Update on Anonymous. The borrower's face has been blurred because he is 26 years old and lives in a high risk area. He has been farming corn for ...
from Google Alert - anonymous http://ift.tt/1SKnxgp
via IFTTT
Saturday, April 16, 2016
Function Handles Anonymous Functions Inline Functions
11.11 Function Handles, Anonymous Functions, Inline Functions. It can be very convenient store a function in a variable so that it can be passed to a ...
from Google Alert - anonymous http://ift.tt/1S21rKj
via IFTTT
from Google Alert - anonymous http://ift.tt/1S21rKj
via IFTTT
Anonymous Client
Anonymous Client. Browse Industry Partners. Involvement: Project Partners. Student Projects: Guardian · Hit the Spacebar · Mirage · Willow ...
from Google Alert - anonymous http://ift.tt/1S1UJEb
via IFTTT
from Google Alert - anonymous http://ift.tt/1S1UJEb
via IFTTT
Man leaves anonymous $1000 tip for college-bound waitress
GUN BARREL CITY, Texas (AP) — A customer eating alone at a Texas restaurant left a big surprise behind for an 18-year-old waitress — a $1,000 tip.
from Google Alert - anonymous http://ift.tt/1r3oMS2
via IFTTT
from Google Alert - anonymous http://ift.tt/1r3oMS2
via IFTTT
Viagra Anonymous
Viagra anonymous . No Prescription Needed. 100% Satisfaction! Cheap Prices. Bonus Pills with all Orders. Few days delivery.
from Google Alert - anonymous http://ift.tt/1QdVRyM
via IFTTT
from Google Alert - anonymous http://ift.tt/1QdVRyM
via IFTTT
[FD] Announcing NorthSec 2016 - Montreal, May 19-22
www.nsec.io - northsec.eventbrite.ca NorthSec 2016, one of the biggest applied security event in Canada, coming up in Montreal May 17-22, with 2 days of intense training sessions, followed by a 2-day technical conference and the largest 48h on-site CTF.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability
Abstract
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Mercury and Crescent Moon Set
Innermost planet Mercury and a thin crescent Moon are never found far from the Sun in planet Earth's skies. Taken near dusk on April 8, this colorful evening skyscape shows them both setting toward the western horizon just after the Sun. The broad Tagus River and city lights of Lisbon, Portugal run through the foreground under the serene twilight sky. Near perigee or closest approach to Earth, the Moon's bright, slender crescent represents about 3 percent of the lunar disk in sunlight. Of course as seen from the Moon, a nearly full Earth would light up the lunar night, and that strong perigee earthshine makes the rest of the lunar disk visible in this scene. Bright Mercury stays well above the western horizon at sunset for northern skywatchers in the coming days. The fleeting planet reaches maximum elongation, or angular distance from the Sun, on April 18. But Mercury will swing back toward the Sun and actually cross the solar disk on May 9, the first transit of Mercury since November 8, 2006. via NASA http://ift.tt/1SPzS3h
Friday, April 15, 2016
Handschrift Camphuysen
Handschrift Camphuysen (Anonymous). Add File. Add Sheet MusicAdd Your Own ... Composer, Anonymous. Movements/Sections, 36. Year/Date of ...
from Google Alert - anonymous http://ift.tt/1SgQenW
via IFTTT
from Google Alert - anonymous http://ift.tt/1SgQenW
via IFTTT
Orioles Video: Mark Trumbo launches two homers in the 9-run 7th inning of 11-5 comeback win over the Rangers (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
[FD] [ERPSCAN-16-002] SAP HANA - log injection and no size restriction
Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://SAP.com Bugs: Log injection Sent: 28.09.2015 Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP HANA Advisory ID: [ERPSCAN-16-002] Risk: Hight Advisory URL: http://ift.tt/1QnGU0c Date published: 12.01.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Log injection Impact: fraud log events, hiding actions on the system Remotely Exploitable: Yes Locally Exploitable: No CVSS Information CVSS Base Score: 5.0 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality None (N) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION A potential attacker can perform malicious calls of the debug functions of the SAP HANA Extended Application Services Classic (XS). 4. VULNERABLE PACKAGES SAP HANA 1.00.095.00.1429086950 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2241978 6. AUTHOR Mathieu Geli (ERPScan) 7. TECHNICAL DESCRIPTION Anonymous attacker can use a special HTTP request to inject logs in the xsengine trace file without size restriction.The vulnerability is triggered when the username sent to the /sap/hana/xs/debugger/grantAccess.xscfunc page is longer than 256 characters. 8. REPORT TIMELINE Sent: 28.09.2015 Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 9. REFERENCES http://ift.tt/1QnGU0c 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability
Application:SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP NetWeaver J2EE Engine 7.40 Advisory ID: [ERPSCAN-16-001] Risk: Hight Advisory URL: http://ift.tt/1lK4oBL Date published: 12.01.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Cross-Site Scripting, XSS [CWE-79] Impact: information disclosure, still anti-SCRF tokens Remotely Exploitable: Yes Locally Exploitable: No CVSS Information CVSS Base Score: 4.3 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range) Network (N) AC : Access Complexity (Required attack complexity) Medium (M) Au : Authentication (Level of authentication needed to exploit) None (N) C : Impact to Confidentiality None (N) I : Impact to Integrity Partial (P) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION Anonymous attacker can use a special HTTP request to hijack session data of administrators or users of the web resource. 4. VULNERABLE PACKAGES SAP NetWeaver J2EE Engine 7.40 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2206793 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION RWB can be abused by attackers allowing them to modify displayed application content without authorization and to potentially obtain authentication information from other legitimate users. 8. REPORT TIMELINE Sent: 01.09.2015 Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 9. REFERENCES http://ift.tt/1lK4oBL 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] PfSense Community Edition Multiple Vulnerabilities
( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. PfSense Community Edition Multiple Vulnerabilities Affected versions: PfSense Community Edition <= 2.2.6 PDF: http://ift.tt/1W3BtHF
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Re: [FD] end of useable crypto in browsers?
Am 2016-04-14 16:19, schrieb Reindl Harald: > Am 14.04.2016 um 00:54 schrieb Sebastian: >>> [...] >> >> That's true. But the keygen element is flawed by the known-broken CA >> system(*) and you can't build a secure house on a broken foundation. >> You >> could check whether the certificate for your site is issued by your >> CA, >> but if the can issue certificates they could simply attack your >> browsers >> updater. Our only hope for truly secure communication are tools like >> pgp >> combined with anonymity through for example TOR or freenet (not the >> ISP) > > how do you come to the conclusion that you need any 3rd party CA for a > client certificate which you accept on your server? I don't. But even if you roll your own CA, you'll have a hard time avoiding someone with a wildcard CA (updater, every other page you open, ...). Also, to use
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Re: [FD] end of useable crypto in browsers?
Am 14.04.2016 um 00:54 schrieb Sebastian: >> The browser developers have just decided that the trust relationship >> architecture of the virtual world will be driven by the copyright >> dinosaurs from now on, by pulling off platform support from under those >> who were experimenting with building meaningful trust models with the >> admittedly few tools we already had. >> [...] >> The sociological and political fabric of society fundamentally depends >> on our communication abilities. The future of our communication >> abilities in turn depends on the communication platforms and the trust >> relation models they support. > > That's true. But the keygen element is flawed by the known-broken CA > system(*) and you can't build a secure house on a broken foundation. You > could check whether the certificate for your site is issued by your CA, > but if the can issue certificates they could simply attack your browsers > updater. Our only hope for truly secure communication are tools like pgp > combined with anonymity through for example TOR or freenet (not the ISP) how do you come to the conclusion that you need any 3rd party CA for a client certificate which you accept on your server?
