Latest YouTube Video

Saturday, August 13, 2016

Ziggy sleeping next to a running printer...


via Instagram http://ift.tt/2aT3Udo

Orioles: RP Darren O'Day (rotator cuff strain) placed on the 15-day DL, P Tyler Wilson recalled from Triple-A (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Theme switching issue with "Cache pages for anonymous users"

After enabling the "Cache pages for anonymous users" enabled in [Site URL]/admin/config/development/performance. Any suggestions to switch ...

from Google Alert - anonymous http://ift.tt/2bpmEwU
via IFTTT

Tennessee Area Convention 2016

Date/Time Date(s) - Sep 30, 2016 - Oct 02, 2016. Location Holiday Inn Memphis Airport. Categories. Area convention. T.A.C.A. CONVENTION

from Google Alert - anonymous http://ift.tt/2aJjiYH
via IFTTT

Guccifer 2.0 Leaks Personal Info of Nearly 200 Congressional Democrats

The hacker, who recently claimed responsibility for the high-profile hack of Democratic National Committee (DNC), has now taken credit for hacking into the Democratic Congressional Campaign Committee (DCCC) as well. To prove his claims, the hacker, going by the moniker Guccifer 2.0, dumped on Friday night a massive amount of personal information belonging to nearly 200 Democratic House


from The Hacker News http://ift.tt/2aRXUBT
via IFTTT

The Easterbunny Comes to NGC 4725


At first called "Easterbunny" by its discovery team, officially named Makemake is the second brightest dwarf planet of the Kuiper belt. The icy world appears twice in this astronomical image, based on data taken on June 29 and 30 of the bright spiral galaxy NGC 4725. Makemake is marked by short red lines, its position shifting across a homemade telescope's field-of-view over two nights along a distant orbit. On those dates nearly coincident with the line-of-sight to the spiral galaxy in the constellation Coma Berenices, Makemake was about 52.5 astronomical units or 7.3 light-hours away. NGC 4725 is over 100,000 light-years across and 41 million light-years distant. Makemake is now known to have at least one moon. NGC 4725 is a famous one-armed spiral galaxy. via NASA http://ift.tt/2bnxiZk

Friday, August 12, 2016

Why am I getting complex values from the following anonymous function?

Why am I getting complex values from the... Learn more about anonymous function, complex numbers.

from Google Alert - anonymous http://ift.tt/2bczocL
via IFTTT

VPN Shield Free - Anonymous Secure Proxy Connection for Private Internet Access and Revoke ...

Buy VPN Shield Free - Anonymous Secure Proxy Connection for Private Internet Access and Revoke Censorship from Blocked Sites with 1-day Trial: ...

from Google Alert - anonymous http://ift.tt/2borElD
via IFTTT

[FD] RCE in Teamspeak 3 server

While auditing the Teamspeak 3 server I've discovered several 0-day vulnerabilities which I'll describe in detail in this advisory. They exist in the newest version of the server, version 3.0.13. I found 10 vulnerabilities. Some of these are critical and allow remote code execution. For the average user, that means that these vulnerabilities can be exploited by a malicious attacker in order to take over any Teamspeak server, not only becoming serveradmin, but getting a shell on the affected machine. Here's the output of an exploit which uses two of the vulnerabilities: $ python exploit_teamspeak.py leaking distinct stack pointers '\xa2' '\x9a' '\x8a' . '_' .. '\xa0' got a ptr: 0x7fa29a8a5fa0 '\xa2' '\x9a' '\x9a' 'o' ... '\xa0' got a ptr: 0x7fa29a9a6fa0 '\xa2' '\x9a' '\xaa' . '\x7f' '\xa0' got a ptr: 0x7fa29aaa7fa0 stack ptr: 0x7fa29a8a5fa0 assumed stack base: 0x7fa29a5a5000 sleeping a bit to avoid flood detection....... initializing stack sprayers............ spraying the stacks............ doing some magic..... Got a shell from ('127.0.0.1', 38416) ts3@ts3:/home/ts3/teamspeak3-server$ I won't release the exploit anytime soon, but I will note that writing one is a great learning experience. Next I'll describe my findings. I'll be referring to function names. The Teamspeak developers strip their binaries of symbols, but they messed up once and forgot to do so. If you want to follow along at home, I'm sure your favorite search engine can help you find the non-stripped server binary. Now on to the vulns!

Source: Gmail -> IFTTT-> Blogger

[FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability

========================================= Title: Zabbix 3.0.3 SQL Injection Vulnerability Product: Zabbix Vulnerable Version(s): 2.2.x, 3.0.x Fixed Version: 3.0.4 Homepage: http://www.zabbix.com Patch link: http://ift.tt/2aSpydV Credit: 1N3@CrowdShield ========================================== Vendor Description: ===================== Zabbix is an open source availability and performance monitoring solution. Vulnerability Overview: ===================== Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page. Business Impact: ===================== By exploiting this SQL injection vulnerability, an authenticated attacker (or guest user) is able to gain full access to the database. This would allow an attacker to escalate their privileges to a power user, compromise the database, or execute commands on the underlying database operating system. Because of the functionalities Zabbix offers, an attacker with admin privileges (depending on the configuration) can execute arbitrary OS commands on the configured Zabbix hosts and server. This results in a severe impact to the monitored infrastructure. Although the attacker needs to be authenticated in general, the system could also be at risk if the adversary has no user account. Zabbix offers a guest mode which provides a low privileged default account for users without password. If this guest mode is enabled, the SQL injection vulnerability can be exploited unauthenticated. Proof of Concept: ===================== latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1 Result: SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1) latest.php:746 → require_once() → CProfile::flush() → CProfile::insertDB() → DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185 Disclosure Timeline: ===================== 7/18/2016 - Reported vulnerability to Zabbix 7/21/2016 - Zabbix responded with permission to file CVE and to disclose after a patch is made public 7/22/2016 - Zabbix released patch for vulnerability 8/3/2016 - CVE details submitted 8/11/2016 - Vulnerability details disclosed

Source: Gmail -> IFTTT-> Blogger

[FD] Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)

################################################### 01. ### Advisory Information ### Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Date published: n/a Date of last update: n/a Vendors contacted: ColoradoFTP author Sergei Abramov Discovered by: Rv3Laboratory [Research Team] Severity: High 02. ### Vulnerability Information ### OVE-ID: OVE-20160718-0006 CVSS v2 Base Score: 8.5 CVSS v2 Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C) Component/s: ColoradoFTP Core v1.3 Class: Path Traversal 03. ### Introduction ### ColoradoFTP is the open source Java FTP server. It is fast, reliable and extendable. Fully compatible with RFC 959 and RFC 3659 (File Transfer Protocol and Extensions) this implementation makes it easy to extend the functionality with virtually any feature. Well commented source code and existing plug-ins make it possible to shape the FTP server just the way you want! http://ift.tt/2aSpta6 04. ### Vulnerability Description ### The default installation and configuration of Colorado FTP Prime Edition (Build 8) is prone to a security vulnerability. Colorado FTP contains a flaw that may allow a remote attacker to traverse directories on the FTP server. A remote attacker (a colorado FTP user) can send a command (MKDIR, PUT, GET or DEL) followed by sequences (\\\..\\) to traverse directories and create, upload, download or delete the contents of arbitrary files and directories on the FTP server. To exploit the vulnerability It is important to use "\\\" at the beginning of string. 05. ### Technical Description / Proof of Concept Code ### By supplying "\\\..\\..\\..\\..\\" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker (anonymous user or Colorado FTP user) to upload or download a file outside the virtual directory. 05.01 We tried to upload a file (netcat - nc.exe), to Windows %systemroot% directory (C:\WINDOWS\system32\) using a PUT command: ftp> put nc.exe \\\..\\..\\..\\Windows\\system32\\nc.exe Netcat was successfully uploaded. 05.02 We tried to create a directory (test), using a MKDIR command: ftp> mkdir nc.exe \\\..\\..\\..\\test The directory test was successfully created. 06. ### Business Impact ### This may allow an attacker to upload and download files from remote machine. 07. ### Systems Affected ### This vulnerability was tested against: ColoradoFTP v1.3 Prime Edition (Build 8) O.S.: Microsoft Windows 7 32bit JDK: v1.7.0_79 Others versions are probably affected too, but they were not checked. 08. ### Vendor Information, Solutions and Workarounds ### This issue is fixed in ColoradoFTP Prime Edition (Build 9), which can be downloaded from: http://ift.tt/2bp9vID 09. ### Credits ### Rv3Laboratory [Research Team] - www.Rv3Lab.org This vulnerability has been discovered by: Rv3Lab - [www.rv3lab.org] - research(at)rv3lab(dot)org Christian Catalano aka wastasy - wastasy(at)rv3lab(dot)org Marco Fornaro aka Chaplin89 - chaplin89(at)rv3lab(dot)org 10. ### Vulnerability History ### July 07th, 2016: Vulnerability discovered. July 19th, 2016: Vendor informed. [Colorado FTP team] July 21st, 2016: Vendor responds asking for details. July 28th, 2016: Sent detailed information to the vendor. August 08th, 2016: Vendor confirms vulnerability. August 10th, 2016: Vendor reveals patch release date. August 11th, 2016: Vulnerability disclosure 11. ### Disclaimer ### The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. We accept no responsibility for any damage caused by the use or misuse of this information. 12. ### About Rv3Lab ### Rv3Lab is an independent Security Research Lab. For more information, please visit [www.Rv3Lab.org] For more information regarding the vulnerability feel free to contact the Rv3Research Team: research(at)rv3lab(dot)org ###################################################

