Latest YouTube Video

Saturday, August 27, 2016

Ravens: Joe Flacco "answered all the questions" with solid performance in return from 2015 injury - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ravens: RB Kenneth Dixon leaves game vs. Lions with apparent left knee injury; 41 rush yards on 6 carries in 1st half (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ravens: TE Benjamin Watson suffers a torn Achilles on the first play of Saturday's game vs. Lions, is out for season (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Opera Browser Sync Service Hacked; Users' Data and Saved Passwords Compromised

Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser. <!-- adsense --> So, if you’ve been using Opera’s Cloud Sync service, which allows users to synchronize their browser data and settings


from The Hacker News http://ift.tt/2boXBc8
via IFTTT

Orioles: OF Adam Jones not in starting lineup Saturday vs. Yankees after straining his left hamstring in Friday's game (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Conservative impl trait does not seem to work with anonymous types

Conservative impl trait does not seem to work with anonymous types #36040. Open. MaikKlein opened this Issue an hour ago · 0 comments ...

from Google Alert - anonymous http://ift.tt/2brNiZG
via IFTTT

Megaupload Domains Seized by FBI 'Hijacked' to Host Porn Ads

Well, we all know that the FBI has previously hosting porn on the Internet. I still remember the case of PlayPen, the world's largest dark web child pornography site, which was seized by FBI and ran from agency’s own servers to uncover the site's visitors. Now, one of the most popular sites owned and operated by the FBI has been serving porn as well. FBI-owned Megaupload.org and several


from The Hacker News http://ift.tt/2bOZ4fZ
via IFTTT

Better Call Jay: The Lawyer Who Defends Anonymous

Now, meet Jay Leiderman, the California-based lawyer who represents Anonymous, pro bono. Leiderman specializes in cyber law and he's become ...

from Google Alert - anonymous http://ift.tt/2bOG1SN
via IFTTT

Hacker reveals How He Could have Hacked Multiple Facebook Accounts

How to Hack a Facebook Account? That's possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills. Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No


from The Hacker News http://ift.tt/2bW6V9N
via IFTTT

[InsideNothing] nikkyevans liked your post "[FD] PLANET IP Surveillance camera Multiple Vulnerabilities"



Source: Gmail -> IFTTT-> Blogger

Friday, August 26, 2016

Can Racism Be Stopped If We All Attend 'Racist Anonymous'

Racists Anonymous is a new program at the Trinity United Church of Christ in Concord, North Carolina. There, about a dozen people have been ...

from Google Alert - anonymous http://ift.tt/2bnArG4
via IFTTT

Orioles: OF Adam Jones leaves Friday's game vs. the Yankees in the 2nd inning with a left hamstring strain (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

rawr

This library provides anonymous extensible records using GHC 8.0 features, with the following goals/features: The syntax should be very close to that ...

from Google Alert - anonymous http://ift.tt/2bmPhdd
via IFTTT

D8 How to get rid of homepage field on comment for anonymous user

When I add a comment field to a node entity I have the possibility to configure for anonymous users between the following options: See CommentItem.

from Google Alert - anonymous http://ift.tt/2cgfgse
via IFTTT

Sorry Philly Mag, Bobby Henon might love to comment; here's why he won't

Editor's note: The following guest column was penned by a political communications professional in Philadelphia. If you listen carefully, you will hear it.

from Google Alert - anonymous http://ift.tt/2bnlmVa
via IFTTT

Anonymous move for Daughters

Anonymous move for Daughters. Published on 26th August 2016. Director signs for US representation. Renowned commercial and music video ...

from Google Alert - anonymous http://ift.tt/2bN1ETB
via IFTTT

Church Offers a 'Racists Anonymous' Counseling Meetings

Church Offers a "Racists Anonymous" Counseling Meetings. 1 hour ago. comment; share. (Photo: Getty Images). Mike McConnell. Listen to Mike ...

from Google Alert - anonymous http://ift.tt/2bTBpIC
via IFTTT

De La Soul's Album 'and the Anonymous Nobody' Has Arrived

De La Soul's new album, and the Anonymous Nobody, has finally arrived. It was supposed to be released in September of 2015, but we ain't mad at it.

from Google Alert - anonymous http://ift.tt/2boEXpA
via IFTTT

network-anonymous-i2p

network-anonymous-i2p. Haskell API for I2P anonymous networking http://ift.tt/1XpDzUYanonymous-i2p ...

from Google Alert - anonymous http://ift.tt/2buCqqQ
via IFTTT

ISS Daily Summary Report – 08/25/2016

SpaceX (SpX)-9 Unberth: The crew packed critical items and egressed the vehicle in preparation for Dragon departure.  Dragon was unberthed from the ISS via ground commanding at 4 PM CDT today. The vehicle will be maneuvered via ground commanding to an overnight park position in preparation for release tomorrow at 5:11 AM CDT with splashdown approximately 5 hours later. Polar 1 ISS to Dragon Transfer: Polar 1 was powered down, de-cabled, and removed from the EXPRESS Rack and transferred to the starboard powered payload location of SpX-9. A second crew member concurrently installed and powered the Polar and Transportation Cage Unit of the Mouse Epigenetics investigation into the Dragon. Double Coldbag Pack: The crew transferred cold samples and required Ice Bricks from MELFI-2, MELFI-3, Glacier 2, MERLIN 5, and SABL S/N 2 into Double Coldbags in preparation for Dragon descent. Biological Rhythms 48 Multi Media Card Exchange: The crew stopped the 24-hour recording that began yesterday, changed out the Multi Media Card and battery of the Digital Walk Holter ECG, and began the second 24-hour recording. The objective of the Japan Aerospace Exploration Agency (JAXA) Biological Rhythms 48 is to study the effects of long-term microgravity exposure on heart function by analyzing an astronaut’s electrocardiogram for 48 hours.  Mouse Epigenetics Transfer and Closeout Operations: The crew prepared all twelve of theTransportation Cage Units (TCU) before removing the Mouse Habitat Cage Units from the Cell Biology Experiment Facility (CBEF) and transferring the mice into the TCUs in the Glove Box for return. The crew also transferred the food cartridges and disconnected the supporting Glove Box hardware. LS-1 Server Issues: Last night the LS-1 server had to be rebooted multiple times and continued to experience issues this morning. There are no major impacts at this time. The server will be rebooted as necessary. The server will be reconfigured to set up for the possibility of rebuilding a new server overnight to protect tomorrow’s SpX-9 departure. Robotics Operations: Last night Robotics Ground Controllers actuated the Special Purpose Dexterous Manipulator (SPDM) to unstow Robot Micro Conical Tool #2 (RMCT2) from the SPDM Tool Holster Assembly (THA) in preparation for the Remote Power Control Module (RPCM) P12B_A change out operations this Friday and Saturday. Today’s Planned Activities All activities were completed unless otherwise noted. SPLANH. Preparation and Initiate EGEG Recording r/g 3191 MORZE. Evaluation using SPRUT-2 Morning Inspection, Laptop RS1(2) Reboot SM ПСС (Caution & Warning Panel) Test Morning Inspection, Laptop RSS1,2 Reboot BLR48 starting measurement Double Cold Bag (DCB) Packing Equipment Mouse Epigenetics. Transportation Cage Unit Preparation Part 3 Double Cold Bag (DCB) Packing SSIPC Management / ISS Crew Tagup MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3187 Work Prep Equipment search and procedure review prior to ЦВМ1 (R-107) firmware upgrade r/g 3200 Environmental Health System (EHS), Relocation of Intravehicular Tissue Equivalent Proportional Counter IDENTIFICATION. Copy ИМУ-Ц micro-accelerometer data to laptop / r/g 1589 MORZE. Psycho-physiological Evaluation: Tsentrovka, SENSOR Tests Soyuz 731 Samsung Tablet Recharge, initiate XF305 Camcorder Settings Adjustment MOUSE Post-experiment Animal Transfer On MCC GO Sampling condensate water (KAV) before СРВ-К2М Gas-liquid mixture filter (ФГС) to drink bags, end / r/g 3195 Collecting condensate water samples [КАВ] up to СРВ-К2М БКО, equipment setup, sampler installation / r/g 3195 DRAGON. Transfers Connecting SM Kurs-P Antenna Feeder (АФУ) from DC1 АФУ to MRM2 АФУ assembly and photography of connection site /  r/g 8049 Crew Departure Prep SPLANH. Termination EGEG Recording and Closeout Ops r/g 3192 SPLANH. Photography of the Experiment Ops / r/g 3188 Collecting condensate water samples [КАВ] up to СРВ-К2М БКО, sampler replacement / r/g 3195 DAN. Experiment Operator Assistance / r/g 2780 DAN. Experiment Tagup with specialists / r/g 2780 DAN. Photography During the Experiment / r/g 3185 MOUSE Transportation Cage Unit handover to the crew for transfer in Dragon 9 DRAGON. Transfers POLAR1 Transfer to Dragon MOUSE Item Consolidation GLOVE BOX. Glove Box Closeout Ops Environmental Health System (EHS), Microbial Capture Device (MCD) and Coliform Detection Bag Ops Dragon Center Stack Transfers Н1 Pump R&R in КОБ2 Thermal Loop 4СПН2 Pump Panel r/g 3201 MORZE. Psycho-physiological Evaluation: Strelau Test MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3187 Soyuz 731 Samsung Tablet Recharge, terminate БРП-М water sampling to drink bags / r/g 3195 USOS Window Shutter Close Dragon Cargo Operations Conference Dragon Egress in Preparation for Departure MORZE. Psycho-physiological Evaluation: Cattell’s Test СВО-ЗВ water sampling to Russian drink bags / r/g 3195 Sampling condensate water [КАВ] upstream of СРВК-2М БКО, removing sampler, equipment disassembly / r/g 3195 Installation of Node 2 Nadir Common Berthing Mechanism (CBM) Controller Panel Assembly (CPA) OTKLIK. Hardware Monitoring / r/g 1588 MORZE. Closeout Ops MORZE. Psycho-physiological Evaluation: SUPOS Test Pre-pack cargo items for return or disposal on Soyuz 720 / r/g 3099, 3098 MORZE. Experiment setup / r/g 3190 Dragon Vestibule Configuration for Demate IMS Delta File Prep Pre-pack PK-4 Hard Drives for return stowage on Soyuz 720 r/g 3099 Pre-pack cargo items for return or disposal on Soyuz 720 / r/g 3099, 3098 Dragon/Node 2 Vestibule Depress MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3187 Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. Dragon unberth Nominal ground commanding Three-Day Look Ahead: Friday, 08/26: Dragon release, Biomolecule Sequencer ops, Biological Rhythms 48, Fine Motor Skills, HMS Fundoscope exam, crew departure prep Saturday, 08/27: Crew off duty Sunday, 08/28: Crew off duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2boM5gN
via IFTTT

