Latest YouTube Video

Saturday, April 9, 2016

[FD] end of useable crypto in browsers?

Hi, This is not a security vulnerability in itself, "just" a trend undermining the trust architecture of the whole internet :) I think it is very important, and wonder why I don't see any discussion of it. If this is not the right forum to discuss it, please direct me to the right place. The problem is: Browser developers are dropping support for X509 key generation. Yes, have its problems. But window.crypto - which is meant to replace it - have no way to save keys in the browser's keystore. Instead of going to some cross-browser and cross-OS support for key management, we are now in a state where there are browser/OS combinations (stable chrome with non-windows OS), where there is no way to generate and store a key to be later used for ssl authentication. Looking at the related bug reports it seems that browser developers do not even understand the problem this creates. Any ideas on how to make them understand the scale of the doom we are facing right now?

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

Lese bok Last ned Archives of Philosophy, Issues 1-14 av Anonymous på norsk id:brwpu0i ap45

Archives of Philosophy, Issues 1-14 av Anonymous txt laste ned Philosophy Issues See More. ... Tazria-Metzora 5775. ... Anonymous, April 20, 2015 ...

from Google Alert - anonymous http://ift.tt/1VHtYG7
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous

Anonymous. This is a married woman, 30 years old, who has worked for 10 years selling shoes from her home. This allows her to care for her mother ...

from Google Alert - anonymous http://ift.tt/1S9eonj
via IFTTT
Posted by at No comments:
Labels: ,

No Password Required! 135 Million Modems Open to Remote Factory Reset

More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access. The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141, used in Millions of US households. Security researcher David Longenecker


from The Hacker News http://ift.tt/1qDcT59
via IFTTT
Posted by at No comments:
Labels: ,

Previewing a node as an anonymous user results in a page not found error

Problem/Motivation When previewing a node as an anonymous user, a Page not found error appears rather than a preview. Steps to reproduce: - Give ...

from Google Alert - anonymous http://ift.tt/1UPOMfC
via IFTTT
Posted by at No comments:
Labels: ,

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure. WordPress – free, open source and the most popular a content management system (CMS) system on the Web – is being used by over a quarter of all websites across


from The Hacker News http://ift.tt/1qCNus6
via IFTTT
Posted by at No comments:
Labels: ,

anonymous aceh 2

anonymous aceh 2. by heri Rusdianto ... aceh · anonymous · cyber · hacker · theme · theme aceh. Post to Facebook; Tweet on Twitter; Share on g+ ...

from Google Alert - anonymous http://ift.tt/1UPoGcJ
via IFTTT
Posted by at No comments:
Labels: ,

Lese bok Last ned Cinderella av Anonymous på norsk id:7scd46u ap45

Lese bok Last ned Cinderella av Anonymous på norsk. File Name: Cinderella av Anonymous Total Downloads: 433. Formats: djvu | pdf | epub | kindle

from Google Alert - anonymous http://ift.tt/20ovSMx
via IFTTT
Posted by at No comments:
Labels: ,

[FD] Express Zip <= 2.40 Path Traversal

#!/usr/bin/python -w # Title : Express Zip <= 2.40 Path Traversal # Date : 07/04/2016 # Author : R-73eN # Tested on : Windows Xp / Windows 7 Ultimate # Software Link : http://ift.tt/1qzprKw # Download Link: http://ift.tt/1NfFce8 # Vulnerable Versions : Express Zip <= 2.40 # Express Zip doesn't validates " ..\ " which makes possible # to do a path traversal attack which can be converted easily to RCE # How to Reproduce: # 1- Run Exploit # 2- Right Click evil.zip go to Express Zip and click Extract Here # 3- File will be extracted to the root of the partition in this case C:\POC.txt # This quick and dirt code is written only for demonstration purposes. # If you wanna profit from it you must modify it. # Video: https://www.youtube.com/watch?v=kb43h8Hoo0o

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Blind SQL injections in CivicRM

Posted by at No comments:
Labels: ,

[FD] [CVE-2016-3971]DotCMS xss vulnerability

Advisory: DotCMS xss vulnerability Author: Piaox From Pingan Product Safety Group Email: xiongyaofu351@pingan.com.cn Affected Version: dotCMS 3.5 Beta(the latest version) Vulnerability Description lucene_search.jsp 26 String query = request.getParameter("query"); 27 if(!UtilMethods.isSet(query)){ 28 query = ""; 29 } 164
<%= LanguageUtil.get(pageContext, "Query-is") %> : <%=query%>
POC && EXP http://ift.tt/22jmmtN query=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&offset=0&limit=20&sort=&userid=

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] [CVE-2016-3972]DotCMS Directory traversal vulnerability

Advisory: DotCMS Directory traversal vulnerability Author: Piaox From Pingan Product Safety Group Email: xiongyaofu351@pingan.com.cn Affected Version: dotCMS 3.5 Beta(the latest version) ========================== Vulnerability Description Recetly, I found a Directory traversal vulnerability in ‘DotCMS' program, DotCMS is widely used in many companies. Vulnerable file is: “com.dotmarketing.servlets.taillog.TailLogServlet.class” File file = *null*; String tailLogLofFolder = *Config*.*getStringProperty*( "TAIL_LOG_LOG_FOLDER", "./dotsecure/logs/"); *try* { *if* (!tailLogLofFolder.endsWith(File.separator)) { tailLogLofFolder = tailLogLofFolder + File.separator; } file = *new* File(*FileUtil*.*getAbsolutlePath*(tailLogLofFolder + fileName)); } *catch* (Exception e) { *Logger*.*error*(getClass(), "unable to open log file '" + tailLogLofFolder + fileName + "' please set the config variable TAIL_LOG_LOG_FOLDER correctly"); } *if* ((file == *null*) || (!file.exists())) { response.sendError(403); *AdminLogger*.*log*(*TailLogServlet*.*class*, "service", "Someone tried to use the TailLogServlet to display a file not in the logs directory" ); *return*; } String regex = *Config*.*getStringProperty*("TAIL_LOG_FILE_REGEX"); //WEB-INF/classes/dotmarketing-config.properties:TAIL_LOG_FILE_REGEX=.*\.log$|.*\.out$ *if* (!*UtilMethods*.*isSet*(regex)) { regex = "!.*"; } *if* (!Pattern.compile(regex).matcher(fileName).matches()) { //Only detects whether the file extension .log end,lead ,caused Directory traversal vulnerability. *return*; } response.setContentType("text/html;charset=UTF-8"); ServletOutputStream out = response.getOutputStream(); out.print(""); out.flush(); *Tailer* tailer = *null*; *long* startPosition = file.length() - 5000L < 0L ? 0L : file.length() - 5000L; *MyTailerListener* listener = *new* MyTailerListener(*null*); listener.*handle*("Tailing " + fileName); listener.*handle*(

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

Lapland Northern Lights


Early spring in the northern hemisphere is good season for aurora hunters. Near an equinox Earth's magnetic field is oriented to favor interactions with the solar wind that trigger the alluring glow of the northern lights. On March 28/29 the skies over Kaunispää Hill, Lapland, Finland did not disappoint. That night's expansive auroral curtains are captured in this striking panoramic view that covers a full 360 degrees. Local skywatchers were mesmerized by bright displays lasted throughout the dark hours, shimmering with colors easily visible to the naked eye. via NASA http://ift.tt/1SjdtKS
Posted by at No comments:
Labels: ,

Orioles Video: Jonathan Schoop, Nolan Reimold and Manny Machado all blast homers in the 5th inning of 6-1 win over Rays (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

Friday, April 8, 2016

Orioles: CF Adam Jones (sore ribcage) not in Friday's lineup vs. Rays for 2nd straight game; SS J.J. Hardy not starting (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

Orioles: CF Adam Jones (sore ribcage) not in Friday's lineup vs. Rays for 2nd straight game; SS J.J. Hardy not starting (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous Ghost

We are many, we are legion. We do not forgive. We do not forget. Expect us. Add to Thunderbird. Add to collection ...

from Google Alert - anonymous http://ift.tt/1S7HYK4
via IFTTT
Posted by at No comments:
Labels: ,

[FD] WP Multiple Meta Box v1.0 - SQL Injection Vulnerability

Document Title: =============== WP Multiple Meta Box v1.0 - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1VcUQPp Release Date: ============= 2016-04-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1818 Common Vulnerability Scoring System: ==================================== 5.8 Product & Service Introduction: =============================== Multi Meta Box Plugin will help you to show Wp Multiple Meta Box on Front-end by Following way. Create Multi Meta Box from Admin Panel of Add New Wp Multiple Meta Box Section. Create New Multi Meta Box by Adding Meta Box Label, Meta Field Post Type(Posts, Pages, etc), Status (Available, Un Available), Click on add meta field and fill box field (Field Type (Text Box, Text Area, Drop Down, Check Box, Radio Button), according to your selected Field Type, Fill option Below Like Meta Field Type for (Textbox), Meta Field Title, Meta Field Value for (check Box, Radio Button, Drop Down), Meta Field Required, Meta Field Place Holder for (Textbox, Text Area), Meta Field Min Length for (Textbox), Meta Field Max Length for (Textbox) You can add Multi Metabox as many as required by clicking on Add Meta Field. Admins will get that Multi Meta Box on (Post, Page, etc) as per selection of Meta Field Post Type. (Copy of the Homepage: http://ift.tt/1Sj0icX ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official Wordpress Multiple Meta Box v1.0 plugin. Vulnerability Disclosure Timeline: ================================== 2016-04-08: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Agileinfoways Ltd Product: Multiple Meta Box - Wordpress Plugin (Web-Application) 1.0 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the official Wordpress Multiple Meta Box v1.0 plugin web-application. The vulnerability allows remote attackers and privileged user accounts to execute own sql commands to compromise the web-server or dbms. The vulnerability is located in the `id` value of the `multi_metabox_listing` action GET method request. The vulnerability is located on the server-side of the service and the request method to execute/inject is GET. The vulnerability is only with a privileged web-application user account exploitable. The vulnerable module requires at minimum 1 item for successful exploitation. The security risk of the sql-injection vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.9. Exploitation of the remote sql injection web vulnerability requires no user interaction and a low privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable Function(s): [+] multi_metabox_listing Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by privileged web-application user account without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: http://localhost:8080/wordpress/wp-admin/admin.php?page=multi_metabox_listing&action=edit&id=-x[SQL-INJECTION VULNERABILITY!