Source: Gmail -> IFTTT-> Blogger

[FD] Nagios Incident Manager Multiple Vulnerabilities

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Nagios Incident Manager Multiple Vulnerabilities Affected versions: Nagios Incident Manager <= 2.0.0 PDF: http://ift.tt/2bpagRU

Source: Gmail -> IFTTT-> Blogger

[FD] Nagios Network Analyzer Multiple Vulnerabilities

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer <= 2.2.0 PDF: http://ift.tt/2aSps5U

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)

vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. The following versions are affected: vBulletin <= 5.2.2 vBulletin <= 4.2.3 vBulletin <= 3.8.9 Technical details,PoC vBulletin exploits and links to patches provided by the vendor can be found at: http://ift.tt/2aSRpJB

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1

[FD] Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin)

Details ================ Software: Advanced Custom Fields: Table Field Version: 1.1.12 Homepage: http://ift.tt/1Cc8RD6 Advisory report: http://ift.tt/2aZHPYj CVE: Awaiting assignment CVSS: 4.9 (Medium; AV:N/AC:M/Au:S/C:P/I:P/A:N) Description ================ Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can Vulnerability ================ This plugin allows users (who have permission to edit posts) to inject JavaScript into pages within /wp-admin/. This means a user can exceed their privileges by creating a script that causes an admin’s browser to perform an action, such as creating a new admin user, deleting all posts, etc. Proof of concept ================ Add a new ACF field group Add a new table-type field to that field group Create a new post/page, wherever the field group is set to display Enter “” into a field and save the post Visit the page again, and the injected JavaScript will be executed Tested with ACF PRO v5. Not tested with v4. Mitigations ================ Update to version 1.1.13 or later. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2016-07-13: Discovered 2016-07-13: Reported to vendor by email 2016-07-13: Requested CVE 2016-07-13: Vendor’s autoresponder said they were unavailable until 1st August 2016-08-01: Vendor reported they were working on a fix 2016-08-01: Vendor reported issue fixed in 1.1.13 2016-08-08: Advisory published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%

[FD] Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege

New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks. However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not


from The Hacker News http://ift.tt/2boe6dS
via IFTTT

Anonymous Trump Voters Are Jumping Ship

Passengers are jumping ship or in this case the "Trump Train" with each passing day, as his outlandish rhetoric effectively impacts the votes of GOP ...

from Google Alert - anonymous http://ift.tt/2bnWheR
via IFTTT

[FD] NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

I have a new follower on Twitter


elearninginfographic
#eLearning Infographics -The No.1 Source for the #Best #Education #Infographics - Submit Yours for Free! http://t.co/AzHzIZ7Tux
USA
http://t.co/Pl5r4Di12A
Following: 44427 - Followers: 56943

August 12, 2016 at 09:17AM via Twitter http://twitter.com/eLearngraphic

Anonymous donors help increase reward for Henry Gutierrez's killer

SCHERTZ - Anonymous donors are helping the family of a Schertz businessman find his killer.Henry Gutierrez, 71, was found dead in his apartment ...

from Google Alert - anonymous http://ift.tt/2aPR1AQ
via IFTTT

Sex and Love Addicts Anonymous

Dépendants affectifs et sexuels anonymes est une fraternité comportant 12 étapes et 12 traditions selon le modèle suggéré par Alcooliques ...

from Google Alert - anonymous http://ift.tt/2aNXkit
via IFTTT

Perseid, Aurora, and Noctilucent Clouds


Night skies over northern Sweden can hold some tantalizing sights in August. Gazing toward the Big Dipper, this beautiful skyscape captures three of them in a single frame taken last August 12/13. Though receding from northern skies for the season, night shining or noctilucent clouds are hanging just above the horizon. Extreme altitude icy condensations on meteoric dust, they were caught here just below an early apparition of a lovely green auroral band, also shining near the edge of space. The flash of a Perseid meteor near the peak of the annual shower punctuates the scene. In fact, this year's Perseid shower will peak in the coming days, offering a continuing chance for a night sky photographer's hat trick. via NASA http://ift.tt/2aOwwk7

Thursday, August 11, 2016

Banks join the call to end anonymous companies

Those following efforts to end anonymous companies in the U.S. know this is a big development. Clearing House's support is based on the fact that ...

from Google Alert - anonymous http://ift.tt/2aL0Lqu
via IFTTT

Learning Mobile App Usage Routine through Learning Automata. (arXiv:1608.03507v1 [cs.AI])

Since its conception, smart app market has grown exponentially. Success in the app market depends on many factors among which the quality of the app is a significant contributor, such as energy use. Nevertheless, smartphones, as a subset of mobile computing devices. inherit the limited power resource constraint. Therefore, there is a challenge of maintaining the resource while increasing the target app quality. This paper introduces Learning Automata (LA) as an online learning method to learn and predict the app usage routines of the users. Such prediction can leverage the app cache functionality of the operating system and thus (i) decreases app launch time and (ii) preserve battery. Our algorithm, which is an online learning approach, temporally updates and improves the internal states of itself. In particular, it learns the transition probabilities between app launching. Each App launching instance updates the transition probabilities related to that App, and this will result in improving the prediction. We benefit from a real-world lifelogging dataset and our experimental results show considerable success with respect to the two baseline methods that are used currently for smartphone app prediction approaches.



from cs.AI updates on arXiv.org http://ift.tt/2aPnoQa
via IFTTT

QPass: a Merit-based Evaluation of Soccer Passes. (arXiv:1608.03532v1 [cs.AI])

Quantitative analysis of soccer players' passing ability focuses on descriptive statistics without considering the players' real contribution to the passing and ball possession strategy of their team. Which player is able to help the build-up of an attack, or to maintain the possession of the ball? We introduce a novel methodology called QPass to answer questions like these quantitatively. Based on the analysis of an entire season, we rank the players based on the intrinsic value of their passes using QPass. We derive an album of pass trajectories for different gaming styles. Our methodology reveals a quite counterintuitive paradigm: losing the ball possession could lead to better chances to win a game.



from cs.AI updates on arXiv.org http://ift.tt/2bmiupV
via IFTTT

Online Context-Dependent Clustering in Recommendations based on Exploration-Exploitation Algorithms. (arXiv:1608.03544v1 [cs.LG])

We investigate two context-dependent clustering techniques for content recommendation based on exploration-exploitation strategies in contextual multi-armed bandit settings. Our algorithms dynamically group users based on the items under consideration and, possibly, group items based on the similarity of the clusterings induced over the users. The resulting algorithm thus takes advantage of preference patterns in the data in a way akin to collaborative filtering methods. We provide an empirical analysis on extensive real-world datasets, showing scalability and increased prediction performance over state-of-the-art methods for clustering bandits. For one of the two algorithms we also give a regret analysis within a standard linear stochastic noise setting.



from cs.AI updates on arXiv.org http://ift.tt/2bmj86F
via IFTTT

NESTA, The NICTA Energy System Test Case Archive. (arXiv:1411.0359v5 [cs.AI] UPDATED)

In recent years the power systems research community has seen an explosion of work applying operations research techniques to challenging power network optimization problems. Regardless of the application under consideration, all of these works rely on power system test cases for evaluation and validation. However, many of the well established power system test cases were developed as far back as the 1960s with the aim of testing AC power flow algorithms. It is unclear if these power flow test cases are suitable for power system optimization studies. This report surveys all of the publicly available AC transmission system test cases, to the best of our knowledge, and assess their suitability for optimization tasks. It finds that many of the traditional test cases are missing key network operation constraints, such as line thermal limits and generator capability curves. To incorporate these missing constraints, data driven models are developed from a variety of publicly available data sources. The resulting extended test cases form a compressive archive, NESTA, for the evaluation and validation of power system optimization algorithms.



from cs.AI updates on arXiv.org http://ift.tt/1uoiZX6
via IFTTT

Q($\lambda$) with Off-Policy Corrections. (arXiv:1602.04951v2 [cs.AI] UPDATED)

We propose and analyze an alternate approach to off-policy multi-step temporal difference learning, in which off-policy returns are corrected with the current Q-function in terms of rewards, rather than with the target policy in terms of transition probabilities. We prove that such approximate corrections are sufficient for off-policy convergence both in policy evaluation and control, provided certain conditions. These conditions relate the distance between the target and behavior policies, the eligibility trace parameter and the discount factor, and formalize an underlying tradeoff in off-policy TD($\lambda$). We illustrate this theoretical relationship empirically on a continuous-state control task.



from cs.AI updates on arXiv.org http://ift.tt/249cwhO
via IFTTT

Media members dish on Texas in anonymous survey: Longhorns to win more than eight games?

