inputs, was able to achieve reasonable success on a simple game with minimal parameter tuning.
from cs.AI updates on arXiv.org http://ift.tt/1J24egL
via IFTTT
Mining Combined Causes in Large Data Sets. (arXiv:1508.07092v2 [cs.AI] UPDATED)
In recent years, many methods have been developed for detecting causal relationships in observational data. Some of them have the potential to tackle large data sets. However, these methods fail to discover a combined cause, i.e. a multi-factor cause consisting of two or more component variables which individually are not causes. A straightforward approach to uncovering a combined cause is to include both individual and combined variables in the causal discovery using existing methods, but this scheme is computationally infeasible due to the huge number of combined variables. In this paper, we propose a novel approach to address this practical causal discovery problem, i.e. mining combined causes in large data sets. The experiments with both synthetic and real world data sets show that the proposed method can obtain high-quality causal discoveries with a high computational efficiency.
from cs.AI updates on arXiv.org http://ift.tt/1ErRqBB
via IFTTT
[FD] APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CakePHP Xml class SSRF Vulnerability
============================================================================= Title : CakePHP Xml class SSRF Vulnerability CVE Number : N/A (not assigned) Affected Software : Confirmed on CakePHP v3.0.5 (prior versions may also be affected) Credit : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. http://www.mbsd.jp/ Issue Status : v3.0.6/2.6.6 was released which fixes this issue ============================================================================= Overview:
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] UISGCON11 CFP
Hello On behalf of UISGCON11 Organization Committee I would like to invite all persons who want to participate in our annual Ukrainian InfoSec conference, CFP is open for submission. UISGCON11 will be held on December, 4 in Kyiv, Ukraine, Hotel Bratislava . Website of the event - http://ift.tt/1Pw445k To submit the paper, please fill in the form at http://ift.tt/1QyCEdD or e-mail directly to talks@uisgcon.org. Annual conferences of Ukrainian Information Security Group gather in Kyiv the capital of Ukraine hundreds of Ukrainian and international experts in information security to discuss the most acute problems of the industry. As you know, one of the most relevant challenges of the present is the information war against Ukraine's aspirations for freedom and independence. This war is happening not only in social networks and on TV, but also in telecommunication networks and cyber-environment. These and many other topics will be discussed by recognized gurus and students, journalists and hackers, CTO/CISO and system administrators. Please take part in biggest information security conference in Ukraine and be a speaker of UISGCON. See you soon!
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] hackercon berlin: hack4 the year is 2015
Hi folks and gentlehackers, as this year is almost over, what could be nicer than spending some time in Berlin and listening to the packets? We are happy to announce the 2015 hack4 in Berlin. What are we looking for? Basically for practical technical talks and cool people. Topics we want to cover: * Malware Coding (elf / pe) * Distributed Networks * Sort of exploitation(stack/heap/win/*nix) * Database tricks(e.g. mysql/postgres/oracle pwnage) * Neat language intros (prefered python, c, assembly ;)) * Rootkits (userland, kernelland...bios) * Bughunting * Debugger/disassembler usage (gdb, ollydb, ida) * You name it! When? 28.12.2015 - 29.12.2015 Where? Berlin Location? Tba You want to join? register@hack4.org You want to do a talk? talks@hack4.org You want to help and keep the con going? help@hack4.org Con website: http://www.hack4.org ch33rs dash
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Unicorn CPU Emulator Framework is out!
Greetings, Two months after our Blackhat USA talk, we are excited to announce the first release, version 0.9, of Unicorn Engine, the multi-arch, multi-platform CPU emulator framework you are all longing for! Unicorn CPU emulator offers some unparalleled features: - Multi-architectures: Arm, Arm64 (Armv8), M68K, Mips, PowerPC, Sparc, & X86 (include X86_64). - Clean/simple/lightweight/intuitive architecture-neutral API. - Implemented in pure C language, with bindings for Python, Java, Go & .NET available. - Native support for Windows & *nix (with Mac OSX, Linux, *BSD & Solaris confirmed). - High performance by using Just-In-Time compiler technique. - Support fine-grained instrumentation at various levels. - Thread-safe by design. - Distributed under open source license GPL. For further information, see our website at http://ift.tt/1KJ3yxs Unicorn is a very young project, but we do hope that it will live a long life. The community support will be critical for this little open source framework! We would like show our gratitude to the beta testers for bug reports & code contributions during the beta phase! Their invaluable helps have been tremendous for us to keep this far. Huge thanks go to QEMU project, which Unicorn is based on, and extends much further in its special area. Without the almighty QEMU, Unicorn would not be existent! Our engine aims to lay the ground for innovative works. We look forward to seeing many advanced research & development in the security area built on this framework. Let the fun begin! Thanks, Quynh
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Mourinho criticizes FA over fine and suspended stadium ban
LONDON (AP) Chelsea manager Jose Mourinho has criticized the English Football Association after he was fined over comments made towards match officials.
