Latest YouTube Video

Saturday, October 15, 2016

Drupal is not defined for anonymous

In clean Drupal installation version 8.2.1 missing some libraries and JS Drupal object for Anonymous user.

from Google Alert - anonymous http://ift.tt/2dWysN9
via IFTTT

Animals Anonymous - Welcome Party

Animals Anonymous - Welcome Party. Thu 27 October 2016 17:00-19:00. Bookable Room 5, Union House. Terrible icebreakers, party games, snakes, ...

from Google Alert - anonymous http://ift.tt/2ehsBMT
via IFTTT

Anonymous

Hotel Club San Remo: Anonymous - See 1329 traveller reviews, 608 candid photos, and great deals for Hotel Club San Remo at TripAdvisor.

from Google Alert - anonymous http://ift.tt/2dSgFCQ
via IFTTT

Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed "The GCHQ Puzzle Book," the book features more than 140 pages of codes, puzzles, and challenges created by expert code breakers at the British intelligence agency. <!-- adsense --> Ranging from easy to complex, the


from The Hacker News http://ift.tt/2eDmJBC
via IFTTT

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man

Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have


from The Hacker News http://ift.tt/2diQB1m
via IFTTT

Android Banking Trojan Tricks Victims into Submitting Selfie Holding their ID Card

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec


from The Hacker News http://ift.tt/2dDEhd2
via IFTTT

Orioles: Zach Britton tweets "#falseadvertising" as MLB sells his game-worn jersey from wild-card game he didn't enter (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Herschel s Orion


This dramatic image peers within M42, the Orion Nebula, the closest large star-forming region. Using data at infrared wavelengths from the Herschel Space Observatory, the false-color composite explores the natal cosmic cloud a mere 1,500 light-years distant. Cold, dense filaments of dust that would otherwise be dark at visible wavelengths are shown in reddish hues. Light-years long, the filaments weave together bright spots that correspond to regions of collapsing protostars. The brightest bluish area near the top of the frame is warmer dust heated by the hot Trapezium cluster stars that also power the nebula's visible glow. Herschel data has recently indicated ultraviolet starlight from the hot newborn stars likely contributes to the creation of carbon-hydrogen molecules, basic building blocks of life. This Herschel image spans about 3 degrees on the sky. That's about 80 light-years at the distance of the Orion Nebula. via NASA http://ift.tt/2efmMkj

Friday, October 14, 2016

Wikimedia Foundation supports anonymous online speech in letter to California Supreme Court

The Wikimedia Foundation has filed a letter supporting anonymous online speech, asking the California Supreme Court to review a case about ...

from Google Alert - anonymous http://ift.tt/2dCRanA
via IFTTT

Ravens Video: Jack, a 5-year-old battling leukemia, lines up with offense and runs ball into end zone for a special TD (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ravens: Steve Smith Sr., Marshal Yanda, C.J. Mosley, Devin Hester doubtful for Sunday at Giants; Elvis Dumervil out (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 10/13/2016

Cardio Ox Ultrasound Operations: With remote guidance from the Cardio Ox ground teams, FE-5 assisted FE-6 in conducting an ultrasound scan after configuring the Voice-Activated Communication (VOX), attaching the Electrocardiograms (ECG) Electrodes, and marking the arteries; followed by blood pressure measurements using the Cardiolab Holter Arterial Blood Pressure Unit. The goal of the Cardio Ox investigation is to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis risk in astronauts. Twelve crewmembers provide blood and urine samples to assess biomarkers before launch, 15 and 60 days after launch, 15 days before returning to Earth, and within days after landing. Ultrasound scans of the carotid and brachial arteries are obtained at the same time points, as well as through 5 years after landing, as an indicator of cardiovascular health.  Marrow: FE-6 collected breath and ambient air samples in support of the Canadian Space Agency’s Marrow experiment.  The Marrow investigation looks at the effect of microgravity on the bone marrow. It is believed that microgravity, like long-duration bed rest on Earth, has a negative effect on the bone marrow and the blood cells that are produced in the bone marrow. The extent of this effect, and its recovery, are of interest to space research and healthcare providers on Earth. Cygnus Preparations:  FE-5 and FE-6 utilized training materials as part of a self-study session this morning to review Cygnus hardware, stowage and attached phase configuration. FE-6 also installed the Centerline Berthing Camera System (CBCS) system onto the Node 1 nadir hatch.  Following the installation the crew, working with ground teams, checked out the system. The checkout involved routing the video from the camera to the Cupola Robotics Work Station (RWS) monitors and to the ground. Video from the CBCS is used to aid the crew during Visiting Vehicle mating operations.  The crew also participated in a conference with ground teams to discuss Cygnus cargo operations. Orbital ATK (OA)-5 is scheduled to launch on October 16, with rendezvous and berthing on October 19th. Today’s Planned Activities All activities were completed unless otherwise noted. PK-4 data hard drives exchange On-board Training (OBT) Cygnus Attached Phase Operations review. Personal CO2 Monitor iPad Application Restart PK4 Pre-pack hard drives before return on Soyuz Crew Medical Officer (CMO) On Board Training (OBT) On-board Training (OBT) Cygnus Attached Phase Operations review. Marrow Breath And Ambient Air Sample Setup – Subject PK-4 Experiment Run 3 Dose Tracker Data Entry Subject Centerline Berthing Camera System (CBCS) and Vestibule Outfitting Kit Equipment Gather Crew Departure Preparations for Return to Earth Centerline Berthing Camera System (CBCS) Installation and Checkout Health Maintenance System (HMS) Food Frequency Questionnaire (FFQ) HRF Generic Frozen Blood Collection Setup HRF Generic Urine Collection Setup Cygnus Cargo Operations Review PK-4 Chamber filling with Cleaning gas [Aborted] Ultrasound 2 HRF Rack 1 Power On Cardio Ox Ultrasound Scan – Operator Cardio Ox CDL Holter Arterial BP Measurement – Subject ISS HAM Radio Power Down Cardio Ox CDL Holter Arterial BP Hardware Doff Alternate – Subject Sony HVR-Z7E setup in SM  (for SM Aft-Progress interface video)  Progress 432 [AO] Activation, Air Duct Removal Personal CO2 Monitor Power Cycle Health Maintenance System (HMS) Food Frequency Questionnaire (FFQ) Cygnus Cargo Operations Conference Removal of Quick-Release Screw Clamps and Video Recording of SM Aft –Progress 432 Interface SM Aft-Progress 432 [AO] Hatch Closure ПрК-СУ and Progress- СУ hatch leak check MELFI Ice Brick Insert Public Affairs Office (PAO) High Definition (HD) Config LAB Setup Public Affairs Office (PAO) Event in High Definition (HD) – Lab Deactivation of Sony HVR-Z7E camcorder and closing of NASA MPEG-2 Viewer application PK-4 Chamber filling with Neon gas [Aborted] Biological Rhythms 48 Actiwatch Preparation Personal CO2 Monitor Power Cycle PK-4 Gas Supply Flexhose disconnection for storage Completed Task List Items Pretreat Electronic Indicator Locate [item was not located in recommended search locations] N1 Aft Hatch Seal Clean Ground Activities All activities were completed unless otherwise noted. Traveling Wave Tube Amplifier (TWTA) Activation CIR Venting CBCS Checkout System configuration for 63P clamp uninstall  Three-Day Look Ahead: Friday, 10/14: CBEF, Microbe, Vascular Echo Saturday, 10/15: Weekly Housekeeping, Crew Off Duty Sunday, 10/16: HRF Body Measures, Crew Off Duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Reprocess Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2dBGky2
via IFTTT

