Latest YouTube Video

Saturday, February 13, 2016

alcoholics anonymous coin

Alcoholics Anonymous coin, bronze or brass?; front: to thine own self be true, recovery, service, unity -- 3 month; back: serenity prayer. Asking $5.00 or ...

from Google Alert - anonymous http://ift.tt/1TiD6B1
via IFTTT

26

looking for anonymous scenes. who's interested? looking for now and this weekend. 26 muscular bottom boy.

from Google Alert - anonymous http://ift.tt/1TfLqAp
via IFTTT

33 minutes ago

0 loans added to your basket. Total : $0.00. View Basket Pay Now · See all activities >>. A. Anonymous has made 15 loans on Milaap. 33 minutes ago.

from Google Alert - anonymous http://ift.tt/1R1JitO
via IFTTT

Anonymous

Anonymous. She is a mother who works as a cleaner for a company. She has two school-age children. They suffer from severe pain because several ...

from Google Alert - anonymous http://ift.tt/2114g0C
via IFTTT

Russia Wants to Kick Foreign Tech Companies Out Of The Nation

Someone wants to kick Microsoft, Google and Apple off from his land, but himself uses Gmail and Mac. The newly appointed Internet Tsar German Klemenko, who is the first internet advisor of Vladimir Putin, wants to kick off American Giants from Russia. In a 90-minute interview conducted by Bloomberg, Klemenko expressed his interest to vanish the presence of tech biggies of foreign


from The Hacker News http://ift.tt/1PtPdrg
via IFTTT

I have a new follower on Twitter


FinTech
Let's disrupt them.


Following: 1602 - Followers: 2251

February 13, 2016 at 07:12AM via Twitter http://twitter.com/Fin__Tech

Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker (partial), Coinvault, Rescue Kit. One more solution has recently been released for decryption of


from The Hacker News http://ift.tt/1R13b4l
via IFTTT

Nasdaq to Use Bitcoin-style Blockchain to Record Shareholder Votes

The Nasdaq stock exchange and the Republic of Estonia have announced the use of Blockchain-based technology to allow shareholders of companies to e-vote in shareholder meetings even when they're abroad, according to Nasdaq's press release. Global stock market giant is developing an electronic shareholder voting system implemented on the top of Blockchain technology that underpins Bitcoins.


from The Hacker News http://ift.tt/1KMwoR3
via IFTTT

British Intelligence is Legally Allowed to Hack Anyone, Court Says

Hacking of computers, smartphones and networks in the United Kingdom or abroad by the Government Communications Headquarters (GCHQ) is LEGAL, the UK's Investigatory Powers Tribunal (IPT) ruled. The British spying nerve center GCHQ has won a major court case in defense of the agency's persistent hacking programs. After revelations by NSA whistleblower Edward Snowden about the extent of


from The Hacker News http://ift.tt/1Xpe9TR
via IFTTT

Friday Playlist: Anonymous

The world we live in today might make it a lot more difficult to remain anonymous, but it doesn't mean you can't play around with what you present to ...

from Google Alert - anonymous http://ift.tt/20RhH6M
via IFTTT

anonymous

anonymous free download. Anonymous-DoS What is Anonymous-DoS? Anonymous-DoS is a http flood program written in hta and javascript, ...

from Google Alert - anonymous http://ift.tt/1R0Q9DU
via IFTTT

Friday, February 12, 2016

[FD] [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability

Application: SAP PCo Versions Affected: SAP PCo 2.2, 2.3, 15.0, and 15.1 Vendor URL: http://SAP.com Bugs: DoS Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP PCo Advisory ID: [ERPSCAN-15-032] Risk: high Advisory URL: http://ift.tt/1LlABq5 Date published: 20.11.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Denial of service Impact: Disrupt operational status Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2015-8330 CVSS Information CVSS Base Score: 7.1 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality None (N) I : Impact to Integrity None (N) A : Impact to Availability Complete (C) 3. VULNERABILITY DESCRIPTION An attacker can crash the PCo agent by forging xMII requests to the TCP port. 4. VULNERABLE PACKAGES SAP PCo agent 2.2, 2.3, 15.0 and 15.1 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2238619 6. AUTHOR Mathieu Geli (ERPScan) 7. TECHNICAL DESCRIPTION When sending special forged queries to the SAP Pco Agent (available in query mode), you can crash the agent and disrupt a PCo operation. 8. REPORT TIMELINE Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 9. REFERENCES http://ift.tt/1LlABq5 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability

Application: SAP MII Versions Affected: SAP MII 12.2, 14.0, 15.0 Vendor URL: http://SAP.com Bugs: Authentication bypass Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP MII Advisory ID: [ERPSCAN-15-031] Risk: Medium Advisory URL: http://ift.tt/1PS6I6b Date published: 20.11.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Cryptographic issues Impact: reading private information Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-8329 CVSS Information CVSS Base Score: 2.1 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) High (H) Au : Authentication (Level of authentication needed to exploit) Single (S) C : Impact to Confidentiality Partial (P) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION SAP MII allows Base64 and DES as an encryption algorithm. 4. VULNERABLE PACKAGES SAP MII 12.2, 14.0, 15.0 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2240274 6. AUTHOR Mathieu Geli (ERPScan) 7. TECHNICAL DESCRIPTION SAP MII allows Base64 and DES algorithm selection at encryption configuration and export configuration screens. 8. REPORT TIMELINE Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 9. REFERENCES http://ift.tt/1PS6I6b 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security

Source: Gmail -> IFTTT-> Blogger

[FD] Point of Sale WinREST machines remote privilege escalation

[FD] BSides Hannover 2016

Folks @ FD! We will have a Security BSides in Hannover on march 18th. CFP is open and runs until early march. Please follow us on twitter @bsideshn or visit the website bsideshannover.de for more details ! On behalf of the BSides Hannover Team, Daniel

Source: Gmail -> IFTTT-> Blogger

[FD] RVAsec 2016 CFP is now Open!

RVAsec 5 // June 2-3rd, 2016 // Richmond, VA RVAsec is a Richmond, VA based security convention that brings top industry speakers to the mid-atlantic region. In its fourth year, RVAsec 2015 attracted nearly 400 security professionals from across the country. For 2016, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations. All talks must be 55 minutes in length, and submissions will need to select from either a business or technical track. The following types of presentations will not be accepted: - Sales or marketing for companies or products - CFP submissions from in-house or agency PR/marketing professionals - Talks which do not offer new insight or perspective Speaker Perks - Free admission to RVAsec - Invitation to the RVAsec speaker dinner/party - RVAsec T-shirt, badge & attendee swag bag - One 50% off pass for a friend or co-worker - Fame and glory, internet style! - Opportunity to be the recipient of the RVAsec “STFU” sign RVAsec has a limited travel budget, but speakers who request travel assistance may be eligible for: - Travel allotment up to $300 - 3 nights hotel at the Crowne Plaza Richmond Downtown For more info and to submit, visit: http://ift.tt/1LlACtU

Source: Gmail -> IFTTT-> Blogger

[FD] Serena Business Manager < 10.01 DOM XSS Vulnerability

>> # Exploit Title: Serena Business Manager < 10.01 DOM XSS Vulnerability >> # Date: 11-feb-16 >> # Exploit Author: Zeroday.pro Labs >> # Software Link: http://ift.tt/1LlACdE >> # Version: Tested and working on 10.01.04.01.1068 (build 10) >> Serena Business Manager is vulnerable to a DOM cross-site scripting (XSS) attack. The attack allows execution of arbitrary JavaScript in the context of the user’s browser. >> Vulnerability resides in source location.href at tmtrack.dll and sink jQuery.html >> >> Example: >> The SBM User Workspace cannot be embedded in another frame.
1337 >>

Source: Gmail -> IFTTT-> Blogger

[FD] KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Police Arrest 16-year-old Boy Who Hacked CIA Director

The teenage hacker, who calls himself a member of hacktivist group "Cracka with Attitude," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a 16-year-old British teenager who they believe


from The Hacker News http://ift.tt/1Qc1tKc
via IFTTT

Anonymous user cannot create isbn2node

Authenticated users are able to create isbn2node but not anonymous users. I don't see any permission too. Am I missing something?

from Google Alert - anonymous http://ift.tt/1RwFFyr
via IFTTT

I have a new follower on Twitter


Get Free Followers
Get up to 10,000 new followers! Try our website today @ https://t.co/iaEBJ0THOO!
United States