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Canadian Police obtained Master Key to Crack BlackBerry Messenger Encryption
BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010. The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010,
from The Hacker News http://ift.tt/1Yxbmrx
via IFTTT
from The Hacker News http://ift.tt/1Yxbmrx
via IFTTT
Report: Nothing useful found on San Bernardino Shooter's iPhone
The San Bernardino terrorist's iPhone that the Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) said was critical in their investigation has absolutely nothing useful on it, at least so far. Yes, the same iPhone that was subject of so much attention from the past few months. Here's a brief look at what happened in recent months over the iPhone: The DoJ and
from The Hacker News http://ift.tt/1qYcDxI
via IFTTT
from The Hacker News http://ift.tt/1qYcDxI
via IFTTT
ISS Daily Summary Report – 04/14/16
Cell Mechanosensing 3 (CMS-3) Operations: The crew successfully initiated and completed another microscope observation setting for CMS-3, after repositioning the thermal sample container to allow enough lighting through the microscope for imaging. The investigation identifies gravity sensors in skeletal muscle cells to develop countermeasures to muscle atrophy. Scientists believe that the lack of mechanical stress from gravity causes tension fluctuations in the plasma membrane of skeletal muscle cells which changes the expression of key proteins and genes and allows muscles to atrophy. Ocular Health (OH) Optical Coherence Tomography (OCT) and Fundoscope Exams: The crew configured the OCT hardware and software and conducted eye exams using the OCT laptop. The Fundoscope was set up and operator assistance and remote guidance from ground teams were available. The Ocular Health investigation gathers data on crew members’ visual health during and after long-duration space station missions. Tests monitor microgravity-induced visual impairment as well as changes believed to arise from elevated intracranial pressure to characterize how living in microgravity can affect the visual, vascular and central nervous systems. The investigation also measures how long it takes for crew members to return to normal after they return to Earth. Sprint Ultrasound 2 Operations: The crew set up the VCA2 camcorder and SD video, configured the Ultrasound 2 software, placed reference marks on subject’s right thigh and calf, donned the Sprint thigh and calf guides, and performed scans with guidance from the Sprint ground team. Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Bone Densitometer Calibration: In preparation for upcoming Bone Densitometer operations, the crew reviewed training material and performed two field calibration tests to ensure that measurement results from the tests are accurate. Densitometry measures the mass per unit volume (density) of minerals in bone. Quantitative measures of bone loss in mice during orbital space flight are necessary for the development of countermeasures for human crew members as well as for bone-loss syndromes on Earth by commercial entities. Planned studies, both academic and commercial, require on-orbit analytical methods including bone densitometry. Fine Motor Skills: Two crew members completed a session of the Fine Motor Skills experiment this morning by performing a series of interactive tasks on a touchscreen tablet. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. Dose Tracker: The crew configure the Dose Tracker app and completed entries for medication tracking on an iPad. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Compound Specific Analyzer (CPA) Combustion Products (CP) Checkout: The crew checked out four newly resupplied CSA-CPs delivered on OA-6 including verification there was no sensor contamination. He then zero calibrated four monitors and deactivated all units. Following the checkout, deploy of two CSA-CPs in Node 1 (N1) and the Service Module (SM) was completed. Mobile Servicing System (MSS) Operations: Yesterday afternoon, Robotics Ground Controllers powered up the Mobile Servicing System (MSS) and maneuvered the Space Station Remote Manipulator System (SSRMS) to position it and the Special Purpose Dexterous Manipulator (SPDM) to survey the Port Functional Cargo Block (FGB) Solar Array from four different positions. After completing the survey, controllers maneuvered the SSRMS to a park position. Today’s Planned Activities All activities were completed unless otherwise noted. EarthKAM. Camera Battery Swap Eye Imaging (Ocular Health), OCT Setup Eye Imaging (Ocular Health), OCT Exam (Subject) Soyuz 719 GoPro HERO3 camcorder battery charge, initiate Eye Imaging (Ocular Health), OCT Exam (Operator) Maintenance Activation of Spare Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] USND2 Hardware Activation Multi Omics (MO) Hardware Setup Data Transmission Radio (РСПИ) – Onboard Memory Device (БЗУ) r/g 1927 Maintenance activation of Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] URAGAN. Observation and photography using Photo Equipment / r/g 1951 FINEMOTR Photo Documentation FINEMOTR Experiment Ops SPRINT Ultrasound Scan Operations SPHERES Disconnect the USB from the SSC and stow Photography of Soyuz landing sites / r/g 1953 Bone Densitometer (BD) Review of training material CONSTANTA-2. Preparation and Execution 4 r/g 1952 KUBIK warm temperature check for the SPHEROIDS experiment US LAB (USL) Hardware Setup Bone Densitometer (BD) hardware calibration Universal Battery Charger (UBC) Hardware Installation and Checkout BIOCARD. Experiment Ops. r/g 1907 BIOCARD. Operator Assistance During the Experiment / r/g 1907 Bone Densitometer (BD) hardware calibration Soyuz 719 GoPro HERO3 camcorder battery charge, terminate ESA Weekly Crew Conference ЦВМ (=А3) Replacement Preparation Ops r/g 1928 PLR/GLCR Sample Transfer to Glove Box СОЖ Maintenance On MCC GO Demate ЦВМ telemetry connector / r/g 1928 RunSocial Update for iPad ЦВМ (=А3) Replacement r/g 1928 RunSocial Update for iPad PAO Hardware Setup Prep for БД-2 Maintenance r/g 1954 Crew Prep for PAO PAO Event On MCC GO Mate ЦВМ telemetry connector / r/g 1928 ЦВМ (=А3) Replacement Closeout Ops / r/g 1928 USND2 Hardware Deactivation Eye Imaging (Ocular Health), OCT Exam (Operator) Eye Imaging (Ocular Health), OCT Exam (Subject) OTKLIK. Hardware Monitoring / r/g 1588 CMS3 Sample Retrieval from MELFI EarthKAM. Camera Battery Swap CMS3 Sample retrieval from CBEF IU and setting them in Thermal Container Photography of the back side of SM interior panels / r/g 1931 ABOUT GAGARIN FROM SPACE. Hardware deactivation / r/g 1914 Node 3, Checkout of Aft Hatch to Unlatch Hardstop INTER-MAI-75. Hardware Setup and HAM Radio Activation r/g 1955 DOSETRK Survey Questionnaire Completion […]
from ISS On-Orbit Status Report http://ift.tt/1W2KUaj
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1W2KUaj
via IFTTT
Shopaholics Anonymous Unite
Michigan Avenue: Shopaholics Anonymous Unite - See 6319 traveler reviews, 693 candid photos, and great deals for Chicago, IL, at TripAdvisor.
from Google Alert - anonymous http://ift.tt/1p3wNEL
via IFTTT
from Google Alert - anonymous http://ift.tt/1p3wNEL
via IFTTT
Full Venus and Crescent Moon Rise
Inner planet Venus and a thin crescent Moon are never found far from the Sun in planet Earth's skies. Taken near dawn on April 6, this timelapse composite shows them both rising just before the Sun. The mountaintop Teide Observatory domes on the fortunate island of Tenerife appear in silhouette against the twilight. In fact, the series of telephoto exposures follows the occultation of Venus by the Moon in three frames. Far from Earth in its orbit and in a nearly full phase, Venus was 96 percent illuminated. Near perigee or closest approach to Earth, the Moon's slender crescent represents about 2 percent of the lunar disk in sunlight. Seen in the first two exposures, the brilliant morning star only vanishes in the third as it winks out behind the bright lunar limb. Five minutes of the dramatic occultation at dawn is compressed into 15 seconds in this timelapse video (vimeo). via NASA http://ift.tt/1Q9tq54
Thursday, April 14, 2016
Email verification for anonymous failed
it end up to a page 404 with the message of The resource requested could not be found on this server!
from Google Alert - anonymous http://ift.tt/1qtjbU4
via IFTTT
from Google Alert - anonymous http://ift.tt/1qtjbU4
via IFTTT
2016 Schedule Released: Ravens open season Sept. 11 vs. Bills; key games Nov. 6 vs. Steelers, Dec. 12 MNF at Patriots (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Visual Storytelling. (arXiv:1604.03968v1 [cs.CL])
We introduce the first dataset for sequential vision-to-language, and explore how this data may be used for the task of visual storytelling. The first release of this dataset, SIND v.1, includes 81,743 unique photos in 20,211 sequences, aligned to both descriptive (caption) and story language. We establish several strong baselines for the storytelling task, and motivate an automatic metric to benchmark progress. Modelling concrete description as well as figurative and social language, as provided in this dataset and the storytelling task, has the potential to move artificial intelligence from basic understandings of typical visual scenes towards more and more human-like understanding of grounded event structure and subjective expression.
from cs.AI updates on arXiv.org http://ift.tt/1NrrcOL
via IFTTT
A General Framework for Describing Creative Agents. (arXiv:1604.04096v1 [cs.AI])
Computational creativity is a subfield of AI focused on developing and studying creative systems. Few academic studies analysing the behaviour of creative agents from a theoretical viewpoint have been proposed. The proposed frameworks are vague and hard to exploit; moreover, such works are focused on a notion of creativity tailored for humans.