from FOX Sports Digital http://ift.tt/1G89Po1
via IFTTT
from FOX Sports Digital http://ift.tt/1G89Po1
via IFTTT
AP Source: Sheikh Salman closes in on potential FIFA bid
GENEVA (AP) A person familiar with the situation says Asian Football Confederation President Sheikh Salman Bin Ebrahim Al Khalifa is assessing if he has enough support to stand in the FIFA election to succeed Sepp Blatter.
from FOX Sports Digital http://ift.tt/1LwkNnz
via IFTTT
from FOX Sports Digital http://ift.tt/1LwkNnz
via IFTTT
Moenchengladbach head coach backs Johnson over thigh injury
MOMCHENGLADBACH, Germany (AP) Borussia Moenchengladbach head coach Andre Schubert says U.S. coach Jurgen Klinsmann had a ''responsibility'' to substitute defender Fabian Johnson during the Americans' 3-2 loss to Mexico on Saturday.
from FOX Sports Digital http://ift.tt/1LQPFB4
via IFTTT
from FOX Sports Digital http://ift.tt/1LQPFB4
via IFTTT
Spanish star Raul to retire after NASL season with Cosmos
NEW YORK (AP) Spanish star Raul is retiring from soccer in November after his NASL season with the New York Cosmos.
from FOX Sports Digital http://ift.tt/1VVeErE
via IFTTT
from FOX Sports Digital http://ift.tt/1VVeErE
via IFTTT
Partial stadium closure for Marseille after crowd trouble
PARIS (AP) Marseille has been ordered to play its next league game in front of a reduced crowd following trouble at the Stade Velodrome last month.
from FOX Sports Digital http://ift.tt/1k8a08R
via IFTTT
from FOX Sports Digital http://ift.tt/1k8a08R
via IFTTT
Eddie Howe signs contract extension with Bournemouth
BOURNEMOUTH, England (AP) Bournemouth says manager Eddie Howe has signed a contract extension with the Premier League club.
from FOX Sports Digital http://ift.tt/1k7Ozol
via IFTTT
from FOX Sports Digital http://ift.tt/1k7Ozol
via IFTTT
UEFA statement after meeting to discuss Platini case
NYON, Switzerland (AP) Statement from UEFA after emergency meeting to discuss UEFA President Michel Platini's case:
from FOX Sports Digital http://ift.tt/1MEB0YO
via IFTTT
from FOX Sports Digital http://ift.tt/1MEB0YO
via IFTTT
Column: In defeat, is Jose Mourinho still worth our time?
PARIS (AP) Already a proven winner, Jose Mourinho now must become a specialist in failure, too.
from FOX Sports Digital http://ift.tt/1NJBX3v
via IFTTT
from FOX Sports Digital http://ift.tt/1NJBX3v
via IFTTT
Acting FIFA president Issa Hayatou arrives in Zurich
ZURICH (AP) Acting FIFA President Issa Hayatou has arrived in Zurich and spent his first day in office since taking over from the suspended Sepp Blatter.
from FOX Sports Digital http://ift.tt/1jDy7vn
via IFTTT
from FOX Sports Digital http://ift.tt/1jDy7vn
via IFTTT
World Cup host city Nizhny Novgorod wants extra $110 million
MOSCOW (AP) The Russian city of Nizhny Novgorod has asked for more than $110 million in extra funding to prepare for the World Cup despite a broader push to cut costs.
from FOX Sports Digital http://ift.tt/1ZFVSnG
via IFTTT
from FOX Sports Digital http://ift.tt/1ZFVSnG
via IFTTT
Russia says UEFA executive committee backs suspended Platini
NYON, Switzerland (AP) The Russian Sports Ministry says the UEFA executive committee has expressed its ''full support'' for suspended President Michel Platini.
from FOX Sports Digital http://ift.tt/1Qx1WbV
via IFTTT
from FOX Sports Digital http://ift.tt/1Qx1WbV
via IFTTT
Bayern Munich defender Holger Badstuber returns to training
MUNICH (AP) Bayern Munich defender Holger Badstuber has returned to training after five months out with a thigh injury.