Following: 1520 - Followers: 247

February 12, 2016 at 12:40PM via Twitter http://twitter.com/MarthaHolt__

ISS Daily Summary Report – 02/11/16

Ocular Health Testing:  Today Kelly and Kornienko, with Kopra as the operator, completed their Return minus 30 day (R-30) Ocular Health testing by performing ocular and cardiac ultrasound scans.  The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.   Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Max:  For his Flight Day 60 Sprint VO2 Max session, Kopra attached Electrocardiogram (ECG) electrodes to himself, set up and don Heart Rate Monitor hardware, performed Portable Pulmonary Function System calibrations, and then performed the VO2 protocol.  The Sprint VO2 investigation evaluates the use of high intensity, low volume exercise to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers while reducing total exercise time during long-duration space missions   Extravehicular Mobility Unit (EMU) 3003 Fan Pump Separator Remove and Replace (R&R) Part 2:  Following yesterday’s EMU 3003 FPS R&R, Kelly and Peake primed the new pump and prepared the EMU for a return to service checkout scheduled on Monday.  Tomorrow, the faulty pump will be packed for return onboard Soyuz 44 next month for ground examination.   The FPS which was removed had failed to start up during an activity to fill the Liquid Cooling and Ventilation Garment (LCVG) in December.   Orbital ATK (OA)-4 Cargo Operations:  Kopra transferred trash into the Cygnus vehicle today in preparation for its unberth and release on February 19th.   Portable Emergency Provisions (PEPs) Inspection:  Peake conducted an audit of the PEPs hardware and verified the emergency response equipment was in the expected location and is free of damage.  Among the items inspected were Water Mist Portable Fire Extinguishers (PFEs), Portable Breathing Apparatus (PBA) including Quick Don mask Assemblies (QDMAs) and Pre-Breathe Masks.   Condensate Water Separator Assembly (CWSA) Desiccant Module R&R:   Kopra utilized the 3D Visual Trainer (3D ViT) in order to familiarize himself with the CWSA Desiccant Module inspection and R&R task within Columbus.  Once the training was complete, he proceeded with the inspection and Desiccant Module R&R.  The Desiccant Module is placed inside the CWSA in order to provide a dry atmosphere and prevent condensation on the cold outer surfaces of the water separator housing/parts. The module is inspected and replaced as part of preventative maintenance.   Mobile Servicing System (MSS) Operations:  This evening, Robotics Flight Controllers will be stowing the Special Purpose Dexterous Manipulator (SPDM) on the Mobile Base System (MBS), and walking off the Space Station Remote Manipulator System (SSRMS) from the MBS power and data grapple fixture (PDGF)-1 to the Node2 PDGF. Once the walk off is complete, they will grapple Cygnus in preparation for its unberth and release on February 19th.     Today’s Planned Activities All activities were completed unless otherwise noted. Fine Motor Skills – Test USND2 – Hardware Activation Eye Imaging – Ultrasound Scan Prep SPRINT – Hardware Power Up Eye Imaging Crew Medical Officer (CMO) Proficiency Training Cleaning ventilation screens on FGB interior panels (panels 201, 301, 401) Reload RSS1 Laptop Software Version 4.0 SPRINT – Experiment Ops Eye Imaging – Data Export Soyuz 718 Samsung tablet charge – initiate Acoustic Dosimeter Stow Terminate discharge of the 3rd Orlan-MK 825М Battery Pack No.126499193 (b/c 00068692R, stow ФГБ1ПГО_2_221_1) ) Eye Imaging – Data Export Disassembly of Charger [ЗУ-С] No.13010004 (009709R) Setup MARROW – Sample Setup CARDIOVECTOR. Experiment Ops Cygnus Cargo Operations On MCC GO Demating charger TLM connector and Closeout Ops Stow Charger [ЗУ-С] ФГБ1ПГО_2_221_1, Soft Container 422-6 (00062719R) ER6-DVD – Software Installation HABIT – Applications Overviews Preparing for РТ-50-1М No.3 (А203) Replacement – Search equipment, procedure and r/g review Eye Imaging – Data Export / See OPTIMIS Viewer for Procedure Cleaning fan screens on FGB interior panels (116, 316, 231, 431) OH – Experiment Ops COSMOCARD. Setup. Starting 24-hr ECG Recording OH – Experiment Ops СОЖ Maintenance SPRINT – Equipment Stowage Charging Soyuz 718 Samsung tablet – termination Ocular Health – Cardiac and Blood Pressure Operations AMS – Hard Drive Exchange HRF Blood Collection Hardware Setup Ocular Health – Closeout Ops OH-CARDIAC – Data Export Soyuz 718 Kazbek Fit Check Soyuz 719 Samsung tablet charge – initiate Aurora Target Operations VCA1 Camera Adjustment VIZIR. Experiment Ops Onboard Training (OBT) – Using 3D ViT Visual Training Application in preparation of Columbus Condensate Water Separator Assembly (CWSA) R&R activity EMU Fan Pump Separator (FPS) R&R Laptop preparation and Progress 431 (DC1) Test Configuration Setup USND2 – Hardware Deactivation VCA1 Camera Adjustment R&R of the Desiccant Module in CWSA in Columbus SPLANH. Preparation for Experiment Replacement of FGB Dust Collector ПС1, ПС2 Filters (ФГБ1ПГО_4_419_1, bag 429-21 (00068135R) MOTOCARD. Experiment Ops MOTOCARD. Operator Assistance with the Experiment Transfer of brine/urine from EDV-U into Progress 431 (DC1) Rodnik H2O Tank1 IMS Delta File Prep ER6-DVD – Closeout Ops Inspection of Portable Breathing Apparatus (PBA) and Portable Fire Extinguisher (PFE) VEG-01 Experiment –  Plant photo Columbus – Ops after CWSA R&R in Columbus 3D Visual Training (3DViT) Questionnaire after CWSA R&R SPRINT – Closeout Ops Private Psychological Conference HAM radio session from Columbus Charging Soyuz 719 Samsung tablet – termination   Completed Task List Items None   Ground Activities All activities were completed unless otherwise noted. SSRMS Walk off from MBS PDGF1 to Node 2 and Cygnus Grapple   Three-Day Look Ahead: Friday, 02/12: SPRINT, Microbe-IV Sample Collection, FPS Pack and Stow, SkinB, BASS-M Saturday, 02/13: Crew Off Duty, Weekly Cleaning Sunday, 02/14:  Crew Off Duty   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major […]

from ISS On-Orbit Status Report http://ift.tt/20PVki5
via IFTTT

New York Police Used Cell Phone Spying Tool Over 1000 Times Without Warrant

The New York Police Department (NYPD) has admitted that it used controversial cell phone spying tool "Stingrays" more than 1,000 times since 2008 without warrants. In the documents obtained by the New York Civil Liberties Union (NYCLU), the NYPD acknowledged that the department has used Stingrays to intercept personal communications and track the locations of nearby mobile phone users.


from The Hacker News http://ift.tt/1KK3RvB
via IFTTT

Microsoft Edge's InPrivate Mode Finally Keeps Your Activity Private

Browsing the Web in 'Private Mode' is not as private as you think. Microsoft has patched the Private Browsing Leakage bug in its newest Edge browser with the latest update. When we talk about Browsers, only one thing which does not strike our mind is Internet Explorer or IE. Even there were some trolls on Internet Explorer (IE) waving over the social medias such as "The best web


from The Hacker News http://ift.tt/1QZvIHq
via IFTTT

[FD] HD Video Player v2.5 iOS - Multiple Web Vulnerabilities

Document Title: =============== HD Video Player v2.5 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://ift.tt/1Rsi6qr Release Date: ============= 2016-02-11 Vulnerability Laboratory ID (VL-ID): ==================================== 1719 Common Vulnerability Scoring System: ==================================== 7.3 Product & Service Introduction: =============================== Video Player Pro is one of the most popular and powerful player for all iPhone devices. It is easiest iPhone phone player. This player support many formats and can play any video,film,music,MTV that stored on your phone. HD Player Pro - the best choice of phone player. Can play any type video music and pdf txt word excel. (Copy of the Homepage: http://ift.tt/1PQRhLo ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered multiple web vulnerabilities in the HD Video Player v2.5 iOS mobile web-application (wifi). Vulnerability Disclosure Timeline: ================================== 2016-02-11: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Hanlin Wang Product: HD Video Player PRO - iOS (Web-Application) [Wifi] 2.5 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ 1.1 A local file include web vulnerability has been discovered in the HD Video Player v2.5 iOS mobile web-application (wifi). The file include vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `file uploader` module. Remote attackers are able to inject own files with malicious `filename` values in the `file upload` POST method request to compromise the mobile web-application. The local file/path include execution occcurs in the index file dir listing and sub folders of the wifi interface. The attacker is able to inject the lfi payload by usage of the wifi interface or local file sync function. Attackers are also able to exploit the filename issue in combination with persistent injected script code to execute different malicious attack requests. The attack vector is located on the application-side of the wifi service and the request method to inject is POST. The security risk of the local file include vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.4. Exploitation of the local file include web vulnerability requires no user interaction or privileged web-application user account. Successful exploitation of the local file include vulnerability results in mobile application compromise or connected device component compromise. Request Method(s): [+] [POST] Vulnerable Module(s): [+] File Uploader Vulnerable Parameter(s): [+] filename Affected Module(s): [+] Index File Dir Listing (http://localhost:8083/ or http://localhost:20000) 1.2 An arbitrary file upload web vulnerability has been discovered in the HD Video Player v2.5 iOS mobile web-application (wifi). The arbitrary file upload issue allows remote attackers to upload files with multiple extensions to bypass the system validation and compromise the web-server. The vulnerability is located in the filename value of the `file uploader` module. Remote attackers are able to upload a php or js web-shell by a rename of the filename with multiple extensions in the upload POST method request. The attacker uploads for example a web-shell with the following name and extension `pentest.png.html.php.js.aspx.html.png`. After the upload the attacker needs to open the file in the wifi web-application interface. He deletes the .png file extension and can access the webshell with elevated access rights to execute. The security risk of the arbitrary file upload web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.3. Exploitation of the arbitrary file upload web vulnerability requires no user interaction or privileged web-application user account with password. Successful exploitation of the arbitrary file upload vulnerability results in unauthorized file access (aap/device) and compromise of http web-server. Request Method(s): [+] [POST] Vulnerable Module(s): [+] Upload Vulnerable Parameter(s): [+] filename (multiple extensions) Affected Module(s): [+] Index File Dir Listing (http://localhost:8083/ or http://localhost:20000) Proof of Concept (PoC): ======================= 1.1 The local file include web vulnerability can be exploited by remote attackers with wifi panel access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation http://localhost:8083/./[LOCAL FILE INCLUDE VULNERABILITY!]