ISS Daily Summary Report – 10/12/2016

Fluid Shifts Before, During and After Prolonged Space Flight and Their Association with Intracranial Pressure and Visual Impairment (Fluid Shifts): Following yesterday’s Dilution Measurements, today, FE-5 performed Day 2 of his final Fluid Shifts collection.  With assistance from FE-6, the crew performed various collections and measurements including Optical Coherence Tomography (OCT), Distortion Product Otoacoustic Emissions (DPOAE), Tonometry, and Ultrasounds.  Today’s sessions will conclude FE-5’s Fluid Shift activities, as the crew will not be performing Cerebral and Cochlear Fluid Pressure (CCFP) measurements or Chibis/Lower Body Negative Pressure (LBNP) measurements.  The CCFP measurement device was returned on SpaceX-9 for failure analysis, and due to the shortened 47S increment duration, it was determined that the LBNP would not be required.  Both instances of science loss were reviewed and accepted by the payload teams.  Fluid Shifts investigates the causes for severe and lasting physical changes to astronaut’s eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage.  Portable Emergency Provisions (PEPS) Audit:  FE-5 completed an audit of the PEPS hardware in the FGB, Lab, Node 2, Japanese Pressurized Module (JPM), Japanese Logistics Platform (JLP), and Columbus (COL) locations this morning.  The PEPS audit is performed to verify Portable Fire Extinguisher (PFE), Extension Hose Tee Kit (EHTK), the Portable Breathing Apparatus (PBA), and Pre-Breathe Mask are all free of damage to ensure functionality. The Audit also includes a Mask Harness Inspection. The audit is to be performed once every 365 days. For an audit the crew will also record the hardware serial numbers or barcodes, and locations. This information is needed to track shelf life and life cycles on the hardware. Combustion Integration Rack (CIR) Multi-user Droplet Combustion Apparatus (MDCA) Chamber Dryout:  Following maintenance of MDCA in September, it was discovered that some water leaked into the CIR from the Internal Thermal Control System (ITCS) due to a damaged Quick Disconnect (QD).  The Vacuum Exhaust System (VES) is being used for vaporizing any water present.  Today, prior to CIR activation the Rack Flow Control Assembly (RFCA) valve was commanded to open. However, no coolant flow was recorded. The crew confirmed that the TCS return and supply QDs were not connected to the CIR rack Z-panel.  The crew reconnected both QDs and flow was established.   The venting will continue for the next 32 hours. Today’s Planned Activities All activities were completed unless otherwise noted. Fluid Shifts Saliva Baseline Collection Fluid Shifts MELFI Insertion Operations Fluid Shifts Urine Collection Fluid Shifts Blood Baseline Collection Fluid Shifts Galley Water Collection Tracer Ingestion Operations Fluid Shifts Refrigerated Centrifuge Configuration Reminder 1 Fluid Shifts Baseline Imaging Measures Fluid Shifts Refrigerated Centrifuge Spin Conclude Closing Window Shutters # 6, 8, 9, 12, 13, 14 Transfer of Cosmocard Results to the Memory Card for Return ИП-1 Sensors Installation Monitoring Periodic Health Status (PHS) Evaluation – Crew Medical Officer (CMO) DOSIS  Mode Switching Mode 2 to Mode 1 Samples Collection from the Gas-Liquid Mixture Fine Motor Skills Experiment Test Fluid Shifts MELFI Retrieve Insertion Operations Kazbek Fitcheck Formaldehyde Monitoring Kit (FMK) Deployment Operations Personal CO2 Monitor Donn Grab Sample Container (GSC) Sampling Operations Fluid Shifts Blood 3-Hour Collection Fluid Shifts Blood Collection Fluid Shifts Refrigerated Centrifuge Configuration Fluid Shifts Saliva 3-Hour Collection Fluid Shifts MELFI Retrieve Insertion Periodic Health Status Stow Total Organic Carbon Analyzer (TOCA) Water Recovery System (WRS) Sample Analysis Transfer of Cargo to SM Aft Progress #432 for Disposal. IMS Update Removal of ССД305 Light Fixture from Progress #432 Fluid Shifts Refrigerated Centrifuge Spin Conclude Fluid Shifts MELFI Retrieve Insertion Operations Fluid Shifts Blood Collection Conclude Stow Water Resource System (WRS) Microbial Removal Filter (MRF) Cartridge Removal and Replacement Fluid Shifts Saliva 5-Hour Collection Fluid Shifts MELFI Retrieve Insertion Operations Fluid Shifts Urine Collection End – Subject Report on Completion of Cargo Transfer to SM Aft Progress #432 Fluid Shifts MELFI Insertion Operations INTER-MAI-75. РЛС Hardware Activation Personal CO2 Monitor Power Cycle PK4. Experiment Ops SPHERES Slosh Hard Drive Stow Fluid Shifts Urine Collection Stow Meteor Hard Drive Swapout Preventive Maintenance of the Sealing Mechanisms of SM АСП-О and SM Aft Progress 432 Active Docking Assembly ([ACA]) Hatches. Water Recovery System Waste Water Tank Drain Init Habitability Human Factors Directed Observations Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Sample Data Record Filling In (Degassing) of EDV (KOV) for Elektron or EDV-SV Fluid Shifts Hardware Battery Installation Water Recovery System Waste Water Tank Drain Termination Regenerative Environmental Control and Life Support System (RGN) WSTA Fill JAXA EPO Electrostatic Levitation Furnace Introduction Message СОЖ maintenance INTER-MAI-75. РЛС Hardware Deactivation Treadmill 2 System (T2) Monthly Inspection Meteor Shutter Open Advanced Resistive Exercise Device (ARED) Cylinder Flywheel Evacuation PK4. Experiment Ops Completed Task List Items SPHERES Slosh Hard Drive Unstow Optical Coherence Tomography (OCT) Laptop Power Supply Troubleshooting JAXA Report Part 8 (Active) Ground Activities All activities were completed unless otherwise noted. VDPU Switching Unit Configuration T2 Power Cycle  Three-Day Look Ahead: Thursday, 10/13: CardioOx, CBCS Install, Cygnus preps Friday, 10/14: CBEF, Microbe, Vascular Echo Saturday, 10/15: Weekly Housekeeping, Crew Off Duty  QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Reprocess Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2ezJqqr
via IFTTT

12-Year-Old SSH Bug Exposes More than 2 Million IoT Devices

Are your internet-connected devices spying on you? Perhaps. We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services. But, these connected devices are not just limited to conduct DDoS attacks; they have far more potential to harm you.


from The Hacker News http://ift.tt/2e9YgVO
via IFTTT

Galaxies from the Altiplano


The central bulge of our Milky Way Galaxy rises over the northern Chilean Atacama altiplano in this postcard from planet Earth. At an altitude of 4500 meters, the strange beauty of the desolate landscape could almost belong to another world though. Brownish red and yellow tinted sulfuric patches lie along the whitish salt flat beaches of the Salar de Aguas Calientes region. In the distance along the Argentina border is the stratovolcano Lastarria, its peak at 5700 meters (19,000 feet). In the clear, dark sky above, stars, nebulae, and cosmic dust clouds in the Milky Way echo the colors of the altiplano at night. Extending the view across extragalactic space, the Large and Small Magellanic Clouds, satellite galaxies of the Milky Way, shine near the horizon through a faint greenish airglow. via NASA http://ift.tt/2dP2QJ4