The Big Lead surveyed 26 anonymous college football media members on a variety of topics. The questions ranged from “Who will win the Power Five ...

from Google Alert - anonymous http://ift.tt/2aPT584
via IFTTT

Undefined index: anonymous in content_access_get_role_gid

I am getting the following message on each page request when browsing as anonymous user. Notice: Undefined index: anonymous in ...

from Google Alert - anonymous http://ift.tt/2blnejt
via IFTTT

Ravens: Joe Flacco tells Britt McHenry he is not playing in Thursday's preseason opener against the Panthers (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous Tip Leads to Arrest of Gary Man for Dealing Drugs

In Gary, an anonymous tip earlier this week led to the arrest of a 22 year old man for dealing drugs. The Lake County Sheriff's Office reports that on ...

from Google Alert - anonymous http://ift.tt/2aF7TJg
via IFTTT

Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack

In Brief Some 100 Million cars made by Volkswagen are vulnerable to a key cloning attack that could allow thieves to unlock the doors of most popular cars remotely through a wireless signal, according to new research. Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack


from The Hacker News http://ift.tt/2b8AzqS
via IFTTT

I have a new follower on Twitter


Supergiant
The first container orchestration system that makes it easy to scale stateful, distributed apps. DevOps friendly. Built on Kubernetes.

https://t.co/4ZhxjZAI0N
Following: 1938 - Followers: 201

August 11, 2016 at 12:42PM via Twitter http://twitter.com/supergiantio

Links are rendered without the subdirectory path for anonymous users on multisites hosted in ...

But If I browse my site as an anonymous user, then the links of the menus doesn't include anymore the "mysite" path. This is true for all the menus even ...

from Google Alert - anonymous http://ift.tt/2blsKyJ
via IFTTT

Links are rendered without the subdirectory path for anonymous users on multisites hosted in ...

But If I browse my site as an anonymous user, then the links of the menus doesn't include anymore the "mysite" path. This is true for all the menus even ...

from Google Alert - anonymous http://ift.tt/2blsKyJ
via IFTTT

ISS Daily Summary Report – 08/10/2016

Fluid Shifts Operations in the Service Module: With ground team assistance, crewmembers continued Fluid Shifts Imaging exams by conducting the Optical Coherence Tomography (OCT) exam, Ultrasound scans, the Distortion Product Otoacoustic Emission (DPOAE) tests, and a Tonometry exam. This investigation characterizes the space flight-induced fluid shift, including intra- and extravascular shifts, intra- and extracellular shifts, changes in total body water and lower vs. upper body shifts. Results from this investigation are expected to help define the causes of the ocular structure and vision changes associated with long duration space flight, and assist in the development of countermeasures. Mouse Epigenetics Cage Unit Maintenance: The crew completed standard maintenance activities for the Mouse Epigenetics experiment by refilling the water in the Mouse Habitat Cage Unit located in the Cell Biology Experiment Facility (CBEF). The Mouse Epigenetics investigation studies altered gene expression patterns in the organs of male mice that spend one month in space, and also examines changes in the deoxyribonucleic acid (DNA) of their offspring. Results from the investigation identify genetic alterations that happen after exposure to the microgravity environment of space. Heart Cells Microscope Operations: The crew set up the Heart Cells microscope, removed the BioCell Habitat from the Space Automated Bioproduct Lab (SABL) and the Multiwell BioCell from the BioCell Habitat and inserted into the microscope before conducting Heart Cells operations. The Heart Cells investigation studies the human heart, specifically how heart muscle tissue, contracts, grows and changes (gene expression) in microgravity and how those changes vary between subjects. Understanding how heart muscle cells, or cardiomyocytes, change in space improves efforts for studying disease, screening drugs and conducting cell replacement therapy for future space missions.  Meteor Hard Drive Change: The crew R&Rd the hard drive in the Meteor Laptop located in the Window Observational Research Facility (WORF) in preparation for upcoming meteor showers. The Meteor investigation provides the first space-based measurement of meteor flux. It also allows for the monitoring of carbon-based compounds. Continuous measurement of meteor interactions with the Earth’s atmosphere could also spot previously unforeseen meteor showers. Dose Tracker: The crew completed entries for medication. This investigation documents the medication usage of crewmembers before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. MSG Video File Transfer Issues – Yesterday, the Microgravity Sciences Glovebox (MSG) experienced an issue with the Video Unit Equipment (VUE). Ground teams were unable to access the solid state storage devices during HeartCell video downlink operations. A soft reboot was attempted with no success. A power cycle was then conducted and the drives were recovered. In addition, ground teams are having difficulties in downlinking large files associated with the payload. The HeartCell data is being recorded, so no loss of science at this time. If required, the current work-around is to have the crew utilize a thumb drive to allow the files to be downlink. Currently, the VUE is functional except for downlinking large files. Ground teams are investigating. Extravehicular Activity (EVA) Preparations: The crew continued preparations for the IDA2 EVA scheduled on August 19. This morning they performed pressurized Extravehicular Mobility Unit (EMU) On Orbit Fit Check Verification (OFV) of EMUs 3003 and 3008 to assess fit and feel of the suits prior to the EVA.  Today’s Planned Activities All activities were completed unless otherwise noted. EMU On-orbit Fitcheck Verification PILOT-T. Preparation for the experiment r/g 3036 CASKAD. Manual Mixing in Bioreactor / r/g 2888 Soyuz 720 Samsung Tablet Recharge, Initiate On MCC Go Regeneration of БМП Ф2 Micropurification Cartridge (start) EMU On-orbit Fitcheck Verification, Operator Maintenance Closures of Vozdukh Valves Filling (separation) ЕДВ for Elektron PILOT-T. Experiment Ops r/g 3037 СОЖ Maintenance Verification of ИП-1 Flow Sensor Position / Pressure Control & Atmosphere Monitoring System PILOT-T. Experiment Ops r/g 3036 EMU O-ring Replacement METEOR Removal and Relocation MATRYOSHKA-R. BUBBLE-dosimeters initialization, BUBBLE-dosimeter Reader replacement and deployment for exposure  r/g 3038 FLUID SHIFTS. Donning CardioLab Holter FLUID SHIFTS. Distortion Product Otoacoustic Emission (DPOAE) measurement Test DOSETRK Data Input JEMAL JEM Airlock Pressurization FLUID SHIFTS, Ultrasound 2 Activation FLUID SHIFTS. Ultrasound scan Soyuz 720 Samsung Tablet Recharge, Terminate ECG Device Activation and Checkout FLUID SHIFTS. Ultrasound Scan Assistance JEMAL JEM Airlock Leak Check MCRSCPE Hardware Setup MOUSE Hardware Setup FLUID SHIFTS, OCT Setup Exercise Placeholder, Crew’s Preference Installation of Laptop RS1 SW Updates r/g 3016 Flush Progress 432 [AO] Rodnik В1, B2 Connectors / r/g 3039 HRTCEL Sample Insertion into Microscope Crew Conference on Flight Factors Installation of Laptop RS2 SW Updates r/g 3016 Soyuz 731 Samsung tablet recharge, initiate HRTCEL Ops Installation of Laptop RS3 SW Updates r/g 3016 Crew OBT, Crew Medical Officer (CMO), Computer based training FLUID SHIFTS. Eye Imaging Examination with Remote Guidance FLUID SHIFTS. OCT Baseline Exam XF305 Camcorder Settings Adjustment FLUID SHIFTS. Tonometry Setup PILOT-T. Experiment Ops r/g 3034 MOUSE Module Water Exchange Installation and Testing of REMOTE RS LAPTOP S/W UPDATE r/g 3016 FLUID SHIFTS. Tonometer Exam Operator FLUID SHIFTS. Tonometer Exam MCRSCPE Ops FLUID SHIFTS. Post-Ops Hardware Stowage FLUID SHIFTS. Blood Pressure Equipment Stowage FLUID SHIFTS. Hardware Removal and Stowage PILOT-T. Closeout Ops r/g 3034 Countermeasures System (CMS) Sprint Exercise, Optional IMS Delta File Prep CONTENT. Experiment Ops / r/g 3035 PAO Hardware Setup Thermolab – Instrumentation Ops for Circadian Rhythms Crew Prep for PAO PAO Event ISS-HAM Radio Session Soyuz 731 Samsung Tablet Recharge, Terminate CASKAD. Manual Mixing in Bioreactor / r/g 2888 On MCC Go Regeneration of БМП Ф2 Absorption Cartridge (end) Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. EMU checkout ops Fluid Shifts support Nominal ground commanding. Three-Day Look Ahead: Thursday, 08/11: USOS crew holiday (Japan’s Mountain Day) […]

from ISS On-Orbit Status Report http://ift.tt/2aOqyzS
via IFTTT

Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely

If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 (version 3.6 and above of the Linux kernel) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web


from The Hacker News http://ift.tt/2aIJ4rD
via IFTTT

dc entertainment adds another rising star to its talent roster

DC ENTERTAINMENT ADDS ANOTHER RISING STAR TO ITS TALENT... By Anonymous Wednesday, August 10th, 2016. 0 Comments. StumbleUpon.