from FOX Sports Digital http://ift.tt/1QwWWE8
via IFTTT
from FOX Sports Digital http://ift.tt/1QwWWE8
via IFTTT
More than Meets the Eye with FDM Printers/"The Martian" Gets it Right
Tech Insider Newsletter View Web Version | Add to Safe Sender List Tech Insider The latest information for design engineers and engineering management. October 15, 2015 Articles Get the Most Out of Your FDM 3-D Printer J.B. Babcock, Taylor Technologies Fused Deposition Modeling (FDM) 3-D printers are becoming pretty common and affordable these days, from the small, inexpensive $1,400 MakerBots up to the huge $750,000 Fortus machines. As you would expect, you can print one-piece prototypes of your rigid plastic parts, but did you know there is a whole spectrum of other things you can accomplish with your machine? FULL ARTICLE Advertisement What are the biggest challenges... ...engineers face trying to stay current with engineering information? Find out in our annual Salary Survey sponsored by Digi-Key! High-Acceleration Cables Require Sophisticated Wires Jeff Kerns Ölflex Servo FD 796 CP is designed, manufactured, and tested for high-acceleration cable for track applications and long travel lengths. FULL ARTICLE Featured Video Editor's Roundtable: 2015 Engineering Salary Survey The engineering field is an ever-changing environment. To better understand the current state of the industry, editors from Penton Media's Design Engineering and Sourcing Group gathered for a roundtable discussion of the 2015 Engineering Salary Survey. Thousands of engineers responded to the annual survey, and in this video, our Editors take a closer look at the numbers and offer insights into the "typical" engineer, the current workplace environment, the future of the industry, and other significant trends. FULL ARTICLE A Skeptical Engineer “The Martian”: An Engineering Movie that Gets the Science Right Stephen Mraz Our Skeptical Engineer is a little less skeptical than usual, as he gives a thumbs-up to "The Martian," noting that it "gets most of its science right" and naming the movie a likely front runner for any future Machine Design World’s Greatest Engineering Movie contests. FULL ARTICLE Image Gallery Machine Design’s Products of the Week (10/5-10/12) In this week's roundup of innovative new products, Machine Design spotlights a military-grade computing platform, a helical actuator (pictured), a PID temperature-control unit, and more. FULL ARTICLE Featured Links Advertisement Bird's unique orifice manufacturing process Bird Precision utilizes unique manufacturing methods to produce laser drilled, wire lapped Ruby and Sapphire Orifices, with .0001”tolerances, 2 micro-inch finish, and controlled CD values. http://ift.tt/18XVmLj Advertisement Polyurethane Belts for OEM Applications - From Material Options to Tech Specs Round belts, round cord, flat belts, materials issues, application information and design/engineering aids are all available at www.PyramidBelts.com with no registration required. Advertisement Improve Dispense Accuracy with New PICO Pµlse Nordson EFD's new PICO® Pµlse™ piezoelectric jet valve delivers speed and accuracy while dispensing micro-deposits as small as 0.5 nL at up to 1500Hz. Non-contact jetting technology reduces turbulence and allows more accurate deposit placement. Get improved dispensing performance and process control. Perfect for substrates with irregular surfaces. Watch video Top Articles right now 2015 Engineering Compensation Survey: Facing New Challenges in a Changing Industry World Maker Faire 2015 Attracts Creative Minds Machine Design’s Products of the Week (10/5-10/12) Latch Conceals Handle When Not in Use Get the Most Out of Your FDM 3-D Printer Webinars The Benefits of Roller Screw Technology in Electric Actuation Thursday, October 15 at 11:00 am EST This webinar by Exlar and sponsored by Machine Design will introduce and explain roller screw technology compared to more widely recognized screw technologies. The Next Evolution of the Design Workflow Thusday, October 22 at 2:00 p.m. EST Since the introduction of CAD, not much has changed within the product design workflow. The way products were designed in the late 90's is nearly the same process as it is today. Over the last 5 years, though, companies have started to reevaluate their entire product development workflow, including the design process, for ways to speed up time to market while decreasing costs and accelerating innovation. Join Ansys and SpaceClaim for this exclusive webinar to discuss the reinvention of the design workflow. Basics of Design The Basics of Multi-Passage Soft-Seal Rotating UnionsSponsored by Deublin Farming combines, drilling rigs, tool manufacturing, converting, packaging and steel mills are just a few examples that employ multi-passage soft-seal rotary unions. These types of unions or couplings allow the transfer of hydraulics and pneumatics, while rotating or swiveling a cylinder or spindle that’s connected to stationary objects such as pipes or other equipment. So, why are these mechanisms such an important component of manufacturing or industrial applications? Advertisement