In this paper we introduce General Creativity, which extends that traditional notion. General Creativity provides the basis for a formalised theoretical framework, that allows one to univocally describe any creative agent, and their behaviour within societies of creative systems. Given the growing number of AI creative systems developed over recent years, it is of fundamental importance to understand how they could influence each other as well as how to gauge their impact on human society. In particular, in this paper we exploit the proposed framework for (i) identifying different forms of creativity; (ii) describing some typical creative agents behaviour, and (iii) analysing the dynamics of societies in which both human and non-human creative systems coexist.
from cs.AI updates on arXiv.org http://ift.tt/1V5hxoM
via IFTTT
An Improved Discrete Bat Algorithm for Symmetric and Asymmetric Traveling Salesman Problems. (arXiv:1604.04138v1 [cs.NE])
Bat algorithm is a population metaheuristic proposed in 2010 which is based on the echolocation or bio-sonar characteristics of microbats. Since its first implementation, the bat algorithm has been used in a wide range of fields. In this paper, we present a discrete version of the bat algorithm to solve the well-known symmetric and asymmetric traveling salesman problems. In addition, we propose an improvement in the basic structure of the classic bat algorithm. To prove that our proposal is a promising approximation method, we have compared its performance in 37 instances with the results obtained by five different techniques: evolutionary simulated annealing, genetic algorithm, an island based distributed genetic algorithm, a discrete firefly algorithm and an imperialist competitive algorithm. In order to obtain fair and rigorous comparisons, we have conducted three different statistical tests along the paper: the Student's $t$-test, the Holm's test, and the Friedman test. We have also compared the convergence behaviour shown by our proposal with the ones shown by the evolutionary simulated annealing, and the discrete firefly algorithm. The experimentation carried out in this study has shown that the presented improved bat algorithm outperforms significantly all the other alternatives in most of the cases.
from cs.AI updates on arXiv.org http://ift.tt/1NrrbKA
via IFTTT
A Discrete Firefly Algorithm to Solve a Rich Vehicle Routing Problem Modelling a Newspaper Distribution System with Recycling Policy. (arXiv:1604.04146v1 [cs.NE])
A real-world newspaper distribution problem with recycling policy is tackled in this work. In order to meet all the complex restrictions contained in such a problem, it has been modeled as a rich vehicle routing problem, which can be more specifically considered as an asymmetric and clustered vehicle routing problem with simultaneous pickup and deliveries, variable costs and forbidden paths (AC-VRP-SPDVCFP). This is the first study of such a problem in the literature. For this reason, a benchmark composed by 15 instances has been also proposed. In the design of this benchmark, real geographical positions have been used, located in the province of Bizkaia, Spain. For the proper treatment of this AC-VRP-SPDVCFP, a discrete firefly algorithm (DFA) has been developed. This application is the first application of the firefly algorithm to any rich vehicle routing problem. To prove that the proposed DFA is a promising technique, its performance has been compared with two other well-known techniques: an evolutionary algorithm and an evolutionary simulated annealing. Our results have shown that the DFA has outperformed these two classic meta-heuristics.
from cs.AI updates on arXiv.org http://ift.tt/1V5hxoI
via IFTTT
A Deterministic Annealing Approach to the Multiple Traveling Salesmen and Related Problems. (arXiv:1604.04169v1 [math.OC])
This paper presents a novel and efficient heuristic framework for approximating the solutions to the multiple traveling salesmen problem (m-TSP) and other variants on the TSP. The approach adopted in this paper is an extension of the Maximum-Entropy-Principle (MEP) and the Deterministic Annealing (DA) algorithm. The framework is presented as a general tool that can be suitably adapted to a number of variants on the basic TSP. Additionally, unlike most other heuristics for the TSP, the framework presented in this paper is independent of the edges defined between any two pairs of nodes. This makes the algorithm particularly suited for variants such as the close-enough traveling salesman problem (CETSP) which are challenging due to added computational complexity. The examples presented in this paper illustrate the effectiveness of this new framework for use in TSP and many variants thereof.
from cs.AI updates on arXiv.org http://ift.tt/1NrrcOz
via IFTTT
Harnessing Deep Neural Networks with Logic Rules. (arXiv:1603.06318v2 [cs.LG] UPDATED)
Combining deep neural networks with structured logic rules is desirable to harness flexibility and reduce unpredictability of the neural models. We propose a general framework capable of enhancing various types of neural networks (e.g., CNNs and RNNs) with declarative first-order logic rules. Specifically, we develop an iterative distillation method that transfers the structured information of logic rules into the weights of neural networks. We deploy the framework on a CNN for sentiment analysis, and an RNN for named entity recognition. With a few highly intuitive rules, we obtain substantial improvements and achieve state-of-the-art or comparable results to previous best-performing systems.
from cs.AI updates on arXiv.org http://ift.tt/1pwfpJk
via IFTTT
Microsoft Sues US Govt Over Unconstitutional Secret Data Requests
Microsoft is suing the Department of Justice (DoJ) to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act (ECPA) allows the government to issue gag orders saying that the people or companies involved in a legal case cannot talk about the case or
from The Hacker News http://ift.tt/1Qad3oW
via IFTTT
from The Hacker News http://ift.tt/1Qad3oW
via IFTTT
Mysterious Italian novelist could become first-ever anonymous Booker winner
ROME (Reuters) – For the first time, the Man Booker International prize could go to an anonymous writer this year, if a story of lifelong friendship in ...
from Google Alert - anonymous http://ift.tt/1ScRFnj
via IFTTT
from Google Alert - anonymous http://ift.tt/1ScRFnj
via IFTTT
activate question from anonymous user default status pending
hello, i from argentina, speak spanish. my english is not very good! ajajja. I need that questions are in pending mode (anonymous users), they are not ...
from Google Alert - anonymous http://ift.tt/23yJ1Iq
via IFTTT
from Google Alert - anonymous http://ift.tt/23yJ1Iq
via IFTTT
Anti-Encryption Bill Released, would Kill your Privacy and Security
The United States anti-encryption bill will kill your Privacy. In the wake of the Apple vs. FBI case, two leading Intelligence Committee Senators have introduced an anti-encryption bill that would effectively ban strong encryption. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released the official version of their bill today in response to concerns that criminals and
from The Hacker News http://ift.tt/1Q9QyQY
via IFTTT
from The Hacker News http://ift.tt/1Q9QyQY
via IFTTT
Re: [FD] end of useable crypto in browsers?