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] AccelSite Content Manager v1.0 - SQL Injection Vulnerability

Document Title: =============== AccelSite Content Manager v1.0 - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1VaWTDD Release Date: ============= 2016-04-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1817 Common Vulnerability Scoring System: ==================================== 7.2 Product & Service Introduction: =============================== AccelSite CMS is a hosted Content Management System (hosted CMS) that allows you to take control of your Website content. Setup and manage your website in as little as 20 minutes, and add content anytime using the robust, online user content management interface. Choose one of our existing website themes, or use a custom site design designed one of our AccelSite Certified web designers. AccelSite CMS includes basic modules that allow you to manage regular web pages, create a contact form, upload images into a photo gallery, and manage the navigation of your site. (Copy of the Vendor Homepage: http://ift.tt/23hDy8O ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple sql-injection vulnerabilities in the AccelSite Content Manager v1.0 Content Management System. Vulnerability Disclosure Timeline: ================================== 2016-04-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Net Acceleration Product: AccelSite Content Manager - CMS (Web-Application) 1.0 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the AccelSite Content Manager v1.0 Content Management System. The web vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The sql-injection vulnerability is located in the `contentID value of the `index.php` file GET method request. Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. The vulnerability is located on the application-side of the online service. The injection points is the contentID value in the vulnerable index.php file. The security vulnerability is a classic order by sql injection bug in the contentID parameter. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.2. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] contentID Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without user interaction or privileged web-application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:powered by AccelSite Content Manager inurl:.php?contentID= PoC: Exploitation http://localhost:8080/index.php?contentID=899%27-1[SQL-INJECTION VULNERABILITY!

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

ISS Daily Summary Report – 04/7/16

Meteor Troubleshooting and Camera Installation:  Williams performed troubleshooting on the Meteor payload software issues that were experienced yesterday, but the troubleshooting was unsuccessful.  He then began installing the hardware into the Window Observational Research Facility (WORF).  The hardware installation was partially completed, with the camera and the WORF hatch remaining to be installed. Meteor’s first primary science target is the Lyrid meteor shower peak on April 22, GMT day 113. Meteor is a new payload with the objective to fly a visible spectroscopy instrument to the ISS for the primary purpose of observing meteors in Earth orbit. Meteor uses image analysis to provide information on the physical and chemical properties of the meteoroid dust such as size, density, and chemical composition. Since the parent comets or asteroids for most of the meteor showers are identified, the study of the meteoroid dust on orbit provides information about those comets and asteroids. Meteor plans to operate for 2 years.   Rodent Research-3 (RR-3) Life Science Hardware Setup in Microgravity Science Glovebox (MSG): In preparation for RR-3 operations, Kopra installed the life science filters, floor coverings, back plate, and other required equipment in the MSG. He also set up a camcorder to capture High Definition cabin video of the operations. RR-3 is a Joint USOS Experiment (JUE) performed with both USOS and Russian crew members and studies molecular and physical changes in the musculoskeletal system that happen in space. Results expand scientists’ understanding of muscle atrophy and bone loss in space while testing an antibody that has been known to prevent muscle wasting in mice on Earth.   General Laboratory Active Cryogenic ISS Experiment Refrigerator (GLACIER) 2 Desiccant Pack Swap: In preparation for SpaceX-8 payload investigations, Peake replaced used desiccant packs with new packs as part of standard conditioning.   Biological Rhythms 48 Multi Media Card (MMC) Exchange: Williams exchanged the MMC and battery and began the second 24-hour measurement process. The objective of the Japan Aerospace Exploration Agency (JAXA) Biological Rhythms 48 is to study the effects of long-term microgravity exposure on heart function by analyzing an astronaut’s electrocardiogram for 48 hours.   Habitability Human Factors Directed Observations: Kopra submitted a walk-through video documenting observations of an area or activity providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the International Space Station. Observations can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need.   Major Constituent Analyzer (MCA) Orbital Replacement Unit (ORU) Remove & Replace (R&R): On Monday the Node 3 MCA failed.  Teams reviewed the data and determined that the Data Control Assembly (DCA) experienced an internal Circuit Card Assembly (CCA) failure and recommended replacing ORU1.  This morning the crew R&Rd the ORU1 with an available spare on orbit.  MCA was successfully brought up to operate and is currently stabilizing and awaiting calibration before readings are taken.  The removed ORU will be returned to the ground for refurbishment.   Today’s Planned Activities All activities were completed unless otherwise noted. Crew Prep for PAO / r/g 1891 JEM Airlock Pressurization PAO hardware setup Acoustic Dosimeter Stow TV Conference with Russia Today TV Channel Correspondent r/g 1891 BLR48 – starting measurement Preparing for Replacement of Signal-VM Smoke Detectors ДС-7А / SM IVA IMF r/g 1889 Preparing for replacement of FGB Internal Hydraulic Loop [ВГК] 2-1 Replaceable Pump panel r/g 1868 MCA Data and Control Assembly (DCA)  R&R JEM Airlock Leak Check OTKLIK. Hardware Monitoring / r/g 1880 GLACIER2 –  Desiccant Replacement CONSTANTA-2. Removal of Cassette from TBU-V and setup on panel for 1-hour warmup / r/g 1876 CIR – Post-Experiment Hardware Stowage TV Conference with REN TV Channel Correspondent r/g 1890 IMS and Stowage Conference CARDIOVECTOR. Experiment Ops r/g 1892 BRI log download from RSS1 METEOR – Hardware Setup and Activation [Deferred] Photography of Plume Impingement and Deposit Monitoring Unit [БКДО] position on MRM2 through SM window No.13  r/g 1348 CONSTANTA-2. Preparation and Execution 2 r/g 1876 Scheduled monthly maintenance of Central Post Laptop r/g 1888 Video recording for Yandex search engine / r/g 1887 Rodent Research (RR) Camcorder Setup PAO Hardware Setup Microgravity Science Glovebox (MSG) – Activation Crew Prep for PAO PAO Event ESA Weekly Crew Conference Early unstow, priority, and US cargo transfers from Progress 432 (SM Aft) and IMS Ops / r/g 1812, 1831, 1832 Habitability Narrated Task Video Setup – Subject MRM2 comm config to support the P/L Ops METEOR – Closeout Ops Hardware Setup for Rodent Research Operations KULONOVSKIY KRISTALL. Hardware Setup and Configuration r/g 1878 Loading ISS-Server1 Backup Hard Drives – Part 3 OBT – ROBoT onboard simulator – Session 2 Kulonovskiy Kristall Experiment Run r/g 1878 Kulonovskiy Kristall Experiment Photography / r/g 1879 VIZIR. Experiment Ops MRM2 Comm Reconfig for Nominal Ops KULONOVSKIY KRISTALL. Copy and Downlink Data / r/g 1878 Early unstow, priority, and US cargo transfers from Progress 432 (SM Aft) and IMS Ops / r/g 1812, 1831, 1832 Installation of iPad RunSoc Application, Part 1 Installation of iPad RunSoc Application, Part 2 CONYUGATSIYA. Installation and Activation of TBU-V No. 02 r/g 1875 CONTENT. Experiment Ops / r/g 1874 IMS Delta File Prep Installation of iPad RunSoc Application, Part 3 Habitability Narrated Task Video Setup End – Subject Crew conference with Astronaut Office Flight Director / ISS Crew Tagup Daily Planning Conference (S-band) Carbon Monoxide Monitor (CDM) Ops MSG power off Portable Oxygen Monitor (POM) Ops   Completed Task List Items Dragon pre-pack [Active]   Ground Activities All activities were completed unless otherwise noted. MSG hardware setup Nominal ground commanding   Three-Day Look Ahead: Friday, 04/08: SpX-8 launch, crew off duty Saturday, 04/09: Prep for SpX-8 arrival Sunday. 04/10: Dragon capture/berth, SPHERES/KUBIK setup   QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon […]

from ISS On-Orbit Status Report http://ift.tt/1qbwj02
via IFTTT
Posted by at No comments:
Labels: ,

Google may adopt Apple's Swift Programming Language for Android

Almost two years back, Apple introduced Swift programming language at its World Wide Developers Conference (WWDC) to the developers who build software applications for Apple devices. Swift was designed to make it easier for developers to create apps for Apple's mobile platform. Usually developers write complete app code and then compile it to see output, but Swift helps them see results in


from The Hacker News http://ift.tt/1SiLefw
via IFTTT
Posted by at No comments:
Labels: ,

Lese bok Last ned Deutsches Hausbuch. 1. Band av Anonymous på norsk id:mhx5x50 ap45

Lese bok Last ned Deutsches Hausbuch. 1. Band av Anonymous på norsk id:mhx5x50 ap45. Nedlastingen eller lese Deutsches Hausbuch. 1.

from Google Alert - anonymous http://ift.tt/1MjtVP6
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous Ghost

We are many, we are legion. We do not forgive. We do not forget. Expect us. Add to Firefox. Add to collection. More Causes Themes. low bap _ ...

from Google Alert - anonymous http://ift.tt/1RI1jzo
via IFTTT
Posted by at No comments:
Labels: ,

Wolf-Lundmark-Melotte


Named for the three astronomers instrumental in its discovery and identification, Wolf - Lundmark - Melotte (WLM) is a lonely dwarf galaxy. Seen toward the mostly southern constellation Cetus, about 3 million light-years from the Milky Way, it is one of the most remote members of our local galaxy group. In fact, it may never have interacted with any other local group galaxy. Still, telltale pinkish star forming regions and hot, young, bluish stars speckle the isolated island universe. Older, cool yellowish stars fade into the small galaxy's halo, extending about 8,000 light-years across. This sharp portrait of WLM was captured by the 268-megapixel OmegaCAM widefield imager and survey telescope at ESO's Paranal Observatory. via NASA http://ift.tt/1VA8lrp
Posted by at No comments:
Labels: ,

Thursday, April 7, 2016

Anonymous users see "An unrecoverable error occurred..."