Source: Gmail -> IFTTT-> Blogger

Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle (MitM) attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and Sketch, use to facilitate automatic updates in the background. Sparkle is an open source


from The Hacker News http://ift.tt/1KfhbIv
via IFTTT

LIGO Detects Gravitational Waves from Merging Black Holes


Gravitational radiation has been directly detected. The first-ever detection was made by both facilities of the Laser Interferometer Gravitational-Wave Observatory (LIGO) in Washington and Louisiana simultaneously last September. After numerous consistency checks, the resulting 5-sigma discovery was published today. The measured gravitational waves match those expected from two large black holes merging after a death spiral in a distant galaxy, with the resulting new black hole momentarily vibrating in a rapid ringdown. A phenomenon predicted by Einstein, the historic discovery confirms a cornerstone of humanity's understanding of gravity and basic physics. It is also the most direct detection of black holes ever. The featured illustration depicts the two merging black holes with the signal strength of the two detectors over 0.3 seconds superimposed across the bottom. Expected future detections by Advanced LIGO and other gravitational wave detectors may not only confirm the spectacular nature of this measurement but hold tremendous promise of giving humanity a new way to see and explore our universe. via NASA http://ift.tt/20Xw6La

Thursday, February 11, 2016

Network of Bandits. (arXiv:1602.03779v1 [cs.AI])

The distribution of the best arm identification task on the user's devices offers several advantages for application purposes: scalability, reduction of deployment costs and privacy. We propose a distributed version of the algorithm Successive Elimination using a simple architecture based on a single server which synchronizes each task executed on the user's devices. We show that this algorithm is optimal in terms of transmitted number of bits and is optimal up to logarithmic factors in terms to number of pulls per player. Finally, we propose an extension of this approach to distribute the contextual bandit algorithm Bandit Forest, which is able to finely exploit the user's data while guaranteeing the privacy.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1XmBDce
via IFTTT

Enabling Basic Normative HRI in a Cognitive Robotic Architecture. (arXiv:1602.03814v1 [cs.RO])

Collaborative human activities are grounded in social and moral norms, which humans consciously and subconsciously use to guide and constrain their decision-making and behavior, thereby strengthening their interactions and preventing emotional and physical harm. This type of norm-based processing is also critical for robots in many human-robot interaction scenarios (e.g., when helping elderly and disabled persons in assisted living facilities, or assisting humans in assembly tasks in factories or even the space station). In this position paper, we will briefly describe how several components in an integrated cognitive architecture can be used to implement processes that are required for normative human-robot interactions, especially in collaborative tasks where actions and situations could potentially be perceived as threatening and thus need a change in course of action to mitigate the perceived threats.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1QvbcM4
via IFTTT

Lift-Based Bidding in Ad Selection. (arXiv:1507.04811v2 [cs.GT] UPDATED)

Real-time bidding (RTB) has become one of the largest online advertising markets in the world. Today the bid price per ad impression is typically decided by the expected value of how it can lead to a desired action event (e.g., registering an account or placing a purchase order) to the advertiser. However, this industry standard approach to decide the bid price does not consider the actual effect of the ad shown to the user, which should be measured based on the performance lift among users who have been or have not been exposed to a certain treatment of ads. In this paper, we propose a new bidding strategy and prove that if the bid price is decided based on the performance lift rather than absolute performance value, advertisers can actually gain more action events. We describe the modeling methodology to predict the performance lift and demonstrate the actual performance gain through blind A/B test with real ad campaigns in an industry-leading Demand-Side Platform (DSP). We also discuss the relationship between attribution models and bidding strategies. We prove that, to move the DSPs to bid based on performance lift, they should be rewarded according to the relative performance lift they contribute.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Oq2mjN
via IFTTT

Alternative Markov and Causal Properties for Acyclic Directed Mixed Graphs. (arXiv:1511.05835v3 [stat.ML] UPDATED)

We extend AMP chain graphs by (i) relaxing the semidirected acyclity constraint so that only directed cycles are forbidden, and (ii) allowing up to two edges between any pair of nodes. We introduce global, ordered local and pairwise Markov properties for the new models. We show the equivalence of these properties for strictly positive probability distributions. We also show that when the random variables are continuous, the new models can be interpreted as systems of structural equations with correlated errors. This enables us to adapt Pearl's do-calculus to them. Finally, we describe an exact algorithm for learning the new models from observational and interventional data via answer set programming.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1OfZpCV
via IFTTT

Column-Oriented Datalog Materialization for Large Knowledge Graphs (Extended Technical Report). (arXiv:1511.08915v2 [cs.DB] UPDATED)

The evaluation of Datalog rules over large Knowledge Graphs (KGs) is essential for many applications. In this paper, we present a new method of materializing Datalog inferences, which combines a column-based memory layout with novel optimization methods that avoid redundant inferences at runtime. The pro-active caching of certain subqueries further increases efficiency. Our empirical evaluation shows that this approach can often match or even surpass the performance of state-of-the-art systems, especially under restricted resources.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1SsW2K1
via IFTTT

Activist Hacker Group, Anonymous, Launches Flint Operation

Erik Jacobsen and Amy Mumby talk about activist hacker group, Anonymous, which launched a Flint operation, targeting the State of MI and Gov.

from Google Alert - anonymous http://ift.tt/1Xmuusl
via IFTTT

Conservatives Anonymous

Are there unresolved issues in your life because of politicians lying to you? Have you given up on being hopeful about America? Do you need to get ...

from Google Alert - anonymous http://ift.tt/20rvjQL
via IFTTT

Ravens: LT Eugene Monroe has missed 16 games in the last two seasons, could use change of scenery - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

IMMEDIATE need for Anonymous Donors!

Attention Women 21-30: Become an Anonymous Egg Donor! Make up to $8000 + MORE While Helping Others! Would you like to make up to $8000+ ...

from Google Alert - anonymous http://ift.tt/1KecfDK
via IFTTT

Ocean City, MD's surf is at least 5.86ft high

Maryland-Delaware, February 16, 2016 at 02:00PM

Ocean City, MD Summary
At 2:00 AM, surf min of 1.51ft. At 8:00 AM, surf min of 4.52ft. At 2:00 PM, surf min of 5.86ft. At 8:00 PM, surf min of 3.0ft.

Surf maximum: 7.01ft (2.14m)
Surf minimum: 5.86ft (1.79m)
Tide height: 2.71ft (0.83m)
Wind direction: WNW
Wind speed: 20.95 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

anonymous-doser

anonymous-doser free download. Anonymous-DoS What is Anonymous-DoS? Anonymous-DoS is a http flood program written in hta and javascript, ...

from Google Alert - anonymous http://ift.tt/1KdZIQv
via IFTTT

Integration of a Multiple Anonymous Function Which Depends on Parameters of an Integral

Dear All,. I have a function that needs to be integrated and depends on parameters of an integral like: int = @(x,Rad,K) (1+0.25.*sin((P/5).*x.*sin(Rad)).

from Google Alert - anonymous http://ift.tt/1LjqrWJ
via IFTTT

ENCRYPT Act of 2016 — Proposed Bill Restricts States to Ban Encryption

The last year's ISIS-linked terror attacks in Paris and California has sparked debate on Encryption, and the intelligent agencies started reviving their efforts to weaken encryption on various encrypted products and services. But, there is some Good News! California Congressman and Texas Republican are now challenging state-level proposals to restrict US citizens' ability to encrypt