The Story of Ozone Depletion

The Antarctic ozone hole is caused by human-produced chlorine-containing chlorofluorocarbons (CFCs) and bromine-containing halons. These compounds had a variety of commercial uses, including hair sprays, refrigerants, and fire suppressants. This story about the cause of ozone depletion was originally developed for the NASA hyperwall, where nine different animations can be shown simultaneously. The animations shown here are derived from the Goddard Earth Observing System (GEOS) model and cover two periods. The first period is from August through November 2004, and the second is from December 2004 through March 2005. The first period animations are shown on this page. The second period animations may be downloaded through the Download links below. The chlorine compounds that destroy ozone have now been regulated under the international Montreal Protocol agreement. Because of this agreement, the ozone hole is projected to disappear around 2060-2070. NASA and the international community continue to monitor Antarctic ozone.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2dObC7P
via IFTTT

Gardening Rates on the Moon

No, not that kind of gardening. In this case, gardening refers to the mixing and disturbance of the top layers of lunar regolith that happens when impacts form new craters. The material excavated from the crater site is sprayed in all directions, creating secondary craters and splats of lighter and darker dust on the surface. The narrow-angle camera (LROC NAC) aboard Lunar Reconnaissance Orbiter (LRO) has photographed a large percentage of the Moon's surface multiple times. By looking for differences between earlier and later images, the LROC team has found over 200 new craters large enough for the camera to see (at least 5 meters in diameter), as well as thousands of what they call splotches, many of which are likely caused by smaller craters. In a paper in the October 13, 2016 Nature, Emerson Speyerer and his coauthors divide the crater ejecta into four zones that differ in brightness and distance from the crater, and they explain the processes involved in the formation of each zone. They also use the number of craters and splotches to infer the gardening rate, the rate at which the top few centimeters of regolith is churned and replaced by impacts. Their conclusion is that this is happening over 100 times faster than previously thought. The visualization simulates the formation of one of the craters featured in the paper. We first see a flash, then zoom all the way to the surface, where the animation blinks between the actual before and after LROC NAC images (M1105837846R and M1121160416R) that were used to detect this new 12-meter crater. Finally, we see the ratio of the two images, which very clearly shows both the new crater and the radial pattern of ejecta.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2eeiwkU
via IFTTT

Thursday, October 13, 2016

A Fuzzy Logic System to Analyze a Student's Lifestyle. (arXiv:1610.03957v1 [cs.AI])

A college student's life can be primarily categorized into domains such as education, health, social and other activities which may include daily chores and travelling time. Time management is crucial for every student. A self realisation of one's daily time expenditure in various domains is therefore essential to maximize one's effective output. This paper presents how a mobile application using Fuzzy Logic and Global Positioning System (GPS) analyzes a student's lifestyle and provides recommendations and suggestions based on the results.



from cs.AI updates on arXiv.org http://ift.tt/2ebZFWx
via IFTTT

Bank Card Usage Prediction Exploiting Geolocation Information. (arXiv:1610.03996v1 [cs.LG])

We describe the solution of team ISMLL for the ECML-PKDD 2016 Discovery Challenge on Bank Card Usage for both tasks. Our solution is based on three pillars. Gradient boosted decision trees as a strong regression and classification model, an intensive search for good hyperparameter configurations and strong features that exploit geolocation information. This approach achieved the best performance on the public leaderboard for the first task and a decent fourth position for the second task.



from cs.AI updates on arXiv.org http://ift.tt/2dQVkNO
via IFTTT

Stream Reasoning-Based Control of Caching Strategies in CCN Routers. (arXiv:1610.04005v1 [cs.AI])

Content-Centric Networking (CCN) research addresses the mismatch between the modern usage of the Internet and its outdated architecture. Importantly, CCN routers may locally cache frequently requested content in order to speed up delivery to end users. Thus, the issue of caching strategies arises, i.e., which content shall be stored and when it should be replaced. In this work, we employ novel techniques towards intelligent administration of CCN routers that autonomously switch between existing strategies in response to changing content request patterns. In particular, we present a router architecture for CCN networks that is controlled by rule-based stream reasoning, following the recent formal framework LARS which extends Answer Set Programming for streams. The obtained possibility for flexible router configuration at runtime allows for faster experimentation and may thus help to advance the further development of CCN. Moreover, the empirical evaluation of our feasibility study shows that the resulting caching agent may give significant performance gains.



from cs.AI updates on arXiv.org http://ift.tt/2dnXPEq
via IFTTT

A fuzzy expert system for earthquake prediction, case study: the Zagros range. (arXiv:1610.04028v1 [cs.AI])

A methodology for the development of a fuzzy expert system (FES) with application to earthquake prediction is presented. The idea is to reproduce the performance of a human expert in earthquake prediction. To do this, at the first step, rules provided by the human expert are used to generate a fuzzy rule base. These rules are then fed into an inference engine to produce a fuzzy inference system (FIS) and to infer the results. In this paper, we have used a Sugeno type fuzzy inference system to build the FES. At the next step, the adaptive network-based fuzzy inference system (ANFIS) is used to refine the FES parameters and improve its performance. The proposed framework is then employed to attain the performance of a human expert used to predict earthquakes in the Zagros area based on the idea of coupled earthquakes. While the prediction results are promising in parts of the testing set, the general performance indicates that prediction methodology based on coupled earthquakes needs more investigation and more complicated reasoning procedure to yield satisfactory predictions.



from cs.AI updates on arXiv.org http://ift.tt/2ebXIJL
via IFTTT

Truthful Mechanisms for Matching and Clustering in an Ordinal World. (arXiv:1610.04069v1 [cs.GT])

We study truthful mechanisms for matching and related problems in a partial information setting, where the agents' true utilities are hidden, and the algorithm only has access to ordinal preference information. Our model is motivated by the fact that in many settings, agents cannot express the numerical values of their utility for different outcomes, but are still able to rank the outcomes in their order of preference. Specifically, we study problems where the ground truth exists in the form of a weighted graph of agent utilities, but the algorithm can only elicit the agents' private information in the form of a preference ordering for each agent induced by the underlying weights. Against this backdrop, we design truthful algorithms to approximate the true optimum solution with respect to the hidden weights. Our techniques yield universally truthful algorithms for a number of graph problems: a 1.76-approximation algorithm for Max-Weight Matching, 2-approximation algorithm for Max k-matching, a 6-approximation algorithm for Densest k-subgraph, and a 2-approximation algorithm for Max Traveling Salesman as long as the hidden weights constitute a metric. We also provide improved approximation algorithms for such problems when the agents are not able to lie about their preferences. Our results are the first non-trivial truthful approximation algorithms for these problems, and indicate that in many situations, we can design robust algorithms even when the agents may lie and only provide ordinal information instead of precise utilities.



from cs.AI updates on arXiv.org http://ift.tt/2dnWHkc
via IFTTT

Improved Knowledge Base Completion by Path-Augmented TransR Model. (arXiv:1610.04073v1 [cs.AI])

Knowledge base completion aims to infer new relations from existing information. In this paper, we propose path-augmented TransR (PTransR) model to improve the accuracy of link prediction. In our approach, we base PTransR model on TransR, which is the best one-hop model at present. Then we regularize TransR with information of relation paths. In our experiment, we evaluate PTransR on the task of entity prediction. Experimental results show that PTransR outperforms previous models.



from cs.AI updates on arXiv.org http://ift.tt/2ebYdTZ
via IFTTT

Exploiting Sentence and Context Representations in Deep Neural Models for Spoken Language Understanding. (arXiv:1610.04120v1 [cs.AI])