Hey, > The browser developers have just decided that the trust relationship > architecture of the virtual world will be driven by the copyright > dinosaurs from now on, by pulling off platform support from under > those > who were experimenting with building meaningful trust models with the > admittedly few tools we already had. > [...] > The sociological and political fabric of society fundamentally depends > on our communication abilities. The future of our communication > abilities in turn depends on the communication platforms and the trust > relation models they support. That's true. But the keygen element is flawed by the known-broken CA system(*) and you can't build a secure house on a broken foundation. You could check whether the certificate for your site is issued by your CA, but if the can issue certificates they could simply attack your browsers updater. Our only hope for truly secure communication are tools like pgp combined with anonymity through for example TOR or freenet (not the ISP). (*) I'm not gonna expand on this since there's a lot about this already out there. >> a) support from at least a major browser. If the other "cool kids" >> don't do it, good luck getting this through. > > I doubt Microsoft will drop its ActiveX based key management support in > the browser. True, but this won't save
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Journalist Matthew Keys gets 2-Year Prison term for helping Anonymous Hackers
Former Reuters journalist Matthew Keys, who was convicted last year of helping the Anonymous group of hackers, has been sentenced to 24 months in prison for computer hacking charges. Keys was found guilty last year in October of giving Anonymous login credentials that allowed the group to deface the Los Angeles Times, a Tribune Media-owned newspaper, back in 2013. After leaving the job
from The Hacker News http://ift.tt/1S9slMN
via IFTTT
from The Hacker News http://ift.tt/1S9slMN
via IFTTT
Re: [FD] end of useable crypto in browsers?
On 04/13/2016 05:09 PM, Sebastian wrote: > Hey, > >> This is not a security vulnerability in itself, "just" a trend >> undermining the trust architecture of the whole internet :) >> [...] >> Any ideas on how to make them understand the scale of the doom we are >> facing right now? > > to put it simply: No. > > The real problem is that no one is using it. Yes, it is pretty secure, > but its too much trouble for most users (try to log in from your > phone) and also a baseless PITA for most server operators. It's also > not good for business (you need to be able to restore the certificate > easily, have multiple devices, all your servers need https ...). To > make matters worse many browser don't even bother supporting it > (looking at you, internet explorer^W^Wedge). No doubt keygen have its problems. But there should be a bit more reason for entirely removing a technology which is needed than "it is not mature enough yet". One reason that the whole symmetric crypto technology could not mature because getting key deployment right is not a straightforward task (fscked up trust relationship did not help either, but that is an issue which we can work around. With smart key management. Oh, wait...) . And keygen was the easiest and most cross-platform way for key deployment. Now we have window.crypto, which is nice and all, but it misses the basics: no real support for key management. > > To be fully honest, I'd prefer to keep it. Yes, browser support is bad > and hardly anyone uses it, but it doesn't hurt anyone and at least > there are/were some users (i.e. StartSSL). But to truly convince them, > you'd probably need > a) support from at least a major browser. If the other "cool kids" > don't do it, good luck getting this through. I doubt Microsoft will drop its ActiveX based key management support in the browser. So there will be one player who does not pull the feature. I never thought I will depend on Microsoft for anything... > b) an example of the "doom" we're facing, because neither them nor me > sees it. The web would hardly be less secure, same as if we'd drop > SQRL: Yes, it's pretty secure as far as I can tell, but who is using > it and would therefore be less secure anyway? The Doom: The browser developers have just decided that the trust relationship architecture of the virtual world will be driven by the copyright dinosaurs from now on, by pulling off platform support from under those who were experimenting with building meaningful trust models with the admittedly few tools we already had. I do understand that I will shortly refer to soft and future things, and use big words. However I not just mean it, but also able to reason it right from the basics of communication theory: The sociological and political fabric of society fundamentally depends on our communication abilities(*). The future of our communication abilities in turn depends on the communication platforms and the trust relation models they support. And that not necessarily need to be facebook and browsers with cryptographic support just enough to deny you access to content you actually bought. (*) See Elon Musk's reasoning when he was asked about future Martian politics for an easily understandable pitch on the topic. And look up Dunbar's number and Condorcet. Who uses it: There are some well established services. Cacert.org uses keygen (and ActiveX for Microsoft browsers). Just like a host of "old school" CAs. I am for one developing a community service, which aims to be the link between IRL and virtual personality, by providing anonimity while making sure that one person can have only one account. One of the features of the platform is ssl authentication with in situ generated keys. My plan was to drive this further to provide a CA, building on the already existing assurance programme behind the platform. And others also experiment with ways to transcend the X509 trust model. There are a lot of works out there developing a) special purpose tools using cryptography, and b) tools using the browser as UI platform, both related to privacy, social and political collaboration and similar purposes. This split is because a browser without plugins is b) the only meaningful way to reach broader user population and a) does not provide the necessary cryptographic primitives. This is a very tough and honestly totally unnecessary design decision. With window.crypto, we at last have the primitives, minus the key management ones. But their infrastructure already exist in the browsers behind
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Re: [FD] end of useable crypto in browsers?
Hey, > This is not a security vulnerability in itself, "just" a trend > undermining the trust architecture of the whole internet :) > [...] > Any ideas on how to make them understand the scale of the doom we are > facing right now? to put it simply: No. The real problem is that no one is using it. Yes, it is pretty secure, but its too much trouble for most users (try to log in from your phone) and also a baseless PITA for most server operators. It's also not good for business (you need to be able to restore the certificate easily, have multiple devices, all your servers need https ...). To make matters worse many browser don't even bother supporting it (looking at you, internet explorer^W^Wedge). To be fully honest, I'd prefer to keep it. Yes, browser support is bad and hardly anyone uses it, but it doesn't hurt anyone and at least there are/were some users (i.e. StartSSL). But to truly convince them, you'd probably need a) support from at least a major browser. If the other "cool kids" don't do it, good luck getting this through. b) an example of the "doom" we're facing, because neither them nor me sees it. The web would hardly be less secure, same as if we'd drop SQRL: Yes, it's pretty secure as far as I can tell, but who is using it and would therefore be less secure anyway? Here's a related discussion: http://ift.tt/1S9u2Kd . Greetings, Sebastian Am 2016-04-09 11:34, schrieb Árpád Magosányi: > Hi, > > This is not a security vulnerability in itself, "just" a trend > undermining the trust architecture of the whole internet :) > > I think it is very important, and wonder why I don't see any discussion > of it. If this is not the right forum to discuss it, please direct me > to > the right place. > > The problem is: > > Browser developers are dropping support for X509 key generation. > Yes,
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Re: [FD] end of useable crypto in browsers?