Expect more: Complete technical resources for your mechanical control needs Kaman Automation, Control & Energy offers you world-class mechanical components backed by the technical/engineering expertise and local support you need for your mechanical and motion control applications. From individual parts to complete assemblies, you can expect more from Kaman AC&E.www.kamanace.com Design FAQs FAQ's on Linear Motion SystemsSponosred by Schaeffler What are the main components of a linear motion system? What are the different types of linear bearings used in a linear motion system? What are the different types of linear drives used in a linear motion system?FAQ's on Solenoid Proportional Control ValvesSponsored by Humphrey What is a solenoid proportional valve? Where are solenoid proportional valves used? How does a proportional valve work? What flow rates can a proportional valve provide? How will a proportional valve work with my system? Where Does Additive Manufacturing Fit into Your Supply Chain?Sponsored by Stratasys What type of prototypes can be made with 3D printing? What type of finished parts can be made with 3D printing? How is Geometric Dimensioning & Tolerancing (GD&T) affected by using 3D printed parts in an assembly? What if the investment in equipment is too high for a company?Choosing the Right Gearmotor for Your ApplicationSponsored by Bodine Electric Company What is a gearmotor? Why use gearmotors? What are the features and benefits of various types of gearing? What types of motors are commonly available? MANAGE SUBSCRIPTION SUBSCRIBE TO PRINT ARCHIVES ABOUT THIS NEWSLETTER You are subscribed to this newsletter as insidenothing@gmail.com For questions concerning delivery of this newsletter, please contact our Customer Service Department at: Machine Design A Penton publication US Toll Free: 866-505-7173 International: 847-763-9504 Email: Customer Service Penton | 1166 Avenue of the Americas, 10th Floor | New York, NY 10036 Copyright 2015, Penton. All rights reserved. This content is protected by United States copyright and other intellectual property laws and may not be reproduced, rewritten, distributed, re-disseminated, transmitted, displayed, published or broadcast, directly or indirectly, in any medium without the prior written permission of Penton. About Us Privacy Policy Terms of Service
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
I have a new follower on Twitter
KPanel
Monitor all your Kerio Connect, Control and Operator servers at the same time.
http://t.co/fvcEVXVJOl
Following: 341 - Followers: 276
October 15, 2015 at 10:18AM via Twitter http://twitter.com/KPanelApp
Milan forward Icardi eager to take on Juventus again
MILAN (AP) It's no secret, Inter Milan forward Mauro Icardi has played some outstanding football against Juventus.
from FOX Sports Digital http://ift.tt/1Pv6fq1
via IFTTT
from FOX Sports Digital http://ift.tt/1Pv6fq1
via IFTTT
[FD] Freemake Video Downloader 3.7.1 - Code Execution Vulnerability
Document Title: =============== Freemake Video Downloader 3.7.1 - Code Execution Vulnerability References (Source): ==================== http://ift.tt/1Zu9MZY Release Date: ============= 2015-10-12 Vulnerability Laboratory ID (VL-ID): ==================================== 1617 Common Vulnerability Scoring System: ==================================== 8.8 Product & Service Introduction: =============================== Freemake YouTube Downloader is a free software to download online videos to PC free and fast. Download videos from YouTube, Facebook, Dailymotion, Vevo, Vimeo, and 10,000+ sites. You can grab any streaming video in original quality or convert it to MP3, AVI, MKV, WMV, 3GP, or for iPhone, iPod, PSP, Android. Easy setup, no fees, no signup, no limitations. (Copy of the Vendor Homepage: http://ift.tt/RDTY7j ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official FreemakeVideoDownloader v3.7.1 software. Vulnerability Disclosure Timeline: ================================== 2015-10-12: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Freemake Product: Freemake Video Downloader - Software (Windows) 3.7.1 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A code execution web vulnerability has been discovered in the official FreemakeVideo Converter v4.1.7 software. The vulnerability allows an attacker to execute malicious codes by interaction with a vulnerable software input field. The security vulnerability is present in the `paste url` module of the software. The download module does not filter the file type .php and thus finally allows an attacker to execute for example the calculator. The vulnerability can be exploited by local attackers without interaction. The severity of the issue is high and the bug can be exploited because of a misconfigured file validation mechanism. The security risk of the code execution vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.8. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the software vulnerability results in system compromise by a classic url code execution. Vulnerable Module(s): [+] Download Vulnerable Input(s): [+] paste url Affected Module(s): [+] .php Proof of Concept (PoC): ======================= The code execution vulnerability can be exploited by local attackers with restricted system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch your browser and paste your malicious link in your url input field (Do not process to open your link yet!) 2. Run Freemake VideoDownloader.exe 3. Click paste url 4. The php code executes successful after usage of the url paste 5. Successful reproduce of the code execution vulnerability! PoC: Exploit Security Risk: ============== The security risk of the code execution web vulnerability in the software core is estimated as high. (CVSS 8.8) Credits & Authors: ================== ZwX - (http://zwx.fr) [ http://ift.tt/1OEBOwM ] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability
Document Title: =============== PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability References (Source): ==================== http://ift.tt/1NtvLMV EIBBP-31983 (P2) Video: http://ift.tt/1Op9XlJ Vulnerability Magazine: http://ift.tt/1Nu3XIf Release Date: ============= 2015-10-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1509 Common Vulnerability Scoring System: ==================================== 4.3 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. (Copy of the Homepage: www.paypal.com) [http://ift.tt/rooU27] Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a session fixation web Vulnerability in the official PayPal Inc (France) online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-06-06: Researcher Notification & Coordination (Hadji Samir - Evolution Security GmbH) 2015-06-08: Vendor Notification (PayPal Inc - Security & Bug Bounty Team) 2015-07-04: Vendor Response/Feedback (PayPal Inc - Security & Bug Bounty Team) 2015-09-30: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-10-08: Security Reward (PayPal Inc - Bug Bounty Team) [3.000$] 2015-10-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: PayPal - Online Service Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A session fixation web vulnerability has been discovered in the official PayPal Inc online service web-application. The vulnerability allows remote attackers to manipulate user session information to takeover the data for malicious purpose. Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated for malicious characters. HTTP response splitting is a means to an end, not an end in itself. At its root, the attack is straightforward: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header. To mount a successful exploit, the application must allow input that contains CR (carriage return, also given by %0d or /r) characters into the header AND the underlying platform must be vulnerable to the injection of such characters. These characters not only give attackers control of the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control. On the french paypal webpage for instance there is a vulnerability where an attacker can copy and overwrite a victims session ID and use the false ID to perform actions like session manipulation and cookie compromise. The vulnerability can be exploited by a successful manipulated GET method request through the France paypal online service web-application. The security risk of the unencrypted session fixation issue is estimated as medium with a cvss (common vulnerability scoring system) count of 4.3. Exploitation of the vulnerability requires no privilege web-application user account with low user interaction. Successful exploitation of the vulnerability results in manipulation of user session information and information disclosure. Request Method(s): [+] GET Vulnerable Module(s): [+] /cgi-bin/aao.com/ Vulnerable Value(s): [+] error page (redirect 302) Proof of Concept (PoC): ======================= The vulnerability can be exploited by attackers with restricted physical device access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. String Bypass: %0d http://ift.tt/1GIlvIR; Domain=.paypal.com; Path=/;Expires=Mon, 08 Jun 2020 18:53:07 GMT; HttpOnly; Secure Note: http://ift.tt/1OEBOgh rerror page so will redirect to paypalproject.com > so any error page will redirect to paypalproject Reference(s): http://ift.tt/1GIltAz Solution - Fix & Patch: ======================= 2015-09-30: Vendor Fix/Patch (PayPal Inc - Developer Team) Security Risk: ============== The security risk of the session fixation and filter bypass web vulnerability in the paypal framework is estimated as medium. (CVSS 4.3) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir (samir@evolution-sec.com) [http://ift.tt/1OEBM8e] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Jobs from Anonymous
Anonymous. The General Ledger Assistant will manage all purchase and sales ledgers to ensure the smooth running of the general ledger function.
from Google Alert - anonymous http://ift.tt/1VU7FiW
via IFTTT
from Google Alert - anonymous http://ift.tt/1VU7FiW
via IFTTT
Swiss agree to extradite FIFA staffer in bribery case
BERN, Switzerland (AP) Switzerland's justice ministry has granted an American request to extradite a FIFA development officer in the FIFA bribery case.