This paper presents a deep learning architecture for the semantic decoder component of a Statistical Spoken Dialogue System. In a slot-filling dialogue, the semantic decoder predicts the dialogue act and a set of slot-value pairs from a set of n-best hypotheses returned by the Automatic Speech Recognition. Most current models for spoken language understanding assume (i) word-aligned semantic annotations as in sequence taggers and (ii) delexicalisation, or a mapping of input words to domain-specific concepts using heuristics that try to capture morphological variation but that do not scale to other domains nor to language variation (e.g., morphology, synonyms, paraphrasing ). In this work the semantic decoder is trained using unaligned semantic annotations and it uses distributed semantic representation learning to overcome the limitations of explicit delexicalisation. The proposed architecture uses a convolutional neural network for the sentence representation and a long-short term memory network for the context representation. Results are presented for the publicly available DSTC2 corpus and an In-car corpus which is similar to DSTC2 but has a significantly higher word error rate (WER).



from cs.AI updates on arXiv.org http://ift.tt/2dnYXaU
via IFTTT

An Information Theoretic Feature Selection Framework for Big Data under Apache Spark. (arXiv:1610.04154v1 [cs.AI])

With the advent of extremely high dimensional datasets, dimensionality reduction techniques are becoming mandatory. Among many techniques, feature selection has been growing in interest as an important tool to identify relevant features on huge datasets --both in number of instances and features--. The purpose of this work is to demonstrate that standard feature selection methods can be parallelized in Big Data platforms like Apache Spark, boosting both performance and accuracy. We thus propose a distributed implementation of a generic feature selection framework which includes a wide group of well-known Information Theoretic methods. Experimental results on a wide set of real-world datasets show that our distributed framework is capable of dealing with ultra-high dimensional datasets as well as those with a huge number of samples in a short period of time, outperforming the sequential version in all the cases studied.



from cs.AI updates on arXiv.org http://ift.tt/2e5C9eI
via IFTTT

Reset-free Trial-and-Error Learning for Data-Efficient Robot Damage Recovery. (arXiv:1610.04213v1 [cs.RO])

The high probability of hardware failures prevents many advanced robots (e.g. legged robots) to be confidently deployed in real-world situations (e.g post-disaster rescue). Instead of attempting to diagnose the failure(s), robots could adapt by trial-and-error in order to be able to complete their tasks. However, the best trial-and-error algorithms for robotics are all episodic: between each trial, the robot needs to be put back in the same state, that is, the robot is not learning autonomously. In this paper, we introduce a novel learning algorithm called "Reset-free Trial-and-Error" (RTE) that allows robots to recover from damage while completing their tasks. We evaluate it on a hexapod robot that is damaged in several ways (e.g. a missing leg, a shortened leg, etc.) and whose objective is to reach a sequence of targets in an arena. Our experiments show that the robot can recover most of its locomotion abilities in a few minutes, in an environment with obstacles, and without any human intervention. Overall, this new algorithm makes it possible to contemplate sending robots to places that are truly too dangerous for humans and in which robots cannot be rescued.



from cs.AI updates on arXiv.org http://ift.tt/2ebYpTs
via IFTTT

A Parallel Memory-efficient Epistemic Logic Program Solver: Harder, Better, Faster. (arXiv:1608.06910v2 [cs.AI] UPDATED)

As the practical use of answer set programming (ASP) has grown with the development of efficient solvers, we expect a growing interest in extensions of ASP as their semantics stabilize and solvers supporting them mature. Epistemic Specifications, which adds modal operators K and M to the language of ASP, is one such extension. We call a program in this language an epistemic logic program (ELP). Solvers have thus far been practical for only the simplest ELPs due to exponential growth of the search space. We describe a solver that is able to solve harder problems better (e.g., without exponentially-growing memory needs w.r.t. K and M occurrences) and faster than any other known ELP solver.



from cs.AI updates on arXiv.org http://ift.tt/2bxDTP3
via IFTTT

lazyloader.js Uncaught TypeError: Cannot read property 'length'

lazyloader.js?oez69y:88each @ jquery.min.js?v=1.7.2:2(anonymous function) @ lazyloader.js?oez69y:87dispatch @ jquery.min.js?v=1.7.2:3i

from Google Alert - anonymous http://ift.tt/2dWqVdY
via IFTTT

anonymous

Anonymous is a digital production company based in Paris // France.

from Google Alert - anonymous http://ift.tt/2e01l6Z
via IFTTT

Ravens: Steve Smith, Devin Hester, CJ Mosley and Elvis Dumervil not at practice Thurs.; Ronnie Stanley returns - Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous Threatens to Release Video of Bill Clinton Raping A 13-Year Old Child

Shocking video exists, according to Anonymous, of former President Bill Clinton raping a 13-year-old girl. Reportedly, the violent crime took place on ...

from Google Alert - anonymous http://ift.tt/2eaJwAC
via IFTTT

Ocean City, MD's surf is at least 5.16ft high

Maryland-Delaware, October 18, 2016 at 04:00AM

Ocean City, MD Summary
At 4:00 AM, surf min of 5.16ft. At 10:00 AM, surf min of 5.28ft. At 4:00 PM, surf min of 4.5ft. At 10:00 PM, surf min of 4.15ft.

Surf maximum: 5.76ft (1.76m)
Surf minimum: 5.16ft (1.57m)
Tide height: -0.38ft (-0.12m)
Wind direction: ENE
Wind speed: 6.84 KTS


from Surfline http://ift.tt/1kVmigH
via IFTTT

Classified U.S. Defense Network Outage Hits Air Force’s Secret Drone Operations

U.S. drones are again in news for killing innocent people. The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year. Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in


from The Hacker News http://ift.tt/2ebKPjV
via IFTTT

GPM Captures Hurricane Matthew Over Haiti

On October 2nd and 3rd, 2016 NASA's Global Precipitation Measurement mission or GPM core observatory satellite flew over Hurricane Matthew. The first pass shows Matthew immediately after it became a category 4 hurricane with sustained winds of 150 mph on October 2nd, 2016. The second pass shows it over Haiti on October 3rd as it buffets Haiti with sustained winds of 140 mph. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs, and the Dual-frequency Precipitation Radar observes precise details of precipitation in 3-dimensions. GPM data is part of the toolbox of satellite data used by forecasters and scientists to understand how storms behave. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. Current and future data sets are available with free registration to users from NASA Goddard's Precipitation Processing Center website.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

Penumbral Lunar Eclipse


Does this Moon look a little different to you? Although shown in spectacular detail, the full face of Earth's most familiar satellite appears slightly darker than usual, in particular on the upper left, because it is undergoing a penumbral lunar eclipse. The image was captured in Hong Kong, China, on September 16 when the Moon crossed through part of Earth's shadow -- but not the darkest where the Earth shades the entire Sun. A lunar eclipse can only occur during a full moon, and many know this particular full moon as the Harvest moon for its proximity to northern harvests. The next full moon will occur this coming Sunday. Some cultures refer to it as a Leaf Falling Moon, named for its proximity to northern autumn. The second full moon of the same month ("moonth") is sometimes called a Blue moon; meanwhile, this month features a rare second new moon, an event known to some as a Black moon. via NASA http://ift.tt/2e14PWe