On Sat, Apr 09, 2016 at 11:34:26AM +0200, Árpád Magosányi wrote: > Browser developers are dropping support for X509 key generation. > Yes,
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] DAVOSET v.1.2.8
Hello participants of Mailing List. After making public release of DAVOSET (http://ift.tt/1fhJX6H), I've made next update of the software. At 26th of March DAVOSET v.1.2.8 was released - DDoS attacks via other sites execution tool (http://ift.tt/1mQ7xNp). Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I GitHub: http://ift.tt/1H884q7 Download DAVOSET v.1.2.8: http://ift.tt/1S9u2K6 In new version there was added support of XXE vulnerability in EMC Cloud Tiering Appliance. Also there were added new services into full list of zombies. And removed non-working services from full list of zombies. In total there are 160 zombie-services in the list. Best wishes & regards, MustLive Administrator of Websecurity web site http://ift.tt/1H884q9
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
ISS Daily Summary Report – 04/13/16
SPHEROIDS De-installation: Following yesterday’s completion of the 2-day SPHEROIDS experiment run, Peake de-installed the SPHEROIDS experiment containers from Kubik 5 and transferred the containers into Minus Eight-degree Freezer for ISS (MELFI). The SPHEROIDS experiment investigates the effects of microgravity on endothelial cell function with respect to blood vessel formation, cellular proliferation, and programmed cell death. Results could help in the development of potential countermeasures to prevent cardiovascular deconditioning in astronauts and improve knowledge of endothelial functions on Earth. Rodent Research-3 (RR-3) Transporter Stow: Following yesterday’s successful rodent transfer from Dragon to the ISS, Skripochka reviewed the Transporter Stow procedure before inspecting and powering down the Access Unit and stowing the Transporter in the LAB. Elevated temperatures were reported for Habitats 1 and 3 but not high enough to warrant action by the crew. After the ground support team shut down the internal lights and cameras in order to reduce the heat load, the temperatures stabilized and the status will be monitored overnight. RR-3 is a Joint USOS Russian Experiment performed with both USOS and Russian crew members. RR-3 studies molecular and physical changes to the musculoskeletal system that happen in space. Results will expand scientists’ understanding of muscle atrophy and bone loss in space while testing an antibody that has been known to prevent muscle wasting in mice on Earth. Cell Mechanosensing 3 (CMS-3) Microscope Observation: Williams removed two Measurement Experiment Culture Chambers from the Cell Biology Experiment Facility (CBEF) Incubator Unit (IU) and installed them into the microscope stage for observation by the ground. The camera system experienced a fault and stopped sending video to the ground. Ground teams are troubleshooting overnight. The first setting successfully was completed yesterday. CMS-3 is a JAXA investigation that identifies gravity sensors in skeletal muscle cells to develop countermeasures to muscle atrophy. Scientists believe that the lack of mechanical stress from gravity causes tension fluctuations in the plasma membrane of skeletal muscle cells which changes the expression of key proteins and genes and allows muscles to atrophy. Ocular Health Tonometry Exam and Operations: With operator assistance and remote guidance from the Ocular Health ground team, Kopra and Peake conducted vision tests, blood pressure measurements, and practiced using a Tonometer on an eye simulator before conducting a Tonometry exam. A vision questionnaire was completed by both crewmembers following the exam. The Ocular Health investigation gathers data on crew members’ visual health during and after long-duration space station missions. Tests monitor microgravity-induced visual impairment, as well as changes believed to arise from elevated intracranial pressure, to characterize how living in microgravity can affect the visual, vascular and central nervous systems. The investigation also measures how long it takes for crew members to return to normal after they return to Earth. Education Payload Operations (EPO): Peake completed three European Space Agency (ESA) EPO activities: Destination Space, AstroPi, and BioRock. He supported Destination Space, by recording messages aimed at younger children, which will be used in shows and demonstrations at 20 science and discovery centers around the United Kingdom. Next, he performed a data transfer for AstroPi which ran programs written by winners of a student competitions and collected data from sensors (i.e., inertial movement, barometric pressure, relative humidity and temperature). He recorded a message and conducted a demonstration for the BioRock activity to show how bacteria grows on surfaces in space. EPO includes curriculum-based educational activities that demonstrate basic principles of science, mathematics, technology, engineering and geography. These activities are videotaped and used in classroom lectures. EPO is designed to support the NASA mission to inspire the next generation of explorers. NanoRack Module 9: Peake began the second of two NanoRack Module 9 experiment sessions scheduled this week. He activated, deactivated, and shook the mixture tubes to facilitate the experiment. Module-9 is a collection of student research projects utilizing the NanoRacks mix sticks. Student teams from across the United States design their own experiments using flight approved fluids and materials. The investigation consists of several science experiments flown in a NanoRacks Module on board the ISS. NanoRacks Module-51: Williams initiated the NanoRack Module-51 Luciferase (Firefly Light) experiment in a dark-room setting and recorded the bioluminescent reaction in a mixture tube. The reaction was captured twice. Luciferase (Firefly Light) is one of four NanoRacks Module-51 sub-investigations that study antibiotic use to inhibit Staphylococcus aureus bacteria; the rate at which yeast decomposes organic matter; whether steroid-enhanced plants could grow better in space than on Earth; and whether an enzyme derived from fireflies can cause bioluminescence in microgravity. Gecko Gripper Setup and Operations 2: Williams performed the Gecko Gripper Force Gauge set up and data point collection. Live HD Camcorder video was used during the experiment to document crew operations. The investigation tests a gecko-adhesive gripping device that can stick on command in the harsh environment of space. The technology promises to enable many new capabilities, including robotic crawlers that could walk along spacecraft exteriors; grippers that use a touch-to-stick method to catch and release objects; and sensor mounts that can work on any surface and be reused multiple times. Sprint Ultrasound 2 Operations: Williams assisted Kopra with the VCA2 camcorder and SD video setup, configured the Ultrasound 2 software, placed reference marks on the thigh and calf of Kopra’s right leg, donned the Sprint Thigh and Calf Guides, and performed thigh and calf scans with guidance from the Sprint ground team. Ultrasound scans are used to evaluate spaceflight-induced changes in the muscle volume. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Dose Tracker: Williams and Kopra configured the Dose Tracker application and completed entries for medication tracking on an iPad. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal […]
from ISS On-Orbit Status Report http://ift.tt/1YvaW53
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1YvaW53
via IFTTT
[FD] Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability
Document Title: =============== Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://ift.tt/1Vnj3CE Release Date: ============= 2016-04-14 Vulnerability Laboratory ID (VL-ID): ==================================== 1821 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== django CMS is a modern web publishing platform built with Django, the web application framework for perfectionists with deadlines. django CMS offers out-of-the-box support for the common features you’d expect from a CMS, but can also be easily customised and extended by developers to create a site that is tailored to their precise needs. (Copy of the Homepage: http://ift.tt/1S9iSVL ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered an application-side vulnerability in the Django v3.2.3 Content Management System. Vulnerability Disclosure Timeline: ================================== 2016-04-14: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Divio AG Product: Django Framework - Content Management System 3.2.3 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation web vulnerability has been discovered in the official Django v3.2.3 Content Management System. The security vulnerability allows remote attackers or privileged user accounts to inject own malicious script codes to the application-side of the vulnerable modules web context. The vulnerability has been located in the `people-group-name-1 cms-render-model (people-group-detail)` value of the `/en/footer/people/group/slat/` module POST method request. Remote attackers are able to inject own malicious script code to the group name input to provoke a persistent execution. The injection point is the group add module and the execution point is the `./people/group/slat/` path. The attacker vector of the vulnerability is persistent and request method to inject is POST. The filter validation of the group input disallows the usage of iframes or script code tags. The img tag with source and onload alert (document.cookie / document.domain) allows to bypass the filter validation of the django cms. To inject a splitted char inject is required. The second tag executes the context and bypasses the filter validation of the cms. The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Module(s): [+] Groups (Add) Vulnerable Parameter(s): [+] people-group-name-1 - cms-render-model (people-group-detail) Affected Module(s): [+] Group List Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers and privileged user accounts with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Payload(s) ">"%20"="">![]()
<
">"%20"="">![]()
<
PoC: Source (people-group-name-1 cms-render-model)
Status: 302[FOUND] POST http://ift.tt/1VnsmCt Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[django.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] DNT[1] Referer[http://ift.tt/1VnsmCt] Cookie[csrftoken=xIKUpMGlX73Z2iwSz4VRTnGh729DwxZI; sessionid=mjq2j02vc7fgp5l50qd3bgdyzjlx2io6; django_language=en] Connection[keep-alive] POST-Daten: POST_DATA
Source: Gmail -> IFTTT-> Blogger
"><[PERSISTENT INJECTED SCRIPT CODE!!!])<</div>
Source: Gmail -> IFTTT-> Blogger
I have a new follower on Twitter
BOCA HOY
Seguí la mejor actualidad de #Boca! #BocaHoy #0Descensos #UnicoGrande https://t.co/HAquU0OqLv
Following: 2640 - Followers: 3399
April 14, 2016 at 04:02AM via Twitter http://twitter.com/BocaHoycom
Orion in Red and Blue
When did Orion become so flashy? This colorful rendition of part of the constellation of Orion comes from red light emitted by hydrogen and sulfur (SII), and blue-green light emitted by oxygen (OIII). Hues on the featured image were then digitally reassigned to be indicative of their elemental origins -- but also striking to the human eye. The breathtaking composite was painstakingly composed from hundreds of images which took nearly 200 hours to collect. Pictured, Barnard's Loop, across the image bottom, appears to cradle interstellar constructs including the intricate Orion Nebula seen just right of center. The Flame Nebula can also be quickly located, but it takes a careful eye to identify the slight indentation of the dark Horsehead Nebula. As to Orion's flashiness -- a leading explanation for the origin of Barnard's Loop is a supernova blast that occurred about two million years ago. via NASA http://ift.tt/1qoEpma
Wednesday, April 13, 2016
Orioles Video: Chris Davis drills a 3-0 pitch over the Green Monster to give Baltimore the lead (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Strategyproof Peer Selection. (arXiv:1604.03632v1 [cs.GT])
Peer review, evaluation, and selection is the foundation on which modern science is built. Funding bodies the world over employ experts to study and select the best proposals of those submitted for funding. The problem of peer selection, however, is much more universal: a professional society may want give a subset of its members awards based on the opinions of all the members; an instructor for a MOOC or online course may want to crowdsource grading; or a marketing company may select ideas from group brainstorming sessions based on peer evaluation. We make three fundamental contributions to the study of procedures or mechanisms for peer selection, a specific type of group decision making problem studied in computer science, economics, political science, and beyond. First, we detail a novel mechanism that is strategyproof, i.e., agents cannot benefit themselves by reporting insincere valuations, in addition to other desirable normative properties. Second, we demonstrate the effectiveness of our mechanism through a comprehensive simulation based comparison of our mechanism with a suite of mechanisms found in the computer science and economics literature. Finally, our mechanism employs a randomized rounding technique that is of independent interest, as it can be used as a randomized method to addresses the ubiquitous apportionment problem that arises in various settings where discrete resources such as parliamentary representation slots need to be divided fairly.