While troubleshooting this bug today I noticed some bugs were introduced in the 7.43 release (http://ift.tt/1R1ZQ2t) ...

from Google Alert - anonymous http://ift.tt/23nkDG6
via IFTTT
Posted by at No comments:
Labels: ,

Orioles Video: Joey Rickard smashes first career HR in 4-2 victory over Twins that completes 3-game sweep (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

Swingers Anonymous

Bill wakes up after a swingers party to find an envelope of cash and two dead swingers.

from Google Alert - anonymous http://ift.tt/1V0GbHm
via IFTTT
Posted by at No comments:
Labels: ,

Safe Probability. (arXiv:1604.01785v1 [stat.ME])

We formalize the idea of probability distributions that lead to reliable predictions about some, but not all aspects of a domain. The resulting notion of `safety' provides a fresh perspective on foundational issues in statistics, providing a middle ground between imprecise probability and multiple-prior models on the one hand and strictly Bayesian approaches on the other. It also allows us to formalize fiducial distributions in terms of the set of random variables that they can safely predict, thus taking some of the sting out of the fiducial idea. By restricting probabilistic inference to safe uses, one also automatically avoids paradoxes such as the Monty Hall problem. Safety comes in a variety of degrees, such as "validity" (the strongest notion), "calibration", "confidence safety" and "unbiasedness" (almost the weakest notion).



from cs.AI updates on arXiv.org http://ift.tt/1WgiaLI
via IFTTT
Posted by at No comments:
Labels: ,

Learning to Track at 100 FPS with Deep Regression Networks. (arXiv:1604.01802v1 [cs.CV])

Machine learning techniques are often used in computer vision due to their ability to leverage large amounts of training data to improve performance. Unfortunately, most generic object trackers are still trained from scratch online and do not benefit from the large number of videos that are readily available for offline training. We propose a method for using neural networks to track generic objects in a way that allows them to improve performance by training on labeled videos. Previous attempts to use neural networks for tracking are very slow to run and not practical for real-time applications. In contrast, our tracker uses a simple feed-forward network with no online training required, allowing our tracker to run at 100 fps during test time. Our tracker trains from both labeled video as well as a large collection of images, which helps prevent overfitting. The tracker learns generic object motion and can be used to track novel objects that do not appear in the training set. We test our network on a standard tracking benchmark to demonstrate our tracker's state-of-the-art performance. Our network learns to track generic objects in real-time as they move throughout the world.



from cs.AI updates on arXiv.org http://ift.tt/1XkoPmu
via IFTTT
Posted by at No comments:
Labels: ,

Planning with Information-Processing Constraints and Model Uncertainty in Markov Decision Processes. (arXiv:1604.02080v1 [cs.AI])

Information-theoretic principles for learning and acting have been proposed to solve particular classes of Markov Decision Problems. Mathematically, such approaches are governed by a variational free energy principle and allow solving MDP planning problems with information-processing constraints expressed in terms of a Kullback-Leibler divergence with respect to a reference distribution. Here we consider a generalization of such MDP planners by taking model uncertainty into account. As model uncertainty can also be formalized as an information-processing constraint, we can derive a unified solution from a single generalized variational principle. We provide a generalized value iteration scheme together with a convergence proof. As limit cases, this generalized scheme includes standard value iteration with a known model, Bayesian MDP planning, and robust planning. We demonstrate the benefits of this approach in a grid world simulation.



from cs.AI updates on arXiv.org http://ift.tt/1VcmpIF
via IFTTT
Posted by at No comments:
Labels: ,

On Stochastic Belief Revision and Update and their Combination. (arXiv:1604.02126v1 [cs.AI])

I propose a framework for an agent to change its probabilistic beliefs when a new piece of propositional information $\alpha$ is observed. Traditionally, belief change occurs by either a revision process or by an update process, depending on whether the agent is informed with $\alpha$ in a static world or, respectively, whether $\alpha$ is a 'signal' from the environment due to an event occurring. Boutilier suggested a unified model of qualitative belief change, which "combines aspects of revision and update, providing a more realistic characterization of belief change." In this paper, I propose a unified model of quantitative belief change, where an agent's beliefs are represented as a probability distribution over possible worlds. As does Boutilier, I take a dynamical systems perspective. The proposed approach is evaluated against several rationality postulated, and some properties of the approach are worked out.



from cs.AI updates on arXiv.org http://ift.tt/1XkoRun
via IFTTT
Posted by at No comments:
Labels: ,

Revising Incompletely Specified Convex Probabilistic Belief Bases. (arXiv:1604.02133v1 [cs.AI])

We propose a method for an agent to revise its incomplete probabilistic beliefs when a new piece of propositional information is observed. In this work, an agent's beliefs are represented by a set of probabilistic formulae -- a belief base. The method involves determining a representative set of 'boundary' probability distributions consistent with the current belief base, revising each of these probability distributions and then translating the revised information into a new belief base. We use a version of Lewis Imaging as the revision operation. The correctness of the approach is proved. The expressivity of the belief bases under consideration are rather restricted, but has some applications. We also discuss methods of belief base revision employing the notion of optimum entropy, and point out some of the benefits and difficulties in those methods. Both the boundary distribution method and the optimum entropy method are reasonable, yet yield different results.



from cs.AI updates on arXiv.org http://ift.tt/1Vcmps2
via IFTTT
Posted by at No comments:
Labels: ,

A New Oscillating-Error Technique for Classifiers. (arXiv:1505.05312v4 [cs.AI] UPDATED)

This paper describes a new method for reducing the error in a classifier. It uses an error correction update, but includes the very simple rule of either adding or subtracting the adjustment, based on whether the variable value is currently larger or smaller than the desired value. The new neuron can take an input from each variable or column and adjust it by either adding or subtracting the difference, on a variable by variable basis. While a traditional neuron would sum the inputs together and then apply the same function in every instance, this new neuron can change the function for each input variable. This gives added flexibility to the convergence procedure, where through a series of transpositions, variables that are far away can continue towards the desired value, whereas variables that are originally much closer can oscillate from one side to the other. Tests show that the method can successfully classify some benchmark datasets. It can also work in a batch mode, with reduced training times and can be used as part of a neural network architecture. There are also some updates to an earlier wave shape paper.



from cs.AI updates on arXiv.org http://ift.tt/1Bd2M5e
via IFTTT
Posted by at No comments:
Labels: ,

Building End-To-End Dialogue Systems Using Generative Hierarchical Neural Network Models. (arXiv:1507.04808v3 [cs.CL] UPDATED)

We investigate the task of building open domain, conversational dialogue systems based on large dialogue corpora using generative models. Generative models produce system responses that are autonomously generated word-by-word, opening up the possibility for realistic, flexible interactions. In support of this goal, we extend the recently proposed hierarchical recurrent encoder-decoder neural network to the dialogue domain, and demonstrate that this model is competitive with state-of-the-art neural language models and back-off n-gram models. We investigate the limitations of this and similar approaches, and show how its performance can be improved by bootstrapping the learning from a larger question-answer pair corpus and from pretrained word embeddings.



from cs.AI updates on arXiv.org http://ift.tt/1ea3dHX
via IFTTT
Posted by at No comments:
Labels: ,

Orioles: OF Adam Jones (ribcage soreness) not in starting lineup Thursday vs. Twins; felt pain after final AB Wednesday (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

Ravens open preseason at home vs. Panthers, visit Colts, host Lions and play at Saints to conclude exhibition slate (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous plans to create new political party in the US, called

"We are Anonymous. To most of you we are computer hackers. To your governments we are a terrorist organization. To corporations we are wicked ...

from Google Alert - anonymous http://ift.tt/1S6ab3Q
via IFTTT
Posted by at No comments:
Labels: ,

A Grateful Message To An Anonymous Donor

Dear Anonymous Donor, Thank you—whoever you are—for kicking off our Centennial like this! We received your $1 million bank check and ...

from Google Alert - anonymous http://ift.tt/1SDtsUy
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous users cant access webform

Hi, I created a webform block. Webform is published. I placed the block in a region. I can see the block as admin but I can not see it as anonymous ...

from Google Alert - anonymous http://ift.tt/1S6aaNu
via IFTTT
Posted by at No comments:
Labels: ,

Ravens: RB Terrance West suing a South Florida hotel group where he claims he was robbed twice on the same day in Feb. (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT
Posted by at No comments:
Labels: ,

FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus

Although everyone, including Apple, was worried about the iPhone hacking tool used by the Federal Bureau of Investigation (FBI) to access data on iPhone belonged to the San Bernardino shooter, the FBI director said the hack does not work on an iPhone 5S or later. FBI Director James Comey said Wednesday that the agency was able to avoid a prolonged legal battle with Apple by buying a tool from


from The Hacker News http://ift.tt/1qwHlxO
via IFTTT
Posted by at No comments:
Labels: ,

[FD] Monsta Box WebFTP 1.8.2 and below arbitrary file read and path traversal vulnerabilities

Application

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

How to Run Ubuntu on latest Windows 10 Insider Preview Build 14316

As reported last week, Microsoft will launch an 'Anniversary Update' for Windows 10 that will bring Ubuntu file system, allowing you to use Bash to run command-line Linux applications without a virtual machine. However, you do not have to wait until this summer to run Bash (Bourne Again Shell) on your Windows 10 OS, as Microsoft has released the first preview build of the Windows 10


from The Hacker News http://ift.tt/1oEB7Kl
via IFTTT
Posted by at No comments:
Labels: ,

[FD] Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability

Posted by at No comments:
Labels: ,

[FD] Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

Document Title: =============== Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1MPqSy7 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1811 Common Vulnerability Scoring System: ==================================== 7.1 Product & Service Introduction: =============================== Eight Webcom, is specialized in catering diversified web designing needs of people all over the globe. We support our offerings based on client's business requirements and provide in-depth reliable solution. We provide standards for our customer with consistent in every stage from end to end through the entire. With Ajax, web applications can retrieve data from the server asynchronously in the background without interfering with the display and behavior of the existing page. We have Expertise in Ajax Development, Ajax Application, Ajax Web Application. The term Ajax has come to represent a broad group of web technologies that can be used to implement a web application that communicates with a server in the background, without interfering with the current state of the page. (Copy of the Vendor Homepage: http://ift.tt/1q8lFao ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official Eight Webcom web-application (2016 Q2). Vulnerability Disclosure Timeline: ================================== 2016-04-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Eight Webcom Product: Eight Webcom - AJAX (Web-Application) 2016 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the official Eight Webcom web-application (2016 Q2). The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The sql-injection vulnerability is located in the `id` and `newsid` values of the `content.php`file. Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. The vulnerability is located on the application-side of the online service. The injection point is the id value in the vulnerable content.php file. The security vulnerability is a classic order by sql injection bug in the id parameter. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.1. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] content.php Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without user interaction or privileged web-application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:Powered by Eight Webcom Pvt. Ltd. inurl:content.php?id= PoC: Exploitation http://localhost:8080/content.php?id=25'[SQL-INJECTION VULNERABILITY!

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities

Document Title: =============== Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities References (Source): ==================== http://ift.tt/1TBuh5p Release Date: ============= 2016-04-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1816 Common Vulnerability Scoring System: ==================================== 7.4 Product & Service Introduction: =============================== Quicksilver VoHo Concept4E CMS v1.0 is a commercial content management system for Energy, Ecology, Environment or Entertainment. The cms is produced by the QuicksilverHQ VoHo company in india. (Copy of the Vendor Homepage: http://ift.tt/1Ygah7s ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple sql-injection vulnerabilities in the Quicksilver VoHo Concept4E v1.0 Content Management System. Vulnerability Disclosure Timeline: ================================== 2016-04-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Quicksilver HQ Product: Quicksilver VoHo Concept4E - Content Management System 1.0 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the Quicksilver VoHo Concept4E v1.0 Content Management System. The web vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The sql-injection vulnerability is located in the `contentid and `page` values of the `members.php`, `news.php`, `index.php`, `index2.php`, `updates.php` or `contacts.php` files. Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. The vulnerability is located on the application-side of the online service. The injection points are the page and contentid values in the vulnerable marked *.php files. The security vulnerability is a classic order by sql injection bug in the page and id parameter. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.4. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] members.php [+] news.php [+] index.php [+] updates.php [+] contacts.php [+] index2.php Vulnerable Parameter(s): [+] contentid [+] page Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without user interaction or privileged web-application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:Powered by Quicksilver VoHo inurl:.php?contentid= PoC: Exploitation http://localhost:8080/members.php?contentid=login'[SQL-INJECTION VULNERABILITY!]

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability

Document Title: =============== Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/1RXvfq7 Release Date: ============= 2016-04-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1812 Common Vulnerability Scoring System: ==================================== 3.2 Product & Service Introduction: =============================== Ticket sales scripts free of charge and virtual products. Virtual Freer (Copy of the Vendor Homepage: http://ift.tt/209OUX3 ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a client-side cross site scripting vulnerability in the official Virtual Freer v1.58 web-application. Vulnerability Disclosure Timeline: ================================== 2016-04-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Freer Product: Virtual Freer - Service (Web-Application) 1.58 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site scripting web vulnerability has been discovered in the official Virtual Freer v1.58 web-application. The web vulnerability allows to inject own malicious script codes to the client-side of the vulnerable web-application module. The client-side cross site scripting vulnerability is located in the `direct.php` value of the `qty` file GET method request. Remote attackers are able to inject client-side script codes to the qty value of the direct.php file GET method request to compromise session data. The attack vector of the issue is non-persistent and the request method to inject is GET (client-side). The security risk of the web vulnerabilityis estimated as medium with a cvss (common vulnerability scoring system) count of 3.2. Exploitation of the non-persistent web vulnerability requires no privileged web application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing, non-persistent external redirects, non-persistent load of malicious script codes or non-persistent web module context manipulation. Request Method(s): [+] GET Vulnerable Module(s): [+] Adobe - Edex Vulnerable Section(s): [+] search/global/ Vulnerable Parameter(s): [+] keyword-holder (keyword) Proof of Concept (PoC): ======================= The client-side cross site vulnerability can be exploited by remote attackers without privileged web-application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Example http://localhost:8080/direct.php?card=[cartid]&qty=1">PoC: Exploitation http://ift.tt/209OU9w http://localhost:8080/Foroshgah/direct.php?card=21&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/direct.php?card=5&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/shop/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/shop/direct.php?card=7&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://ift.tt/209OUX9 http://ift.tt/1S4iJZ8 http://localhost:8080/shop/direct.php?card=25&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/store/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/pay/direct.php?card=22&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E https://localhost:8080/factor/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://localhost:8080/direct.php?card=2&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://ift.tt/209OU9A http://localhost:8080/mellat2/direct.php?card=44&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://ift.tt/209OUpO Security Risk: ============== The security risk of the client-side cross site scripting vulnerability in the web-application is estimated as medium. (CVSS 3.2) Credits & Authors: ================== Milad Hacking - (milad.hacking.blackhat@gmail.com) [http://fullsecurity.org] [http://ift.tt/1S4iMnH] Thanks: Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi - irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t - MRS4JJ4D - Nazila Blackhat Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability

Document Title: =============== Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability References (Source): ==================== http://ift.tt/1Tvdv7O Release Date: ============= 2016-04-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1810 Common Vulnerability Scoring System: ==================================== 7.2 Product & Service Introduction: =============================== TechSoft WEB SOLUTIONS is an India based company that have many years experience in the design, development and implementation of bespoke software applications, relational databases, Internet and Intranet based systems. TECHSOFT WEB SOLUTIONS is dedicated to providing professional Website Design Solutions, Web Development, E-Commerce Web Applications, Website Maintenance and Reengineering, Domain and Web Hosting Services, etc. (COpy of the Vendor Homepage: http://ift.tt/25GayGc ) Abstract Advisory Information: ============================== An independent vulnerability laboratory research team discovered multiple remote sql injection vulnerabilities in the Techsoft Content Management System. Vulnerability Disclosure Timeline: ================================== 2016-04-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Techsoft Web Solutions Product: TechSoft - Content Management System (Web-Application) 2016 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the official Techsoft Content Management System (2016 Q2). The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The vulnerabilities are located in the `id` and `newsid` values of the `Content_sub.php`, `news_detail.php`, `ward.php`, `package_list.php`, `association.php` and `packages.php`files. Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. The vulnerability is located on the application-side of the online service. The injection points are the id and newsid values in the vulnerable marked php files. The security vulnerability is a classic order by sql injection bug. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.2. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] Content_sub.php [+] news_detail.php [+] ward.php [+] package_list.php [+] association.php [+] packages.php Vulnerable Parameter(s): [+] id [+] newsid Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without user interaction or privileged web-application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:"POWERED BY Techsoft" inurl:php?id PoC: Exploitation localhost:8080/Content_sub.php?id=5%27-[SQL-INJECTION VULNERABILITY!]