GPM Monitors Hurricane Matthew Flooding the Carolinas

NASA's Global Precipitation Measurement mission or GPM core observatory satellite flew over Hurricane Matthew as the category 2 hurricane drenched North and South Carolina with record-breaking rainfall on October 8, 2016 resulting in historical flooding throughout the Carolinas. The GPM Core Observatory carries two instruments that show the location and intensity of rain and snow, which defines a crucial part of the storm structure - and how it will behave. The GPM Microwave Imager sees through the tops of clouds to observe how much and where precipitation occurs, and the Dual-frequency Precipitation Radar observes precise details of precipitation in 3-dimensions. GPM data is part of the toolbox of satellite data used by forecasters and scientists to understand how storms behave. GPM is a joint mission between NASA and the Japan Aerospace Exploration Agency. Current and future data sets are available with free registration to users from NASA Goddard's Precipitation Processing Center website.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2ehIAPN
via IFTTT

Wednesday, October 12, 2016

Santa's Anonymous is back

Thanks to the students and staff volunteers at Father Mercredi, Santa's Anonymous is back. Last year alone, Santa's Anonymous created and ...

from Google Alert - anonymous http://ift.tt/2dlHNuQ
via IFTTT

Transfer from Simulation to Real World through Learning Deep Inverse Dynamics Model. (arXiv:1610.03518v1 [cs.RO])

Developing control policies in simulation is often more practical and safer than directly running experiments in the real world. This applies to policies obtained from planning and optimization, and even more so to policies obtained from reinforcement learning, which is often very data demanding. However, a policy that succeeds in simulation often doesn't work when deployed on a real robot. Nevertheless, often the overall gist of what the policy does in simulation remains valid in the real world. In this paper we investigate such settings, where the sequence of states traversed in simulation remains reasonable for the real world, even if the details of the controls are not, as could be the case when the key differences lie in detailed friction, contact, mass and geometry properties. During execution, at each time step our approach computes what the simulation-based control policy would do, but then, rather than executing these controls on the real robot, our approach computes what the simulation expects the resulting next state(s) will be, and then relies on a learned deep inverse dynamics model to decide which real-world action is most suitable to achieve those next states. Deep models are only as good as their training data, and we also propose an approach for data collection to (incrementally) learn the deep inverse dynamics model. Our experiments shows our approach compares favorably with various baselines that have been developed for dealing with simulation to real world model discrepancy, including output error control and Gaussian dynamics adaptation.



from cs.AI updates on arXiv.org http://ift.tt/2dXLCW4
via IFTTT

A Chain-Detection Algorithm for Two-Dimensional Grids. (arXiv:1610.03573v1 [cs.AI])

We describe a general method of detecting valid chains or links of pieces on a two-dimensional grid. Specifically, using the example of the chess variant known as Switch-Side Chain-Chess (SSCC). Presently, no foolproof method of detecting such chains in any given chess position is known and existing graph theory, to our knowledge, is unable to fully address this problem either. We therefore propose a solution implemented and tested using the C++ programming language. We have been unable to find an incorrect result and therefore offer it as the most viable solution thus far to the chain-detection problem in this chess variant. The algorithm is also scalable, in principle, to areas beyond two-dimensional grids such as 3D analysis and molecular chemistry.



from cs.AI updates on arXiv.org http://ift.tt/2dXJZYi
via IFTTT

Maximum entropy models for generation of expressive music. (arXiv:1610.03606v1 [cs.AI])

In the context of contemporary monophonic music, expression can be seen as the difference between a musical performance and its symbolic representation, i.e. a musical score. In this paper, we show how Maximum Entropy (MaxEnt) models can be used to generate musical expression in order to mimic a human performance. As a training corpus, we had a professional pianist play about 150 melodies of jazz, pop, and latin jazz. The results show a good predictive power, validating the choice of our model. Additionally, we set up a listening test whose results reveal that on average, people significantly prefer the melodies generated by the MaxEnt model than the ones without any expression, or with fully random expression. Furthermore, in some cases, MaxEnt melodies are almost as popular as the human performed ones.



from cs.AI updates on arXiv.org http://ift.tt/2dXMx8Q
via IFTTT

Deep Fruit Detection in Orchards. (arXiv:1610.03677v1 [cs.RO])

An accurate and reliable image based fruit detection system is critical for supporting higher level agriculture tasks such as yield mapping and robotic harvesting. This paper presents the use of a state-of-the-art object detection framework, Faster R-CNN, in the context of fruit detection in orchards, including mangoes, almonds and apples. Ablation studies are presented to better understand the practical deployment of the detection network, including how much training data is required to capture variability in the dataset. Data augmentation techniques are shown to yield significant performance gains, resulting in a greater than two-fold reduction in the number of training images required. In contrast, transferring knowledge between orchards contributed to negligible performance gain over initialising the Deep Convolutional Neural Network directly from ImageNet features. Finally, to operate over orchard data containing between 100-1000 fruit per image, a tiling approach is introduced for the Faster R-CNN framework. The study has resulted in the best yet detection performance for these orchards relative to previous works, with an F1-score of >0.9 achieved for apples and mangoes.



from cs.AI updates on arXiv.org http://ift.tt/2dduzNi
via IFTTT

Exploring the Entire Regularization Path for the Asymmetric Cost Linear Support Vector Machine. (arXiv:1610.03738v1 [cs.AI])

We propose an algorithm for exploring the entire regularization path of asymmetric-cost linear support vector machines. Empirical evidence suggests the predictive power of support vector machines depends on the regularization parameters of the training algorithms. The algorithms exploring the entire regularization paths have been proposed for single-cost support vector machines thereby providing the complete knowledge on the behavior of the trained model over the hyperparameter space. Considering the problem in two-dimensional hyperparameter space though enables our algorithm to maintain greater flexibility in dealing with special cases and sheds light on problems encountered by algorithms building the paths in one-dimensional spaces. We demonstrate two-dimensional regularization paths for linear support vector machines that we train on synthetic and real data.



from cs.AI updates on arXiv.org http://ift.tt/2dXKbqu
via IFTTT

Detecting Unseen Falls from Wearable Devices using Channel-wise Ensemble of Autoencoders. (arXiv:1610.03761v1 [cs.AI])

A fall is an abnormal activity that occurs rarely, so it is hard to collect real data for falls. It is, therefore, difficult to use supervised learning methods to automatically detect falls. Another challenge in using machine learning methods to automatically detect falls is the choice of features. In this paper, we propose to use an ensemble of autoencoders to extract features from different channels of wearable sensor data trained only on normal activities. We show that choosing a threshold as maximum of the reconstruction error on the training normal data is not the right way to identify unseen falls. We propose two methods for automatic tightening of reconstruction error from only the normal activities for better identification of unseen falls. We present our results on two activity recognition datasets and show the efficacy of our proposed method against traditional autoencoder models and two standard one-class classification methods.



from cs.AI updates on arXiv.org http://ift.tt/2dXMl9G
via IFTTT

Concordance and the Smallest Covering Set of Preference Orderings. (arXiv:1609.04722v2 [cs.AI] UPDATED)

Preference orderings are orderings of a set of items according to the preferences (of judges). Such orderings arise in a variety of domains, including group decision making, consumer marketing, voting and machine learning. Measuring the mutual information and extracting the common patterns in a set of preference orderings are key to these areas. In this paper we deal with the representation of sets of preference orderings, the quantification of the degree to which judges agree on their ordering of the items (i.e. the concordance), and the efficient, meaningful description of such sets.

We propose to represent the orderings in a subsequence-based feature space and present a new algorithm to calculate the size of the set of all common subsequences - the basis of a quantification of concordance, not only for pairs of orderings but also for sets of orderings. The new algorithm is fast and storage efficient with a time complexity of only $O(Nn^2)$ for the orderings of $n$ items by $N$ judges and a space complexity of only $O(\min\{Nn,n^2\})$.