[FD] Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2

----------------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

This Open Source 25-Core Processor Chip Scaled Up to 200,000-Core Computer

Researchers have designed a new computer chip that promises to boost the performance of computers and data centers while processing applications in parallel. Princeton University researchers have developed a 25-core open source processor, dubbed Piton named after the metal spikes used by rock climbers, which has been designed to be flexible, highly scalable, fast and energy-efficient to


from The Hacker News http://ift.tt/2bLcUQc
via IFTTT

Closest Star has Potentially Habitable Planet


The star closest to the Sun has a planet similar to the Earth. As announced yesterday, recent observations confirmed that this planet not only exists but inhabits a zone where its surface temperature could allow liquid water, a key ingredient for life on Earth. It is not yet known if this planet, Proxima b, has any life. Even if not, its potential ability to sustain liquid water might make it a good first hop for humanity's future trips out into the Milky Way Galaxy. Although the planet's parent star, Proxima Centauri, is cooler and redder than our Sun, one of the other two stars in the Alpha Centauri star system is very similar to our Sun. The featured image shows the sky location of Proxima Centauri in southern skies behind the telescope that made many of the discovery observations: ESO's 3.6-meter telescope in La Silla, Chile. The discovered planet orbits close in -- so close one year there takes only 11 days on Earth. The planet was discovered by the ESO's Pale Red Dot collaboration. Although seemingly unlikely, if Proxima b does have intelligent life, at 4.25 light years distance it is close enough to Earth for two-way communication. via NASA http://ift.tt/2carMtC

Thursday, August 25, 2016

I have a new follower on Twitter


DΔN
Bits of #Cyber, with the pump of #Fitness, fistful of #MMA and pips of #Forex.
BROHIO

Following: 5345 - Followers: 14558

August 25, 2016 at 11:13PM via Twitter http://twitter.com/Zer0DayDan

I have a new follower on Twitter


Ian Metzke
Managing Director of IMA Management and Technology, sometime fencer, average cyclist.
ÜT: -37.814173,144.962008
http://t.co/mSvCjZUOKU
Following: 7426 - Followers: 8201

August 25, 2016 at 10:58PM via Twitter http://twitter.com/metzke

State Duration and Interval Modeling in Hidden Semi-Markov Model for Sequential Data Analysis. (arXiv:1608.06954v1 [cs.AI])

Sequential data modeling and analysis have become indispensable tools for analyzing sequential data such as time-series data because a larger amount of sensed event data have become available. These methods capture the sequential structure of data of interest, such as input- output relationship and correlation among datasets. However, since most studies in this area are specialized or limited for their respective applications, rigorous requirement analysis on such a model has not been examined in a general point of view. Hence, we particularly examine the structure of sequential data, and extract the necessity of "state duration" and "state duration" of events for efficient and rich representation of sequential data. Specifically addressing the hidden semi-Markov model (HSMM) that represents such state duration inside a model, we attempt to newly add representational capability of state interval of events onto HSMM. To this end, we propose two extended models; one is interval state hidden semi-Markov model (IS-HSMM) to express the length of state interval with a special state node designated as "interval state node". The other is interval length probability hidden semi-Markov model (ILP-HSMM) which repre- sents the length of state interval with a new probabilistic parameter "interval length probability." From exhaustive simulations, we show superior performances of the proposed models in comparison with HSMM. To the best of our knowledge, our proposed models are the first extensions of HMM to support state interval representation as well as state duration representation.



from cs.AI updates on arXiv.org http://ift.tt/2bksC46
via IFTTT

Incremental Minimax Optimization based Fuzzy Clustering for Large Multi-view Data. (arXiv:1608.07001v1 [cs.AI])

Incremental clustering approaches have been proposed for handling large data when given data set is too large to be stored. The key idea of these approaches is to find representatives to represent each cluster in each data chunk and final data analysis is carried out based on those identified representatives from all the chunks. However, most of the incremental approaches are used for single view data. As large multi-view data generated from multiple sources becomes prevalent nowadays, there is a need for incremental clustering approaches to handle both large and multi-view data. In this paper we propose a new incremental clustering approach called incremental minimax optimization based fuzzy clustering (IminimaxFCM) to handle large multi-view data. In IminimaxFCM, representatives with multiple views are identified to represent each cluster by integrating multiple complementary views using minimax optimization. The detailed problem formulation, updating rules derivation, and the in-depth analysis of the proposed IminimaxFCM are provided. Experimental studies on several real world multi-view data sets have been conducted. We observed that IminimaxFCM outperforms related incremental fuzzy clustering in terms of clustering accuracy, demonstrating the great potential of IminimaxFCM for large multi-view data analysis.



from cs.AI updates on arXiv.org http://ift.tt/2bRkdDy
via IFTTT

Multi-View Fuzzy Clustering with Minimax Optimization for Effective Clustering of Data from Multiple Sources. (arXiv:1608.07005v1 [cs.AI])