from The Hacker News http://ift.tt/1O4BkM7
via IFTTT

ISS Daily Summary Report – 02/10/16

Burning and Suppression of Solids – Milliken (BASS-M):  Today Kopra completed the fifth set of BASS-M operations, preparing and testing five different samples with ground assistance from the Principal Investigator.  The BASS-M investigation tests flame-retardant cotton fabrics to determine how well they resist burning in microgravity. Results benefit research on flame-retardant textiles that can be used on Earth and in space.   Circadian Rhythms:  Peake configured and donned the Armband Monitor and Thermolab sensors and belt for his Flight Day 30 Circadian Rhythm session.  He will wear the monitors for 36 hours and then doff and download the data on Friday.  Circadian Rhythms investigates the role of synchronized circadian rhythms, or the “biological clock,” and how it changes during long-duration spaceflight. Researchers hypothesize that a non-24-hour cycle of light and dark affects crewmembers’ circadian clocks. The investigation also addresses the effects of reduced physical activity, microgravity and an artificially controlled environment. Changes in body composition and body temperature, which also occur in microgravity, can affect crewmembers’ circadian rhythms as well. Understanding how these phenomena affect the biological clock will improve performance and health for future crewmembers.   Sprint Ultrasound:  Kelly assisted Kopra in performing his Flight Day 60 thigh and calf ultrasound scans today.  Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. This will provide valuable information in support of the long term goal of protecting human fitness for even longer space exploration missions.   Extravehicular Mobility Unit (EMU) 3003 Fan Pump Separator Remove and Replace (R&R):  As part of a two day activity, Kelly and Peake removed the failed FPS from EMU 3003 today and replaced it with a new pump.  Tomorrow, the crew will finalize the installation by performing pump priming and preparing the EMU for a return to service checkout.  The FPS being removed had failed to start up on December 19th during a Liquid Cooling and Ventilation Garment (LCVG) fill activity.   Today’s Planned Activities All activities were completed unless otherwise noted. NEIROIMMUNITET. Saliva Test Morning Inspection, Laptop RS1(2) Reboot RSS 1, 2 Reboot NEIROIMMUNITET. Closeout Ops Calf Volume Measurement Aurora Hardware Closeout Stop discharging Orlan-MK 2nd Battery Pack 825М3 No.126499192 (b/c 00068691R, stow ФГБ1ПГО_2_221_1) and start discharging the 3rd Battery Pack No.126499193 (b/c 00068692R, ФГБ1ПГО_2_221_1) Acoustic Dosimeter Operations and RS Crew Handover – Day 3 BASSM – Preparation Operations Part 1 Video Footage of Greetings ESA Weekly Crew Conference USND2 – Hardware Activation Environmental Health System (EHS) – Relocation of Intravehicular Tissue Equivalent Proportional Counter (IV-TEPC) USOS Window Shutter Close NAPOR-miniRSA. MRC and HRC S/W Upgrade WRS Water Sample Analysis CARDIOVECTOR. Experiment Ops Preparation for Progress 431 (DC1) АСН-КП Test Laptop FS1 S/W Upgrade SPRINT – Hardware prep and installation SPRINT – Operator Assistance with the Experiment EMU Fan Pump Separator (FPS) R&R VIRU. Battery Charge SPLANH. Terminate EGEG Recording. Closeout Ops SPLANH. Photography of the Experiment Ops MATRYOSHKA-R Photos Galvanic isolation test between power buses of thermal container ТБУ-В No.06 and its enclosure SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) Study of veins in lower extremities TOCA Data Recording USND2 – Hardware Deactivation EMU Fan Pump Separator (FPS) R&R Separation of EDV (KOV) No. 1162 for Electron system.  For separation use EDV No.1199 EKAM-Node2 – Camera Lens Change Water Transfer to EDV from Progress 431 (DC1) H2O Tank1 and N2O Tank1 Bladder Compression BASS Soot Removal СОЖ Maintenance BASSM – Experiment start SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (end) BASSM – BASS Hardware Installation and Test BASSM – Experiment end VIRU. Software Update VIRU. Hardware Setup for Relaksatsiya Experiment PAO hardware setup. Tagup with specialists / See OPTIMIS Viewer for Procedure TV Conference with the Organizers of “108 minutes ”Music Festival (Ku + S-band) VIRU. Hardware parameter adjustment for Relaksatsiya Experiment Tagup with specialists VIRU. Earth Observation for Relaksatsiya Experiment Sprint Portable Pulmonary Function System (PPFS) Partial Setup VIRU. Closeout Ops and Hardware Teardown after Relaksatsiya Experiment Thermolab – Instrumentation Ops for Circadian Rhythms VIRU. Fill out and Downlink VIRU Log Sheet Verification of ИП-1 Flow Sensor Position SPLANH. Diet Restrictions Reminder On MCC GO Closeout Ops after Progress 431 (DC1) Rodnik H2O Tank1 Bladder Compression   Completed Task List Items Sidekick Charging Sidekick Laptop Deploy   Ground Activities All activities were completed unless otherwise noted. Nominal System Commanding   Three-Day Look Ahead: Thursday, 02/11: EVA FPS R&R Part 2, Ocular Health, SPRINT, NanoRacks Multi-Gas Monitor Deploy, Col Desiccant Module R&R, PEPS Inspection, SSRMS Walkoff Friday, 02/12: SPRINT, Microbe-IV Sample Collection, FPS Pack and Tool Stow, SkinB, BASS-M Saturday, 02/13: Crew Off Duty, Weekly Cleaning   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Normal Trace Contaminant Control System (TCCS) Lab Full Up Trace Contaminant Control System (TCCS) Node 3 Off  

from ISS On-Orbit Status Report http://ift.tt/1KHuHV1
via IFTTT

Snow covered tree


via Instagram http://ift.tt/1ougQaS

Deep Web Search Engines to Explore the Hidden Internet

Do you know: There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web, and it is about 500 times the size of the Web that we know. What is DEEP WEB? Deep Web (aka Invisible Web, Hidden Web or Clearnet) is referred to the data which are not indexed by any standard


from The Hacker News http://ift.tt/1KdboTF
via IFTTT

I have a new follower on Twitter


Hazelcast
The Leading In-Memory Data Grid
Palo Alto, CA
http://t.co/Lpn6F676KF
Following: 314 - Followers: 3840

February 11, 2016 at 04:12AM via Twitter http://twitter.com/hazelcast

Galaxies in the River


Large galaxies grow by eating small ones. Even our own galaxy practices galactic cannibalism, absorbing small galaxies that get too close and are captured by the Milky Way's gravity. In fact, the practice is common in the universe and illustrated by this striking pair of interacting galaxies from the banks of the southern constellation Eridanus, The River. Located over 50 million light years away, the large, distorted spiral NGC 1532 is seen locked in a gravitational struggle with dwarf galaxy NGC 1531 (right of center), a struggle the smaller galaxy will eventually lose. Seen edge-on, spiral NGC 1532 spans about 100,000 light-years. Nicely detailed in this sharp image, the NGC 1532/1531 pair is thought to be similar to the well-studied system of face-on spiral and small companion known as M51. via NASA http://ift.tt/1QVr7Gd

Wednesday, February 10, 2016

I have a new follower on Twitter


RenewableEnergySols
Leading Renewable Energy strategy consulting company. Focus: M&A, growth, and industry consolidation. Speciality: Wind. Background: Shipping, logistics, and SCM
Copenhagen, Denmark
http://t.co/O5VQQ0Nqua
Following: 6959 - Followers: 7827

February 10, 2016 at 10:14PM via Twitter http://twitter.com/RenewablNrgySls

Time Resource Networks. (arXiv:1602.03203v1 [cs.AI])

The problem of scheduling under resource constraints is widely applicable. One prominent example is power management, in which we have a limited continuous supply of power but must schedule a number of power-consuming tasks. Such problems feature tightly coupled continuous resource constraints and continuous temporal constraints.

We address such problems by introducing the Time Resource Network (TRN), an encoding for resource-constrained scheduling problems. The definition allows temporal specifications using a general family of representations derived from the Simple Temporal network, including the Simple Temporal Network with Uncertainty, and the probabilistic Simple Temporal Network (Fang et al. (2014)).

We propose two algorithms for determining the consistency of a TRN: one based on Mixed Integer Programing and the other one based on Constraint Programming, which we evaluate on scheduling problems with Simple Temporal Constraints and Probabilistic Temporal Constraints.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1LidaxU
via IFTTT

Feature Based Task Recommendation in Crowdsourcing with Implicit Observations. (arXiv:1602.03291v1 [cs.AI])

Existing research in crowdsourcing has investigated how to recommend tasks to workers based on which task the workers have already completed, referred to as {\em implicit feedback}. We, on the other hand, investigate the task recommendation problem, where we leverage both implicit feedback and explicit features of the task. We assume that we are given a set of workers, a set of tasks, interactions (such as the number of times a worker has completed a particular task), and the presence of explicit features of each task (such as, task location). We intend to recommend tasks to the workers by exploiting the implicit interactions, and the presence or absence of explicit features in the tasks. We formalize the problem as an optimization problem, propose two alternative problem formulations and respective solutions that exploit implicit feedback, explicit features, as well as similarity between the tasks. We compare the efficacy of our proposed solutions against multiple state-of-the-art techniques using two large scale real world datasets.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1KcDjDf
via IFTTT

Iterative Hierarchical Optimization for Misspecified Problems (IHOMP). (arXiv:1602.03348v1 [cs.LG])

Reinforcement Learning (RL) aims to learn an optimal policy for a Markov Decision Process (MDP). For complex, high-dimensional MDPs, it may only be feasible to represent the policy with function approximation. If the policy representation used cannot represent good policies, the problem is misspecified and the learned policy may be far from optimal. We introduce IHOMP as an approach for solving misspecified problems. IHOMP iteratively refines a set of specialized policies based on a limited representation. We refer to these policies as policy threads. At the same time, IHOMP stitches these policy threads together in a hierarchical fashion to solve a problem that was otherwise misspecified. We prove that IHOMP enjoys theoretical convergence guarantees and extend IHOMP to exploit Option Interruption (OI) enabling it to learn where policy threads can be reused. Our experiments demonstrate that IHOMP can find near-optimal solutions to otherwise misspecified problems and that OI can further improve the solutions.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1KcDiiK
via IFTTT

Adaptive Skills, Adaptive Partitions (ASAP). (arXiv:1602.03351v1 [cs.LG])

We introduce the Adaptive Skills, Adaptive Partitions (ASAP) algorithm that (1) learns skills (i.e., temporally extended actions or options) as well as (2) where to apply them to solve a Markov decision process. ASAP is initially provided with a misspecified hierarchical model and is able to correct this model and learn a near-optimal set of skills to solve a given task. We believe that (1) and (2) are the core components necessary for a truly general skill learning framework, which is a key building block needed to scale up to lifelong learning agents. ASAP is also able to solve related new tasks simply by adapting where it applies its existing learned skills. We prove that ASAP converges to a local optimum under natural conditions. Finally, our extensive experimental results, which include a RoboCup domain, demonstrate the ability of ASAP to learn where to reuse skills as well as solve multiple tasks with considerably less experience than solving each task from scratch.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1KcDjDb
via IFTTT