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export


from The Hacker News http://ift.tt/1MTW9A9
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous Cris

Tinkercad user Anonymous Cris. ... Anonymous Cris's Things. N64. Anonymous Cris 19 minutes ago. copy of SNES controller sized and no wire.

from Google Alert - anonymous http://ift.tt/1SRF88Y
via IFTTT
Posted by at No comments:
Labels: ,

Auroras and the Magnetosphere of Jupiter


Jupiter has auroras. Like near the Earth, the magnetic field of our Solar System's largest planet compresses when impacted by a gust of charged particles from the Sun. This magnetic compression funnels charged particles towards Jupiter's poles and down into the atmosphere. There, electrons are temporarily excited or knocked away from atmospheric gases, after which, when de-exciting or recombining with atmospheric ions, auroral light is emitted. The featured illustration portrays the magnificent magnetosphere around Jupiter in action. In the inset image released last month, the Earth-orbiting Chandra X-ray Observatory shows unexpectedly powerful X-ray light emitted by Jovian auroras, depicted in false-colored purple. That Chandra inset is superposed over an optical image taken at a different time by the Hubble Space Telescope. This aurora on Jupiter was seen in October 2011, several days after the Sun emitted a powerful Coronal Mass Ejection (CME). via NASA http://ift.tt/25KQIJY
Posted by at No comments:
Labels: ,

Wednesday, April 6, 2016

Towards Bayesian Deep Learning: A Survey. (arXiv:1604.01662v1 [stat.ML])

While perception tasks such as visual object recognition and text understanding play an important role in human intelligence, the subsequent tasks that involve inference, reasoning and planning require an even higher level of intelligence. The past few years have seen major advances in many perception tasks using deep learning models. For higher-level inference, however, probabilistic graphical models with their Bayesian nature are still more powerful and flexible. To achieve integrated intelligence that involves both perception and inference, it is naturally desirable to tightly integrate deep learning and Bayesian models within a principled probabilistic framework, which we call Bayesian deep learning. In this unified framework, the perception of text or images using deep learning can boost the performance of higher-level inference and in return, the feedback from the inference process is able to enhance the perception of text or images. This survey provides a general introduction to Bayesian deep learning and reviews its recent applications on recommender systems, topic models, and control. In this survey, we also discuss the relationship and differences between Bayesian deep learning and other related topics like Bayesian treatment of neural networks.



from cs.AI updates on arXiv.org http://ift.tt/1SRcEw3
via IFTTT
Posted by at No comments:
Labels: ,

On the uniform one-dimensional fragment. (arXiv:1604.01673v1 [cs.LO])

The uniform one-dimensional fragment of first-order logic, U1, is a recently introduced formalism that extends two-variable logic in a natural way to contexts with relations of all arities. We survey properties of U1 and investigate its relationship to description logics designed to accommodate higher arity relations, with particular attention given to DLR_reg. We also define a description logic version of a variant of U1 and prove a range of new results concerning the expressivity of U1 and related logics.



from cs.AI updates on arXiv.org http://ift.tt/1VaiqMy
via IFTTT
Posted by at No comments:
Labels: ,

A Corpus and Evaluation Framework for Deeper Understanding of Commonsense Stories. (arXiv:1604.01696v1 [cs.CL])

Representation and learning of commonsense knowledge is one of the foundational problems in the quest to enable deep language understanding. This issue is particularly challenging for understanding casual and correlational relationships between events. While this topic has received a lot of interest in the NLP community, research has been hindered by the lack of a proper evaluation framework. This paper attempts to address this problem with a new framework for evaluating story understanding and script learning: the 'Story Cloze Test'. This test requires a system to choose the correct ending to a four-sentence story. We created a new corpus of ~50k five-sentence commonsense stories, ROCStories, to enable this evaluation. This corpus is unique in two ways: (1) it captures a rich set of causal and temporal commonsense relations between daily events, and (2) it is a high quality collection of everyday life stories that can also be used for story generation. Experimental evaluation shows that a host of baselines and state-of-the-art models based on shallow language understanding struggle to achieve a high score on the Story Cloze Test. We discuss these implications for script and story learning, and offer suggestions for deeper language understanding.



from cs.AI updates on arXiv.org http://ift.tt/1SRcCEg
via IFTTT
Posted by at No comments:
Labels: ,

Efficiency and Sequenceability in Fair Division of Indivisible Goods with Additive Preferences. (arXiv:1604.01734v1 [cs.GT])

In fair division of indivisible goods, using sequences of sincere choices (or picking sequences) is a natural way to allocate the objects. The idea is the following: at each stage, a designated agent picks one object among those that remain. This paper, restricted to the case where the agents have numerical additive preferences over objects, revisits to some extent the seminal paper by Brams and King [9] which was specific to ordinal and linear order preferences over items. We point out similarities and differences with this latter context. In particular, we show that any Pareto-optimal allocation (under additive preferences) is sequenceable, but that the converse is not true anymore. This asymmetry leads naturally to the definition of a "scale of efficiency" having three steps: Pareto-optimality, sequenceability without Pareto-optimality, and non-sequenceability. Finally, we investigate the links between these efficiency properties and the "scale of fairness" we have described in an earlier work [7]: we first show that an allocation can be envy-free and non-sequenceable, but that every competitive equilibrium with equal incomes is sequenceable. Then we experimentally explore the links between the scales of efficiency and fairness.



from cs.AI updates on arXiv.org http://ift.tt/1VaisUD
via IFTTT
Posted by at No comments:
Labels: ,

ASlib: A Benchmark Library for Algorithm Selection. (arXiv:1506.02465v3 [cs.AI] UPDATED)

The task of algorithm selection involves choosing an algorithm from a set of algorithms on a per-instance basis in order to exploit the varying performance of algorithms over a set of instances. The algorithm selection problem is attracting increasing attention from researchers and practitioners in AI. Years of fruitful applications in a number of domains have resulted in a large amount of data, but the community lacks a standard format or repository for this data. This situation makes it difficult to share and compare different approaches effectively, as is done in other, more established fields. It also unnecessarily hinders new researchers who want to work in this area. To address this problem, we introduce a standardized format for representing algorithm selection scenarios and a repository that contains a growing number of data sets from the literature. Our format has been designed to be able to express a wide variety of different scenarios. Demonstrating the breadth and power of our platform, we describe a set of example experiments that build and evaluate algorithm selection models through a common interface. The results display the potential of algorithm selection to achieve significant performance improvements across a broad range of problems and algorithms.



from cs.AI updates on arXiv.org http://ift.tt/1cHsY1G
via IFTTT
Posted by at No comments:
Labels: ,

Towards a Better Understanding of CAR, CDR, CADR and the Others. (arXiv:1507.05956v5 [cs.AI] UPDATED)

This paper describes the IBM 704 architecture and the genesis of the names for CAR, and CDR, which, as it turns out, probably don't quite make sense. The paper suggests that this may not be all bad, as the names lend themselves to compounding. Indeed that the compound function names , such as CADR, or even CADADR, etc. may be read as little access programs.



from cs.AI updates on arXiv.org http://ift.tt/1ehMF0O
via IFTTT
Posted by at No comments:
Labels: ,

Learning in Auctions: Regret is Hard, Envy is Easy. (arXiv:1511.01411v6 [cs.GT] UPDATED)

A line of recent work provides welfare guarantees of simple combinatorial auction formats, such as selling m items via simultaneous second price auctions (SiSPAs) (Christodoulou et al. 2008, Bhawalkar and Roughgarden 2011, Feldman et al. 2013). These guarantees hold even when the auctions are repeatedly executed and players use no-regret learning algorithms. Unfortunately, off-the-shelf no-regret algorithms for these auctions are computationally inefficient as the number of actions is exponential. We show that this obstacle is insurmountable: there are no polynomial-time no-regret algorithms for SiSPAs, unless RP$\supseteq$ NP, even when the bidders are unit-demand. Our lower bound raises the question of how good outcomes polynomially-bounded bidders may discover in such auctions.

To answer this question, we propose a novel concept of learning in auctions, termed "no-envy learning." This notion is founded upon Walrasian equilibrium, and we show that it is both efficiently implementable and results in approximately optimal welfare, even when the bidders have fractionally subadditive (XOS) valuations (assuming demand oracles) or coverage valuations (without demand oracles). No-envy learning outcomes are a relaxation of no-regret outcomes, which maintain their approximate welfare optimality while endowing them with computational tractability. Our results extend to other auction formats that have been studied in the literature via the smoothness paradigm.

Our results for XOS valuations are enabled by a novel Follow-The-Perturbed-Leader algorithm for settings where the number of experts is infinite, and the payoff function of the learner is non-linear. This algorithm has applications outside of auction settings, such as in security games. Our result for coverage valuations is based on a novel use of convex rounding schemes and a reduction to online convex optimization.



from cs.AI updates on arXiv.org http://ift.tt/1MB08ux
via IFTTT
Posted by at No comments:
Labels: ,

Recurrent Instance Segmentation. (arXiv:1511.08250v2 [cs.CV] UPDATED)

Instance segmentation is the problem of detecting and delineating each distinct object of interest appearing in an image. Current instance segmentation approaches consist of ensembles of modules that are trained independently of each other, thus missing learning opportunities. Here we propose a new instance segmentation paradigm consisting in an end-to-end method that learns how to segment instances sequentially. The model is based on a recurrent neural network that sequentially finds objects and their segmentations one at a time. This net is provided with a spatial memory that keeps track of what pixels have been explained and allows handling occlusion. In order to train the model we designed a new principled loss function that accurately represents the properties of the instance segmentation problem. In the experiments carried out, we found that our method outperforms recent approaches on multiple person segmentation, and all state of the art approaches on the Plant Phenotyping dataset for leaf counting.



from cs.AI updates on arXiv.org http://ift.tt/1TfqNCg
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous

Sign In · Campaign · Logistics · Logistics · March · DC Sit-Ins · local hubs · FAQ · donate. Menu. Sign up for news and updates. Optional email code ...

from Google Alert - anonymous http://ift.tt/1S3GFf5
via IFTTT
Posted by at No comments:
Labels: ,

Anonymous Soldiers: the struggle for Israel on Late Night Live

Anonymous Soldiers: the struggle for Israel on Late Night Live. with Phillip Adams on RN. Wednesday 6th April. Summary. Does terrorism work?

from Google Alert - anonymous http://ift.tt/1q7BOgb
via IFTTT
Posted by at No comments:
Labels: ,

Ravens: Ohio State RB Ezekiel Elliott goes 6th in Mel Kiper's Mock Draft 4.0; \"an elite RB who can excel on all 3 downs\" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT
Posted by at No comments:
Labels: ,

User references can bypass anonymous restrictions

When configuring an entity reference field for users, you can choose to disallow anonymous user selection. However, this only works when providing ...

from Google Alert - anonymous http://ift.tt/1MSQhqL
via IFTTT
Posted by at No comments:
Labels: ,

General Manager - Fast Food

General Manager - Fast Food. anonymous US-KY-Relocate to Florence, KY 4/6/2016. Save Job. Sign in Now. Email; Report ...

from Google Alert - anonymous http://ift.tt/1UWvmq1
via IFTTT
Posted by at No comments:
Labels: ,

[FD] Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes!