Multi-view data clustering refers to categorizing a data set by making good use of related information from multiple representations of the data. It becomes important nowadays because more and more data can be collected in a variety of ways, in different settings and from different sources, so each data set can be represented by different sets of features to form different views of it. Many approaches have been proposed to improve clustering performance by exploring and integrating heterogeneous information underlying different views. In this paper, we propose a new multi-view fuzzy clustering approach called MinimaxFCM by using minimax optimization based on well-known Fuzzy c means. In MinimaxFCM the consensus clustering results are generated based on minimax optimization in which the maximum disagreements of different weighted views are minimized. Moreover, the weight of each view can be learned automatically in the clustering process. In addition, there is only one parameter to be set besides the fuzzifier. The detailed problem formulation, updating rules derivation, and the in-depth analysis of the proposed MinimaxFCM are provided here. Experimental studies on nine multi-view data sets including real world image and document data sets have been conducted. We observed that MinimaxFCM outperforms related multi-view clustering approaches in terms of clustering accuracy, demonstrating the great potential of MinimaxFCM for multi-view data analysis.



from cs.AI updates on arXiv.org http://ift.tt/2bKcSs1
via IFTTT

Title Generation for User Generated Videos. (arXiv:1608.07068v1 [cs.CV])

A great video title describes the most salient event compactly and captures the viewer's attention. In contrast, video captioning tends to generate sentences that describe the video as a whole. Although generating a video title automatically is a very useful task, it is much less addressed than video captioning. We address video title generation for the first time by proposing two methods that extend state-of-the-art video captioners to this new task. First, we make video captioners highlight sensitive by priming them with a highlight detector. Our framework allows for jointly training a model for title generation and video highlight localization. Second, we induce high sentence diversity in video captioners, so that the generated titles are also diverse and catchy. This means that a large number of sentences might be required to learn the sentence structure of titles. Hence, we propose a novel sentence augmentation method to train a captioner with additional sentence-only examples that come without corresponding videos. We collected a large-scale Video Titles in the Wild (VTW) dataset of 18100 automatically crawled user-generated videos and titles. On VTW, our methods consistently improve title prediction accuracy, and achieve the best performance in both automatic and human evaluation. Finally, our sentence augmentation method also outperforms the baselines on the M-VAD dataset.



from cs.AI updates on arXiv.org http://ift.tt/2ccvuCG
via IFTTT

Modelling Chemical Reasoning to Predict Reactions. (arXiv:1608.07117v1 [cs.AI])

The ability to reason beyond established knowledge allows Organic Chemists to solve synthetic problems and to invent novel transformations. Here, we propose a model which mimics chemical reasoning and formalises reaction prediction as finding missing links in a knowledge graph. We have constructed a knowledge graph containing 14.4 million molecules and 8.2 million binary reactions, which represents the bulk of all chemical reactions ever published in the scientific literature. Our model outperforms a rule-based expert system in the reaction prediction task for 180,000 randomly selected binary reactions. We show that our data-driven model generalises even beyond known reaction types, and is thus capable of effectively (re-) discovering novel transformations (even including transition-metal catalysed reactions). Our model enables computers to infer hypotheses about reactivity and reactions by only considering the intrinsic local structure of the graph, and because each single reaction prediction is typically achieved in a sub-second time frame, our model can be used as a high-throughput generator of reaction hypotheses for reaction discovery.



from cs.AI updates on arXiv.org http://ift.tt/2bn5KxH
via IFTTT

Semantics derived automatically from language corpora necessarily contain human biases. (arXiv:1608.07187v1 [cs.AI])

Artificial intelligence and machine learning are in a period of astounding growth. However, there are concerns that these technologies may be used, either with or without intention, to perpetuate the prejudice and unfairness that unfortunately characterizes many human institutions. Here we show for the first time that human-like semantic biases result from the application of standard machine learning to ordinary language---the same sort of language humans are exposed to every day. We replicate a spectrum of standard human biases as exposed by the Implicit Association Test and other well-known psychological studies. We replicate these using a widely used, purely statistical machine-learning model---namely, the GloVe word embedding---trained on a corpus of text from the Web. Our results indicate that language itself contains recoverable and accurate imprints of our historic biases, whether these are morally neutral as towards insects or flowers, problematic as towards race or gender, or even simply veridical, reflecting the status quo for the distribution of gender with respect to careers or first names. These regularities are captured by machine learning along with the rest of semantics. In addition to our empirical findings concerning language, we also contribute new methods for evaluating bias in text, the Word Embedding Association Test (WEAT) and the Word Embedding Factual Association Test (WEFAT). Our results have implications not only for AI and machine learning, but also for the fields of psychology, sociology, and human ethics, since they raise the possibility that mere exposure to everyday language can account for the biases we replicate here.



from cs.AI updates on arXiv.org http://ift.tt/2bT7iRf
via IFTTT

Is a good offensive always the best defense?. (arXiv:1608.07223v1 [cs.AI])

A checkers-like model game with a simplified set of rules is studied through extensive simulations of agents with different expertise and strategies. The introduction of complementary strategies, in a quite general way, provides a tool to mimic the basic ingredients of a wide scope of real games. We find that only for the player having the higher offensive expertise (the dominant player ), maximizing the offensive always increases the probability to win. For the non-dominant player, interestingly, a complete minimization of the offensive becomes the best way to win in many situations, depending on the relative values of the defense expertise. Further simulations on the interplay of defense expertise were done separately, in the context of a fully-offensive scenario, offering a starting point for analytical treatments. In particular, we established that in this scenario the total number of moves is defined only by the player with the lower defensive expertise. We believe that these results stand for a first step towards a new way to improve decisions-making in a large number of zero-sum real games.



from cs.AI updates on arXiv.org http://ift.tt/2bkrtJG
via IFTTT

On Simulated Annealing Dedicated to Maximin Latin Hypercube Designs. (arXiv:1608.07225v1 [cs.AI])

The goal of our research was to enhance local search heuristics used to construct Latin Hypercube Designs. First, we introduce the \textit{1D-move} perturbation to improve the space exploration performed by these algorithms. Second, we propose a new evaluation function $\psi_{p,\sigma}$ specifically targeting the Maximin criterion.

Exhaustive series of experiments with Simulated Annealing, which we used as a typically well-behaving local search heuristics, confirm that our goal was reached as the result we obtained surpasses the best scores reported in the literature. Furthermore, the $\psi_{p,\sigma}$ function seems very promising for a wide spectrum of optimization problems through the Maximin criterion.



from cs.AI updates on arXiv.org http://ift.tt/2bn6jHt
via IFTTT

Learning Latent Vector Spaces for Product Search. (arXiv:1608.07253v1 [cs.IR])

We introduce a novel latent vector space model that jointly learns the latent representations of words, e-commerce products and a mapping between the two without the need for explicit annotations. The power of the model lies in its ability to directly model the discriminative relation between products and a particular word. We compare our method to existing latent vector space models (LSI, LDA and word2vec) and evaluate it as a feature in a learning to rank setting. Our latent vector space model achieves its enhanced performance as it learns better product representations. Furthermore, the mapping from words to products and the representations of words benefit directly from the errors propagated back from the product representations during parameter estimation. We provide an in-depth analysis of the performance of our model and analyze the structure of the learned representations.



from cs.AI updates on arXiv.org http://ift.tt/2bBgMTq
via IFTTT

Social and Business Intelligence Analysis Using PSO. (arXiv:1407.6090v2 [cs.AI] UPDATED)

The goal of this paper is to elaborate swarm intelligence for business intelligence decision making and the business rules management improvement. .The swarm optimization, which is highly influenced by the behavior of creature, performs in group. The Spatial data is defined as data that is represented by 2D or 3D images. SQL Server supports only 2D images till now. As we know that location is an essential part of any organizational data as well as business data enterprises maintain customer address lists, own property, ship goods from and to warehouses, manage transport flows among their workforce, and perform many other activities. By means to say a lot of spatial data is used and processed by enterprises, organizations and other bodies in order to make the things more visible and self descriptive. From the experiments, we found that PSO is can facilitate the intelligence in social and business behavior.



from cs.AI updates on arXiv.org http://ift.tt/1rvjKti
via IFTTT

Load Disaggregation Based on Aided Linear Integer Programming. (arXiv:1603.07417v2 [cs.AI] UPDATED)