Learning Distributed Representations of Sentences from Unlabelled Data. (arXiv:1602.03483v1 [cs.CL])

Unsupervised methods for learning distributed representations of words are ubiquitous in today's NLP research, but far less is known about the best ways to learn distributed phrase or sentence representations from unlabelled data. This paper is a systematic comparison of models that learn such representations. We find that the optimal approach depends critically on the intended application. Deeper, more complex models are preferable for representations to be used in supervised systems, but shallow log-linear models work best for building representation spaces that can be decoded with simple spatial distance metrics. We also propose two new unsupervised representation-learning objectives designed to optimise the trade-off between training time, domain portability and performance.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1KcDjD8
via IFTTT

Research Priorities for Robust and Beneficial Artificial Intelligence. (arXiv:1602.03506v1 [cs.AI])

Success in the quest for artificial intelligence has the potential to bring unprecedented benefits to humanity, and it is therefore worthwhile to investigate how to maximize these benefits while avoiding potential pitfalls. This article gives numerous examples (which should by no means be construed as an exhaustive list) of such worthwhile research aimed at ensuring that AI remains robust and beneficial.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Lid8WF
via IFTTT

Improved and Generalized Upper Bounds on the Complexity of Policy Iteration. (arXiv:1306.0386v4 [math.OC] UPDATED)

Given a Markov Decision Process (MDP) with $n$ states and a totalnumber $m$ of actions, we study the number of iterations needed byPolicy Iteration (PI) algorithms to converge to the optimal$\gamma$-discounted policy. We consider two variations of PI: Howard'sPI that changes the actions in all states with a positive advantage,and Simplex-PI that only changes the action in the state with maximaladvantage. We show that Howard's PI terminates after at most $O\left(\frac{m}{1-\gamma}\log\left(\frac{1}{1-\gamma}\right)\right)$iterations, improving by a factor $O(\log n)$ a result by Hansen etal., while Simplex-PI terminates after at most $O\left(\frac{nm}{1-\gamma}\log\left(\frac{1}{1-\gamma}\right)\right)$iterations, improving by a factor $O(\log n)$ a result by Ye. Undersome structural properties of the MDP, we then consider bounds thatare independent of the discount factor~$\gamma$: quantities ofinterest are bounds $\tau\_t$ and $\tau\_r$---uniform on all states andpolicies---respectively on the \emph{expected time spent in transientstates} and \emph{the inverse of the frequency of visits in recurrentstates} given that the process starts from the uniform distribution.Indeed, we show that Simplex-PI terminates after at most $\tilde O\left(n^3 m^2 \tau\_t \tau\_r \right)$ iterations. This extends arecent result for deterministic MDPs by Post & Ye, in which $\tau\_t\le 1$ and $\tau\_r \le n$, in particular it shows that Simplex-PI isstrongly polynomial for a much larger class of MDPs. We explain whysimilar results seem hard to derive for Howard's PI. Finally, underthe additional (restrictive) assumption that the state space ispartitioned in two sets, respectively states that are transient andrecurrent for all policies, we show that both Howard's PI andSimplex-PI terminate after at most $\tilde O(m(n^2\tau\_t+n\tau\_r))$iterations.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/15Aq7j5
via IFTTT

Beyond Temporal Pooling: Recurrence and Temporal Convolutions for Gesture Recognition in Video. (arXiv:1506.01911v3 [cs.CV] UPDATED)

Recent studies have demonstrated the power of recurrent neural networks for machine translation, image captioning and speech recognition. For the task of capturing temporal structure in video, however, there still remain numerous open research questions. Current research suggests using a simple temporal feature pooling strategy to take into account the temporal aspect of video. We demonstrate that this method is not sufficient for gesture recognition, where temporal information is more discriminative compared to general video classification tasks. We explore deep architectures for gesture recognition in video and propose a new end-to-end trainable neural network architecture incorporating temporal convolutions and bidirectional recurrence. Our main contributions are twofold; first, we show that recurrence is crucial for this task; second, we show that adding temporal convolutions leads to significant improvements. We evaluate the different approaches on the Montalbano gesture recognition dataset, where we achieve state-of-the-art results.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1QDgN3j
via IFTTT

Beauty and Brains: Detecting Anomalous Pattern Co-Occurrences. (arXiv:1512.07048v2 [cs.AI] UPDATED)

Our world is filled with both beautiful and brainy people, but how often does a Nobel Prize winner also wins a beauty pageant? Let us assume that someone who is both very beautiful and very smart is more rare than what we would expect from the combination of the number of beautiful and brainy people. Of course there will still always be some individuals that defy this stereotype; these beautiful brainy people are exactly the class of anomaly we focus on in this paper. They do not posses intrinsically rare qualities, it is the unexpected combination of factors that makes them stand out.

In this paper we define the above described class of anomaly and propose a method to quickly identify them in transaction data. Further, as we take a pattern set based approach, our method readily explains why a transaction is anomalous. The effectiveness of our method is thoroughly verified with a wide range of experiments on both real world and synthetic data.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1mz8bms
via IFTTT

Keeping it Short and Simple: Summarising Complex Event Sequences with Multivariate Patterns. (arXiv:1512.07056v2 [cs.AI] UPDATED)

We study how to obtain concise descriptions of discrete multivariate sequential data. In particular, how to do so in terms of rich multivariate sequential patterns that can capture potentially highly interesting (cor)relations between sequences. To this end we allow our pattern language to span over the domains (alphabets) of all sequences, allow patterns to overlap temporally, as well as allow for gaps in their occurrences.

We formalise our goal by the Minimum Description Length principle, by which our objective is to discover the set of patterns that provides the most succinct description of the data. To discover high-quality pattern sets directly from data, we introduce DITTO, a highly efficient algorithm that approximates the ideal result very well.

Experiments show that DITTO correctly discovers the patterns planted in synthetic data. Moreover, it scales favourably with the length of the data, the number of attributes, the alphabet sizes. On real data, ranging from sensor networks to annotated text, DITTO discovers easily interpretable summaries that provide clear insight in both the univariate and multivariate structure.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TgfF8q
via IFTTT

I have a new follower on Twitter


Fastvue
Internet Activity Reports that make sense of the modern web. For Sophos, Barracuda, Forefront TMG and more.
San Francisco, CA
http://t.co/82WkT8WSi3
Following: 1307 - Followers: 479

February 10, 2016 at 07:34PM via Twitter http://twitter.com/fastvue

MLB Buzz: Orioles deep in negotiations with SP Yovani Gallardo on deal for 3 years in range of $40M to $45M - reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

I have a new follower on Twitter


David Brown
All things Oracle, web, database, application development, beekeeper. Now starting up PITSS UK - An engineered approach to modernising Oracle Forms
Twickenham
https://t.co/ODfI9yt4FJ
Following: 690 - Followers: 772

February 10, 2016 at 05:59PM via Twitter http://twitter.com/dbrownukk

Ung doulx baiser m'est bien permis de prendre (Anonymous)

Ung doulx baiser m'est bien permis de prendre (Anonymous). Free public domain sheet music from IMSLP / Petrucci Music Library. Jump to: ...

from Google Alert - anonymous http://ift.tt/1SJ3KDq
via IFTTT

Re: [FD] Netgear GS105Ev2 - Multiple Vulnerabilities

[FD] VP2016-001: Remote Command Execution in File Replication Pro

[FD] CVE-2016-2046 Cross Site Scripting in Sophos UTM 9

-------

Source: Gmail -> IFTTT-> Blogger

[FD] Poor UX in Asus routers can leave the web UI unintentionally exposed to the Internet

[FD] Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege

[FD] SerVision HVG - Hardcoded password

[FD] Multiple vulnerabilities in Open Real Estate v 1.15.1

Introduction: Open Real Estate is an open source CMS for managing estate agent websites. It is written in PHP and uses the YII CMF. It supports multiple languages. It is supported by MonoRay.net The product has a number of commercial support offerings available and an internal market for extensions. http://ift.tt/1PgoMoO The core application was examined using Burp Suite Pro, SQLmap, and manual inspection (no extensions were examined). A number of vulnerabilities in version 1.15.1 were notified to info@monoray.net on 2015-12-25. No acknowledgement or correspondence was received in response to this notification. Version 1.15.2 was released on 2016-01-12 Version 1.15.3 was released on 2016-01-31 The code for 1.15.3 includes fixes that appear to address the most serious of these vulnerabilities, users should upgrade to 1.15.3, and should perform a further review of their website's security. The objType parameter in the search query was susceptible to blind sql injection allowing unauthenticated user to download the database’s contents (including password hashes and client details). The objType parameter was also susceptible to a reflected XSS attack, as it is injected directly into JavaScript the XSS works on browsers with XSS auditors (Chrome), as well as those without (Firefox). http://ift.tt/1SDs3To The 1.15.3 code now has additional tests that the objType parameter is an integer, I have not confirmed the fix is correct. The tag parameter to the news page was vulnerable to reflected XSS. http://ift.tt/1PgoKNN I have not established if this is addressed in 1.15.3 The program deploys its own password hash based on one round of MD5 with salting, and a static string. The authors advise users to change the static salt add-on string, see: http://ift.tt/1SDs3mt The is very weak password hashing by modern standards, the static salt add-on only adds significant strength if it were long and strong and not compromised when the password hashes were compromised. The password hash method appears unchanged in 1.15.3. Extract from protected/models/User.php private static $_saltAddon = 'openre'; ... public static function hashPassword($password, $salt) { return md5($salt . $password . $salt . self::$_saltAddon); } It was noted that the YII framework 1.1.16 CSRF prevention token cookie value was inserted into JavaScript without further validating it, this would enable any cookie forcing attacks to escalate quickly to XSS, and seems ill advised for want of one regular expression. The issue was previously discussed in the YII bug tracker but not addressed, as of itself it is not an exploit. There was also some good discussion about whether using cookies as a store for CSRF tokens is a desirable practice; storing the CSRF token in the server’s session would seem preferable, propagating the value beyond the essential places would seem to place it at risk of being compromised and CSRF protection to thus fail.