Today we are happy to announce that Faraday v1.0.18 is ready! A short iteration, filled with small powerups - brand new CLI mode allows you to process reports in batch, new helpers and plugin fixes. We know that our users rely on a lot of different systems and solutions and we want to integrate Faraday in that workflow. In that order we added the ability to easily export data into a JIRA installation, allowing users to share the findings between the security engineering, devops and development teams. In order to do this, we added a new layer between Faraday and the database, making our product more robust than ever. Expect a lot of new features in this direction in the near future! Changes: * Experimental JIRA integration - just enable Faraday Proxy Server: http://ift.tt/1S2pSci, go to our Status Report to select the desired vulns and click on the JIRA button! Read more about it here: http://ift.tt/1N8PrRt. * Added Faraday Proxy Server, a proxy between CouchDB and Faraday, read about how to setup and run http://ift.tt/1S2pSci * Improved Executive Report generation process * Extended user management features * Added CLI mode - to process the XML output of an Nessus scan located in /tmp/nmap-scan.xmlinto the workspace named project_one run the following command: python2 faraday.py --cli --workspace project_one --report /tmp/nessus_scan.xml read more about it here: http://ift.tt/1S2pTwW * Now you can run as many Faraday instances as you like per host * Added some new scripts and helpers (helpers/cfdbToCsv.py - helpers/vulndbToCsv.py - bin/getExploits.py) Bug fixes: * Included all fields when editing Web Vulnerabilities in bulk mode in our Web UI * Fixed selection of Hosts and Services in both their lists in our Web UI * Fixed Hosts and Services filters, when results were empty it showed the loading icon forever, now it works as expected * Fixed bugs in Qualys, ZAP, Nikto, w3af and OpenVAS plugins: * ZAP - Fixed for newest report version and added Unicode support * Nikto -Fixed for newest report version, added more data import * Qualys - Fixed for newest report version, added more data import and Unicode support ... and more! We hope you enjoy it, and let us know if you have any questions or comments. http://ift.tt/1D4inIk http://ift.tt/1D8gKXz https://twitter.com/faradaysec

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] CVE-2016-3672 - Unlimiting the stack not longer disables ASLR

Hi everyone, We have fixed an old and very known weakness in the Linux ASLR implementation. The weakness allowed any user able to running 32-bit applications in a x86 machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited. This is a very old trick to disable ASLR, but unfortunately it was still present in current Linux systems. Details at: http://ift.tt/1WcvAZ5 Best, Hector.

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Panda Security 2016 Home User Products - Privilege Escalation

Posted by at No comments:
Labels: ,

[FD] Panda Security Multiple Business Products - Privilege Escalation

Posted by at No comments:
Labels: ,

[FD] hardwear.io CFP 2016 - Hardware Security Conference Call for Papers

Dear Hackers and Security Gurus, hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. Please find all the relevant details for the submission below. About hardwear.io

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

[FD] Fireware XTM Web UI - Open Redirect

================================================================ Fireware XTM Web UI - Open Redirect ================================================================ Information

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

Beautiful/Anonymous - A Real Life Superhero

Beautiful/Anonymous - A Real Life Superhero - Military vet & writer talks about his WWII super-spy grandma. Posted by Stephanie Garrett, on Product ...

from Google Alert - anonymous http://ift.tt/1RE5c8t
via IFTTT
Posted by at No comments:
Labels: ,

ISS Daily Summary Report – 04/5/16

Muscle Atrophy Research and Exercise System (MARES): Peake completed partial checkout activities for the MARES investigation by placing Percutaneous Electrical Muscle Stimulator (PEMS) electrodes on the designated area of the right leg and successfully executing ankle exercise sessions.  Software issues were discovered which prevented the remaining activities from being completed.  These will be rescheduled for a future date.  MARES is a European Space Agency (ESA) system that will be used for research on musculoskeletal, biomechanical, and neuromuscular human physiology to better understand the effects of microgravity on the muscular system. MARES is a Joint USOS Experiment (JUE) performed with both USOS and Russian crew members.   Rodent Research-3 (RR-3) EXpedite the PRocessing of Experiments to Space Station EXPRESS Rack and Habitat Familiarization: Kopra and Skripochka reviewed training material for the EXPRESS Rack and Habitats in preparation for upcoming RR-3 operations. RR-3 is a Joint USOS Experiment (JUE) performed with both USOS and Russian crew members. RR-3 studies molecular and physical changes in the musculoskeletal system that happens in space. Results expand scientists’ understanding of muscle atrophy and bone loss in space while testing an antibody that has been known to prevent muscle wasting in mice on Earth.   Multi-user Droplet Combustion Apparatus (MDCA) Hardware Gather, Session Review, and Maintenance Work Area (MWA) Preparation: Kopra gathered hardware and reviewed details for configuring the MDCA and CIA (Chamber Insert Assembly) for the Flame Extinguishment – 2 (FLEX-2) test points. The FLEX-2 experiment is the second experiment to fly on the ISS which uses small droplets of fuel to study the special spherical characteristics of burning fuel droplets in space. The experiment studies how quickly fuel burns, the conditions required for soot to form, and how mixtures of fuels evaporate before burning. Understanding these processes could lead to the production of a safer spacecraft as well as increased fuel efficiency for engines using liquid fuel on Earth. Meteor Onboard Training and Review: Williams completed required onboard training for the Meteor installation. He verified that the Basic Input/Output System (BIOS) settings are correct for payload application and created the Software Image load of the Meteor payload software onto the T61p hard drive. The laptop and hard drive will be dedicated for Meteor use in the Window Observation Research Facility (WORF). The Meteor investigation takes high-resolution video and images of the atmosphere and uses a software program to search for bright spots which can later be analyzed on the ground. NanoRacks Platform-1 Remove and Replace (R&R): Williams successfully removed & replaced the NanoRacks Platform-1 locker that has had data connectivity issues since SpX-4 unberth. The ground teams reported successful initial communications and will continue communications testing for 48 hours. The NanoRack Platform is a multipurpose research facility that supports NanoRacks Modules in the CubeSat form factor by providing power and data transfer capabilities to operate investigations in microgravity.  NanoRacks Platform-1 is one of three Platforms and is used for modules not needing power.   Dose Tracker: Williams, and Kopra completed entries for medication tracking. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions.   Habitability Human Factors Directed Observations: Kopra completed a session of the Habitability experiment when he recorded and submitted a walk-through video documenting observations of an area or activity providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required and whether a mission’s duration impacts how much space crew members need.   Advanced Resistive Exercise Device (ARED) Quarterly Maintenance: Williams completed this regularly scheduled maintenance today. He inspected X-Rotation Dashpots, cycled the Main Arm through full range of motion, and greased the ARED Vibration Isolation and Stabilization (VIS) rails and rollers and upper stop.   Today’s Planned Activities All activities were completed unless otherwise noted. On MCC GO Regeneration of БМП Ф2 Micropurification Cartridge (start) MAR – Setup Ops Soyuz 720 Samsung Tablet Recharge – initiate / Video & Audio Video Footage of Greetings / r/g 1861 DOSETRK – Questionnaire WRS Water Sample Analysis MAR – Hardware Installation and Configuration DAN. Experiment Operator Assistance / r/g 0119 DAN. Experiment Ops. r/g 0119 SM Ventilation Subsystem Preventive Maintenance. Group А Dragon Prepack MARES. Battery discharge – initiate SM Ventilation Subsystem Preventive Maintenance. Group А / Ventilation and Air Conditioning System [СВК On-orbit Hearing Assessment using EARQ Filling EDV [KOB] for Elektron and EDV-SV r/g 1858 CALCIUM. Experiment Session 5 / r/g 1856 WRS Maintenance Relocation of Intravehicular Tissue Equivalent Proportional Counter (IV-TEPC) HABIT – Preparing for the experiment Soyuz 720 Samsung tablet charge – end DOSETRK – Questionnaire SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) r/g 1595 WRS Maintenance Soyuz 719 Samsung Tablet Recharge – Initiate METEOR  Installation OBT MAR – configuration deinstallation Battery Stowage Assembly (BSA) Operation Termination METEOR – Procedure Review TOCA Data Recording Separation of EDV-SV  Separate EDV-SV cover No.1207 CMS – Advanced Resistive Exercise Device (ARED) Quarterly Maintenance Soyuz 719 Samsung Tablet Recharge – terminate EXPRESS Rack and Habitat Module Overview MARES. Battery Discharge – Status Monitoring EPO [Deferred] RS Gas-masks inventory / r/g 1859 СОЖ Maintenance SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup r/g 1595 Installation of Habitat module for rodent research MAR Copy Files MAR – Laptop SW Update MDCA – Procedure Review IFM – WRS – Hardware Gathering CIR – Hardware Setup MARES. PEMS and EMG Stowage MDCA – Preparation of MWA Surface Area Cleaning Nikon still camera […]

from ISS On-Orbit Status Report http://ift.tt/1TBCBCa
via IFTTT
Posted by at No comments:
Labels: ,

Adobe to issue Emergency Patch for Critical Flash Player Vulnerability

Adobe has been one of the favorite picks of the Hackers to mess with any systems devoid of any operating systems, as Flash Player is a front runner in all the browsers. Hackers have already been targeting Flash Player for long by exploiting known vulnerabilities roaming in the wild. Despite Adobe's efforts, Flash is not safe anymore for Internet security, as one more critical


from The Hacker News http://ift.tt/1oBoaRB
via IFTTT
Posted by at No comments:
Labels: ,

Efficiently combine anonymous functions?