from Google Alert - anonymous http://ift.tt/2aNvXuL
via IFTTT

[FD] QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability

Document Title: =============== QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/2aO6sFJ Release Date: ============= 2016-08-11 Vulnerability Laboratory ID (VL-ID): ==================================== 1895 Common Vulnerability Scoring System: ==================================== 3.2 Product & Service Introduction: =============================== QuickerBB is a fast forum. It is based on PHP5 with databases SQLite and MySQL via PDO. The easy setup forum web-application is in use by several tor protected shopping websites. (Copy of the Homepage: http://ift.tt/2aUK7YD ) Abstract Advisory Information: ============================== The vulnerbaility laboratory core research team discovered multiple client-side cross site vulnerabilities in the QuickerBB v0.7.0 Forum web-application. Vulnerability Disclosure Timeline: ================================== 2016-08-11: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== QuickerBB Product: QuickerBB - Forum (Web-Application) 0.7.0 and 0.6.0 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple client-side cross site scripting vulnerabilities has been discovered in the QuickerBB v0.7.0 Forum web-application. The vulnerability allows remote attackers to inject own malicious script codes to client-side browser to web-application requests. The cross site scripting vulnerabilities are located in the `username` and `email` parameters of the `Register` module. Remote attackers are able to inject own malicious payloads to the client-side requested register module of the index.php file. The injection points are the vulnerable marked parameters and the execution point occurs in the forum registration form web context. The request method to inject is POST and the attack vector of the issue is non-persistent. The security risk of the xss vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.2. Exploitation of the client-side vulnerabilities requires no privileged web-application user account and only low user interaction. Successful exploitation of the vulnerability results in non-persistent phishing attacks, session hijacking, non-persistent external redirect to malicious sources and non-persistent manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Register Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] username [+] email Proof of Concept (PoC): ======================= The client-side vulnerabilities can be exploited by remote attackers without privileged user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reprduce the vulnerability ... 1. Open the forum web-application without authentication 2. Open the register module with click to the link 3. Inject to the username or email inputs own script code payload 4. The execute occurs when processing to click the submit button for the POST method request 5. Successful reproduce of the client-side cross site scripting web vulnerability! PoC: Vulnerable Source (./index.php?act=register)
QuickerBB fast forum software
Home => Register
Error with Username, Password or Email. 

Source: Gmail -> IFTTT-> Blogger
<[CLIENT-SIDE SCRIPT CODE EXECUTION!] " size="32" maxlength="25" required/> 3 to 25 characters

[FD] Microsoft Education - Stored Cross Site Web Vulnerability

Document Title: =============== Microsoft Education - Stored Cross Site Web Vulnerability References (Source): ==================== http://ift.tt/2aLTjeb Release Date: ============= 2016-08-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1897 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== Our mission is creating immersive and inclusive experiences that inspire lifelong learning, stimulating development of essential life skills and supporting educators in guiding and nurturing student passions. We empower students and educators to create and share in entirely new ways, to teach and learn through exploration, to adapt to individual learning needs, so they can make, design, invent and build with technology. (Copy of the Vendor Homepage: http://ift.tt/1K3NRUM ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a stored cross site scripting vulnerability in the official Microsoft Education online service web-application. Vulnerability Disclosure Timeline: ================================== 2016-05-01: Researcher Notification & Coordination (SaifAllah benMassaoud) 2016-04-03: Vendor Notification (Microsoft Security Response Center - MSRC) 2016-05-19: Vendor Fix/Patch (Microsoft Developer Team - Online Services) 2016-06-07: Security Acknowledgements (Microsoft Security Response Center - MSRC) 2016-08-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Microsoft Corporation Product: Education - Online Service (Web-Application) 2016 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A stored cross site scripting web vulnerability has been discovered in the official Microsoft Education online service web-application. The Stored cross site vulnerability allows remote attacker to inject own malicious script codes to the application-side of the module. The stored cross site scripting web vulnerability is located in the `Default.aspx` file GET method request. During the exploitation the victim education account retrieves the malicious script to the server when it requests the stored database information. The attack vector of the issue is application-side and the request method to inject the payload is POST. The execution occurs in the default.aspx file context after the review of the about me page via GET method request. The security risk of the cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the input validation web vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] GET Vulnerable Module(s): [+] /Create-My-Account/ Vulnerable File(s): [+] Default.aspx Affected Module(s): [+] About Me Proof of Concept (PoC): ======================= The stored xss vulnerability can be exploited by remote attackers with low privileged web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: HTML

Source: Gmail -> IFTTT-> Blogger

Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty

Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices. The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft. But now Apple is going to face competition


from The Hacker News http://ift.tt/2aNZMHL
via IFTTT

Colliding Galaxies in Stephans Quintet


Will either of these galaxies survive? In what might be dubbed as a semi-final round in a galactic elimination tournament, the two spirals of NGC 7318 are colliding. The featured picture was created from images taken by the Hubble Space Telescope. When galaxies crash into each other, many things may happen including gravitational distortion, gas condensing to produce new episodes of star formation, and ultimately the two galaxies combining into one. Since these two galaxies are part of Stephan's Quintet, a final round of battling galaxies will likely occur over the next few billion years with the eventual result of many scattered stars and one large galaxy. Quite possibly, the remaining galaxy will not be easily identified with any of its initial galactic components. Stephan's Quintet was the first identified galaxy group, lies about 300 million light years away, and is visible through a moderately-sized telescope toward the constellation of the Winged Horse (Pegasus). via NASA http://ift.tt/2bfKPSy

Wednesday, August 10, 2016

Stopping Anonymous Proxy Login Attacks?

Using WordFence, how does one stop the Anonymous Proxy Server login attacks? We have implemented a strong login policy (3 wrong attempts and ...

from Google Alert - anonymous http://ift.tt/2aU2nRU
via IFTTT

Neuroevolution-Based Inverse Reinforcement Learning. (arXiv:1608.02971v1 [cs.NE])

The problem of Learning from Demonstration is targeted at learning to perform tasks based on observed examples. One approach to Learning from Demonstration is Inverse Reinforcement Learning, in which actions are observed to infer rewards. This work combines a feature based state evaluation approach to Inverse Reinforcement Learning with neuroevolution, a paradigm for modifying neural networks based on their performance on a given task. Neural networks are used to learn from a demonstrated expert policy and are evolved to generate a policy similar to the demonstration. The algorithm is discussed and evaluated against competitive feature-based Inverse Reinforcement Learning approaches. At the cost of execution time, neural networks allow for non-linear combinations of features in state evaluations. These valuations may correspond to state value or state reward. This results in better correspondence to observed examples as opposed to using linear combinations. This work also extends existing work on Bayesian Non-Parametric Feature Construction for Inverse Reinforcement Learning by using non-linear combinations of intermediate data to improve performance. The algorithm is observed to be specifically suitable for a linearly solvable non-deterministic Markov Decision Processes in which multiple rewards are sparsely scattered in state space. A conclusive performance hierarchy between evaluated algorithms is presented.



from cs.AI updates on arXiv.org http://ift.tt/2aC7CXz
via IFTTT

Neural Generation of Regular Expressions from Natural Language with Minimal Domain Knowledge. (arXiv:1608.03000v1 [cs.CL])

This paper explores the task of translating natural language queries into regular expressions which embody their meaning. In contrast to prior work, the proposed neural model does not utilize domain-specific crafting, learning to translate directly from a parallel corpus. To fully explore the potential of neural models, we propose a methodology for collecting a large corpus of regular expression, natural language pairs. Our resulting model achieves a performance gain of 19.6% over previous state-of-the-art models.



from cs.AI updates on arXiv.org http://ift.tt/2aHFX3e
via IFTTT

Towards Visual Type Theory as a Mathematical Tool and Mathematical User Interface. (arXiv:1608.03026v1 [cs.AI])

A visual type theory is a cognitive tool that has much in common with language, and may be regarded as an exceptional form of spatial text adjunct. A mathematical visual type theory, called NPM, has been under development that can be viewed as an early-stage project in mathematical knowledge management and mathematical user interface development. We discuss in greater detail the notion of a visual type theory, report on progress towards a usable mathematical visual type theory, and discuss the outlook for future work on this project.



from cs.AI updates on arXiv.org http://ift.tt/2b5i0Uh
via IFTTT

The Quadripolar Relational Model: an Artificial Intelligence framework for the description of personality disorders. (arXiv:1512.05875v3 [q-bio.NC] UPDATED)