Load disaggregation based on aided linear integer programming (ALIP) is proposed. We start with a conventional linear integer programming (IP) based disaggregation and enhance it in several ways. The enhancements include additional constraints, correction based on a state diagram, median filtering, and linear programming-based refinement. With the aid of these enhancements, the performance of IP-based disaggregation is significantly improved. The proposed ALIP system relies only on the instantaneous load samples instead of waveform signatures, and hence does not crucially depend on high sampling frequency. Experimental results show that the proposed ALIP system performs better than the conventional IP-based load disaggregation system.



from cs.AI updates on arXiv.org http://ift.tt/1PudUQN
via IFTTT

Evaluation and selection of Medical Tourism sites: A rough AHP based MABAC approach. (arXiv:1606.08962v2 [cs.AI] UPDATED)

In this paper, a novel multiple criteria decision making (MCDM) methodology is presented for assessing and prioritizing medical tourism destinations in uncertain environment. A systematic evaluation and assessment method is proposed by integrating rough number based AHP (Analytic Hierarchy Process) and rough number based MABAC (Multi-Attributive Border Approximation area Comparison). Rough number is used to aggregate individual judgments and preferences to deal with vagueness in decision making due to limited data. Rough AHP analyzes the relative importance of criteria based on their preferences given by experts. Rough MABAC evaluates the alternative sites based on the criteria weights. The proposed methodology is explained through a case study considering different cities for healthcare service in India. The validity of the obtained ranking for the given decision making problem is established by testing criteria proposed by Wang and Triantaphyllou (2008) along with further analysis and discussion.



from cs.AI updates on arXiv.org http://ift.tt/295tWGF
via IFTTT

Verveling op verkansie

Ga maar Boter, Kaas en Eieren spelen stelletje irritantjes!

from Google Alert - anonymous http://ift.tt/2bk4M8m
via IFTTT

USCB Fine Arts Department Presents Anonymous Ancestors

USCB Fine Arts Department Presents Anonymous Ancestors, an exhibition of works by Susan Lenz. August 25, 2016. BEAUFORT, S.C. – The Studio ...

from Google Alert - anonymous http://ift.tt/2bQSSS3
via IFTTT

Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor. One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and


from The Hacker News http://ift.tt/2bmnEk0
via IFTTT

[FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from the Server Manager compromising the whole JDE landscape hence all of its information and processes. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-013 - Onapsis SVS ID: ONAPSIS-00172 - CVE: CVE-2016-0425 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) - Onapsis CVSS v2: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) - Onapsis CVSS v3: 10 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: - Missing Authentication for Critical Function (CWE-306) - Storing Passwords in a Recoverable Format (CWE-257) - Use of Hard-coded Cryptographic Key (CWE-321) - Information Exposure (CWE-200) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bQCRvp 4. Affected Components Description ================================== The Server Manager use the Java Management Extensions (JMX) technology to connect to all the JD Edwards servers with an agent. This technology uses Managed Beans and the standard Remote Method Invocation (RMI) protocol. 5. Vulnerability Details ======================== The vulnerability could be exploited by invoking the method getEncryptedPasswordForUser without any authentication mechanism, using it to get the encrypted password for any server manager users. The password is encrypted without initialization vector (IV) and using the Triple Data Encryption Standard (TripleDES) algorithm. The password could be decrypted using a fixed key. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2016-08-25-1 iOS 9.3.5

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Ravens: QB Joe Flacco (knee) expecting to play about one half Saturday in his 2016 preseason debut against the Lions (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from the Server Manager compromising the whole JDE landscape hence all of its information and processes. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-013 - Onapsis SVS ID: ONAPSIS-00172 - CVE: CVE-2016-0425 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) - Onapsis CVSS v2: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) - Onapsis CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: - Missing Authentication for Critical Function (CWE-306) - Storing Passwords in a Recoverable Format (CWE-257) - Use of Hard-coded Cryptographic Key (CWE-321) - Information Exposure (CWE-200) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bQCRvp 4. Affected Components Description ================================== The Server Manager use the Java Management Extensions (JMX) technology to connect to all the JD Edwards servers with an agent. This technology uses Managed Beans and the standard Remote Method Invocation (RMI) protocol. 5. Vulnerability Details ======================== The vulnerability could be exploited by invoking the method getEncryptedPasswordForUser without any authentication mechanism, using it to get the encrypted password for any server manager users. The password is encrypted without initialization vector (IV) and using the Triple Data Encryption Standard (TripleDES) algorithm. The password could be decrypted using a fixed key. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS

Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure. Risk Level: High 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-014 - Onapsis SVS ID: ONAPSIS-00175 - CVE: CVE-2016-0423 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 7.3 (AV:N/AC:H/Au:N/C:C/I:C/A:P) - Onapsis CVSS v2: 7.3 (AV:N/AC:H/Au:N/C:C/I:C/A:P) - Onapsis CVSS v3: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: Missing Authentication for Critical Function (CWE-306) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bJmp2o 4. Affected Components Description ================================== JDENet is a network communication middleware that performs network communications workstation to server and server to server. It is used to execute remote functions, to authenticate users and transmit information between hosts inside a JD Edwards environment. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JDENet message to shutdown the JD Edwards server. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS

Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure. Risk Level: High 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-012 - Onapsis SVS ID: ONAPSIS-00176 - CVE: CVE-2016-0424 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) - Onapsis CVSS v2: 7.3 (AV:N/AC:H/Au:N/C:C/I:C/A:P) - Onapsis CVSS v3: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: Missing Authentication for Critical Function (CWE-306) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bQz1m4 4. Affected Components Description ================================== JDENet is a network communication middleware that performs network communications workstation to server and server to server. It is used to execute remote functions, to authenticate users and transmit information between hosts inside a JD Edwards environment. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JDENet message to shutdown the JD Edwards server. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users

Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could create users in the Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-011 - Onapsis SVS ID: ONAPSIS-00171 - CVE: CVE-2016-0420 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) - Onapsis CVSS v2: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) - Onapsis CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: Missing Authentication for Critical Function (CWE-306) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bQz3up 4. Affected Components Description ================================== The Server Manager use the Java Management Extensions (JMX) technology to connect to all the JD Edwards servers with an agent. This technology uses Managed Bean and the standard Remote Method Invocation (RMI) protocol. 5. Vulnerability Details ======================== The vulnerability could be exploited invoking two methods: one is to create the user and the password, the other method is to assign the role. With this new user it is possible to log into Server Manager and manage all the servers. The vulnerability could be exploited invoking the methods addLocalUser and grantUserRole to create the user, password and assign the roles. With this new user it is possible to log into Server Manager and manage all the servers. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown

Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could Shutdown the Server Manager Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-010 - Onapsis SVS ID: ONAPSIS-00173 - CVE: CVE-2016-0421 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) - Onapsis CVSS v2: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) - Onapsis CVSS v3: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: Missing Authentication for Critical Function (CWE-306) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bJi7Ij 4. Affected Components Description ================================== The Server Manager use the Java Management Extensions (JMX ) technology to connect to all the JD Edwards servers with an agent. This technology uses Managed Beans and the standard Remote Method Invocation (RMI) protocol. 5. Vulnerability Details ======================== A remote attacker could use a specific method to shutdown the Server Manager. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2015: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2015: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

WhatsApp to Share Your Data with Facebook — You have 30 Days to Stop It

Nothing comes for Free, as "Free" is just a relative term used by companies to develop a strong user base and then use it for their own benefits. The same has been done by the secure messaging app WhatsApp, which has now made it crystal clear that the popular messaging service will begin sharing its users’ data with its parent company, Facebook. However, WhatsApp is offering a partial


from The Hacker News http://ift.tt/2bSnDHl
via IFTTT

De La Soul

and the Anonymous Nobody... By De La Soul. 2016 • 17 songs ... Listen to and the Anonymous Nobody... in full in the Spotify app. Play on Spotify.

from Google Alert - anonymous http://ift.tt/2bSmcs6
via IFTTT

Self-tallying quantum anonymous voting

Anonymous voting is a voting method of hiding the link between a vote and a voter, the context of which ranges from governmental elections to ...