Also, we propose to represent the set of all $N$ orderings through a smallest set of covering preferences and present an algorithm to construct this smallest covering set.

The source code for the algorithms is available at http://ift.tt/2dxgNWV.



from cs.AI updates on arXiv.org http://ift.tt/2cSdzgv
via IFTTT

Huntington Police get $100000 private, anonymous donation

Huntington Police get $100,000 private, anonymous donation. In Huntington, there's a growing effort to help supplement tight city budgets, without ...

from Google Alert - anonymous http://ift.tt/2dSY9dZ
via IFTTT

New program allows electronic anonymous tipping to police

ELLSWORTH - The Hancock County Sheriff's Office is starting an electronic tip program, which can help report crimes anonymously. It's very clean - ve ...

from Google Alert - anonymous http://ift.tt/2dSRKQe
via IFTTT

Unconfirmed Russian report about anonymous officials unofficially recommending something ...

Unconfirmed Russian report about anonymous officials unofficially recommending something sparks British hysteria of Putin unleashing nuclear war.

from Google Alert - anonymous http://ift.tt/2dYhHim
via IFTTT

BlockChain.info Domain Hijacked; Site Goes Down; 8 Million Bitcoin Wallets Inaccessible

If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It’s Down! Yes, Blockchain.info, the world's most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it's believed that a possible cyber attack has disrupted the site. <!-- adsense --> The site is down at the time of writing, and the web server


from The Hacker News http://ift.tt/2d7FfSv
via IFTTT

Call for Papers: Call for Papers: ICARUS Special Issue on Asteroids

Asteroids are small, usually rocky, bodies that primarily populate a region of the solar system between the orbits of Mars and Jupiter known as the asteroid belt. However, they can also be found throughout the solar system. As leftovers from the formation of the solar system, these bodies carry the signature of the birth of our planetary system. Their properties allow testing of current theories and open doors to the development of new theories pertaining to different evolutionary processes in the solar system.



from Icarus http://ift.tt/2eqWdLO
via IFTTT

I have a new follower on Twitter


Matt Heinz
B2B demand generation, pipeline management, sales enablement, content strategy, inside sales effectiveness, marketing technology, driving revenue & results.
Redmond, WA
http://t.co/1R4WFaTkHt
Following: 68777 - Followers: 96719

October 12, 2016 at 10:04AM via Twitter http://twitter.com/HeinzMarketing

[FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild

Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not. That's because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose


from The Hacker News http://ift.tt/2e8sxA7
via IFTTT

The Cygnus Wall of Star Formation


Sometimes, stars form in walls -- bright walls of interstellar gas. In this vivid skyscape, stars are forming in the W-shaped ridge of emission known as the Cygnus Wall. Part of a larger emission nebula with a distinctive outline popularly called The North America Nebula, the cosmic ridge spans about 20 light-years. Constructed using narrowband data to highlight the telltale reddish glow from ionized hydrogen atoms recombining with electrons, the image mosaic follows an ionization front with fine details of dark, dusty forms in silhouette. Sculpted by energetic radiation from the region's young, hot, massive stars, the dark shapes inhabiting the view are clouds of cool gas and dust with stars likely forming within. The North America Nebula itself, NGC 7000, is about 1,500 light-years away. via NASA http://ift.tt/2d4Liaw

Tuesday, October 11, 2016

I have a new follower on Twitter


Rob Tiffany
CTO, Lumada #IoT at Hitachi • Inc Magazine Top Internet of Things Expert • exMSFT • Author • Keynote Speaker • Wannabe Sommelier
Seattle
https://t.co/SJWlZkSM8v
Following: 10966 - Followers: 17375

October 11, 2016 at 10:46PM via Twitter http://twitter.com/RobTiffany

PCG-Based Game Design Patterns. (arXiv:1610.03138v1 [cs.AI])

People enjoy encounters with generative software, but rarely are they encouraged to interact with, understand or engage with it. In this paper we define the term 'PCG-based game', and explain how this concept follows on from the idea of an AI-based game. We look at existing examples of games which foreground their AI, put forward a methodology for designing PCG-based games, describe some example case study designs for PCG-based games, and describe lessons learned during this process of sketching and developing ideas.



from cs.AI updates on arXiv.org http://ift.tt/2dU7mCm
via IFTTT

Navigational Instruction Generation as Inverse Reinforcement Learning with Neural Machine Translation. (arXiv:1610.03164v1 [cs.RO])

Modern robotics applications that involve human-robot interaction require robots to be able to communicate with humans seamlessly and effectively. Natural language provides a flexible and efficient medium through which robots can exchange information with their human partners. Significant advancements have been made in developing robots capable of interpreting free-form instructions, but less attention has been devoted to endowing robots with the ability to generate natural language. We propose a navigational guide model that enables robots to generate natural language instructions that allow humans to navigate a priori unknown environments. We first decide which information to share with the user according to their preferences, using a policy trained from human demonstrations via inverse reinforcement learning. We then "translate" this information into a natural language instruction using a neural sequence-to-sequence model that learns to generate free-form instructions from natural language corpora. We evaluate our method on a benchmark route instruction dataset and achieve a BLEU score of 72.18% when compared to human-generated reference instructions. We additionally conduct navigation experiments with human participants that demonstrate that our method generates instructions that people follow as accurately and easily as those produced by humans.



from cs.AI updates on arXiv.org http://ift.tt/2dOV8LU
via IFTTT

Error Asymmetry in Causal and Anticausal Regression. (arXiv:1610.03263v1 [cs.AI])

It is generally difficult to make any statements about the expected prediction error in an univariate setting without further knowledge about how the data were generated. Recent work showed that knowledge about the real underlying causal structure of a data generation process has implications for various machine learning settings. Assuming an additive noise and an independence between data generating mechanism and its input, we draw a novel connection between the intrinsic causal relationship of two variables and the expected prediction error. We formulate the theorem that the expected error of the true data generating function as prediction model is generally smaller when the effect is predicted from its cause and, on the contrary, greater when the cause is predicted from its effect. The theorem implies an asymmetry in the error depending on the prediction direction. This is further corroborated with empirical evaluations in artificial and real-world data sets.



from cs.AI updates on arXiv.org http://ift.tt/2dU7j9i
via IFTTT

Safe, Multi-Agent, Reinforcement Learning for Autonomous Driving. (arXiv:1610.03295v1 [cs.AI])

Autonomous driving is a multi-agent setting where the host vehicle must apply sophisticated negotiation skills with other road users when overtaking, giving way, merging, taking left and right turns and while pushing ahead in unstructured urban roadways. Since there are many possible scenarios, manually tackling all possible cases will likely yield a too simplistic policy. Moreover, one must balance between unexpected behavior of other drivers/pedestrians and at the same time not to be too defensive so that normal traffic flow is maintained.