Hi. I have an algorithm which has several anonymous functions passed as parameters which are then combined depending on flags. Since the ...

from Google Alert - anonymous http://ift.tt/1SzWrsk
via IFTTT
Posted by at No comments:
Labels: ,

Facebook uses Artificial Intelligence to Describe Photos to Blind Users

Today the Internet has become dominated by images, and it’s the major feature that got Facebook to a Billion daily users. We can not imagine Facebook without photos, but for Millions of blind and visually impaired people, Facebook without photos has been the reality since its launch. But not now! Facebook has launched a system, dubbed Automatic Alternative Text, which describes the


from The Hacker News http://ift.tt/1SPf91K
via IFTTT
Posted by at No comments:
Labels: ,

Hacker reveals How to Bypass iPhone 6s Lock Screen Passcode [Video]

Apple gave you a reason to turn your Siri OFF. A critical security flaw in Apple's newest iPhones running the latest version of the iOS operating system allows anyone to bypass the phone's lockscreen and gain access to personal information. The iPhone lockscreen bypass bug only works on the iPhone 6S and iPhone 6S Plus, as these devices take advantage of the 3D Touch functionality that


from The Hacker News http://ift.tt/1oB3itq
via IFTTT
Posted by at No comments:
Labels: ,

Adult Video (you will remain anonymous)

Females for Adult video 18 or over only. All looks/ethnicity accepted, as long as you are comfortable with adult material. You will get paid in cash and it ...

from Google Alert - anonymous http://ift.tt/1V8tcTF
via IFTTT
Posted by at No comments:
Labels: ,

Tuesday, April 5, 2016

An Efficient Algorithm for Mining Frequent Sequence with Constraint Programming. (arXiv:1604.01166v1 [cs.DB])

The main advantage of Constraint Programming (CP) approaches for sequential pattern mining (SPM) is their modularity, which includes the ability to add new constraints (regular expressions, length restrictions, etc). The current best CP approach for SPM uses a global constraint (module) that computes the projected database and enforces the minimum frequency; it does this with a filtering algorithm similar to the PrefixSpan method. However, the resulting system is not as scalable as some of the most advanced mining systems like Zaki's cSPADE. We show how, using techniques from both data mining and CP, one can use a generic constraint solver and yet outperform existing specialized systems. This is mainly due to two improvements in the module that computes the projected frequencies: first, computing the projected database can be sped up by pre-computing the positions at which an symbol can become unsupported by a sequence, thereby avoiding to scan the full sequence each time; and second by taking inspiration from the trailing used in CP solvers to devise a backtracking-aware data structure that allows fast incremental storing and restoring of the projected database. Detailed experiments show how this approach outperforms existing CP as well as specialized systems for SPM, and that the gain in efficiency translates directly into increased efficiency for other settings such as mining with regular expressions.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1SOnDpV
via IFTTT
Posted by at No comments:
Labels: ,

Learning to Generate Posters of Scientific Papers. (arXiv:1604.01219v1 [cs.AI])

Researchers often summarize their work in the form of posters. Posters provide a coherent and efficient way to convey core ideas from scientific papers. Generating a good scientific poster, however, is a complex and time consuming cognitive task, since such posters need to be readable, informative, and visually aesthetic. In this paper, for the first time, we study the challenging problem of learning to generate posters from scientific papers. To this end, a data-driven framework, that utilizes graphical models, is proposed. Specifically, given content to display, the key elements of a good poster, including panel layout and attributes of each panel, are learned and inferred from data. Then, given inferred layout and attributes, composition of graphical elements within each panel is synthesized. To learn and validate our model, we collect and make public a Poster-Paper dataset, which consists of scientific papers and corresponding posters with exhaustively labelled panels and attributes. Qualitative and quantitative results indicate the effectiveness of our approach.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/239GYdH
via IFTTT
Posted by at No comments:
Labels: ,

Feature extraction using Latent Dirichlet Allocation and Neural Networks: A case study on movie synopses. (arXiv:1604.01272v1 [cs.CL])

Feature extraction has gained increasing attention in the field of machine learning, as in order to detect patterns, extract information, or predict future observations from big data, the urge of informative features is crucial. The process of extracting features is highly linked to dimensionality reduction as it implies the transformation of the data from a sparse high-dimensional space, to higher level meaningful abstractions. This dissertation employs Neural Networks for distributed paragraph representations, and Latent Dirichlet Allocation to capture higher level features of paragraph vectors. Although Neural Networks for distributed paragraph representations are considered the state of the art for extracting paragraph vectors, we show that a quick topic analysis model such as Latent Dirichlet Allocation can provide meaningful features too. We evaluate the two methods on the CMU Movie Summary Corpus, a collection of 25,203 movie plot summaries extracted from Wikipedia. Finally, for both approaches, we use K-Nearest Neighbors to discover similar movies, and plot the projected representations using T-Distributed Stochastic Neighbor Embedding to depict the context similarities. These similarities, expressed as movie distances, can be used for movies recommendation. The recommended movies of this approach are compared with the recommended movies from IMDB, which use a collaborative filtering recommendation approach, to show that our two models could constitute either an alternative or a supplementary recommendation approach.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/22aSy2l
via IFTTT
Posted by at No comments:
Labels: ,

Landmark-based Plan Recognition. (arXiv:1604.01277v1 [cs.AI])

Recognition of goals and plans using incomplete evidence from action execution can be done efficiently by using planning techniques. In many applications it is important to recognize goals and plans not only accurately, but also quickly. In this paper, we develop a heuristic approach for recognizing plans based on planning techniques that rely on ordering constraints to filter candidate goals from observations. In the planning literature, these ordering constraints are called landmarks, which are facts or actions that cannot be avoided to achieve a goal. We show the applicability of planning landmarks in two settings: first, we use it directly to develop a heuristic-based plan recognition approach; second, we refine an existing planning-based plan recognition approach. Our empirical evaluation shows that our approach is not only substantially more accurate than the state-of-the-art in all available datasets, it is also an order of magnitude faster.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1SOnFhC
via IFTTT
Posted by at No comments:
Labels: ,

Deep Cross Residual Learning for Multitask Visual Recognition. (arXiv:1604.01335v1 [cs.CV])

Residual learning has recently surfaced as an effective means of constructing very deep neural networks for object recognition. However, current incarnations of residual networks do not allow for the modeling and integration of complex relations between closely coupled recognition tasks or across domains. Such problems are often encountered in multimedia and vision applications involving large-scale content recognition. We propose a novel extension of residual learning for deep networks that enables intuitive learning across multiple related tasks using cross-connections called cross-residuals. These cross-residuals connections can be viewed as a form of in-network regularization and enables greater network generalization. We show how cross-residual learning (CRL) can be integrated in multitask networks to jointly train and detect visual concepts across several tasks. We present a single multitask cross-residual network with >40% less parameters that is able to achieve competitive, or even better, detection performance on a visual sentiment concept detection problem normally requiring multiple specialized single-task networks. The resulting multitask cross-residual network also achieves better detection performance by about 10.4% over a standard multitask residual network without cross-residuals with even a small amount of cross-task weighting.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1WaTrZ9
via IFTTT
Posted by at No comments:
Labels: ,

Bounded Optimal Exploration in MDP. (arXiv:1604.01350v1 [cs.AI])

Within the framework of probably approximately correct Markov decision processes (PAC-MDP), much theoretical work has focused on methods to attain near optimality after a relatively long period of learning and exploration. However, practical concerns require the attainment of satisfactory behavior within a short period of time. In this paper, we relax the PAC-MDP conditions to reconcile theoretically driven exploration methods and practical needs. We propose simple algorithms for discrete and continuous state spaces, and illustrate the benefits of our proposed relaxation via theoretical analyses and numerical examples. Our algorithms also maintain anytime error bounds and average loss bounds. Our approach accommodates both Bayesian and non-Bayesian methods.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1Mc85Nx
via IFTTT
Posted by at No comments:
Labels: ,

The Curious Robot: Learning Visual Representations via Physical Interactions. (arXiv:1604.01360v1 [cs.CV])

What is the right supervisory signal to train visual representations? Current approaches in computer vision use category labels from datasets such as ImageNet to train ConvNets. However, in case of biological agents, visual representation learning does not require semantic labels. In fact, we argue that biological agents use active exploration and physical interactions with the world to learn visual representations unlike current vision systems which just use passive observations (images and videos downloaded from web). For example, babies push objects, poke them, put them in their mouth and throw them to learn representations. Towards this goal, we build one of the first systems on a Baxter platform that pushes, pokes, grasps and actively observes objects in a tabletop environment. It uses four different types of physical interactions to collect more than 130K datapoints, with each datapoint providing backprops to a shared ConvNet architecture allowing us to learn visual representations. We show the quality of learned representations by observing neuron activations and performing nearest neighbor retrieval on this learned representation. Finally, we evaluate our learned ConvNet on different image classification tasks and show improvements compared to learning without external data.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1WaTpk2
via IFTTT
Posted by at No comments:
Labels: ,

A Brain-like Cognitive Process with Shared Methods. (arXiv:1507.04928v2 [cs.AI] UPDATED)

This paper describes a detailed cognitive structure and related processes. It also suggests some specific methods for carrying out those processes, where the methods interact well with each other. The main purpose of this paper is to reaffirm earlier research on different knowledge-based and experience-based clustering techniques, by describing in more detail how they can work as part of the same system. While an earlier paper defined three levels of functional requirement, this paper re-defines the levels in a more human vernacular. The intended higher-level goals are made clearer, in terms of action-result pairs. The system is therefore modelled on the human brain, where pattern creation and activation would be automatic and distributed, and the information can flow seamlessly between the main constructs. The overall architecture has stayed essentially the same and so it is the localised processes or smaller details that have been updated. For example, a counting mechanism is used slightly differently, to measure a level of 'cohesion' instead of a 'correct' classification, over pattern instances. The Concept Trees structure can perform more than one type of role and the introduction of features has enhanced the architecture again. There is also some new information and theory.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1LlCiaY
via IFTTT
Posted by at No comments:
Labels: ,

Science Question Answering using Instructional Materials. (arXiv:1602.04375v2 [cs.CL] UPDATED)

We provide a solution for elementary science test using instructional materials. We posit that there is a hidden structure that explains the correctness of an answer given the question and instructional materials and present a unified max-margin framework that learns to find these hidden structures (given a corpus of question-answer pairs and instructional materials), and uses what it learns to answer novel elementary science questions. Our evaluation shows that our framework outperforms several strong baselines.