from FOX Sports Digital http://ift.tt/1LmaBuq
via IFTTT
from FOX Sports Digital http://ift.tt/1LmaBuq
via IFTTT
ISS Daily Summary Report – 10/14/15
Plant Gravity Sensing 2 (PGS2): Today Lindgren retrieved culture dishes from a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) and treated the plants growing in them with a chemical reagent that induces a bioluminescence response that is dependent on the concentration of calcium ions in the plants. The Plant calcium concentrations have been shown to change in response to the direction of gravity: the plants emit photons when the culture dishes they are growing in are turned upside down so that the direction of gravity is changed relative to the plants. The reagent will be removed tomorrow with an absorbent and on Thursday the culture dishes will be turned upside down and returned to a Photon Counting Unit (PCU) so that photon measurements can be taken. The PGS2 investigation supports the study of cellular formation of the gravity sensors and the molecular mechanism for gravity sensing in plants grown in microgravity conditions. Ocular Health: Lindgren and Yui initiated their Flight Day 90 Ocular Health testing by performing vision and tonometry tests and taking blood pressure measurements. The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines. SOLAR: Measurements continue to be taken for European Space Agency’s (ESA’s) SOLAR investigation during the current sun visibility window which began last Friday, October 9th. The goal of the SOLAR instruments is to measure solar spectral irradiance and variability. Habitability: Today Kelly documented his recent observations related to human factors and habitability for the Habitability investigation. Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as near earth asteroids and Mars. Observations recorded during 6 month and 1 year missions can help spacecraft designers determine how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. ISS Extravehicular Mobility Unit (EMU) Umbilical (IEU) Checkout: As a follow up to yesterday’s IEU replacement, Yui succesfully performed an IEU activation and checkout. On September 23, the crew found a damaged seal on the coolant loop outlet port in the connector that connects the IEU to the EMU. Both IEUs were due to be changed out early next year due to life time expiration. The team elected to replace both expiring IEUs to support upcoming EMU operations. Node 1 Nadir Berthing Port Cabling: Last Friday, the crew was unable to mate two pre-routed power cables due to interference resulting from connector backshell clocking. Today, the crew succesfully re-clocked the 90° connectors and completed the installation of the wire harnesses to the Node 1 Forward Overhead and Lab Aft Overhead Bulkheads. These cables will provide power to Node 1 Nadir Berthing Port and Galley Rack. The crew also removed the airlock y-jumper that was installed as an interim measure last Friday. Extravehicular Activity (EVA) Preparation: Kelly has packed International Docking Adapter (IDA) Cables into an EVA cable bag. The cables will be installed on Pressurized Mating Adapter (PMA)-3 during the ISS Upgrades EVA currently scheduled for October 28th. The ISS Program plans to establish two docking ports on the US On-orbit Segment compatible with the International Docking System Standard (IDSS). In the future, the docking adapters will be installed onto the existing PMA-2 and PMA3 interfaces. Each adapter will permanently convert a passive Androgynous Peripheral Attachment System (APAS) docking interface into a passive IDSS interface. Special Purpose Dexterous Manipulator (SPDM) Troubleshooting: Today, Robotics Controllers performed data collection on the SPDM Arm 2 Shoulder Yaw Joint utilizing a diagnostics software patch. The troubleshooting was conducted as a result of an anomaly that occurred on the joint last Thursday, 08 October. The data will now be analyzed by ground teams. Today’s Planned Activities All activities were completed unless otherwise noted. HMS Visual Testing Activity EMU – Packing Cable Bag Hose prep for sample collection from EDV-ZV (EDV 1198) Replacement of urine receptacle (МП) and filter-insert (Ф-В) in АСУ. АСУ Activation after Replacement Life Support System (СОЖ) PGS2 – Equipment Gathering HMS – Vision Questionnaire ТКГ 429 (SM Aft) Transfers and IMS Ops Soyuz 717 Samsung tablet charging – end Ocular Health (OH) Blood Pressure Operations Ocular Health (OH) – Tonometry Test Configuration Ocular Health Experiment – Tonometry – Crew Medical Officer (CMO) Ocular Health Experiment – Tonometry – Subject Ocular Health (OH) Blood Pressure Operations MOTOCARD. Experiment Ops Test activation of Vozdukh Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] Ocular Health Experiment – Tonometry – Crew Medical Officer (CMO) KULONOVSKIY KRISTALL. Experiment Ops Ocular Health Experiment – Tonometry – Subject MOTOCARD. Operator Assistance with the Experiment EMU – Long Dryout Post-Tonometry Stowage EMU – Long Dryout MOTOCARD. Photography of the Experiment Ops XF305 Camcorder Settings Adjustment PGS2-ELT2 – Cable Reconfig PGS2. Sample Retrieval from MELFI HMS – Vision Test PGS2. Sample Treatment Run 1 Power down hardware downstream of NOD2 UOP2 per Plug in Plan (PiP) HMS – Vision Questionnaire СКПФ1 & СКПФ2 Dust Filter Changeout. Reflect in IMS and clean MRM1 Gas-Liquid Heat Exchanger (ГЖТ) Acoustic Dosimeter Setup for Crew-worn Measurement Sessions Copy CLS 10 from SSC laptop HMS Defibrillator Inspection EMU – Long Dryout Private Medical Conference Node 1 Data Cable Routing/Installation 24-hour ECG Monitoring (termination) On MCC Go Demating telemetry connectors from КЛ-108А KULONOVSKIY KRISTALL. Copy and download data to hard drive for return Removal of КЛ-108А Radio transmitter module. Checkout of Compound Specific Analyzer-Combustion (CSA-CP) 24-hour Holter monitoring (terminate) KULONOVSKYI KRISTALL. Hardware Removal ТКГ 429 (SM Aft) Transfers and IMS Ops Installation of КЛ-121/122Ц module EMU – Long Dryout CONTUR-2. Installation of master arm with adapter on panel 418 CONTUR-2. Experiment Session Ops IMS Delta File Prep De-installation and installation of […]
from ISS On-Orbit Status Report http://ift.tt/1OEw7yS
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1OEw7yS
via IFTTT
As usual, Real Madrid looks to Ronaldo for goals
MADRID (AP) The answer, according to Real Madrid coach Rafa Benitez, is Cristiano Ronaldo.