Borderline personality disorder and narcissistic personality disorder are important nosographic entities and have been subject of intensive investigations. The currently prevailing psycodynamic theory for mental disorders is based on the repertoire of defense mechanisms employed. Another fruitful line of research is concerned with the study of psychological traumas and on dissociation as a defensive response. Both theories can be used to shed light on some aspects of pathological mental functioning, and have many points of contact. This work tries to merge these two psychological theories, and conceive a common framework for the description of personality disorders.



from cs.AI updates on arXiv.org http://ift.tt/1QAee7l
via IFTTT

Ravens will air Michael Phelps' 200-meter individual medley final on the video boards during Thursday's preseason game (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Webpack build breaks ability to use npm installed custom components · Issue #1624

_getTransitiveCompiledTemplates @ runtime_compiler.js:117(anonymous .... 23(anonymous function) @ main.bundle.js:1 zone.js:461Unhandled ...

from Google Alert - anonymous http://ift.tt/2aTwlpk
via IFTTT

[FD] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities

1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://ift.tt/2bh515k Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP Release mode: Coordinated release 2. Vulnerability Information Class: Unchecked Return Value [CWE-252], TOCTOU Race Condition [CWE-367] Impact: Denial of service, Security bypass Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2016-5845, CVE-2016-5847 3. Vulnerability Description SAP [1] distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. Vulnerabilities were found in the extraction of specially crafted archive files, that could lead to local denial of service conditions or privilege escalation. 4. Vulnerable Packages SAPCAR archive tool Other products and versions might be affected, but they were not tested. 5. Vendor Information, Solutions and Workarounds SAP published the following Security Notes: 2312905 2327384 6. Credits This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. Technical Description / Proof of Concept Code SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. Vulnerabilities were found in the extraction of specially crafted archive files, that could lead to denial of service conditions or escalation of privileges. The code that handles the extraction of archive files is prone to privilege escalation and denial of service vulnerabilities. 7.1. Denial of service via invalid file names [CVE-2016-5845] Denial of service vulnerability due the SAPCAR program not checking the return value of file operations when extracting files. This might result in the program crashing when trying to extract files from an specially crafted archive file that contains invalid file names for the target platform. Of special interest are applications or solutions that makes use of SAPCAR in an automated way. The following is a proof of concept to demonstrate the vulnerability: $ xxd SAPCAR_crash.SAR 0000000: 4341 5220 322e 3031 4452 0081 0000 0f00 CAR 2.01DR...... 0000010: 0000 0000 0000 0000 0000 d4f8 e555 0000 .............U.. 0000020: 0000 0000 0000 0000 1000 696e 7075 742d ..........input- 0000030: 6469 722f 696e 7090 7400 4544 1a00 0000 dir/inp.t.ED.... 0000040: 0f00 0000 121f 9d02 7bc1 23b9 a90a 25a9 ........{.#...%. 0000050: 1525 0a69 9939 a95c 0000 857f b95a .%.i.9.\.....Z $ ./SAPCAR -dvf SAPCAR_crash.SAR SAPCAR: processing archive SAPCAR_crash.SAR (version 2.01) d input-dir/inp#t SAPCAR: checksum error in input-dir/inp#t (error 12). No such file or director $ ./SAPCAR -xvf SAPCAR_crash.SAR SAPCAR: processing archive SAPCAR_crash.SAR (version 2.01) x input-dir/inp#t Segmentation fault 7.2. Race condition on permission change [CVE-2016-5847] Race condition vulnerability due to the way the SAPCAR program change the permissions of extracted files. If a malicious local user has access to a directory where a user is extracting files using SAPCAR, the attacker might use this vulnerability to change the permissions of arbitrary files belonging to the user. The SAPCAR program writes the file being extracted and after closing it, the program changes the permissions to the ones set on the archive file. There's a time gap between the creating of the file and the change of the permissions. During this time frame, a malicious local user can replace the extracted file with a hard link to a file belonging to another user, resulting in the SAPCAR program changing the permissions on the hard-linked file to be the same as that of the compressed file. The following is a proof of concept to demonstrate the vulnerability: $ xxd SAPCAR_race_condition.SAR 0000000: 4341 5220 322e 3031 5247 b481 0000 2b00 CAR 2.01RG....+. 0000010: 0000 0000 0000 0000 0000 d023 5e56 0000 ...........#^V.. 0000020: 0000 0000 0000 0000 1000 7465 7374 5f73 ..........test_s 0000030: 7472 696e 672e 7478 7400 4544 3500 0000 tring.txt.ED5... 0000040: 2b00 0000 121f 9d02 7b21 19a9 0a85 a599 +.......{!...... 0000050: c9d9 0a49 45f9 e579 0a69 f915 0a59 a5b9 ...IE..y.i...Y.. 0000060: 05c5 0af9 65a9 450a 2540 e99c c4aa 4a85 ....e.E.%@....J. 0000070: 94fc 7400 0008 08c6 b9 ..t...... $ ./SAPCAR -tvf SAPCAR_race_condition.SAR SAPCAR: processing archive SAPCAR_race_condition.SAR (version 2.01) -rw-rw-r-- 43 01 Dec 2015 19:48 test_string.txt $ strace ./SAPCAR -xvf SAPCAR_race_condition.SAR execve("./SAPCAR", ["./SAPCAR", "-xvf", "SAPCAR_race_condition.SAR"], [/* 76 vars */]) = 0 [..] open("test_string.txt", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4 mmap(NULL, 323584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f98c4704000 fstat(4, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f98c475c000 write(4, "The quick brown fox jumps over t"..., 43) = 43 close(4) = 0 munmap(0x7f98c475c000, 4096) = 0 utime("test_string.txt", [2015/12/01-19:48:48, 2015/12/01-19:48:48]) = 0 chmod("test_string.txt", 0664) = 0 [..] 8. Report Timeline 2016-04-21: Core Security sent an initial notification to SAP. 2016-04-22: SAP confirmed the reception of the email and requested the draft version of the advisory. 2016-04-22: Core Security sent SAP a draft version of the advisory and informed them we would adjust our publication schedule according with the release of a solution to the issues. 2016-04-25: SAP confirmed the reported vulnerabilities and assigned the following security incident tickets IDs: 1670264798, 1670264799 and 1670264800. 2016-05-10: Core Security asked SAP if they had a tentative date for publishing the security fixes. 2016-05-20: SAP informed Core Security they have a tentative release date on July 12th, 2016 (July Patch day). 2016-05-23: Core Security thanked SAP for the tentative date and informed them we would publish our security advisory accordingly upon their confirmation. 2016-06-27: Core Security requested SAP the tentative security notes numbers and links in order to add them to our security advisory. 2016-07-05: SAP informed Core Security they due to some issues found during their testing phase of the patches they were not in a position to ship the patches as part of their July patch day. They said they would be able to ship the patches with August patch day. 2016-07-06: Core Security requested SAP the specific day in August they planed to release the patches. 2016-07-20: Core Security requested again SAP the specific day in August they planed to release the patches. 2016-07-21: SAP informed Core Security they would publish their security notes on the 9th of August. 2016-08-10: Advisory CORE-2016-0006 published. 9. References [1] http://go.sap.com/. 10. About CoreLabs CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://ift.tt/140w507. 11. About Core Security Courion and Core Security have rebranded the combined company, changing its name to Core Security, to reflect the company’s strong commitment to providing enterprises with market-leading, threat-aware, identity, access and vulnerability management solutions that enable actionable intelligence and context needed to manage security risks across the enterprise. Core Security’s analytics-driven approach to security enables customers to manage access and identify vulnerabilities, in order to minimize risks and maintain continuous compliance. Solutions include Multi-Factor Authentication, Provisioning, Identity Governance and Administration (IGA), Identity and Access Intelligence (IAI), and Vulnerability Management (VM). The combination of these solutions provides context and shared intelligence through analytics, giving customers a more comprehensive view of their security posture so they can make more informed, prioritized, and better security remediation decisions. Core Security is headquartered in the USA with offices and operations in South America, Europe, Middle East and Asia. To learn more, contact Core Security at (678) 304-4500 or info@coresecurity.com. 12. Disclaimer The contents of this advisory are copyright (c) 2016 Core Security and (c) 2016 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://ift.tt/q9c1Zu 13. PGP/GPG Keys This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://ift.tt/1B0HTZY.

Source: Gmail -> IFTTT-> Blogger

Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot

Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI (Unified Extensible Firmware Interface) Secure Boot feature. What's even worse? It will be impossible for Microsoft to undo its leak. <!-- adsense --> Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your


from The Hacker News http://ift.tt/2b3Uo2l
via IFTTT

I have a new follower on Twitter


Matt Delgado
LongLiveBryant | #RU20 | sc:dellio757
Newport News, VA

Following: 776 - Followers: 1420

August 10, 2016 at 11:40AM via Twitter http://twitter.com/DelgotHoes

Ravens Video: Ex-Baltimore RB Ray Rice believes he'll get a 2nd chance in NFL; \"In my heart of hearts it will happen\" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ImageNet classification with Python and Keras

imagenet_example_header

Normally, I only publish blog posts on Monday, but I’m so excited about this one that it couldn’t wait and I decided to hit the publish button early.