Donate to arXiv



from cs.AI updates on arXiv.org http://ift.tt/1TkaiqI
via IFTTT
Posted by at No comments:
Labels: ,

FIRE, First Amendment Allies Ask OCR to Reject Calls to Ban Anonymous Social Media Applications

As I've previously discussed at length, it would be—at best—a symbolic action for institutions to ban anonymous social media applications like Yik Yak ...

from Google Alert - anonymous http://ift.tt/1N7pHoD
via IFTTT
Posted by at No comments:
Labels: ,

Re: [FD] [SE-2012-01] Broken security fix in IBM Java 7/8

Hello All, I should have included the following information in my original post: 1) Issue 67 was assigned CVE-2013-3009 [1], 2) it originally affected IBM Java from versions 1.4 to 7 [2], 3) CVE-ID corresponding to a broken patch will likely not reflect the original issue. This was the case for IBM's Issue 49 (CVE-2012-4823) and two of its broken fixes (CVE-2013-3012 and CVE-2013-5458). 4) Incomplete patch for Issue 67 may affect IBM Notes / Domino, Websphere, Tivoli and other IBM products incorporating vulnerable IBM JRE (source: IBM Security Bulletins where CVE-2013-3009 identifier strings appears). Thank you.

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,

Ravens: WR Steve Smith Sr. joins Russillo and Kanell to address his tweets on Greg Hardy; listen live in the ESPN app (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT
Posted by at No comments:
Labels: ,

Orioles Video: Adam Jones disregards team's no-pie celebration rules and slams dessert into Matt Wieters' face (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT
Posted by at No comments:
Labels: ,

via Instagram http://ift.tt/1V7luct
Posted by at No comments:
Labels: ,

Dinner in the green house


via Instagram http://ift.tt/1RWHyTu
Posted by at No comments:
Labels: ,

via Instagram http://ift.tt/1VtHZXY
Posted by at No comments:
Labels: ,

#streetart


via Instagram http://ift.tt/25Iy1GN
Posted by at No comments:
Labels: ,

Got my second star, this wraps up a large part of my life, now to focus on what comes next!


via Instagram http://ift.tt/1oxZKIE
Posted by at No comments:
Labels: ,

[FD] Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability

Document Title: =============== Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability References (Source): ==================== http://ift.tt/1N6dS1U Release Date: ============= 2016-04-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1814 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally released in 2007 for the iPhone and iPod Touch, it has been extended to support other Apple devices such as the iPad and Apple TV. Unlike Microsoft`s Windows Phone (Windows CE) and Google`s Android, Apple does not license iOS for installation on non-Apple hardware. As of September 12, 2012, Apple`s App Store contained more than 700,000 iOS applications, which have collectively been downloaded more than 30 billion times. It had a 14.9% share of the smartphone mobile operating system units shipped in the third quarter of 2012, behind only Google`s Android. In June 2012, it accounted for 65% of mobile web data consumption (including use on both the iPod Touch and the iPad). At the half of 2012, there were 410 million devices activated. According to the special media event held by Apple on September 12, 2012, 400 million devices have beensold through June 2012. ( Copy of the Homepage: http://ift.tt/15d7WzJ ) Apple Inc. is an American multinational technology company headquartered in Cupertino, California, that designs, develops, and sells consumer electronics, computer software, and online services. Its hardware products include the iPhone smartphone, the iPad tablet computer, the Mac personal computer, the iPod portable media player, and the Apple Watch smartwatch. Applegovernment-labs consumer software includes the OS X and iOS operating systems, the iTunes media player, the Safari web browser, and the iLife and iWork creativity and productivity suites. Its online services include the iTunes Store, the iOS App Store and Mac App Store, and iCloud. (Copy of the Homepage: http://ift.tt/1aLspRF. ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a local passcode bypass vulnerability in the official Apple iOS 9.3.1 iPhone 6S & Plus models. Vulnerability Disclosure Timeline: ================================== 2016-03-17: Public Disclosure (Evolution Security GmbH - Benjamin Kunz Mejri) 2016-03-18: Vendor Notification (Apple Product Security Team) 2015-**-**: Vendor Response/Feedback (Apple Product Security Team) 2016-**-**: Vendor Fix/Patch (Apple iOS Mobile Developer Team) 2016-04-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Apple Product: iOS 9.3.1 - Models (iPhone 6S & iPhone Plus) (3D Touch Only!) Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A passcode bypass vulnerability has been discovered in the official Apple iOS v9.3.1 for iPhone 6S & iPhone Plus models. The vulnerability allows local attackers to bypass the physical device protection mechanism of the iphone 6s and plus models. The 3d touch sendor with the apple display hardware allows to open the basic context menu and new options by low and intensiv push interaction. For example by pushing in the default mail app the messages another context menu for interaction becomes available. The new functions are only available for the apple products like iphone 6S and the iPhone Plus that do support the new hardware. The bug is located in the inner app @ link GET method requests of an installed application. Remote attacker can use siri to request an available runtime app of the task. The interaction is allowed without passcode. After that the attacker surfs over the for example facebook, twitter or yahoo app and search for `@[TAGS]`. The attacker clicks the add tag and holds the button. The new 3d touch sensor of the apple iphone 6s and plus models allows new interactions by processing to push hard the basic context menu becomes visible to the attacker. In the available context menu it is possible to choose to add another new contact. Basically the function is not allowed without passcode auth. Now the attacker click in the new contact the picture / avatar button. Now the screen of the image galler becomes available as library. In the next steps the local attacker with physical device access can request the contacts by usage of an email that is connected to an already existing contact in the list. The issue remember to a bug that was in the early 7.x release of iOS with the calender. In the calender was a yahoo link to the finance stream that allowed us to bypass the display protection of sim locked ios phones. The security risk of the passcode bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the passcode protection mechanism bypass vulnerability requires a low privileged ios device user account and no user interaction. Physical apple device access is required for successful exploitation. Successful exploitation of the vulnerability results in unauthorized device access, mobile apple device compromise and leak of sensitive device data like the address-book, photos, sms, mms, emails, phone app, mailbox, phone settings or access to other default/installed mobile apps. Vulnerable Module(s): [+] PassCode (Protection Mechanism) Affected Device(s): [+] iPhone (Models: 6S) [+] iPhone (Models: 6 Plus) Affected OS Version(s): [+] v9.2.1 & v9.3.1 Proof of Concept (PoC): ======================= The local passcode vulnerability can be exploited by local attackers with low privileged device user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Start the iPhone 6S or iPhone 6 Plus 2. Install for example the default yahoo, twitter or facebook application of the appstore 3. Start the application to the runtime task 4. Set a new passcode via Settings 5. Lock the mobile via power (shutdown) button 6. Open siri by pushing two seconds the home button or use the "hello siri" option 7. Ask siri to search via twitter, yahoo or facebook as slide preview 8. Surf through the feed since a @tag becomes visible or use the search in the preview 9. Push the @tag button - intensive push (6S or Plus) 10. Now the basic context menu becomes visible with new options 11. Choose to add a new contact 12. Open yet the pictures for adding to profile 13. Now, the attacker got already successful access to the photo album of the apple device without secure auth 14. Click to send a message and the mailbox will open without secure auth 14. Successful reproduce of the vulnerability Note: the same is also possible by adding an email to the already existing contact to access the addressbook of the apple device. Solution - Fix & Patch: ======================= The vulnerability can be temporarily patched by the end user via hardening of the device settings. Deactivate in the Settings menu the Siri module permanently. Deactivate in the next step the public control panel without passcode. Disallow siri to access picture information or the addressbook by usage of the privacy settings. Note: The version 9.3.1 is still vulnerable after the last update 2016-04-04. The bug was discovered during the analysis of an error issue with the 3D Touch module in the esec labs in germany. The bug was reported by mail to the apple product security team 2016-03-18. In the advisory VL ID 1778 (http://ift.tt/24LbmJG) we do explain provide another temp fix. As far as this solution is already implemented, the exploitation can't take place against your iOS Plus or 6S touch device. Security Risk: ============== The security risk of the local passcode bypass vulnerability in the iphone 6s and plus models are estimated as high. (CVSS 6.1) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (research@vulnerability-lab.com) [http://ift.tt/1TDrAB7.] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)