from Google Alert - anonymous http://ift.tt/2cbmmP3
via IFTTT

[FD] Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure

Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could get the administration password getting full compromise of the system. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 07/28/2016 - Last Revised: 07/28/2016 - Security Advisory ID: ONAPSIS-2016-009 - Onapsis SVS ID: ONAPSIS-00174 - CVE: CVE-2016-0422 - Researcher: Fernando Russ and Matias Mevied - Vendor Provided CVSS v2: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) - Onapsis CVSS v2: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) - Onapsis CVSS v3: 10 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: JD Edwards 9.1 EnterpriseOne Server - Vulnerability Class: - Missing Authentication for Critical Function (CWE-306) - Storing Passwords in a Recoverable Format (CWE-257) - Use of Hard-coded Cryptographic Key (CWE-321) - Information Exposure (CWE-200) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2bSkDe3 4. Affected Components Description ================================== JDENet is a network communication middleware that performs network communications workstation to server and server to server. It is used to execute remote functions, to authenticate users and transmit information between hosts inside a JDEdwards environment. The Server Administration Workbench (SAW) is a tool that is used to monitor various types of servers that are available on the network, such as Oracle’s JD Edwards EnterpriseOne, Web, Gateway, or other type of server. 5. Vulnerability Details ======================== A remote attacker could use a function to get the JD Edwards administration password. 6. Solution =========== Implement Oracle Critical Patch Update released in January 2016. 7. Report Timeline ================== - 03/12/2015: Onapsis provides vulnerability information to Oracle. - 03/17/2015: Oracle confirms reception of vulnerability report. - 01/19/2016: Oracle releases the Critical Patch Update in January 2016 fixing the vulnerability. - 07/28/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

ANONYMOUS SAYS HIS GIRL DOESN'T WANT HIS LAST NAME

Here's your key line. Get the day for our eyes and mornings yeah. I and led to go as fast as anonymous just went on hold anonymous always goes to ...

from Google Alert - anonymous http://ift.tt/2bjoCAA
via IFTTT

homebox_build_title() creates error for anonymous user

Menu title callback. */ function homebox_build_title($title) { return t(check_plain($title), array('@user' => $GLOBALS['user']->name)); } User '0' has no ...

from Google Alert - anonymous http://ift.tt/2bYOBPD
via IFTTT

Re: [ethereum/go-ethereum] Too many open files , leading to panic (#2358)

We have increased fd limits to 1028 on supported platforms starting with the 1.4 release. —You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or mute the thread.

Source: Gmail -> IFTTT-> Blogger

Wrong redirect path for disabled anonymous checkout

The redirectreturn $this->redirect('user.page', [], ['query' => drupal_get_destination()]); in ubercart/uc_cart/src/Controller/CheckoutController.php on ...

from Google Alert - anonymous http://ift.tt/2biAFkP
via IFTTT

MONUMENTO SIMÓN BOLÍVAR [Material gráfico] | Anonymous

Copia digital. Madrid: Ministerio de Educación, Cultura y Deporte. Subdirección General de Coordinación Bibliotecaria, 2015.

from Google Alert - anonymous http://ift.tt/2biJXas
via IFTTT

ISS Daily Summary Report – 08/24/2016

ISS Reboost: This morning, an ISS reboost was performed using 63P R&D thrusters. This reboost was to set up for 46S landing. Biological Rhythms 48 Holter Start: The crew began the operations phase of the Biological Rhythms experiment by attaching the Digital Walk Holter Electrocardiogram (ECG) and electrodes and initiating the first of two 24-hour measurements. The objective of the Japan Aerospace Exploration Agency (JAXA) Biological Rhythms 48 is to study the effects of long-term microgravity exposure on heart function by analyzing an astronaut’s electrocardiogram for 48 hours. Mouse Epigenetics Transfer and Reconfiguration Operations: Crewmembers detached the Mouse Habitat Cage Unit from the Cell Biology Experiment Facility (CBEF) Incubator Unit (IU) Micro-G and 1G and transferred mice from Mouse Habitat Cage Unit to Transportation Cage Unit. The crew also reconfigured the CBEF video cables for the Image Processing Unit (IPU) and the Video Compression and Recording Unit 2 (VRU2). NanoRack Module 9: The crew completed the last of the 5 NanoRack Module 9 experiment sessions by activating, deactivating, and shaking the mixture tubes to facilitate the experiment. Module-9 is a collection of student research projects utilizing the NanoRacks Mixsticks. Student teams from across the United States design their own experiments using flight approved fluids and materials. The investigation consists of several science experiments flown in a NanoRacks Module on board the ISS. Plant Ribonucleic Acid (RNA) Regulation Preparation: To prepare for the Plant RNA Regulation investigation run that begins next month, the experiment containers on the European Modular Cultivation System (EMCS) Rotors A and B were replaced with new experiment containers. Plant RNA Regulation studies the first steps of gene expression involved in development of roots and shoots. Scientists expect to find new molecules that play a role in how plants adapt and respond to the microgravity environment of space, providing new insight into growing plants for food and oxygen supplies on long-duration missions.  Microgravity Experiment Research Locker Incubator (MERLIN)1: Last week MERLIN 1 was automatically safed after a false Payload Potential Fire warning annunciated due to out of limit temperature sensors. Today MERLIN 1 was repowered for troubleshooting. The temperature sensors are now in the expected range and will be monitored for 24 hours. Assuming no anomalous signatures during the monitoring period, the unit will be configured to an operational state tomorrow.  Dragon Packing: Polars 2 & 4 ISS to Dragon Transfer: The crew uninstalled and transferred Polars 2 and 4 from the EXPRESS Rack and install into Dragon. Payload Card Multilab Card Cube Removal: The crew removed the Multilab card(s) from the Payload Card Multilab facility for return. Lithium HydrOxide (LiOH) R&R:  The crew replaced LiOH bags on Dragon in preparation for life support operations after ISS departure. Extravehicular Activity (EVA) Preparations: In preparation for the Trailing Thermal Control Radiator (TTCR) EVA planned for September 1, the CDR and FE-6 completed a procedures review. Following the review, the crew participated in a conference with ground teams.  Today’s Planned Activities All activities were completed unless otherwise noted. MORZE. Evaluation Using SPRUT-2 MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3186 ISS Crew/SSIPC (Space Station Integration And Promotion Center) Conference EMCS Valve Open NANO Mixture tubes activation and shaking CBEF Cable Reconfiguration СОЖ Maintenance MORZE. Psycho-physiological Evaluation: Tsentrovka, SENSOR Tests On MCC Go Collecting condensate water samples from СРВ-К2М before Gas-Liquid Mixture Filter (ФГС) into Russian Samplers, start / r/g 3195 BLR48 Starting Measurement MOUSE Equipment Transfer Review KULONOVSKIY KRISTALL r/g 3181 Relocate Double Coldbags for access to Dragon Lithium Hydroxide (LiOH) Enclosure Evaluation of Orthostatic Stability with LBNP (without display and control panel) DRAGON. Transfers Dragon Lithium Hydroxide Filter Bag Remove and Replace KULONOVSKIY KRISTALL. Copy and Downlink Data / r/g 3181 Countermeasures System (CMS), Sprint Exercise, Optional MOUSE Epigenetics Item Gathering for the upcoming mouse ops KULONOVSKIY KRISTALL. Hardware Teardown / r/g 3181 Evaluation of Orthostatic Stability with LBNP (without display and control panel) DRAGON. Transfers WRS Water Sample Analysis Soyuz 720 Samsung Tablet Recharge, initiate VCA1 Camera Adjustment Environmental Control & Life Support System (ECLSS) Tank Drain Plant RNA Regulation (PRR) Replacement of Experiment Container (EC) European Modular Cultivation System Experiment Container (ЕМCS) DOSETRK Questionnaire Completion ALGOMETRIA. Experiment Ops / r/g 3182 Environmental Control & Life Support System (ECLSS) Recycle Tank Drain Part 2 Dragon Cargo Operations Conference Terminate BSA Battery Stowage Assembly Maintenance Cycle EMU Rechargeable EVA Battery Assembly (REBA) Removal MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3186 Installation of REBA batteries PAO hardware setup in LAB Diagnostics of FGB Power Supply System БФ-2 Filter Unit and БСШ-2 Main Bus Assembly r/g 3168 REBA powered equipment test MORZE. Psycho-physiological Evaluation: Strelau Test Crew Prep for PAO / r/g 3193 CBEF Cable Reconfig TV Conference with Teatral Magazine Editor  r/g 3193 EVA Procedure Review CALCIUM. Experiment Session 11 / r/g 3183 Terminate EMU LIB Battery Charge Operations MORZE. Psycho-physiological Evaluation: Cattell’s Test EMU Metal Oxide (METOX) Canister Installation EVA Procedure Conference Polar 2 Transfer to Dragon MORZE. Closeout Ops WRS Recycle Tank Fill from EDV Crew Departure Prep Polar 4 Transfer to Dragon SPLANH. Preparation for Experiment / r/g 3191 EMCS Valve Closure TOCA Data Recording OBT Dragon Departure Review CONTENT. Experiment Ops / r/g 3184 WRS Recycle Tank Fill from EDV CMS ARED Quarterly Maintenance MORZE. Psycho-physiological Evaluation: SUPOS Test IMS Delta File Prep OBT, ROBoT onboard simulator, Release POLAR Transfer Review Evening Work Prep CONTENT. Experiment Ops / r/g 3189 WRS Recycle Tank Fill from EDV PAYLOAD CARD MULTILAB CARD (PCML) Card Removal MORZE. Experiment setup / r/g 3172 Soyuz 720 Samsung tablet recharge, terminate Environmental Control & Life Support System (ECLSS) Recycle Tank Fill Part 3 POLAR Transfer Review Health Maintenance System (HMS) Profile of Mood States (POMS) Questionnaire CUCU Check WRS Recycle Tank Fill from EDV MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3186  Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. Dragon departure OBT Nominal ground commanding Three-Day Look Ahead: Thursday, 08/25: Biological Rhythms 48, Double Cold Bag packing, Mouse Habitat Unit […]