You see, just a few days ago, François Chollet pushed three Keras models (VGG16, VGG19, and ResNet50) online — these networks are pre-trained on the ImageNet dataset, meaning that they can recognize 1,000 common object classes out-of-the-box.

To utilize these models in your own applications, all you need to do is:

  1. Install Keras.
  2. Clone the deep-learning-models repository.
  3. Download the weights files for the pre-trained network(s) (which we’ll be done automatically for you when you import and instantiate the respective network architecture).
  4. Apply the pre-trained ImageNet networks to your own images.

It’s really that simple.

So, why is this so exciting? I mean, we’ve had the weights to popular pre-trained ImageNet classification networks for awhile, right?

The problem is that these weight files are in Caffe format — and while the Caffe library may be the current standard for which many researchers use to construct new network architectures, train them, and evaluate them, Caffe also isn’t the most Python-friendly library in the world, at least in terms of constructing the network architecture itself.

Note: You can do some pretty cool stuff with the Caffe-Python bindings, but I’m mainly focusing on how Caffe architectures and the training process itself is defined via

.prototxt
  configuration files rather than code that logic can be inserted into.

There is also the fact that there isn’t an easy or streamlined method to convert Caffe weights to a Keras-compatible model.

That’s all starting to change now — we can now easily apply VGG16, VGG19, and ResNet50 using Keras and Python to our own applications without having to worry about the Caffe => Keras weight conversion process.

In fact, it’s now as simple as these three lines of code to classify an image using a Convolutional Neural Network pre-trained on the ImageNet dataset with Python and Keras:

model = VGG16(weights="imagenet")
preds = model.predict(preprocess_input(image))
print(decode_predictions(preds))

Of course, there are a few other imports and helper functions that need to be utilized — but I think you get the point:

It’s now dead simple to apply ImageNet-level pre-trained networks using Python and Keras.

To find out how, keep reading.

Looking for the source code to this post?
Jump right to the downloads section.

ImageNet classification with Python and Keras

In the remainder of this tutorial, I’ll explain what the ImageNet dataset is, and then provide Python and Keras code to classify images into 1,000 different categories using state-of-the-art network architectures.

What is ImageNet?

Within computer vision and deep learning communities, you might run into a bit of contextual confusion surrounding what ImageNet is and what it isn’t.

You see, ImageNet is actually a project aimed at labeling and categorizing images into almost 22,000 categories based on a defined set of words and phrases. At the time of this writing, there are over 14 million images in the ImageNet project.

So, how is ImageNet organized?

To order such a massive amount of data, ImageNet actually follows the WordNet hierarchy. Each meaningful word/phrase inside WordNet is called a “synonym set” or “synset” for short. Within the ImageNet project, images are organized according to these synsets, with the goal being to have 1,000+ images per synset.

ImageNet Large Scale Recognition Challenge (ILSVRC)

In the context of computer vision and deep learning, whenever you hear people talking about ImageNet, they are very likely referring to the ImageNet Large Scale Recognition Challenge, or simply ILSVRC for short.

The goal of the image classification track in this challenge is to train a model that can classify an image into 1,000 separate categories using over 100,000 test images — the training dataset itself consists of approximately 1.2 million images.

Be sure to keep the context of ImageNet in mind when you’re reading the remainder of this blog post or other tutorials and papers related to ImageNet. While in the context of image classification, object detection, and scene understanding, we often refer to ImageNet as the classification challenge and the dataset associated with the challenge, remember that there is also a more broad project called ImageNet where these images are collected, annotated, and organized.

Configuring your system for Keras and ImageNet

To configure your system to use the state-of-the-art VGG16, VGG19, and ResNet50 networks, make sure you follow my previous tutorial on installing Keras.

The Keras library will use PIL/Pillow for some helper functions (such as loading an image from disk). You can install Pillow, the more Python friendly fork of PIL, by using this command:

$ pip install pillow

To run the networks pre-trained on the ImageNet dataset with Python, you’ll need to make sure you have the latest version of Keras installed. At the time of this writing, the latest version of Keras is

1.0.6
 , the minimum requirement for utilizing the pre-trained models.

You can check your version of Keras by executing the following commands:

$ python
>>> import keras
Using Theano backend.
Using gpu device 1: GeForce GTX TITAN X (CNMeM is disabled, cuDNN 4007)
>>> keras.__version__
'1.0.6'
>>>

Alternatively, you can use

pip freeze
  to list the out the packages installed in your environment:
Figure 1: Listing the set of Python packages installed in your environment.

Figure 1: Listing the set of Python packages installed in your environment.

If you are using an earlier version of Keras prior to

1.0.6
 , uninstall it, and then use my previous tutorial to install the latest version.

Next, to gain access to VGG16, VGG19, and the ResNet50 architectures and pre-trained weights, you need to clone the deep-learning-models repository from GitHub:

$ git clone http://ift.tt/2ajePvK

From there, change into the

deep-learning-models
  directory and
ls
  the contents:
$ cd deep-learning-models
$ ls -l
total 40
-rw-rw-r-- 1 adrian adrian  1233 Aug  6 11:20 imagenet_utils.py
-rw-rw-r-- 1 adrian adrian  1074 Aug  6 11:20 LICENSE
-rw-rw-r-- 1 adrian adrian  2569 Aug  6 11:20 README.md
-rw-rw-r-- 1 adrian adrian 10258 Aug  6 11:20 resnet50.py
-rw-rw-r-- 1 adrian adrian  7225 Aug  6 11:20 vgg16.py
-rw-rw-r-- 1 adrian adrian  7508 Aug  6 11:20 vgg19.py

Notice how we have four Python files. The

resnet50.py
 ,
vgg16.py
 , and
vgg19.py
  files correspond to their respective network architecture definitions.

The

imagenet_utils
  file, as the name suggests, contains a couple helper functions that allow us to prepare images for classification as well as obtain the final class label predictions from the network.

Keras and Python code for ImageNet CNNs

We are now ready to write some Python code to classify image contents utilizing Convolutional Neural Networks (CNNs) pre-trained on the ImageNet dataset.

To start, open up a new file, name it

test_imagenet.py
 , and insert the following code:
# import the necessary packages
from keras.preprocessing import image as image_utils
from imagenet_utils import decode_predictions
from imagenet_utils import preprocess_input
from vgg16 import VGG16
import numpy as np
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to the input image")
args = vars(ap.parse_args())

# load the original image via OpenCV so we can draw on it and display
# it to our screen later
orig = cv2.imread(args["image"])

We start on Lines 2-8 by importing our required Python packages. Line 2 imports the

image
  pre-processing module directly from the Keras library. However, Lines 3-5 import functions and network architectures from within the
deep-learning-models
  directory. Because of this, you’ll want to make sure your
test_imagenet.py
  file is inside the
deep-learning-models
  directory (or your
PYTHONPATH
  is updated accordingly), otherwise your script will fail to import these functions.

Alternatively, you can use the “Downloads” section at the bottom of this tutorial to download the source code + example images. This download ensures the code is configured correctly and that your directory structure is setup properly.

Lines 11-14 parse our command line arguments. We only need a single switch here,

--image
 , which is the path to our input image.

We then load our image in OpenCV format on Line 18. This step isn’t strictly required since Keras provides helper functions to load images (which I’ll demonstrate in the next code block), but there are differences in how both these functions work, so if you intend on applying any type of OpenCV functions to your images, I suggest loading your image via

cv2.imread
  and then again via the Keras helpers. Once you get a bit more experience manipulating NumPy arrays and swapping channels, you can avoid the extra I/O overhead, but for the time being, let’s keep things simple.
# import the necessary packages
from keras.preprocessing import image as image_utils
from imagenet_utils import decode_predictions
from imagenet_utils import preprocess_input
from vgg16 import VGG16
import numpy as np
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to the input image")
args = vars(ap.parse_args())

# load the original image via OpenCV so we can draw on it and display
# it to our screen later
orig = cv2.imread(args["image"])

# load the input image using the Keras helper utility while ensuring
# that the image is resized to 224x224 pxiels, the required input
# dimensions for the network -- then convert the PIL image to a
# NumPy array
print("[INFO] loading and preprocessing image...")
image = image_utils.load_img(args["image"], target_size=(224, 224))
image = image_utils.img_to_array(image)

Line 25 applies the

.load_img
  Keras helper function to load our image from disk. We supply a
target_size
  of 224 x 224 pixels, the required spatial input image dimensions for the VGG16, VGG19, and ResNet50 network architectures.

After calling

.load_img
 , our
image
  is actually in PIL/Pillow format, so we need to apply the
.img_to_array
  function to convert the
image
  to a NumPy format.