from cs.AI updates on arXiv.org http://ift.tt/23w581X
via IFTTT
A Discrete and Bounded Envy-Free Cake Cutting Protocol for Any Number of Agents. (arXiv:1604.03655v1 [cs.DS])
We consider the well-studied cake cutting problem in which the goal is to find an envy-free allocation based on queries from the agents. The problem has received attention in computer science, mathematics, and economics. It has been a major open problem whether there exists a bounded and discrete envy-free protocol. We resolve the problem by proposing a discrete and bounded envy-free protocol for any number of agents.
from cs.AI updates on arXiv.org http://ift.tt/1Q85mzr
via IFTTT
Learning Interactive Affordance for Human-Robot Interaction. (arXiv:1604.03692v1 [cs.RO])
In this paper, we present an approach for robot learning of affordance from human activity videos. We consider the problem particularly in the context of human-robot interaction: Our approach learns structural representations of human-human (and human-object-human) interactions, describing how body-parts of each agent move with respect to each other and what spatial relations they should maintain to complete each sub-event (i.e., sub-goal). This enables the robot to infer its own movement in reaction to the human body motion, allowing it to naturally replicate such interactions.
We introduce the representation of interactive affordance and propose a generative model for its weakly supervised learning from human demonstration videos. Our approach discovers critical steps (i.e., latent sub-events) in an interaction and the typical motion associated with them, learning what body-parts should be involved and how. The experimental results demonstrate that our Markov Chain Monte Carlo (MCMC) based learning algorithm automatically discovers semantically meaningful interactive affordance from RGB-D videos, which allows us to generate appropriate full body motion for an agent.
from cs.AI updates on arXiv.org http://ift.tt/23w57Ly
via IFTTT
HordeQBF: A Modular and Massively Parallel QBF Solver. (arXiv:1604.03793v1 [cs.LO])
The recently developed massively parallel satisfiability (SAT) solver HordeSAT was designed in a modular way to allow the integration of any sequential CDCL-based SAT solver in its core. We integrated the QCDCL-based quantified Boolean formula (QBF) solver DepQBF in HordeSAT to obtain a massively parallel QBF solver---HordeQBF. In this paper we describe the details of this integration and report on results of the experimental evaluation of HordeQBF's performance. HordeQBF achieves superlinear average and median speedup on the hard application instances of the 2014 QBF Gallery.
from cs.AI updates on arXiv.org http://ift.tt/1Q85jDZ
via IFTTT
Hierarchical Compound Poisson Factorization. (arXiv:1604.03853v1 [cs.LG])
Non-negative matrix factorization models based on a hierarchical Gamma-Poisson structure capture user and item behavior effectively in extremely sparse data sets, making them the ideal choice for collaborative filtering applications. Hierarchical Poisson factorization (HPF) in particular has proved successful for scalable recommendation systems with extreme sparsity. HPF, however, suffers from a tight coupling of sparsity model (absence of a rating) and response model (the value of the rating), which limits the expressiveness of the latter. Here, we introduce hierarchical compound Poisson factorization (HCPF) that has the favorable Gamma-Poisson structure and scalability of HPF to high-dimensional extremely sparse matrices. More importantly, HCPF decouples the sparsity model from the response model, allowing us to choose the most suitable distribution for the response. HCPF can capture binary, non-negative discrete, non-negative continuous, and zero-inflated continuous responses. We compare HCPF with HPF on nine discrete and three continuous data sets and conclude that HCPF captures the relationship between sparsity and response better than HPF.
from cs.AI updates on arXiv.org http://ift.tt/23w57Lt
via IFTTT
Single-Image Depth Perception in the Wild. (arXiv:1604.03901v1 [cs.CV])
This paper studies single-image depth perception in the wild, i.e., recovering depth from a single image taken in unconstrained settings. We introduce a new dataset "Depth in the Wild" consisting of images in the wild annotated with relative depth between pairs of random points. We also propose a new algorithm that learns to estimate metric depth using annotations of relative depth. Compared to the state of the art, our algorithm is simpler and performs better. Experiments show that our algorithm, combined with existing RGB-D data and our new relative depth annotations, significantly improves single-image depth perception in the wild.
from cs.AI updates on arXiv.org http://ift.tt/1Q85jDH
via IFTTT
Inverse Reinforcement Learning with Simultaneous Estimation of Rewards and Dynamics. (arXiv:1604.03912v1 [cs.AI])
Inverse Reinforcement Learning (IRL) describes the problem of learning an unknown reward function of a Markov Decision Process (MDP) from observed behavior of an agent. Since the agent's behavior originates in its policy and MDP policies depend on both the stochastic system dynamics as well as the reward function, the solution of the inverse problem is significantly influenced by both. Current IRL approaches assume that if the transition model is unknown, additional samples from the system's dynamics are accessible, or the observed behavior provides enough samples of the system's dynamics to solve the inverse problem accurately. These assumptions are often not satisfied. To overcome this, we present a gradient-based IRL approach that simultaneously estimates the system's dynamics. By solving the combined optimization problem, our approach takes into account the bias of the demonstrations, which stems from the generating policy. The evaluation on a synthetic MDP and a transfer learning task shows improvements regarding the sample efficiency as well as the accuracy of the estimated reward functions and transition models.
from cs.AI updates on arXiv.org http://ift.tt/23w57vd
via IFTTT
Learning with Memory Embeddings. (arXiv:1511.07972v6 [cs.AI] UPDATED)
Embedding learning, a.k.a. representation learning, has been shown to be able to model large-scale semantic knowledge graphs. A key concept is a mapping of the knowledge graph to a tensor representation whose entries are predicted by models using latent representations of generalized entities. Latent variable models are well suited to deal with the high dimensionality and sparsity of typical knowledge graphs. In recent publications the embedding models were extended to also consider temporal evolutions, temporal patterns and subsymbolic representations. In this paper we map embedding models, which were developed purely as solutions to technical problems for modelling temporal knowledge graphs, to various cognitive memory functions, in particular to semantic and concept memory, episodic memory, sensory memory, short-term memory, and working memory. We discuss learning, query answering, the path from sensory input to semantic decoding, and relationships between episodic memory and semantic memory. We introduce a number of hypotheses on human memory that can be derived from the developed mathematical models. There are three main hypotheses. The first one is that semantic memory is described as triples and that episodic memory is described as triples in time. A second main hypothesis is that generalized entities have unique latent representations which are shared across memory functions and that are the basis for prediction, decision support and other functionalities executed by working memory. A third main hypothesis is that the latent representation for a time $t$, which summarizes all sensory information available at time $t$, is the basis for episodic memory. The proposed model includes both a recall of previous memories and the mental imagery of future events and sensory impressions.