from ISS On-Orbit Status Report http://ift.tt/2biKzQz
via IFTTT

Germany and France declare War on Encryption to Fight Terrorism

Yet another war on Encryption! France and Germany are asking the European Union for new laws that would require mobile messaging services to decrypt secure communications on demand and make them available to law enforcement agencies. French and German interior ministers this week said their governments should be able to access content on encrypted services in order to fight terrorism, the


from The Hacker News http://ift.tt/2bpLP2U
via IFTTT

[FD] SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

SEC Consult Vulnerability Lab Security Advisory < 20160825-0 > ======================================================================= title: Multiple vulnerabilities product: Micro Focus GroupWise vulnerable version: GroupWise 2014 R2 (<=SP1) GroupWise 2014 (unsupported versions may be affected) fixed version: GroupWise 2014 R2 Service Pack 1 Hot Patch 1 CVE number: CVE-2016-5760, CVE-2016-5761, CVE-2016-5762 impact: critical homepage: http://ift.tt/1A2p4Wr found: 2016-07 by: W. Ettlinger (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Montreal - Moscow Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

Curiosity at Murray Buttes on Mars


What are these unusual lumps on Mars? As NASA's robotic Curiosity rover continues rolling across Mars, it is now approaching Murray Buttes. Several of the 15-meter high buttes are visible ahead in this horizontally compressed 360-degree across image taken inside Gale Crater earlier this month. The buttes are thought similar to Earth buttes in that they are capped with dense rock that is relatively resistant to erosion. In the image center is Curiosity's "arm" and "hand" used to examine rocks up close, drill into rocks, and collect samples. Curiosity has reached its four year anniversary on Mars and has been cleared to spend the next two years further exploring the slopes of Mount Sharp, the peak of which is the distant light-colored structure visible on the far left. via NASA http://ift.tt/2bglGC5

Wednesday, August 24, 2016

OPP: Not-So-Anonymous Alcoholic (Audio)

He is a recovering alcohol and has been sober for five years. Robert wanted to give back to the community by leading Alcohol Anonymous meetings.

from Google Alert - anonymous http://ift.tt/2bXrgxB
via IFTTT

Orioles: Closer Zach Britton's streak of 43 straight scoreless appearances snapped, allowed 9th-inning run at Nationals (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles: Closer Zach Britton's streak of 43 straight scoreless appearances snapped, allowed 9th-inning run at Nationals (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

OPP: Not-So-Anonymous Alcoholic 8/24

Robert leads an Alcohol Anonymous support group and one of his new attendees is his sister's new boyfriend. He has never met him, but recognized ...

from Google Alert - anonymous http://ift.tt/2bh0d1G
via IFTTT

[FD] nullcon 8-bit Call for Papers is open

[FD] [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting

RCE Security Advisory http://ift.tt/1FlL0Pz 1. ADVISORY INFORMATION ======================= Product: AlienVault USM/OSSIM Vendor URL: www.alienvault.com Type: Cross-Site Scripting [CWE-79] Date found: 2016-05-24 Date published: 2016-08-23 CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVE: CVE-2016-6913 2. CREDITS ========== This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED ==================== AlienVault OSSIM 5.2 AlienVault USM 5.2 older versions may be affected too. 4. INTRODUCTION =============== OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility. (from the vendor's homepage) 5. VULNERABILITY DETAILS ======================== The script "/ossim/conf/reload.php" is vulnerable to an authenticated DOM-based Cross-Site Scripting vulnerability when user-supplied input to the HTTP GET parameter "back" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code in a document.location.href property which could also be used to redirect a user. The following Proof-of-Concept triggers this vulnerability: http://ift.tt/2bCOhqc The payload is used in a JavaScript, which is embedded within the "/ossim/conf/reload.php" page: 6. RISK ======= To successfully exploit this vulnerability an authenticated user must be tricked into visiting an arbitrary website while having an authenticated session in the application. The vulnerability can be used to temporarily embed arbitrary script code into the context of the AlienVault administrative interface, which offers a wide range of possible attacks such as redirecting the user to a malicious page or attacking the browser and its plugins. 7. SOLUTION =========== Update to AlienVault OSSIM/USM 5.3 8. REPORT TIMELINE ================== 2016-05-24: Discovery of the vulnerability 2016-05-24: Notified vendor via public security mail address 2016-05-31: No response, sent out another notification 2016-06-03: Vendor evaluates the vulnerability information 2016-06-23: Vendor confirms the vulnerability 2016-07-12: Vendor sets release date of the fix to 2016-08-02 2016-07-22: CVE requested from MITRE 2016-08-02: Vendor releases advisory ENG-103709 2016-08-23: MITRE assigns CVE-2016-6913 2016-08-23: Advisory released 9. REFERENCES ============= http://ift.tt/2bBcusJ

Source: Gmail -> IFTTT-> Blogger

[FD] Dotclear 2.9.1 SSRF/XSPA Vulnerability

################################# Dotclear 2.9.1 SSRF/XSPA Vulnerability ################################# [+] Software: https://dotclear.org/ [+] Author: Wiswat Aswamenakul [+] Affected version: only tested on 2.9.1 (previous version might be affected) [+] Platform: tested on Ubuntu 14.04, PHP 5.5.9 [+] Description Dotclear has a feature to import blog content through RSS feed. Authenticated users could have access to this feature. The feature has no restrict to access private network, such as, 10.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16. This allows authenticated users to use RSS import to scan port of internal network. [+] Attack Reproduce By putting "http://ift.tt/2bBjkON" in the RSS URL input field. The response display error message saying " Status code line invalid: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7" where my 192.168.1.132 has SSH opened on port 22. [+] Solution Dotclear has released version 2.10 to fix this vulnerability [+] Timeline - 08/07/2016 - Report vulnerability - 09/07/2016 - Dotclear acknowledge the vulnerability - 17/07/2016 - Fix is available in Dotclear trac - 13/08/2016 - Dotclear 2.10 is avaible for download - 24/08/2016 - Public Disclosure Thank you Dotclear authors for swift response and taking security issues importantly