Next, let’s preprocess our image:

# import the necessary packages
from keras.preprocessing import image as image_utils
from imagenet_utils import decode_predictions
from imagenet_utils import preprocess_input
from vgg16 import VGG16
import numpy as np
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to the input image")
args = vars(ap.parse_args())

# load the original image via OpenCV so we can draw on it and display
# it to our screen later
orig = cv2.imread(args["image"])

# load the input image using the Keras helper utility while ensuring
# that the image is resized to 224x224 pxiels, the required input
# dimensions for the network -- then convert the PIL image to a
# NumPy array
print("[INFO] loading and preprocessing image...")
image = image_utils.load_img(args["image"], target_size=(224, 224))
image = image_utils.img_to_array(image)

# our image is now represented by a NumPy array of shape (3, 224, 224),
# but we need to expand the dimensions to be (1, 3, 224, 224) so we can
# pass it through the network -- we'll also preprocess the image by
# subtracting the mean RGB pixel intensity from the ImageNet dataset
image = np.expand_dims(image, axis=0)
image = preprocess_input(image)

If at this stage we inspect the

.shape
  of our
image
 , you’ll notice the shape of the NumPy array is (3, 224, 224) — each image is 224 pixels wide, 224 pixels tall, and has 3 channels (one for each of the Red, Green, and Blue channels, respectively).

However, before we can pass our

image
  through our CNN for classification, we need to expand the dimensions to be (1, 3, 224, 224).

Why do we do this?

When classifying images using Deep Learning and Convolutional Neural Networks, we often send images through the network in “batches” for efficiency. Thus, it’s actually quite rare to pass only one image at a time through the network — unless of course, you only have one image to classify (like we do).

We then preprocess the

image
  on Line 33 by subtracting the mean RGB pixel intensity computed from the ImageNet dataset.

Finally, we can load our Keras network and classify the image:

# import the necessary packages
from keras.preprocessing import image as image_utils
from imagenet_utils import decode_predictions
from imagenet_utils import preprocess_input
from vgg16 import VGG16
import numpy as np
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to the input image")
args = vars(ap.parse_args())

# load the original image via OpenCV so we can draw on it and display
# it to our screen later
orig = cv2.imread(args["image"])

# load the input image using the Keras helper utility while ensuring
# that the image is resized to 224x224 pxiels, the required input
# dimensions for the network -- then convert the PIL image to a
# NumPy array
print("[INFO] loading and preprocessing image...")
image = image_utils.load_img(args["image"], target_size=(224, 224))
image = image_utils.img_to_array(image)

# our image is now represented by a NumPy array of shape (3, 224, 224),
# but we need to expand the dimensions to be (1, 3, 224, 224) so we can
# pass it through the network -- we'll also preprocess the image by
# subtracting the mean RGB pixel intensity from the ImageNet dataset
image = np.expand_dims(image, axis=0)
image = preprocess_input(image)

# load the VGG16 network
print("[INFO] loading network...")
model = VGG16(weights="imagenet")

# classify the image
print("[INFO] classifying image...")
preds = model.predict(image)
(inID, label) = decode_predictions(preds)[0]

# display the predictions to our screen
print("ImageNet ID: {}, Label: {}".format(inID, label))
cv2.putText(orig, "Label: {}".format(label), (10, 30),
        cv2.FONT_HERSHEY_SIMPLEX, 0.9, (0, 255, 0), 2)
cv2.imshow("Classification", orig)
cv2.waitKey(0)

On Line 37 we initialize our

VGG16
  class. We could also substitute in
VGG19
  or
ResNet50
  here, but for the sake of this tutorial, we’ll use
VGG16
 .

Supplying

weights="imagenet"
  indicates that we want to use the pre-trained ImageNet weights for the respective model.

Once the network has been loaded and initialized, we can predict class labels by making a call to the

.predict
  method of the
model
 . These predictions are actually a NumPy array with 1,000 entries — the predicted probabilities associated with each class in the ImageNet dataset.

Calling

decode_predictions
  on these predictions gives us the ImageNet Unique ID of the label, along with a human-readable text version of the label.

Finally, Lines 45-49 print the predicted

label
  to our terminal and display the output image to our screen.

ImageNet + Keras image classification results

To apply the Keras models pre-trained on the ImageNet dataset to your own images, make sure you use the “Downloads” form at the bottom of this blog post to download the source code and example images. This will ensure your code is properly formatted (without errors) and your directory structure is correct.

But before we can apply our pre-trained Keras models to our own images, let’s first discuss how the model weights are (automatically) downloaded.

Downloading the model weights

The first time you execute the

test_imagenet.py
  script, Keras will automatically download and cache the architecture weights to your disk in the
~/.keras/models
  directory.

Subsequent runs of

test_imagenet.py
  will be substantially faster (since the network weights will already be downloaded) — but that first run will be quite slow (comparatively), due to the download process.

That said, keep in mind that these weights are fairly large HDF5 files and might take awhile to download if you do not have a fast internet connection. For convenience, I have listed out the size of the weights files for each respective network architecture:

  • ResNet50: 102MB
  • VGG16: 553MB
  • VGG19: 574MB

ImageNet and Keras results

We are now ready to classify images using the pre-trained Keras models! To test out the models, I downloaded a couple images from Wikipedia (“brown bear” and “space shuttle”) — the rest are from my personal library.

To start, execute the following command:

$ python test_imagenet.py --image images/dog_beagle.png

Notice that since this is my first run of

test_imagenet.py
 , the weights associated with the VGG16 ImageNet model need to be downloaded:
Figure 2: Downloading the pre-trained ImageNet weights for VGG16.

Figure 2: Downloading the pre-trained ImageNet weights for VGG16.

Once our weights are downloaded, the VGG16 network is initialized, the ImageNet weights loaded, and the final classification is obtained:

Figure 3: Utilizing the VGG16 network trained on ImageNet to recognize a beagle in an image.

Figure 3: Utilizing the VGG16 network trained on ImageNet to recognize a beagle (dog) in an image.

Let’s give another image a try, this one of a beer glass:

$ python test_imagenet.py --image images/beer.png
Figure 4: Recognizing a beer glass using a Convolutional Neural Network trained on ImageNet.

Figure 4: Recognizing a beer glass using a Convolutional Neural Network trained on ImageNet.

The following image is of a brown bear:

$ python test_imagenet.py --image images/brown_bear.png
IMAGE Figure 5: Utilizing VGG16, Keras, and Python to recognize the brown bear in an image.

Figure 5: Utilizing VGG16, Keras, and Python to recognize the brown bear in an image.

I took the following photo of my keyboard to test out the ImageNet network using Python and Keras:

$ python test_imagenet.py --image images/keyboard.png
Figure 6: Utilizing Python, Keras, and a Convolutional Neural Network trained on ImageNet to recognize image contents.

Figure 6: Utilizing Python, Keras, and a Convolutional Neural Network trained on ImageNet to recognize image contents.

I then took a photo of my monitor as I was writing the code for this blog post. Interestingly, the network classified this image as “desktop computer”, which makes sense given that the monitor is the primary subject of the image:

$ python test_imagenet.py --image images/monitor.png
Figure 7: Image classification via Python, Keras, and CNNs.

Figure 7: Image classification via Python, Keras, and CNNs.

This next image is of a space shuttle:

$ python test_imagenet.py --image images/space_shuttle.png
Figure 8: Recognizing image contents using a Convolutional Neural Network trained on ImageNet via Keras + Python.

Figure 8: Recognizing image contents using a Convolutional Neural Network trained on ImageNet via Keras + Python.

The final image is of a steamed crab, a blue crab, to be specific:

$ python test_imagenet.py --image images/steamed_crab.png
Figure 9: Convolutional Neural Networks and ImageNet for image classification with Python and Keras.

Figure 9: Convolutional Neural Networks and ImageNet for image classification with Python and Keras.

What I find interesting about this particular example is that VGG16 classified this image as “Dungeness crab”, which may be technically incorrect. However, keep in mind that blue crabs are called blue crabs for a reason — their outer shell is blue. It is not until you steam them for eating do their shells turn red. The Dungeness crab on the other hand has a slightly dark orange tint to it, even before steaming. The fact that the network was even able to label this image as “crab” is very impressive.

A note on model timing

From start to finish (not including the downloading of the network weights files), classifying an image using VGG16 took approximately 11 seconds on my Titan X GPU. This includes the process of actually loading both the image and network from disk, performing any initializations, passing the image through the network, and obtaining the final predictions.

However, once the network is actually loaded into memory, classification takes only 1.8 seconds, which goes to show you how much overhead is involved in actually loading an initializing a large Convolutional Neural Network. Furthermore, since images can be presented to the network in batches, this same time for classification will hold for multiple images.

If you’re classifying images on your CPU, then you should obtain a similar classification time. This is mainly because there is substantial overhead in copying the image from memory over to the GPU. When you pass multiple images via batches, it makes the I/O overhead for using the GPU more acceptable.

Summary

In this blog post, I demonstrated how to use the newly released deep-learning-models repository to classify image contents using state-of-the-art Convolutional Neural Networks trained on the ImageNet dataset.