In this paper we apply deep reinforcement learning to the problem of forming long term driving strategies. We note that there are two major challenges that make autonomous driving different from other robotic tasks. First, is the necessity for ensuring functional safety - something that machine learning has difficulty with given that performance is optimized at the level of an expectation over many instances. Second, the Markov Decision Process model often used in robotics is problematic in our case because of unpredictable behavior of other agents in this multi-agent scenario. We make three contributions in our work. First, we show how policy gradient iterations can be used without Markovian assumptions. Second, we decompose the problem into a composition of a Policy for Desires (which is to be learned) and trajectory planning with hard constraints (which is not learned). The goal of Desires is to enable comfort of driving, while hard constraints guarantees the safety of driving. Third, we introduce a hierarchical temporal abstraction we call an "Option Graph" with a gating mechanism that significantly reduces the effective horizon and thereby reducing the variance of the gradient estimation even further.



from cs.AI updates on arXiv.org http://ift.tt/2epP7XV
via IFTTT

Is psychosis caused by defective dissociation? An Artificial Life model for schizophrenia. (arXiv:1610.03417v1 [q-bio.NC])

Both neurobiological and environmental factors are known to play a role in the origin of schizophrenia, but no model has been proposed that accounts for both. This work presents a functional model of schizophrenia that merges psychodynamic elements with ingredients borrowed from the theory of psychological traumas, and evidences the interplay of traumatic experiences and defective mental functions in the pathogenesis of the disorder. Our model foresees that dissociation is a standard tool used by the mind to protect itself from emotional pain. In case of repeated traumas, the mind learns to adopt selective forms of dissociation to avoid pain without losing touch with external reality. We conjecture that this process is defective in schizophrenia, where dissociation is either too weak, giving rise to positive symptoms, or too strong, causing negative symptoms.



from cs.AI updates on arXiv.org http://ift.tt/2dU7kKw
via IFTTT

Godseed: Benevolent or Malevolent?. (arXiv:1402.5380v2 [cs.AI] UPDATED)

It is hypothesized by some thinkers that benign looking AI objectives may result in powerful AI drives that may pose an existential risk to human society. We analyze this scenario and find the underlying assumptions to be unlikely. We examine the alternative scenario of what happens when universal goals that are not human-centric are used for designing AI agents. We follow a design approach that tries to exclude malevolent motivations from AI agents, however, we see that objectives that seem benevolent may pose significant risk. We consider the following meta-rules: preserve and pervade life and culture, maximize the number of free minds, maximize intelligence, maximize wisdom, maximize energy production, behave like human, seek pleasure, accelerate evolution, survive, maximize control, and maximize capital. We also discuss various solution approaches for benevolent behavior including selfless goals, hybrid designs, Darwinism, universal constraints, semi-autonomy, and generalization of robot laws. A "prime directive" for AI may help in formulating an encompassing constraint for avoiding malicious behavior. We hypothesize that social instincts for autonomous robots may be effective such as attachment learning. We mention multiple beneficial scenarios for an advanced semi-autonomous AGI agent in the near future including space exploration, automation of industries, state functions, and cities. We conclude that a beneficial AI agent with intelligence beyond human-level is possible and has many practical use cases.



from cs.AI updates on arXiv.org http://ift.tt/1e8nZ8D
via IFTTT

Network of Bandits. (arXiv:1602.03779v9 [cs.AI] UPDATED)

The distribution of machine learning tasks on the user's devices offers several advantages for application purposes: scalability, reduction of deployment costs and privacy. We propose a basic brick, Distributed Median Elimination, which can be used to distribute the best arm identification task in various schemes. In comparison to Median Elimination run on a single player, we showed a near optimal speed-up factor. This speed-up factor is reached with a near optimal communication cost. Experiments illustrate and complete the analysis. In comparison to {\sc Median Elimination} performed on each player, according to the analysis Distributed Median Elimination shows practical improvements.



from cs.AI updates on arXiv.org http://ift.tt/1XmBDce
via IFTTT

Limits to Verification and Validation of Agentic Behavior. (arXiv:1604.06963v2 [cs.AI] UPDATED)

Verification and validation of agentic behavior have been suggested as important research priorities in efforts to reduce risks associated with the creation of general artificial intelligence (Russell et al 2015). In this paper we question the appropriateness of using language of certainty with respect to efforts to manage that risk. We begin by establishing a very general formalism to characterize agentic behavior and to describe standards of acceptable behavior. We show that determination of whether an agent meets any particular standard is not computable. We discuss the extent of the burden associated with verification by manual proof and by automated behavioral governance. We show that to ensure decidability of the behavioral standard itself, one must further limit the capabilities of the agent. We then demonstrate that if our concerns relate to outcomes in the physical world, attempts at validation are futile. Finally, we show that layered architectures aimed at making these challenges tractable mistakenly equate intentions with actions or outcomes, thereby failing to provide any guarantees. We conclude with a discussion of why language of certainty should be eradicated from the conversation about the safety of general artificial intelligence.



from cs.AI updates on arXiv.org http://ift.tt/1WmQbti
via IFTTT

I have a new follower on Twitter


Creager
Writing code and copy at @ManifoldCo, until A.I. steps-up. Creating a better place for developers to bury their secrets: @TorusCLI. Formerly @heroku.
Halifax, Nova Scotia
https://t.co/nAgsIxIPNs
Following: 5091 - Followers: 4958

October 11, 2016 at 04:22PM via Twitter http://twitter.com/Matt_Creager

[FD] NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS)

Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS) 1. Impact on Business ===================== By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-057 - Onapsis SVS ID: ONAPSIS-00260 - CVE: CVE-2016-0533 - Researcher: Matias Mevied - Vendor Provided CVSS v3: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N) - Onapsis CVSS v3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: Oracle E-Business Suite 12.2 - Vulnerability Class: Improper Neutralization of Input During Web Page Generation (CWE-79) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2dH7Ay5 4. Affected Components Description ================================== Oracle E-Business Suite has more than 8000 JSP files which interact with the web listener and the data server. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JSP file to execute arbitrary code. This file has a parameter which is not validated and neither encoded. 6. Solution =========== Implement Oracle Critical Patch Update released in July 2016. 7. Report Timeline ================== - 02/29/2016: Onapsis provides vulnerability information to Oracle. - 03/01/2016: Oracle confirms reception of vulnerability report. - 07/19/2016: Oracle releases the Critical Patch Update in July 2016 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS)

Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS) 1. Impact on Business ===================== By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-056 - Onapsis SVS ID: ONAPSIS-00269, ONAPSIS-00270, ONAPSIS-00271, ONAPSIS-00272, ONAPSIS-00273, ONAPSIS-00274 and ONAPSIS-00275 - CVE: CVE-2016-3532 - Researcher: Matias Mevied - Vendor Provided CVSS v3: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N) - Onapsis CVSS v3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: Oracle E-Business Suite 12.2 - Vulnerability Class: Improper Neutralization of Input During Web Page Generation (CWE-79) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2d5sCHo 4. Affected Components Description ================================== Oracle E-Business Suite has more than 8000 JSP files which interact with the web listener and the data server. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JSP file to execute arbitrary code. This file has seven parameters which are not validated and neither encoded. 6. Solution =========== Implement Oracle Critical Patch Update released in July 2016. 7. Report Timeline ================== - 02/29/2016: Onapsis provides vulnerability information to Oracle. - 03/01/2016: Oracle confirms reception of vulnerability report. - 07/19/2016: Oracle releases the Critical Patch Update in July 2016 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS)

Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS) 1. Impact on Business ===================== By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-055 - Onapsis SVS ID: ONAPSIS-00277, ONAPSIS-00278 and ONAPSIS-00279 - CVE: CVE-2016-3533 - Researcher: Matias Mevied - Vendor Provided CVSS v3: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N) - Onapsis CVSS v3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: Oracle E-Business Suite 12.2 - Vulnerability Class: Improper Neutralization of Input During Web Page Generation (CWE-79) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2dTeWNh 4. Affected Components Description ================================== Oracle E-Business Suite has more than 8000 JSP files which interact with the web listener and the data server. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JSP file to execute arbitrary code. This file has three parameters which are not validated and neither encoded. 6. Solution =========== Implement Oracle Critical Patch Update released in July 2016. 7. Report Timeline ================== - 02/29/2016: Onapsis provides vulnerability information to Oracle. - 03/01/2016: Oracle confirms reception of vulnerability report. - 07/19/2016: Oracle releases the Critical Patch Update in July 2016 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS)

Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS) 1. Impact on Business ===================== By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-53 - Onapsis SVS ID: ONAPSIS-00281 - CVE: CVE-2016-3535 - Researcher: Matias Mevied - Vendor Provided CVSS v3: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N) - Onapsis CVSS v3: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: Oracle E-Business Suite 12.2 - Vulnerability Class: Improper Neutralization of Input During Web Page Generation (CWE-79) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2dO5VWO 4. Affected Components Description ================================== Oracle E-Business Suite has more than 8000 JSP files which interact with the web listener and the data server. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JSP file to execute arbitrary code. This file has a parameter which is not validated and neither encoded. 6. Solution =========== Implement Oracle Critical Patch Update released in July 2016. 7. Report Timeline ================== - 02/29/2016: Onapsis provides vulnerability information to Oracle. - 03/01/2016: Oracle confirms reception of vulnerability report. - 07/19/2016: Oracle releases the Critical Patch Update in July 2016 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS)

Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS) 1. Impact on Business ===================== By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Risk Level: Medium 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-052 - Onapsis SVS ID: ONAPSIS-00282 and ONAPSIS-00283 - CVE: CVE-2016-3536 - Researcher: Matias Mevied - Vendor Provided CVSS v3: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N) - Onapsis CVSS v3: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 3. Vulnerability Information ============================ - Vendor: Oracle - Affected Components: Oracle E-Business Suite 12.2 - Vulnerability Class: Improper Neutralization of Input During Web Page Generation (CWE-79) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: http://ift.tt/2d5oiIr 4. Affected Components Description ================================== Oracle E-Business Suite has more than 8000 JSP files which interact with the web listener and the data server. 5. Vulnerability Details ======================== A remote unauthenticated attacker could use a specific JSP file to execute arbitrary code. This file has two parameters which are not validated and neither encoded. 6. Solution =========== Implement Oracle Critical Patch Update released in July 2016. 7. Report Timeline ================== - 02/29/2016: Onapsis provides vulnerability information to Oracle. - 03/01/2016: Oracle confirms reception of vulnerability report. - 07/19/2016: Oracle releases the Critical Patch Update in July 2016 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption

Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption 1. Impact on Business ===================== By exploiting this vulnerability an attacker could hide audit information logged by the SAP system. Risk Level: Low 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-051 - Onapsis SVS ID: ONAPSIS-00247 - CVE: CVE-2016-7437 - Researcher: Emiliano J. Fausto - Vendor Provided CVSS v2: 1.7 (AV:L/AC:L/Au:S/C:N/I:P/A:N) - Onapsis CVSS v2: 1.7 (AV:L/AC:L/Au:S/C:N/I:P/A:N) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP NETWEAVER 7.40 - Vulnerability Class: Insufficient Logging (CWE-778) - Remotely Exploitable: No - Locally Exploitable: Yes - Authentication Required: Yes - Original Advisory: http://ift.tt/2dIMNZR 4. Affected Components Description ================================== The SAP Security Audit Log is used to record security-related system information such as changes to user master records or unsuccessful logon attempts. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities that you specify for your audit. You can then access this information for evaluation in the form of an audit analysis report. 5. Vulnerability Details ======================== Even when configuring the parameter rfc/callback_security_method and the SAP Security Audit Log to consider RFC callbacks events (Accepted/Rejected), both events DUI/DUJ will be logged in the SAP Security Audit Log as Non-critical. As the information provided by the SAP Security Audit Log to the security expert is inaccurate, filtering out non-critical events will also filter rejected attempts to execute RFC function callbacks. 6. Solution =========== Implement SAP Security Note 2252312. 7. Report Timeline ================== - 11/24/2015: Onapsis provides vulnerability information to SAP AG. - 01/09/2016: SAP releases SAP Security Note 2252312 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption

Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption 1. Impact on Business ===================== By exploiting this vulnerability, an attacker could potentially abuse of technical functions to access and/or compromise the business information. Risk Level: Low 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-005 - Onapsis SVS ID: ONAPSIS-00161 - CVE: CVE-2016-3638 - Researcher: Nahuel D. Sanchez - Vendor Provided CVSS v2: 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) - Onapsis CVSS v2: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SLD Registration Program - Vulnerability Class: Buffer errors (CWE-119) - Remotely Exploitable: No - Locally Exploitable: Yes - Authentication Required: No - Original Advisory: http://ift.tt/2dtXrC2 4. Affected Components Description ================================== The SLDREG tool is used to register SAP Systems in the System Landscape Directory. The System Landscape Directory of SAP NetWeaver (SLD) serves as a central information repository for the system landscape. 5. Vulnerability Details ======================== The SLDREG binary is prone to a memory corruption vulnerability, when a specially crafted input is passed as HOST parameter. 6. Solution =========== Implement SAP Security Note 2125623. 7. Report Timeline ================== - 01/30/2015: Onapsis provides vulnerability information to SAP AG. - 02/02/2015: SAP AG confirms reception of vulnerability report. - 03/10/2015: SAP Reported that the vulnerability is not a security issue - 04/14/2015: SAP reported fix is In Process. - 05/12/2015: SAP reported fix is In Process. - 06/09/2015: SAP reported fix is In Process. - 07/14/2015: SAP reported fix is In Process. - 08/11/2015: SAP released SAP Security Note 2125623 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC

Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-050 - Onapsis SVS ID: ONAPSIS-00252 - CVE: CVE-2016-7435 - Researcher: Pablo Artuso - Vendor Provided CVSS v3: 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H) - Onapsis CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP Netweaver 7.40 SP 12 - Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: Yes - Original Advisory: http://ift.tt/2e3tGNw 4. Affected Components Description ================================== SAP NetWeaver is the SAP technological integration platform, on top of which, enterprise and business solutions are developed and run. In particular, SCTC is a subpackage of SAP_BASIS which holds technical configurations. 5. Vulnerability Details ======================== The SCTC_REFRESH_CONFIG_CTC function doesn't correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command. 6. Solution =========== Implement SAP Security Note 2260344. 7. Report Timeline ================== - 11/26/2015: Onapsis provides vulnerability information to SAP AG. - 11/27/2015: SAP AG confirms reception of vulnerability report. - 01/12/2016: SAP reports fix is In Process. - 03/08/2016: SAP releases SAP Security Note 2260344 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger

[FD] Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL

Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-049 - Onapsis SVS ID: ONAPSIS-00255 - CVE: CVE-2016-7435 - Researcher: Pablo Artuso - Vendor Provided CVSS v3: 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H) - Onapsis CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP Netweaver 7.40 SP 12 - Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: Yes - Original Advisory: http://ift.tt/2dT5M3D 4. Affected Components Description ================================== SAP NetWeaver is the SAP technological integration platform, on top of which, enterprise and business solutions are developed and run. In particular, SCTC is a subpackage of SAP_BASIS which holds technical configurations. 5. Vulnerability Details ======================== The SCTC_REORG_SPOOL function doesn't correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command. 6. Solution =========== Implement SAP Security Note 2260344. 7. Report Timeline ================== - 11/26/2015: Onapsis provides vulnerability information to SAP AG. - 11/27/2015: SAP AG confirms reception of vulnerability report. - 01/12/2016: SAP reports fix is In Process. - 03/08/2016: SAP releases SAP Security Note 2260344 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Source: Gmail -> IFTTT-> Blogger