Source: Gmail -> IFTTT-> Blogger

[FD] Dotclear 2.9.1 Malicious File Upload Restriction Bypass

############################################# Dotclear 2.9.1 Malicious File Upload Restriction Bypass ############################################# [+] Software: https://dotclear.org/ [+] Author: Wiswat Aswamenakul [+] Affected version: only tested on 2.9.1 (previous version might be affected) [+] Platform: tested on Ubuntu 14.04, PHP 5.5.9 [+] Description Dotclear has a feature to upload files in Media Manager. However, by default, there is a filtering to prevent authenticated users to upload malicious files, such PHP code, to execute on the server. The default filter is as following. /\.(phps?|pht(ml)?|phl|s?html?|js)[0-9]*$/i (PCRE) The above filter does not filter .htaccess file which allows authenticated users to upload .htaccess file to the server which enable PHP code execution on any file extension. [+] Attack Reproduce Note: in order for this exploit to work, it is required that apache configuration allow the usage of .htaccess file on dotclear directory (dotclear itself has .htaccess to restrict access to cache folder by default) 1. Create htaccess file with following content AddType application/x-httpd-php .xpl 2. Upload htaccess file through local proxy, such as burp suite, and change file name to "..htaccess" 3. Create file "shell.xpl" with following content 4. Upload "shell.xpl" to dotclear 5. Open the uploaded shell.xpl [+] Solution Suggested solutions require re-design of Dotclear which might cause significant time to implement. As a result, the author designed to implement suggested interrim solution in Dotclear version 2.10 to fix this vulnerability [+] Timeline - 12/07/2016 - Report vulnerability - 12/07/2016 - Dotclear acknowledge the vulnerability - 12/07/2016 - Fix is available in Dotclear trac - 13/08/2016 - Dotclear 2.10 is avaible for download - 24/08/2016 - Public Disclosure Thank you Dotclear authors for swift response and taking security issues importantly

Source: Gmail -> IFTTT-> Blogger

[FD] Dotclear 2.9.1 Directory Download Vulnerability

###################################### Dotclear 2.9.1 Directory Download Vulnerability ###################################### [+] Software: https://dotclear.org/ [+] Author: Wiswat Aswamenakul [+] Affected version: only tested on 2.9.1 (previous version might be affected) [+] Platform: tested on Ubuntu 14.04, PHP 5.5.9 [+] Description Authenticated users with media manager access permission are allowed to download media directories in zip file format. The directory path to be zipped is not properly verified. As a result, it is possible for authenticated users with media manager access permission to download all directories readable by web server and located in the same traversal path as dotclear in zipped format. For example, if dotclear is located at /var/www/html/dotclear/ following directories can be downloaded if web server has read permission. - /var/ - /var/www/ - /var/www/html/ The authenticated users could have access to source code of dotclear, including config.php, and source code of other web application located under the same document root. [+] Attack Reproduce Following url will download source code of dotclear, including config.php which has username and password to connect database. http://ift.tt/2bCJ9Ta [+] Solution Dotclear has released version 2.10 to fix this vulnerability [+] Timeline - 11/07/2016 - Report vulnerability - 12/07/2016 - Dotclear acknowledge the vulnerability - 15/07/2016 - Fix is available in Dotclear trac - 13/08/2016 - Dotclear 2.10 is avaible for download - 24/08/2016 - Public Disclosure Thank you Dotclear authors for swift response and taking security issues importantly

Source: Gmail -> IFTTT-> Blogger

Unsupervised, Efficient and Semantic Expertise Retrieval. (arXiv:1608.06651v1 [cs.IR])

We introduce an unsupervised discriminative model for the task of retrieving experts in online document collections. We exclusively employ textual evidence and avoid explicit feature engineering by learning distributed word representations in an unsupervised way. We compare our model to state-of-the-art unsupervised statistical vector space and probabilistic generative approaches. Our proposed log-linear model achieves the retrieval performance levels of state-of-the-art document-centric methods with the low inference cost of so-called profile-centric approaches. It yields a statistically significant improved ranking over vector space and generative models in most cases, matching the performance of supervised methods on various benchmarks. That is, by using solely text we can do as well as methods that work with external evidence and/or relevance feedback. A contrastive analysis of rankings produced by discriminative and generative approaches shows that they have complementary strengths due to the ability of the unsupervised discriminative model to perform semantic matching.



from cs.AI updates on arXiv.org http://ift.tt/2bPe9ep
via IFTTT

Expressibility of norms in temporal logic. (arXiv:1608.06787v1 [cs.AI])

In this short note we address the issue of expressing norms (such as obligations and prohibitions) in temporal logic. In particular, we address the argument from [Governatori 2015] that norms cannot be expressed in Linear Time Temporal Logic (LTL).



from cs.AI updates on arXiv.org http://ift.tt/2bxE5h8
via IFTTT

Effect of Incomplete Meta-dataset on Average Ranking Method. (arXiv:1608.06845v1 [cs.AI])

One of the simplest metalearning methods is the average ranking method. This method uses metadata in the form of test results of a given set of algorithms on given set of datasets and calculates an average rank for each algorithm. The ranks are used to construct the average ranking. We investigate the problem of how the process of generating the average ranking is affected by incomplete metadata including fewer test results. This issue is relevant, because if we could show that incomplete metadata does not ?affect the final results much, we could explore it in future design. We could simply conduct fewer tests and save thus computation time. In this paper we describe an upgraded average ranking method that is capable of dealing with incomplete metadata. Our results show that the proposed method is relatively robust to omission in test results in the meta datasets.



from cs.AI updates on arXiv.org http://ift.tt/2bPe8qU
via IFTTT

A Parallel Memory-efficient Epistemic Logic Program Solver: Harder, Better, Faster. (arXiv:1608.06910v1 [cs.AI])

As the practical use of answer set programming (ASP) has grown with the development of efficient solvers, we expect a growing interest in extensions of ASP as their semantics stabilize and solvers supporting them mature. Epistemic Specifications, which adds modal operators K and M to the language of ASP, is one such extension. We call a program in this language an epistemic logic program (ELP). Solvers have thus far been practical for only the simplest ELPs due to exponential growth of the memory required. We describe a solver that is able to solve harder problems better (without exponentially-growing memory needs w.r.t. K and M occurrences) and faster than any other known ELP solver.



from cs.AI updates on arXiv.org http://ift.tt/2bxDTP3
via IFTTT

DISCO Nets: DISsimilarity COefficient Networks. (arXiv:1606.02556v4 [cs.CV] UPDATED)

We present a new type of probabilistic model which we call DISsimilarity COefficient Networks (DISCO Nets). DISCO Nets allow us to efficiently sample from a posterior distribution parametrised by a neural network. During training, DISCO Nets are learned by minimising the dissimilarity coefficient between the true distribution and the estimated distribution. This allows us to tailor the training to the loss related to the task at hand. We empirically show that (i) by modeling uncertainty on the output value, DISCO Nets outperform equivalent non-probabilistic predictive networks and (ii) DISCO Nets accurately model the uncertainty of the output, outperforming existing probabilistic models based on deep neural networks.



from cs.AI updates on arXiv.org http://ift.tt/1XFXfnp
via IFTTT

Marshal Yanda (No. 38) is the lone Ravens player on ESPN's #NFLRank Top 100 list (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Orioles: P Chris Tillman officially placed on the 15-day DL due to right shoulder inflammation; P Mike Wright called up (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

De La Soul on new album 'Anonymous Nobody,' Frank Ocean's

Q&A: De La Soul on new album 'Anonymous Nobody,' Frank Ocean's 'Blonde'. Q&A: De La Soul on new album 'Anonymous Nobody,' Frank Ocean's '.

from Google Alert - anonymous http://ift.tt/2bwTBJW
via IFTTT

Our Anonymous Donor Has Issued A Challenge

If you have been following Crossroads Shih Tzu Rescue for a while, you might remember that each year for the Super Bowl, we have an anonymous ...

from Google Alert - anonymous http://ift.tt/2bixWXl
via IFTTT

Happy Birthday! LINUX Turns 25 Years Old Today

Linux has turned 25! Dear all, today is August 25, 2016, and it is time for the celebration, as it's the 25th Anniversary of the Linux project, announced by its creator, Finnish programmer Linus Torvalds, on August 25, 1991. Who can forget one of the most famous messages in the computing world posted by Torvalds exactly 25 years ago today, on 25 August 1991: <!-- adsense --> Hello everybody out


from The Hacker News http://ift.tt/2biGl81
via IFTTT

ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers

Thailand has suffered its first ATM Hack! An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network; police said Wednesday The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were


from The Hacker News http://ift.tt/2bBRYN4
via IFTTT

SportsCenter Video: Joe Flacco "looks strong in camp," ready for first action since Nov. 2015 ACL injury - Adam Schefter (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Have an anonymous TED Talk? We want to hear it.