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

[FD] D-Link router DSL-2750B firmware 1.01 to 1.03 - remote command execution no auth required

After some playing around I've noticed something interesting during login phase: by sending wrong credentials, user is redirected on an error page with url http://ift.tt/1Xjglw3 http://ift.tt/1TT2ahu In order to see what's happening we must start the web server with the debug output enabled: httpd -o -p 666 -m -1 -v 5 and try again to login with wrong credentials. http://ift.tt/1Xjglw5 Arguments of "cli" parameter are passed directly to a binary that will execute that particular given command; the complete list of commands available are inside "/etc/ayecli/ayecli.cli" file. (among them there's a creepy "system halt" that will shutdown the router no matter what). Arguments are passed in a way that ayecli -c 'command-here' so the way to escape is to close, add a command and close again to neutralize "$" substitution with ' : ayecli -c 'command';injection'' that is: http://ift.tt/1TT2blm http://ift.tt/1XjgjEB it's also possible to retrieve admin password, wifi passphrase etc cheers, p@ql thanks to ps and fp

Source: Gmail -> IFTTT-> Blogger

Re: [FD] OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] MapsUpdateTask Task DLL side loading vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] BDA MPEG2 Transport Information Filter DLL side loading vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] NPS Datastore server DLL side loading vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

I have a new follower on Twitter


Launch Crowdfunding
Crowdfunding Agency. Helping clients architect and execute strategic equity and rewards-based crowdfunding campaigns. #crowdfunding #equitycrowdfunding
Los Angeles
https://t.co/m7mTTGQugR
Following: 1594 - Followers: 1034

February 10, 2016 at 12:43PM via Twitter http://twitter.com/LaunchCrowdfund

Orioles Buzz: Pursuit of free-agent SP Yovani Gallardo \"making progress\" - multiple reports; 13-11 in 2015 with Rangers (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

ISS Daily Summary Report – 02/9/16

Mycological Evaluation of Crew Exposure to ISS Ambient Air (Myco):  Shortly after wakeup, Kelly took body samples for the Myco investigation and then inserted them into a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return to Earth.  Analysis of the samples will focus on microflora, particularly fungi, which may cause opportunistic infections or allergies if a crewmember’s immunity is compromised on the ISS.   Aurora:  Kopra set up a camera in a Cupola window to capture images of auroras.  A second aurora opportunity is scheduled for Thursday.   Multi-Omics:  Peake completed sampling and a questionnaire today for the Japan Aerospace Exploration Agency (JAXA) Multi-Omics investigation.  The Multi-omics analysis of human microbial-metabolic cross-talk in the space ecosystem (Multi-omics) investigation evaluates the impacts of space environment and prebiotics on astronauts’ immune function, by combining the data obtained from the measurements of changes in the gut microbiological composition, metabolites profiles, and the immune system.  Biomarkers for immune dysfunction during the crewmembers time on the ISS could be useful for the health management of astronauts   Cardio Ox:  Kopra and Peake performed their Flight Day 60 (FD60) Cardio Ox ultrasound and blood pressure measurement sessions. The goal of Cardio Ox is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis risk in astronauts. Twelve crewmembers provide blood and urine samples to assess biomarkers before launch, 15 and 60 days after launch, 15 days before returning to Earth, and within days after landing. Ultrasound scans of the carotid and brachial arteries are obtained at the same time points, as well as through 5 years after landing, as an indicator of cardiovascular health.   Dose Tracker:  Kopra and Peake completed entries for medication tracking on an iPad today.  This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data are expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions.   Extravehicular Mobility Unit (EMU) Maintenance:  Today, Peake temporarily installed EMU 3005 on the forward EMU Don/Doff Assembly (EDDA).  Once installed, he performed a dump and fill of the EMU’s feed water tanks in order to satisfy maintenance requirements for on-orbit stowage.  After the dump and fill activity was complete, he removed EMU 3005 from the EDDA and placed it in storage within the Crew Lock.   Fan Pump Separator Remove and Replace (R&R) Tool Gather:  Kelly gathered required tools in support of tomorrow’s EMU 3003 FPS R&R.  The FPS had failed to start up on December 19th during a Liquid Cooling and Ventilation Garment (LCVG) fill activity.   Mobile Servicing System (MSS) Operations:  Yesterday afternoon, Robotic Flight Controllers powered up the MSS and maneuvered the Special Purpose Dexterous Manipulator (SPDM) and Space Station Remote Manipulator System (SSRMS) into position for the Mobile Transporter (MT) translation.  The MSS was then powered down and the MT was successfully moved from Worksite (WS)-2 to WS-4. This move will be followed by a SSRMS walk off to the Node 2 Power Data Grapple Fixture (PDGF) on Thursday in preparation for Cygnus unberth February 19th.   Fine Motor Skills:  Kopra completed sessions of the Fine Motor Skills experiment today.  During the experiment he performed a series of interactive tasks on a touchscreen tablet. This investigation was the fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity.   Ocular Health Testing:  Today Kelly, Peake, Volkov, and Kornienko performed their Return minus 30 day (R-30) Ocular Health activities. They completed tonometry and vision testing, measured blood pressure, and completed a vision questionnaire.  Volkov completed a fundoscopy to obtain images of the retinal surface, a vision test and a vision questionnaire. The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in the ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.     Today’s Planned Activities All activities were completed unless otherwise noted. MYCO – Morning Sample Collection MO – Experiment Ops Morning Inspection. SM ПСС (Caution & Warning Panel) Test Ocular Health Reminder NEIROIMMUNITET. Saliva Collection and Questionnaire Filling out MO – Sample Insertion into MELFI MYCO – Sample Insertion into MELFI MO – Hardware stowage Ocular Health Reminder MO – Questionnaire Completion MORZE. Measuring Bioimpedance using SPRUT-2 Acoustic Dosimeter Reminder MORZE. NEIROIMMUNITET. CORRECTSIYA. Blood Sample MORZE. CORRECTSIYA. Venous blood sample processing using Plasma-03 centrifuge NEIROIMMUNITET. Venous blood sample processing (smear) NEIROIMMUNITET. Venous blood sample processing using Plasma-03 centrifuge OCT Hardware Setup CORRECTSIYA. Closeout Ops Photo/TV Battery Charge Initiation MORZE. NEIROIMMUNITET. CORRECTSIYA. Handover to USOS for MELFI Insertion Terminate the 1st Orlan-MK 825М3 Battery Pack discharge No.126499191 (b/c 00068690R, stow ФГБ1ПГО_2_221_1) and start discharging the 2nd pack No.126499192 (b/c 00068691R, ФГБ1ПГО_2_221_1) RUEXP – MELFI Insertion of Samples Post-EVA SM ПхО and DC1 reconfig to nominal RGN – recycle tank drain into EDV Fine Motor Skills – Test Acoustic Dosimeter Operations and RS Crew Handover – Day 2 Eye Examination USND2 – Hardware Activation CARDOX – Setup Ops MORZE. Psycho-physiological Evaluation: Tsentrovka, SENSOR Tests Post-EVA SM ПхО and DC1 reconfig to nominal Crew Medical Officer (CMO) Proficiency Training Flushing Multi-Filtration Unit (БКО) Prior to its installation in СРВ-К2М MORZE. Psycho-physiological Evaluation:  SUPOS Test CARDOX – Scanning MORZE. Closeout Ops MATRYOSHKA-R. Monitoring Lulin-5 readings CARDOX – Measurements IMS Delta File Prep) CARDOX – Doffing and Stowage Ops Eye Examination USND2 […]

from ISS On-Orbit Status Report http://ift.tt/1SfYFCg
via IFTTT

Bye bye, Flash! Google to Ban Flash-based Advertising

Google had also joined the path of Apple, Facebook, and Youtube to kill the "Adobe Flash Player" by announcing that the company is banning Flash banner support from its Adwords Advertising platform. "To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5" Google says. It's been two decades


from The Hacker News http://ift.tt/1PkQmkO
via IFTTT

Windows 10 Sends Your Data 5500 Times Every Day Even After Tweaking Privacy Settings

Myth: By disabling all privacy compromising and telemetry features on Windows 10 will stop Microsoft to track your activities. Fact: Even after all telemetry features disabled, Windows 10 is phoning home more than you could ever think of. Ever since the launch of Microsoft's newest operating system, Windows 10 is believed to be spying on its users. I wrote a number of articles to raise


from The Hacker News http://ift.tt/1RpcIEq
via IFTTT

On the 8th anniversary of the Anonymous protests, more signs of Scientology's desperation

Eight years ago today, the Internet grew feet. We remember very well how surprising it was that Anonymous, which had vowed to bring down ...