To accomplish this, we leveraged the Keras library, which is maintained by François Chollet — be sure to reach out to him and say thanks for maintaining such an incredible library. Without Keras, deep learning with Python wouldn’t be half as easy (or as fun).

Of course, you might be wondering how to train your own Convolutional Neural Network from scratch using ImageNet. Don’t worry, we’re getting there — we just need to understand the basics of neural networks, machine learning, and deep learning first. Walk before you run, so to speak.

I’ll be back next week with a tutorial on hyperparameter tuning, a key step to maximizing your model’s accuracy.

To be notified when future blog posts are published on the PyImageSearch blog, be sure to enter your email address in the form below — se you next week!

Downloads:

If you would like to download the code and images used in this post, please enter your email address in the form below. Not only will you get a .zip of the code, I’ll also send you a FREE 11-page Resource Guide on Computer Vision and Image Search Engines, including exclusive techniques that I don’t post on this blog! Sound good? If so, enter your email address and I’ll send you the code immediately!

The post ImageNet classification with Python and Keras appeared first on PyImageSearch.



from PyImageSearch http://ift.tt/2bf1Usw
via IFTTT

Anonymous Consequences

We welcome back Ninno Mancini to Retorica. Ninno delivered two strong track EP with functional minimal and dark techno. This ep is a serious mental ...

from Google Alert - anonymous http://ift.tt/2aZ4ROu
via IFTTT

ISS Daily Summary Report – 08/09/2016

Fluid Shifts Operations in the Service Module: With ground team assistance, Russian and USOS crew members supported Fluid Shifts Imaging exams by conducting the Optical Coherence Tomography (OCT) exam, Ultrasound scans, the Distortion Product Otoacoustic Emission (DPOAE) tests, and a Tonometry exam. The purpose of this investigation is to characterize the space flight-induced fluid shift, including intra- and extravascular shifts, intra- and extracellular shifts, changes in total body water and lower vs. upper body shifts. Results from this investigation are expected to help define the causes of the ocular structure and vision changes associated with long duration space flight, and assist in the development of countermeasures. Mouse Epigenetics Cage Unit Maintenance: Today, the Mouse Habitat Unit #3 was cleaned, and the crew exchanged filters and collected samples.  The food cartridges were exchanged and the MHU was returned to its stowage location The Mouse Epigenetics investigation studies altered gene expression patterns in the organs of male mice that spend one month in space, and also examines changes in the deoxyribonucleic acid (DNA) of their offspring. Results from the investigation identify genetic alterations that happen after exposure to the microgravity environment of space. Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of life onboard ISS, providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. Dose Tracker: The Dose Tracker app was configured and the crewmember completed entries for medication tracking on an iPad. This investigation documents the medication usage of crewmembers before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Extravehicular Activity (EVA) Preparations: The crew completed the following in preparation for the IDA2 EVA planned on August 19: Prepared the Equipment Lock (EL), Extravehicular Mobility Units (EMUs) and ancillary hardware to support EVA prep activities. Verified that the Simplified Aid for EVA Rescue (SAFER) is functional. Continued configuring required tools. Today’s Planned Activities All activities were completed unless otherwise noted. Optical Coherence Tomography (OCT) – Setup Virus Definition File Update on Auxiliary Computer System (ВКС) Laptops CASKAD. Manual Mixing in Bioreactor / r/g 2888 MOUSE Hardware Setup Optical Coherence Tomography (OCT), Operator On MCC GO Regeneration of БМП Ф1 Micropurification Cartridge (start) Optical Coherence Tomography (OCT), Subject ARED Rope Replacement Replacement of Komparus Hardware  (Removal of КП-МПА unit) Counter Measure System (CMS) Harmful Contaminant Measurements in SM / r/g 3029 WRS Water Sample Analysis ARED Rope Replacement (assistance) Analysis of SM Atmosphere for Freon Using Freon Leak Analyzer/Detector (ФИТ) r/g 1751 Photo/TV Battery Charge Initiation Optical Coherence Tomography (OCT), Subject Optical Coherence Tomography (OCT), Operator Replacement of Komparus Hardware, (Removal of КР-МПА unit) XF305 Camcorder Settings Adjustment MOUSE Habitat Cage Unit Cleaning Optical Coherence Tomography (OCT), Subject Optical Coherence Tomography (OCT), Operator FLUID SHIFTS, Ultrasound 2 Activation Photo/TV Battery charger battery swap MOUSE Sample MELFI Insertion EVA Equipment Lock Preparation Prep for SW Updates on RS1, RS2, RS3, REMOTE RS r/g 3016 СОЖ Maintenance FLUID SHIFTS, Preparation for Blood Pressure Operations FLUID SHIFTS, Ultrasound Scan Optical Coherence Tomography (OCT), Equipment Stowage SAFER Checkout FLUID SHIFTS. Ultrasound Scan Assistance BIOCARD. Experiment Ops r/g 1907 BIOCARD. Operator Assistance During the Experiment / r/g 1907 TOCA Data Recording DOSETRK Questionnaire Completion Crew Prep for PAO HABIT Questionnaire Completion PAO Hardware Setup PAO Event OTKLIK. Hardware Monitoring / r/g 1588 RS internal lighting system audit (SM, MRM1, MRM2, DC1) / r/g 3009 Photo/TV.  Battery charger battery swap Waste and Hygiene Compartment (WHS) Pre-Treat Tank and Pre-Treat Tank Hose R&R FLUID SHIFTS, CCFP Operations EVA Tool Config IMS Delta File Prep FLUID SHIFTS, Distortion Product Otoacoustic Emission (DPOAE) measurement Test FLUID SHIFTS. Tonometer Eye Test with Remote Guidance FLUID SHIFTS, OCT Baseline Exam FLUID SHIFTS. Tonometry Setup FLUID SHIFTS. Tonometer Exam Operator FLUID SHIFTS, Tonometer Exam FLUID SHIFTS. Hardware Removal and Stowage FLUID SHIFTS, Hardware Stowage FLUID SHIFTS. Post-ops Stowage Fundoscope Exam Setup CONTENT. Experiment Ops / r/g 3028 CONTENT. Experiment Ops / r/g 3027 Fundoscope Setup for exam Fundoscope, Eye Exam Fundoscope, Eye Exam (Operator) Terminate Photo/Video Battery Charge Waste and Hygiene Compartment (WHS) Urine Receptacle and Insert Filter Changeout Countermeasures System (CMS) – Sprint Exercise, Optional Fundoscope Exam Setup CASKAD. Manual Mixing in Bioreactor / r/g 2888 ARED Cylinder Flywheel Evacuation Fundoscope, Eye Exam (Operator) Fundoscope, Eye Exam Fundoscope Exam Subject Preparation Daily Planning Conference (S-band) Expedition 47 Plaque Hanging Fundoscope, Eye Examination Fundoscope, Eye Exam (Operator) On MCC GO Regeneration of БМП Ф1 Absorption Cartridge (end) Equipment stowage after Fundoscope Eye Imaging Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. Fluid Shifts support Nominal ground commanding. Three-Day Look Ahead: Wednesday, 08/10: EMU fit check, METEOR hard drive swap, Fluid Shifts, Mouse Epigenetics cage maintenance, Circadian Rhythms Thursday, 08/11: USOS crew holiday (Japan’s Mountain Day) Friday, 08/12: NanoRacks Module 9 ops, Heart Cells media change, SPHERES-Zero Robotics competition, Neuro Mapping, HMS Ultrasound, Circadian Rhythms, Fine Motor Skills QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Norm Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full […]

from ISS On-Orbit Status Report http://ift.tt/2aYTjun
via IFTTT

[FD] SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform

SEC Consult Vulnerability Lab Security Advisory < 20160810-0 > ======================================================================= title: Multiple vulnerabilities product: LINE instant messenger platform vulnerable version: before June 2016 fixed version: after June/July 2016 impact: removed (as per bounty program policy) homepage: http://line.me/en/ found: 2016-06-05 by: P. Morimoto (Office Bangkok) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Montreal - Moscow Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

Microsoft Releases 9 Security Updates to Patch 38 Vulnerabilities

In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 38 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102, patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by


from The Hacker News http://ift.tt/2b2BEjK
via IFTTT

Tuesday, August 9, 2016

I have a new follower on Twitter


Dr. Liz Hardy
At https://t.co/ib7zlO9dbS, I show online teachers how to work smarter. These #elearning tactics mean you can do a stunning job – without working 24/7.
New Zealand
https://t.co/9gfxgiJYll
Following: 9702 - Followers: 10993

August 09, 2016 at 11:39PM via Twitter http://twitter.com/SimpliTeach

Appendix B: Collection of Anonymous Data

Appendix B: Collection of Anonymous Data. This solution includes an option to send anonymous usage data to AWS. We use this data to better ...

from Google Alert - anonymous http://ift.tt/2aJ5Lvu
via IFTTT