Today you may have heard that TED announced a rather unusual experiment with Audible. I'm pretty excited about what we're doing here and want to ...

from Google Alert - anonymous http://ift.tt/2bzRPoE
via IFTTT

User permissions for comments

Note: Granting anonymous users the permission to post comments can dramatically increase the amount of spam. It is recommended that you set up a ...

from Google Alert - anonymous http://ift.tt/2bBDXyO
via IFTTT

MIT Researchers Solve the Spectrum Crunch to make Wi-Fi 10 times Faster

While using your cell phone at a massive public event, like a concert, conference, or sporting event, you have probably experienced slow communication, poor performance or slow browsing speeds, as crowds arrive. That's because of ‘Spectrum Crunch’, which means, Interference of WiFi signals with each other. WiFi signals of all cell-phones in a large event interfere with each other because


from The Hacker News http://ift.tt/2c6unEB
via IFTTT

Make user anonymous in activity list

Is it possible to replace the supporters name with an anonymous user so the enduser can't see who wrote the comment ? Maybe use a yes/no field to ...

from Google Alert - anonymous http://ift.tt/2bg73kS
via IFTTT

I have a new follower on Twitter


Drupe Paul
We laugh we cry we dominate in our constant search to master Drupal. #drupal


Following: 633 - Followers: 1287

August 24, 2016 at 07:58AM via Twitter http://twitter.com/drupepaul

ISS Daily Summary Report – 08/23/2016

SpaceX-9 Dragon Pack: In preparation for SpX-9 return this Friday the crew completed the following: Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) to Polar Sample Transfer: Samples were transferred from the MELFI to the Polars. Space Automated Bioproduct Lab (SABL) CO2 Controller Removal: SABL-1’s CO2 Incubator Controller was removed for return on SpaceX-9. SPHERES Blue Satellite: The CO2 tank in the SPHERES blue satellite was removed, vented, and packed. Meteor Hard Drive Retrieval: The Meteor Laptop hard drive was retrieved. Mouse Epigenetics Habitat Cage Unit Maintenance:  The Mouse Cage Units containing the mice were transferred from the Cell Biology Experiment Facility (CBEF) to the glove box to conduct food cartridge exchanges and cleaning activities. The crew also performed troubleshooting activities on the Transportation Cage Units (TCU) by performing individual cover replacements, cage block replacements, and TCU exchanges to prepare for return on SpX-9. The Mouse Cage Units were then returned to CBEF.  The Mouse Epigenetics investigation studies altered gene expression patterns in the organs of male mice that spend one month in space, and also examines changes in the deoxyribonucleic acid (DNA) of their offspring. Results from the investigation identify genetic alterations that happen after exposure to the microgravity environment of space.  Biomolecule Sequencer Surface Pro 3 Hardware Checkout: The crew set up and connected Surface Pro 3 tablets to the wireless network before completing checkout activities to support upcoming Biomolecule Sequencer operations later this week. The Biomolecule Sequencer investigation seeks to demonstrate for the first time that DNA sequencing is feasible in an orbiting spacecraft. A space-based DNA sequencer could identify microbes, diagnose diseases and understand crew member health and potentially help detect DNA-based life elsewhere in the solar system. Fine Motor Skills: A series of interactive tasks on a touchscreen tablet was completed for the Fine Motor Skills investigation. This investigation is critical during long-duration space missions, particularly those skills needed to interact with technologies required in next-generation space vehicles, spacesuits, and habitats. The crewmember’s fine motor skills are also necessary for performing tasks in transit or on a planetary surface, such as information access, just-in-time training, subsystem maintenance, and medical treatment.  Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of life onboard ISS, providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the ISS. Observations can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need.  Dose Tracker: The crew completed entries for medication tracking on an iPad today. This investigation documents the medication usage of crewmembers before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Columbus Payload Power Switching Box (PPSB) – SDX Switch 1 Reconfiguration: The crew reconfigured the SDX 1 switch on the PPSB1 for RapidScat in Columbus in preparation for tomorrow’s 63P reboost. Columbus Power Distribution Unit 1 (PDU-1) Troubleshooting: On Monday, ground teams were unable to repower the COL’s PDU-1  Outlet 3 which provides operational power to RapidScat and Solar Monitoring Observatory (SOLAR) payloads.  Today, ground teams successfully repowered SOLAR from Outlet 3 by turning OFF the Columbus Payload Power Switching Box (PPSB) – SDX switch 1 to isolate RapidScat from the power feed.  RapidScat has active heater power and can remain deactivated with no impact to hardware.  Ground teams continue to investigate the anomaly. Mobile Servicing System (MSS) Operations: Last night Robotics Ground Controllers stowed the Special Purpose Dexterous Manipulator (SPDM) on Mobile Base System (MBS) Power Data Grapple Fixture #2 (PDGF2). At the end of rigidizing its Latching End Effector (LEE) on MBS PDGF2, the SPDM safed, which has been observed previously. Controllers performed the necessary recovery steps and latched and mated the SPDM LEE to the PDGF. The SSRMS was then maneuvered to grapple the SpX-9 Flight Releasable Grapple Fixture (FRGF) in preparation of the SpX-9 release on Friday. Today’s Planned Activities All activities were completed unless otherwise noted. MO-8 Body mass measurement Configuration Setup Body Mass Measurement  r/g 3165 МО-8. Closeout Ops MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3167 Virus Definition File Update on Auxiliary Computer System (ВКС) Laptops Conference of Search and Rescue (ГПСК) specialists with returning crew DRAGON. Transfers WRS Sample Collection Fine Motor Skills (FINEMOTR) Experiment Ops Measuring top and bottom plate connection in SM (panels 225, 226) r/g 3171 PILOT-T. Preparation for the experiment r/g 3159 DRAGON. Transfers PILOT-T. Experiment Ops r/g 3159 Photo/TV, Camcorder Activation Check Filling (separation) of ЕДВ-СВ. for Elektron or ЕДВ-СВ TOCA Potable Water Dispenser (PWD) Sample Analysis DUBRAVA. Observation and photography using VSS / r/g 3176 WRS Recycle Tank Fill from EDV Water Processing using MCD СОЖ Maintenance Procedure review for sample transfer from MELFI to POLAR ARED Cylinder Flywheel Evacuation Sample Transfer from MELFI to POLAR Photo/TV, Camcorder Activation Check PILOT-T. Experiment Ops r/g 3163 Relocate Double Coldbags for access to Dragon Lithium Hydroxide (LiOH) Enclosure HABIT Preparing for the experiment Dragon Lithium Hydroxide Filter Bag Remove and Replace SP3 Hardware Checkout PILOT-T. Photography of the Experiment Ops / r/g 3161 Photo/TV, Camcorder Activation Check Software Update installation on RSS1 Laptop for BRI Diagnostics r/g 3169 PILOT-T. Closeout Ops r/g 3163 SPHERES Battery Replacement MOUSE Hardware Setup PAO Hardware Setup MORZE. Logging Liquid and Food (Medicine) Intake / r/g 3167 On MCC Go Transfer of urine from RS ЕДВ-У U and USOS brine to Progress 433 (DC1) r/g 3164 MORZE. Psycho-physiological Evaluation: SUPOS Test Preparation for diagnostics of FGB Power Supply System Devices r/g 3168 Crew Prep for PAO XF305 Camcorder […]

from ISS On-Orbit Status Report http://ift.tt/2bExssv
via IFTTT