from Google Alert - anonymous http://ift.tt/20omEhX
via IFTTT

[FD] Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability

Document Title: =============== Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability References (Source): ==================== http://ift.tt/1QqQPj9 Adobe Bulletin: http://ift.tt/1mqnH3A http://ift.tt/1RoQthX Vulnerability Magazine: http://ift.tt/1orl6YF CVE-ID: ======= CVE-2016-0956 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1536 Common Vulnerability Scoring System: ==================================== 6.4 Product & Service Introduction: =============================== Apache Sling is a web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content. Sling applications use either scripts or Java servlets, selected based on simple name conventions, to process HTTP requests in a RESTful way. The embedded Apache Felix OSGi framework and console provide a dynamic runtime environment, where code and content bundles can be loaded, unloaded and reconfigured at runtime. As the first web framework dedicated to JSR-170 Java Content Repositories, Sling makes it very simple to implement simple applications, while providing an enterprise-level framework for more complex applications. (Copy of the Vendor Homepage: http://ift.tt/Xc8a4D) Adobe Experience Manager (AEM) provides a complete suite of applications for the Web Experience Management (WEM) of organizations. (Copy of the Vendor Homepage: http://ift.tt/1orl6YH ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a remote vulnerability in the official Apache Sling Framwork v2.3.6 software. Vulnerability Disclosure Timeline: ================================== 2016-02-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Apache Software Foundation Product: Apache Sling - Framework (Adobe AEM) 2.3.6 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ It seems that on some instances of AEM, due to lack of proper security controls and or misconfiguration, it is possible for remote unauthenticated users to enumerate local system files/folders that arent accessible publicly to unauthenticated users. This can be achieved by sending a `delete` requests to the SlingPostServlet which in return, responds back with a 500 exception page and the following exception message: (org.apache.sling.api.resource.PersistenceException - Unable to commit changes to session) No actual files are deleted with this request however, the HTML response contains a `ChangeLog` field which is where all enumerated folder/file names are displayed (if existing). For instance, following POC command can be used to reproduce the said behavior. curl -F``:operation=delete`` -F``:applyTo=/foldername/*`` http://ift.tt/1Xi0oGt To reproduce this in real world, I found an adobe website which is currently affected with this behavior. You can use the following CURL command to reproduce the POC: curl -F``:operation=delete`` -F``:applyTo=/etc/*`` http://ift.tt/1orl96S Note: This curl command should enumerate all files/folders which currently exist in /etc folder This vulnerability currently affects major websites i.e. almost every instance of Adobe AEM published on the internet. Some references are included below for reference. Affected Framework(s): Apache Sling Affected Product(s) Adobe AEM (All Versions) Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers without privilege system user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: 1. curl -F":operation=delete" -F":applyTo=/foldername/*" http://ift.tt/1Xi0oGt 2. curl -F":operation=delete" -F":applyTo=/etc/*" http://ift.tt/1orl96S Solution - Fix & Patch: ======================= The vulnerability is fixed in version Servlets POST 2.3.8. Please update by by automatic request or implement the manual fix. Adobe: Hot fix 6445 resolves an information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956). Security Risk: ============== The security risk of the exception software vulnerability in the apache sling framework is estimated as high. (CVSS 6.4) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Ateeq Khan (ateeq@evolution-sec.com) [http://ift.tt/1jnqRwA] (https://twitter.com/cybercrimenews) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability

Document Title: =============== Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability References (Source): ==================== http://ift.tt/1Q73wWd Release Date: ============= 2016-02-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1718 Common Vulnerability Scoring System: ==================================== 4.4 Product & Service Introduction: =============================== DPD is an all-in-one shopping cart and digital fulfillment service for downloadable products. Serving thousands of stores, DPD processes and delivers millions worth of downloads each year. (Copy of the Vendor Homepage: http://ift.tt/1PzrDdV ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research team discovered an application-side input validation web vulnerability in the official Getpdp online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-08-09: Researcher Notification & Coordination (Hadji Samir - Evolution Security GmbH) 2015-08-10: Vendor Notification (Getdpd Security Team - Bug Bounty Program) 2015-09-02: Vendor Response/Feedback (Getdpd Security Team - Bug Bounty Program) 2015-02-01: Vendor Fix/Patch (Getdpd Developer Team) 2015-02-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== DPD - Digital Product Delivery Product: DPD Online Service (Web-Application) 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side cross site scripting web vulnerability has been discovered in the official Getdpd online service web-application. The security vulnerability allows remote attackers to inject own script code to the application-side of the affected application module. The vulnerability is located in the filename value of the attachment file upload with FTP. Remote attackers with low privilege web-application user accounts are able to inject own malicious script code via upload file with FTP method request to the application-side. The injection point is the vulnerable filename parameter in the upload file with FTP and with POST method request and the execution point is located in attachment file Import Product from FTP Drop Box. The request method to http://ift.tt/1Xi0j5N inject is Upload file with FTP and the vulnerability is located to the application-side of the vulnerable online-service. The execution context is executed by the vulnerable notification error value. The security risk of the application-side file validation vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. Exploitation of the persistent input validation web vulnerability requires a low privilege web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Service(s): [+] getdpd.com Vulnerable Module(s): [+] Import Prodcut from FTP (exp. Dropbox) Vulnerable Input(s): [+] Product Name (Input Field) Vulnerable Parameter(s): [+] notification error Affected Module(s): [+] BulkImport Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers with low privilege web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1- Connect to ftp.getdpd.com with username and password 2- Upload file with Payload name (code injection) 3- Go to http://ift.tt/1Xi0j5N 4- Select the file and click to Import Selected File 5- The malicious code will execute

Source: Gmail -> IFTTT-> Blogger

[FD] MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

Vigilante Hackers Aim to Hijack 200,000 Routers to Make Them More Secure

The same "Vigilante-style Hacker," who previously hacked more than 10,000 routers to make them more secure, has once again made headlines by compromising more than 70,000 home routers and apparently forcing their owners to make them secure against flaws and weak passwords. Just like the infamous hacking group Lizard Squad, the group of white hat hackers, dubbed the White Team, is building


from The Hacker News http://ift.tt/1XhYYfc
via IFTTT

[FD] File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

Hackers Are Offering Apple Employees $23,000 for Corporate Login Details

An unsatisfied Employee may turn into a Nightmare for you and your organization. Nowadays, installing an antivirus or any other anti-malware programs would be inadequate to beef up the security to maintain the Corporate Database. What would you do if your employee itself backstabbed you by breaching the Hypersensitive Corporate Secrets? Yes! There could be a possibility for an


from The Hacker News http://ift.tt/20oc22q
via IFTTT

[FD] SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

All Versions of Windows affected by Critical Security Vulnerability

Microsoft has released 13 security bulletins, six of which are considered to be critical, resolving a total of 41 security vulnerabilities in its software this month. Every Windows version Affected: One of the critical vulnerabilities affects all supported version of Windows, including Microsoft's newest Windows 10 operating system, as well as Windows Server 2016 Tech Preview 4. The


from The Hacker News http://ift.tt/20UPEjn
via IFTTT

Anonymous hero casually trips suspect running from cops

Anonymous hero casually trips suspect running from cops. Feb. 09, 2016 - 0:13 - Raw video: Kingston police in Britain want to find civilian who helped ...

from Google Alert - anonymous http://ift.tt/20UF9MZ
via IFTTT

Tuesday, February 9, 2016

The IMP game: Learnability, approximability and adversarial learning beyond $\Sigma^0_1$. (arXiv:1602.02743v1 [cs.LO])

We introduce a problem set-up we call the Iterated Matching Pennies (IMP) game and show that it is a powerful framework for the study of three problems: adversarial learnability, conventional (i.e., non-adversarial) learnability and approximability. Using it, we are able to derive the following theorems. (1) It is possible to learn by example all of $\Sigma^0_1 \cup \Pi^0_1$ as well as some supersets; (2) in adversarial learning (which we describe as a pursuit-evasion game), the pursuer has a winning strategy (in other words, $\Sigma^0_1$ can be learned adversarially, but $\Pi^0_1$ not); (3) some languages in $\Pi^0_1$ cannot be approximated by any language in $\Sigma^0_1$.

We show corresponding results also for $\Sigma^0_i$ and $\Pi^0_i$ for arbitrary $i$.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/20JPpLz
via IFTTT

Value Iteration Networks. (arXiv:1602.02867v1 [cs.AI])

We introduce the value iteration network: a fully differentiable neural network with a `planning module' embedded within. Value iteration networks are suitable for making predictions about outcomes that involve planning-based reasoning, such as predicting a desired trajectory from an observation of a map. Key to our approach is a novel differentiable approximation of the value-iteration algorithm, which can be represented as a convolutional neural network, and trained end-to-end using standard backpropagation. We evaluate our value iteration networks on the task of predicting optimal obstacle-avoiding trajectories from an image of a landscape, both on synthetic data, and on challenging raw images of the Mars terrain.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1XhcmQD
via IFTTT

Approximate Probabilistic Inference via Word-Level Counting. (arXiv:1511.07663v3 [cs.AI] UPDATED)

Hashing-based model counting has emerged as a promising approach for large-scale probabilistic inference on graphical models. A key component of these techniques is the use of xor-based 2-universal hash functions that operate over Boolean domains. Many counting problems arising in probabilistic inference are, however, naturally encoded over finite discrete domains. Techniques based on bit-level (or Boolean) hash functions require these problems to be propositionalized, making it impossible to leverage the remarkable progress made in SMT (Satisfiability Modulo Theory) solvers that can reason directly over words (or bit-vectors). In this work, we present the first approximate model counter that uses word-level hashing functions, and can directly leverage the power of sophisticated SMT solvers. Empirical evaluation over an extensive suite of benchmarks demonstrates the promise of the approach.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1If6AGI
via IFTTT