from cs.AI updates on arXiv.org http://ift.tt/1NdF4iH
via IFTTT
Plan Explicability and Predictability for Robot Task Planning. (arXiv:1511.08158v2 [cs.AI] UPDATED)
Intelligent robots and machines are becoming pervasive in human populated environments. A desirable capability of these agents is to respond to goal-oriented commands by autonomously constructing task plans. However, such autonomy can add significant cognitive load and potentially introduce safety risks to humans when agents behave unexpectedly. Hence, for such agents to be helpful, one important requirement is for them to synthesize plans that can be easily understood by humans. While there exists previous work that studied socially acceptable robots that interact with humans in "natural ways", and work that investigated legible motion planning, there lacks a general solution for high level task planning. To address this issue, we introduce the notions of plan {\it explicability} and {\it predictability}. To compute these measures, first, we postulate that humans understand agent plans by associating abstract tasks with agent actions, which can be considered as a labeling process. We learn the labeling scheme of humans for agent plans from training examples using conditional random fields (CRFs). Then, we use the learned model to label a new plan to compute its explicability and predictability. These measures can be used by agents to proactively choose or directly synthesize plans that are more explicable and predictable to humans. We provide evaluations on a synthetic domain and with human subjects using physical robots to show the effectiveness of our approach
from cs.AI updates on arXiv.org http://ift.tt/1XgW5iu
via IFTTT
Submodular Optimization under Noise. (arXiv:1601.03095v2 [cs.DS] UPDATED)
We consider the problem of maximizing a monotone submodular function under noise, which to the best of our knowledge has not been studied in the past. There has been a great deal of work on optimization of submodular functions under various constraints, with many algorithms that provide desirable approximation guarantees. However, in many applications we do not have access to the submodular function we aim to optimize, but rather to some erroneous or noisy version of it. This raises the question of whether provable guarantees are obtainable in presence of error and noise. We provide initial answers, by focusing on the question of maximizing a monotone submodular function under cardinality constraints when given access to a noisy oracle of the function. We show that:
For a cardinality constraint $k \geq 2$, there is an approximation algorithm whose approximation ratio is arbitrarily close to $1-1/e$;
For $k=1$ there is an approximation algorithm whose approximation ratio is arbitrarily close to $1/2$ in expectation. No randomized algorithm can obtain an approximation ratio in expectation better than $1/2+O(1/\sqrt n)$ and $(2k - 1)/2k + O(1/\sqrt{n})$ for general $k$;
If the noise is adversarial, no non-trivial approximation guarantee can be obtained.
from cs.AI updates on arXiv.org http://ift.tt/1PYTPpp
via IFTTT
An Online Mechanism for Ridesharing in Autonomous Mobility-on-Demand Systems. (arXiv:1603.02208v2 [cs.AI] UPDATED)
With proper management, Autonomous Mobility-on-Demand (AMoD) systems have great potential to satisfy the transport demands of urban populations by providing safe, convenient, and affordable ridesharing services. Meanwhile, such systems can substantially decrease private car ownership and use, and thus significantly reduce traffic congestion, energy consumption, and carbon emissions. To achieve this objective, an AMoD system requires private information about the demand from passengers. However, due to self-interestedness, passengers are unlikely to cooperate with the service providers in this regard. Therefore, an online mechanism is desirable if it incentivizes passengers to truthfully report their actual demand. For the purpose of promoting ridesharing, we hereby introduce a posted-price, integrated online ridesharing mechanism (IORS) that satisfies desirable properties such as ex-post incentive compatibility, individual rationality, and budget-balance. Numerical results indicate the competitiveness of IORS compared with two benchmarks, namely the optimal assignment and an offline, auction-based mechanism.
from cs.AI updates on arXiv.org http://ift.tt/1RxybXB
via IFTTT
Former Editor Sentenced for Helping Anonymous
Matthew Keys, a former social media editor, was sentenced on Wednesday to two years in prison for helping members of Anonymous hack into the ...
from Google Alert - anonymous http://ift.tt/1qqbj5V
via IFTTT
from Google Alert - anonymous http://ift.tt/1qqbj5V
via IFTTT
MLB: Orioles (7-0) looking to remain the only perfect team in baseball against David Ortiz, Red Sox; watch live on ESPN2 (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
MLB: Orioles (7-0) looking to remain the only perfect team in baseball against David Ortiz, Red Sox; watch live on ESPN2 (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Orioles: Eddie Matz says \"maybe it's time to start believing in the Orioles\" after taking down David Price, Red Sox (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Anonymous Coward
Avatar placeholder 1595e26c68347a14a51c9a5bcc34c6a26e97ff5218ce74c79db21df9fb808210. Anonymous Coward. Are accusations of university ...
from Google Alert - anonymous http://ift.tt/1TRZKQO
via IFTTT
from Google Alert - anonymous http://ift.tt/1TRZKQO
via IFTTT
British Authorities Order Hacker Lauri Love to hand Over Encryption Keys
The National Crime Agency (NCA) of United Kingdom is forcing the British citizen, and political hacktivist Lauri Love accused of hacking to hand over encryption keys to equipment seized from his home. Love, 31, is currently fighting extradition to the United States where he faces up to 99 years in prison for allegedly hacking into the Federal Bureau Investigation (FBI), the US Missile
from The Hacker News http://ift.tt/1SMQSXK
via IFTTT
from The Hacker News http://ift.tt/1SMQSXK
via IFTTT
Anonymous and Message
For anonymous user: The rule is blocked when creating Entity Message of type "Abandoned cart notification message.", because it tries to use ...