from FOX Sports Digital http://ift.tt/1OErODA
via IFTTT
from FOX Sports Digital http://ift.tt/1OErODA
via IFTTT
Bayern aiming for Bundesliga record 9-game winning start
BERLIN (AP) The Bundesliga resumes after the international break with Bayern Munich looking unstoppable and Borussia Dortmund trying to bounce back after the side's comprehensive defeat to the league leader. Bayern can set another record by beating Werder Bremen on Saturday, while Dortmund faces a tough game at Mainz on Friday.
from FOX Sports Digital http://ift.tt/1hG58pG
via IFTTT
from FOX Sports Digital http://ift.tt/1hG58pG
via IFTTT
First Ever Anti-Drone Weapon that Shoots Down UAVs with Radio Waves
While the US military continues to build more advanced unmanned aerial vehicles (UAVs), popularly known as Drones, the US company Battelle has developed a shoulder-mounted rifle to deal with unwanted drones flying around. Dubbed DroneDefender, the revolutionary weapon specifically designed to target and knock drones out of the sky at a range of just 400 meters, without totally destroying
from The Hacker News http://ift.tt/1hG2EHH
via IFTTT
from The Hacker News http://ift.tt/1hG2EHH
via IFTTT
Presentation: Social Media
The presentation below was shared by DHSEM Strategic Communications Director Micki Trost on October 14, 2015 at the Colorado Safe School ...
from Google Alert - anonymous http://ift.tt/1VTLvbe
via IFTTT
from Google Alert - anonymous http://ift.tt/1VTLvbe
via IFTTT
Injuries complicate ideal situation for PSG in French league
PARIS (AP) Everything seems too easy for Paris Saint-Germain in the French league this season.
from FOX Sports Digital http://ift.tt/1Ne5qiV
via IFTTT
from FOX Sports Digital http://ift.tt/1Ne5qiV
via IFTTT
UEFA leaders demand answers on Platini payment at meeting
GENEVA (AP) UEFA leaders are meeting to decide whether to continue backing Michel Platini, with some not yet satisfied by his explanation for a payment that led to his 90-day FIFA suspension.
from FOX Sports Digital http://ift.tt/1jClSiK
via IFTTT
from FOX Sports Digital http://ift.tt/1jClSiK
via IFTTT
Untethered Jailbreak for iOS 9.0, 9.0.1 and 9.0.2 Released
The Chinese Pangu jailbreak team has once again surprised everyone by releasing the first untethered jailbreak tool for iOS 9 – iOS 9.0, iOS 9.0.1, and iOS 9.0.2. The untethered jailbreak is a jailbreak where your device don't require any reboot every time it connects to an external device capable of executing commands on the device. How to Jailbreak iOS 9.0, 9.0.1 and 9.0.2?
from The Hacker News http://ift.tt/1VTFWtj
via IFTTT
from The Hacker News http://ift.tt/1VTFWtj
via IFTTT
Klopp era at Liverpool starts with trip to Spurs
MANCHESTER, England (AP) With his charm, quips, tactical insights and beaming smile, Juergen Klopp made quite an impression when he was presented as Liverpool's new manager last week.
from FOX Sports Digital http://ift.tt/1OE8bvo
via IFTTT
from FOX Sports Digital http://ift.tt/1OE8bvo
via IFTTT
Nepal captain, players arrested over match fixing
KATHMANDU, Nepal (AP) A Nepal police official says the captain of the national football team and other team members have been arrested on charges relating to match-fixing.
from FOX Sports Digital http://ift.tt/1PuBPnM
via IFTTT
from FOX Sports Digital http://ift.tt/1PuBPnM
via IFTTT
Prince Ali lodges candidacy for FIFA presidency
AMMAN, Jordan (AP) Prince Ali bin al-Hussein has submitted his candidacy for the upcoming FIFA presidential election and pledged to restore the image of the governing body if elected in February.