Anonymous email calls for transparency

DANVILLE – Montour County commissioners are responding to an anonymous email accusing them of supporting a “good ol' boys” network. Carl S.

from Google Alert - anonymous http://ift.tt/1KE1eLC
via IFTTT

Anonymous hero casually trips suspect running from cops

Raw video: Kingston police in Britain want to find civilian who helped officers in foot chase.

from Google Alert - anonymous http://ift.tt/1PATqas
via IFTTT

I have a new follower on Twitter


Owl Eyes
Owl Eyes is an improved reading experience for students, teachers, and everyday readers. Create your free account and start reading today!

http://t.co/2hwDBPkVZQ
Following: 1807 - Followers: 278

February 09, 2016 at 03:59PM via Twitter http://twitter.com/OwlEyesReader

France Orders Facebook To Stop Tracking Non-Users or Face Fines

8th February 2016 would be considered as a cursed day in the history of Facebook. You might have known that just yesterday India bans Facebook's Free Basic Internet in the country. Now, Zuckerberg had got another bombshell in the form of a French Order from the European Data Protection Authority, who ordered Facebook to stop tracking non-users’ online activity and to stop data transfers of


from The Hacker News http://ift.tt/1Lesr2x
via IFTTT

Orioles: Patrick Palmeiro, 26, signs minor league contract; son of Rafael Palmeiro, who hit 223 of his 569 HR with BAL (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Donate: Members

Donate: Members. Donate to C.A. World Services. Thank you for expressing your desire to make a financial contribution to our C.A. World Service ...

from Google Alert - anonymous http://ift.tt/20m08WS
via IFTTT

Here's the Facebook Hacking Tool that Can Really Hack Accounts, But...

Yes, you heard me right. A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desires to hack. How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his Facebook Account? <!-- adsense --> These are the queries that most of the Internet users


from The Hacker News http://ift.tt/20lVt7w
via IFTTT

How to Crack GCHQ Crypto Puzzle? — Here's the Solution

GCHQ has finally released the solution to their head spinning Xmas Puzzle, after all, the participants failed to reach the final answer. GCHQ had released a crypto puzzle, dubbed Xmas Puzzle, on 9th December in the form of a Christmas Card that went viral online soon after its release. Nearly 600,000 people shot a "Go" for the challenge since early December, but only 30,000 had made it


from The Hacker News http://ift.tt/1Rlq2cZ
via IFTTT

ISS Daily Summary Report – 02/8/16

Electrostatic Levitation Furnace (ELF) Troubleshooting:  Peake successfully performed troubleshooting steps for the accessibility issue that has prevented mating of a hose between the Japan Aerospace Exploration Agency (JAXA) ELF and the Moderate Temperature Loop (MTL) for cooling.  He connected the cooling water hose between the MTL connection on the MSPR2 and the ELF.  The ELF is an experimental facility designed to levitate, melt and solidify materials employing containerless processing techniques that use the electrostatic levitation method with charged samples and electrodes. With this facility, thermophysical properties of high temperature melts can be measured and solidification from deeply undercooled melts can be achieved.   Burning and Suppression of Solids – Milliken (BASS-M):  Today Kopra completed the fourth set of BASS-M operations, preparing and testing five different samples with ground assistance from the Principal Investigator.  The BASS-M investigation tests flame-retardant cotton fabrics to determine how well they resist burning in microgravity. Results benefit research on flame-retardant textiles that can be used on Earth and in space.   Ocular Health Testing:  Kelly and Kornienko performed their Return minus 30 day (R-30) Ocular Health activities.  They completed tonometry and vision testing, measured blood pressure, and completed a vision questionnaire.  Volkov completed a fundoscopy to obtain images of the retinal surface, a vision test, and a vision questionnaire.  The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.   Multi-Omics:  Peake completed the second sampling on Saturday for JAXA’s Multi-Omics Investigation.  The Multi-omics analysis of human microbial-metabolic cross-talk in the space ecosystem (Multi-omics) investigation evaluates the impacts of space environment and prebiotics on astronauts’ immune function, by combining the data obtained from the measurements of changes in the gut microbiological composition, metabolites profiles, and the immune system.  Biomarkers for immune dysfunction during the crewmembers time on the ISS could be useful for the health management of astronauts.   Extravehicular Mobility Unit (EMU) Preparation:  In preparation for EMU 3003 Fan Pump Separator changeout scheduled to start this Wednesday, Kelly removed EMU 3008 from the Aft EMU Don/Doff Assembly (EDDA) then installed EMU 3003 in its place.  Later, Kelly and Kopra reviewed the procedure associated with the Fan Pump Separator changeout activity.   Orbital ATK (OA)-4 Cargo Operations:  The crew transferred trash into the Cygnus vehicle today in preparation for the vehicle’s unberth from ISS on February 19th.   Special Purpose Dexterous Manipulator (SPDM) Main Bus Switching Unit (MBSU) Demonstration:  Over the weekend, the Robotics Team completed their three day activity to validate the robotic transfer of battery style Orbital Replacement Units (ORU) prior to the delivery of new ISS batteries on HTV-6.  On Friday evening, the team successfully removed the MBSU from the Flight Releasable Attachment Mechanism (FRAM) structure and temporarily stowed it on the Enhanced ORU Temporary Platform (EOTP) before returning the MBSU back to the FRAM.  On Saturday, the demonstration concluded when the MBSU/FRAM was moved back to its home on Express Logistics Carrier 2.  One issue was encountered during the demonstration which prevented the SPDM from grasping the Robotic Offset Tool (ROST) in order to remove it from its holster for use. Robotics team accomplished the bolt loosening task using the OTCM instead.   Today’s Planned Activities All activities were completed unless otherwise noted. SLEEP – Questionnaire CORRECTSIYA. Logging Liquid and Food (Medication) Intake Acoustic Dosimeter Setup – Day 1 Ocular Health (OH) – Tonometry Test Configuration PILOT-T. Preparation for the Experiment Installation of ЗУ-С Charger No.13010004 (009709R, ФГБ1ПГО_2_221_1, Soft Container 422-6 (00062719R) for Orlan Battery HMS – Visual Testing Activity BASSM – Preparation Operations Part 1 on MCC GO Mating Telemetry Connector to ЗУ-С Multi Omics (MO) – Saliva Collection Equipment Setup PILOT-T. Experiment Ops Vision Test – Questionnaire Completion HMS – Vision Test Set up the First Orlan-MK 825М3 Battery Pack №126499191 (ш/к 00068690R, ФГБ1ПГО_2_221_1) for Discharge and Start Discharging the First Pack Columbus – Stowage and Consolidation Ocular Health (OH) – Blood Pressure Operations Pressurization of Elektron-VM Liquid Unit before Activation. Tagup with specialists for opening  Elektron ВН2 Ocular Health Experiment – Tonometry Test Vision Test – Complete Questionnaire Ocular Health Experiment – Measurements with Holter Arterial BP Unit – Test Subject MYCO – Familiarization Multi-Purpose Small Payload Rack (MSPR) – Payload Partial Removal CBEF- Hardware Setup Ocular Health Experiment – Tonometry Test Mouse Habitat Unit (MHU) – Connecting Camcorder Post-Tonometry Stowage PILOT-T. Closeout Ops XF305- Camcorder Setup MSPR2 – Electrostatic Levitation Furnace (ELF) Troubleshooting HMS – Vision Test Vision Test – Complete Questionnaire MORZE. Psycho-physiological Evaluation: Cattell’s Test PK4- Hard Drive Installation Exercise Data Downlink via OCA Crew Medical Officer (CMO) Proficiency Training MORZE. Psycho-physiological Evaluation: Strelau Test Environmental Health System (EHS) – Disconnecting RAD Detector from SSC12 Photography of Plume Impingement and Deposit Monitoring Unit (БКДО) Position on MRM2 through SM Window No.13 (after EVA-42) BASSM – Experiment Start FSL Rack Fiber Optical Connector Troubleshooting  [Deferred] VEGGIE-01 Water Syringe Transfer in MELFI CORRECTSIYA. Logging Liquid and Food (Medication) Intake EarthKAM – Setup and Hardware Activation in Node 2 EMU Backpack Replacement Post-EVA Tool Re-stow, IMS Ops HRF2- Photography EMU Fan Pump Separator (FPS) R&R Procedure Review MORZE. NEIROIMMUNITET. CORRECTSIYA. Experiment Setup Fundoscope Exam Subject Preparation Cygnus Cargo Operations HABIT- Questionnaire Completion Fundoscope Setup for Exam Preparation for Stereo Macro-Photography of EV Hatch 2 Windows in MRM2 (Preparation for the Activity, Procedure and R/G Review) Fundoscope – Eye Examination СОЖ Maintenance Stereo Macro-photography of EV Hatch 2 Windows in MRM2 Equipment Stowage after Fundoscope Eye Imaging JRNL- Journal Entry Evening Work Prep INTERACTION -2. Experiment Ops Video Footage of Greetings Cygnus – Cargo Operations Tagup CORRECTSIYA. Logging Liquid and Food (Medication) Intake NEIROIMMUNITET. Saliva Sample Ocular Health Reminder SPLANH. Diet Restrictions Reminder Ocular Health Reminder   Completed Task List Items Crew Choice Event for YouthSparks […]

from ISS On-Orbit Status Report http://ift.tt/1T2ZoFF
via IFTTT