from Google Alert - anonymous http://ift.tt/1N8DArZ
via IFTTT
from Google Alert - anonymous http://ift.tt/1N8DArZ
via IFTTT
Ravens: Despite going 5-11, John Harbaugh says \"Last year wasn't a failure. (It) was setting us up for what's coming\" (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
So, FBI Director also Puts Tape Over His Webcam
What do you do to protect your 'Privacy' while using your computer? FBI Director James Comey uses tape to cover up his laptop webcam to ensure Privacy. Yes, you heard it right. During the Q&A session at Kenyon College last week, Comey said that he uses tape to cover his laptop webcam in order to mitigate the danger of secret surveillance. While giving a speech about encryption and
from The Hacker News http://ift.tt/1NogJ6C
via IFTTT
from The Hacker News http://ift.tt/1NogJ6C
via IFTTT
ISS Daily Summary Report – 04/12/16
SPHEROIDS Temperature and Power Check: The ESA SPHEROIDS experiment completed its two day experiment run. Yesterday, Peake retrieved the SPHEROIDS hardware from SpaceX-8 (SpX-8) and installed the containers into the Kubik. Today he will completed a temperature and power check. The experiment investigates the effects of microgravity on endothelial cell function with respect to blood vessel formation, cellular proliferation, and programmed cell death. Results could help in the development of potential countermeasures to prevent cardiovascular deconditioning in astronauts and improve knowledge of endothelial functions on Earth. Rodent Research-3 (RR-3) Transfer: Kopra and Peake set up the rodent habitats, moved the transporters from SpX-8 to the US Lab, and transferred the animals to the habitats. RR-3 is a Joint USOS Russian Experiment performed with both USOS and Russian crew members. RR-3 studies molecular and physical changes to the musculoskeletal system that happen in space. Results will expand scientists’ understanding of muscle atrophy and bone loss in space while testing an antibody that has been known to prevent muscle wasting in mice on Earth. Cell Mechanosensing 3 (CMS-3) Microscope Observation: Williams completed the first of three microscope observation settings. He retrieved the Measurement Experiment Culture Chamber from the Cell Biology Experiment Facility (CBEF) Incubator Unit (IU) and installed in microscope stage for observation by the ground. CMS-3 is a JAXA investigation that identifies gravity sensors in skeletal muscle cells to develop countermeasures to muscle atrophy. Scientists believe that the lack of mechanical stress from gravity causes tension fluctuations in the plasma membrane of skeletal muscle cells which changes the expression of key proteins and genes and allows muscles to atrophy. NanoRacks Module-51: Williams watched an operations overview video and retrieved NanoRack Module 51 from the Minus Eight-degree Freezer for ISS (MELFI) Rack before initiating the NanoRacks Mission Discovery-2 sub-experiments housed within NanoRacks Module-51. The four different investigations within the module study: antibiotic use to inhibit Staphylococcus aureus bacteria; the rate at which yeast decomposes organic matter; whether steroid-enhanced plants could grow better in space than on Earth; and whether an enzyme derived from fireflies can cause bioluminescence in microgravity. Multi-Omics Operations: Williams performed the Japan Aerospace Exploration Agency (JAXA) Multi-Omics investigation by collecting human waste samples and inserting them into a Box Module in the MELFI (Minus Eight-degree Freezer for ISS). The investigation evaluates the impacts of space environment and prebiotics on astronauts’ immune function by combining the data obtained from the measurements of changes in the gut microbiological composition, metabolites profiles, and the immune system. Ultrasound 2 Operations: Williams performed an Ultrasound software load by updating Ultrasound 2 system build software using the Ultrasound 2 Boot Drive. The software update supports the Fluid Shifts activities next week. Orbital-ATK 6 (OA-6) Cargo Operations Status: The crew completed cargo operations off the task list today, for a total of 18:35 of OA-6 cargo ops. SpaceX-8 Cargo Operations Status: The crew completed cargo operations off the task list today, for a total of 3:50 total unpack operations since ingress yesterday. Today’s Planned Activities All activities were completed unless otherwise noted. EarthKAM. Battery Swap WRS Water Sample Analysis NanoRacks Module-51 – Retrieval from MELFI Handheld HDPCG unit and nine PCG Cards retrieved from Polar, stowed in +4 Double Coldbag, remaining samples are transferred to MELFI SPHEROIDS – KUBIK Temperature Check Setup and Activation of Crew Onboard Support Kit (КСПЭ) Equipment for MPEG2 TV coverage from SM Microgravity Science Glovebox (MSG) Activation with LSAH Audio Session with “This is Radio Moscow” radio station r/g 1934 Multi Omics Fecal – Operations with Samples Crew Prep for PAO Multi Omics (MO) – Sample Insertion into MELFI Multi Omics (MO) – Equipment Stowage after Sample Collection Test Session ISS-Kremlin-Vostochny Cosmodrome (S + Ku-band) / Video & Audio Rodent Research Experiment Camcorder Installation in Node 2 HRF Rack 1 -Ultrasound 2 Hardware Setup Rodent Research Transfer 1 Crew Prep for PAO Telebridge ISS-Kremlin-Vostochny Kosmodrome Deactivation of Camcorder, Video Control Monitor [ВКУ], and Closing CP SSC Applications NanoRacks Module-51 Overview NANO – Start Experiment PAO Hardware Setup ABOUT GAGARIN FROM SPACE. Hardware deactivation / r/g 1914 Crew Prep for PAO / r/g 1935, 1930 Press Conference with TASS Information Agency r/g 1935 TV Conference with Life News TV Channel r/g 1930 ISS HAM – HAM radio session with students EarthKAM. Battery Swap USND2 – SW Update ABOUT GAGARIN FROM SPACE. Hardware activation / r/g 1914 TOCA Data Recording Crew Prep for PAO / r/g 1933 TV Conference with the Participants of the Pan-Russian Let’sGo! session in Artek International Children Center r/g 1933 Rodent Research: Transfer 2 PCG4 – Sample Preparation, Activation, and Setup in MELFI Stowage of Double Coldbags and Icebricks USND2 – Closeout Ops СОЖ Maintenance CMS3 – MICROSCOPE Sample Observation Water Recovery Management (WRM) – Water Consumption Balance, place holder USND2 – Hardware Deactivation MSG – Hardware Deactivation EarthKAM. Battery Swap Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. RR transfer SPDM unstow from MBS PDGF2 for FGB Port SAW survey Nominal ground commanding Three-Day Look Ahead: Wednesday, 04/13: Ocular Health, NanoRacks Module 9 ops, N3 aft CBCS install/checkout, EPO-Biorock, SPRINT Ultrasound Thursday, 04/14: Ocular Health, Lab KU power supply install, universal battery charger install/checkout, bone densitometer calibration, CMS3 ops, SPRINT Ultrasound Friday, 04/15: Ocular Health, CMS3 ops, SODF deploy, Smartcycler install, WHC urine receptacle R&R QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Override Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up
from ISS On-Orbit Status Report http://ift.tt/1qHEYrv
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1qHEYrv
via IFTTT
[FD] Webline CMS (2016Q2) - SQL Injection Vulnerability
Document Title: =============== Webline CMS (2016Q2) - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1SeYMi9 Release Date: ============= 2016-04-13 Vulnerability Laboratory ID (VL-ID): ==================================== 1823 Common Vulnerability Scoring System: ==================================== 7.4 Product & Service Introduction: =============================== With Webline Infosoft Pvt. Ltd. you can have a highly professional CMS website at a very reasonable price to have effect! In other words, if you only have a little experience with Microsoft Word then you will be able to handle your own site very easily and manage the contents in fact. You need no programming or HTML experience. The installation can be performed with any standard web browser from anywhere in the world. (Copy of the Homepage: http://ift.tt/1XuSx8j ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official Webline Content Management System (2016Q2). Vulnerability Disclosure Timeline: ================================== 2016-04-13: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Webline Infosoft Pvt. Ltd. Product: Webline - Content Management System (Web-Application) 2016 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the official Webline Content Management System (2016Q2) web-application. The vulnerability allows remote attackers and privileged user accounts to execute own sql commands to compromise the web-server or dbms. The vulnerability is located in the `pgID` and `newsID`values of the `details.php` file GET method request. Remote attackers are able to execute own malicious sql commands via pgID value to compromise the web-server or connected database management system. The issue is a classic remote sql injection vulnerability. The request method to execute is GET and the attack vector is located on the application-side of the active web-service. The security risk of the sql-injection vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 7.4. Exploitation of the remote sql injection web vulnerability requires no user interaction and a low privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] details.php Vulnerable Parameter(s): [+] pgID [+] newsID Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without privileged web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:"Powered by: Webline" inurl:.php?pgID= PoC: Example http://localhost:8080/details.php?pgID=offers_-18'[SQL-INJECTION VULNERABILITY!]--+ PoC: Exploitation http://localhost:8080/details.php?pgID=offers_-18'+union+select+1,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--+ http://localhost:8080/details.php?pgID=mn_-16'+union+select+1,2,3,4,5,@@version,7,8,9,10,11,12,13,14,15,16,17,18,19,20--+ http://localhost:8080/details.php?newsID=-302'+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+ http://localhost:8080/details.php?pgID=sb_-8'+union+select+@@version,2--+ Solution - Fix & Patch: ======================= The vulnerability can be patched by usage of a secure prepared statement in the details.php file GET method request. Disallow usage of special chars and disallow invalid inputs to prevent further sql or script code injection attacks. Encode and parse the pgID value in the details.php file GET method request to patch the issue finally. Security Risk: ============== The security risk of the remote sql-injection web vulnerability in the web-application is estimated as high. (CVSS 7.4) Credits & Authors: ================== Iran Cyber Security Group - 0x3a (ICG SEC) [Iran-Cyber.Net] [http://ift.tt/1JLGIbT] My Team: MOHAMAD-NOFOZI , root3r , sir.h4m1d , m0hamad.black , whitewolf , mr.s4jj4d , mr.turk , 0day , pi.hack , l3gi0n, nazanin_wild and 0xdevil Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Subscribe to:
Posts (Atom)