from FOX Sports Digital http://ift.tt/1Qvy8wn
via IFTTT
from FOX Sports Digital http://ift.tt/1Qvy8wn
via IFTTT
A Gegenschein Lunar Eclipse
Is there anything interesting to see in the direction opposite the Sun? One night last month, there were quite a few things. First, the red-glowing orb on the lower right of the featured image is the full moon, darkened and reddened because it has entered Earth's shadow. Beyond Earth's cone of darkness are backscattering dust particles orbiting the Sun that standout with a diffuse glow called the gegenschein, visible as a faint band rising from the central horizon and passing behind the Moon. A nearly horizontal stripe of green airglow is also discernable just above the horizon, partly blocked by blowing orange sand. Visible in the distant sky as the blue dot near the top of the image is the star Sirius, while the central band of our Milky Way Galaxy arches up on the image left and down again on the right. The fuzzy light patches just left of center are the Large and Small Magellanic Clouds. Red emission nebulas too numerous to mention are scattered about the sky, but are labelled in a companion annotated image. In the image foreground is the desolate Deadvlei region of the Namib-Naukluft National Park in Namibia, featuring the astrophotographer himself surveying a land and sky so amazing that he described it as one of the top experiences of his life. via NASA http://ift.tt/1jod2FX
El Nino: Disrupting the Marine Food Web
This gallery was created for Earth Science Week 2015 and beyond. It includes a quick start guide for educators and first-hand stories (blogs) for learners of all ages by NASA visualizers, scientists and educators. We hope that your understanding and use of NASA's visualizations will only increase as your appreciation grows for the beauty of the science they portray, and the communicative power they hold. Read all the blogs and find educational resources for all ages at: http://ift.tt/1OKWxQV. In case you haven't heard, El Nino is starting to make headlines this year. Often nicknamed "the bad boy of weather," who is this guy? A long time ago, fishermen off the west coast of South America — one of the world's most productive fisheries — noticed that some years the fish disappeared. This was especially noticeable around Christmas time — giving it the name El Nino, which means Christ child in Spanish. Today we know why El Nino happens — but knowing when it will happen is still a challenge. Normally, winds blow from east to west along the equator, pushing surface water westward. As the water moves away from the east, nutrient-rich deeper ocean water rises to fill the void (called upwelling.) When nutrients rise into sunlight, they cause blooms of tiny plants called phytoplankton. These plants feed the entire marine food web from small fish such as sardines to bigger fish, sea birds, and marine mammals. When an El Nino develops, the normal east-to-west winds die and warm surface water from the west Pacific moves eastward. This stops the upwelling in the east. Without the supply of deeper, nutrient-rich water, less phytoplankton bloom and the fisheries collapse. From satellites in space we see how these changes impact the ocean's color. Normally, the ocean looks more green along the equator (image below, left.) During El Nino, the ocean looks more blue and less green because there is less plant life (images below, right.) While this color change is subtle to our eyes, it means life or death for the species that depend upon plankton for food. Some animals starve (e.g. sea lions, marine iguanas, Galapagos penguins) while others move away to look for food elsewhere. In addition to disrupting the marine food web and reducing the fish catch in the Pacific, El Nino is linked to unusual weather around the world: more typhoons in the Pacific, fewer hurricanes in the Atlantic, more rain in California, less rain in Southeast Asia and Australia, and warmer weather in South America. The monstrous 1997/98 El Nino led to extreme events with catastrophic consequences. There were floods and landslides in some places and extreme drought in others. This is how El Nino got his reputation as a "bad boy." We still can't predict El Nino more than a few months in advance and won't know its full strength until it peaks around December, but this year's El Nino is shaping up to be a bully. As a scientist, I've been studying the interaction of physical oceanography and biology over the past 50 years. I also create a series of short visualizations called ClimateBits that play on Science On a Sphere displays at museums and science centers. Here's one I made about El Nino using chlorophyll images (from the MODIS sensor onboard the Aqua satellite) and sea-surface temperatures (from NOAA AVHRR and NASA AMSR-E satellites and oceanic buoy measurements.) To give background on motion in the ocean that is key to this story, I start the piece with one of my favorite visualizations by the NASA Scientific Visualization Studio showing output from an ocean circulation model color coded with sea surface temperatures. To see it on YouTube and for more information about El Nino and other Earth science concepts, visit: http://climatebits.org. -- Stephanie Schollaert Uz, PhD, NASA GSFC, Earth Sciences Division, Ocean Ecology Lab
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1X5neS3
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1X5neS3
via IFTTT
Wednesday, October 14, 2015
Structured Memory for Neural Turing Machines. (arXiv:1510.03931v1 [cs.AI])
Neural Turing Machines (NTM) contain memory component that simulates "working memory" in the brain to store and retrieve information to ease simple algorithms learning. So far, only linearly organized memory is proposed, and during experiments, we observed that the model does not always converge, and overfits easily when handling certain tasks. We think memory component is key to some faulty behaviors of NTM, and better organization of memory component could help fight those problems. In this paper, we propose several different structures of memory for NTM, and we proved in experiments that two of our proposed structured-memory NTMs could lead to better convergence, in term of speed and prediction accuracy on copy task and associative recall task as in (Graves et al. 2014).
from cs.AI updates on arXiv.org http://ift.tt/1QuvUxf
via IFTTT
Subscribe to:
Posts (Atom)