Patrick McGuire: 2018-01-07

Saturday, January 13, 2018

Identified Vs. Anonymous

The Identified vs. Anonymous tile in Web & Mobile Analytics displays the number and percentage of known visitors with an associated email address in your data extension versus the number of visitors without an email address in your data extension.

from Google Alert - anonymous http://ift.tt/2D9jNc3
via IFTTT

I have a new follower on Twitter

Digital Mrktg Tools
AUTOMATED SOCIAL MEDIA CURATION https://t.co/Gwo27dpJmj DIGITAL MARKETING TOOLS https://t.co/vxTZJvObpo
GET Socialyz It
https://t.co/Gwo27dpJmj
Following: 16404 - Followers: 19652

January 13, 2018 at 01:31PM via Twitter http://twitter.com/DigitalMktgTool

[FD] Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

[FD] [Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough

** Advisory Information Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Blog URL: http://ift.tt/2ALNKcL Vendor: Jungo Date Published: 10/01/2017 CVE: CVE-2018-5189 ** Vulnerability Summary Leveraging a race condition/double fetch to trigger a pool overflow within the Jungo Windriver allowing a local privilage escalation to SYSTEM. ** Vendor Response Jungo have released a new version of the driver thus mitigating exploitation of this issue. ** Report Timeline Disclosed to vendor – 23/12/2017 Response from vendor, request for initial advisory – 24/12/2017 Initial advisory sent – 29/12/2017 Beta patch sent for testing by vendor – 01/01/2018 Patch confirmed to mitigate vulnerabilities – 01/01/2017 Patch released – 10/01/2017 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References http://ift.tt/2ALNKcL ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://ift.tt/e9zF8v

Source: Gmail -> IFTTT-> Blogger

[FD] Seagate Media Server allows deleting of arbitrary files and folders

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Broken TLS certificate pinning in VTech DigiGo Kid Connect app

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple vulnerabilities in VTech DigiGo allow browser overlay attack

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Broken TLS certificate validation in VTech DigiGo browser

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Authentication bypass in Kaseya VSA

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Code execution in Kaseya VSA

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Arbitrary file read in Kaseya VSA

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Fourth Fappening Hacker Admits to Stealing Celebrity Pics From iCloud Accounts

Almost three years after the massive leakage of high-profile celebrities' nude photos—well known as "The Fappening" or "Celebgate" scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities. A federal court has accused George Garofano, 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by

from The Hacker News http://ift.tt/2D9OJcQ
via IFTTT

In These Rooms: Narcotics Anonymous and the Discourse of the American Self-Help Movement

As part of “American Identities in the 21^st Century,” Cameron University's current academic festival, the CU Department of English & Foreign Languages will present “In These Rooms: Narcotics Anonymous and the Discourse of the American Self-Help Movement” on Thursday, January 18 at 3:30 p.m. ...

from Google Alert - anonymous http://ift.tt/2DrRhjA
via IFTTT

8th St.'s surf is Good

January 12, 2018 at 07:00PM, the surf is Good!

8th St. Summary

Surf: head high to 2 ft overhead
Maximum: 2.142m (7.03ft)
Minimum: 1.53m (5.02ft)

Maryland-Delaware Summary

from Surfline http://ift.tt/1kVmigH
via IFTTT

Track anonymous text messages

Our unique spoof SMS feature lets FlexiSPY Extreme users send anonymous text messages directly to any contact that can be Your phone number is all a hacker needs to read texts, listen to calls and track you read their sent and received text messages, and log, Mustache Anonymous Texting - Send ...

from Google Alert - anonymous http://ift.tt/2D99NAn
via IFTTT

Friday, January 12, 2018

DOWNLOADS Beautiful Minds Anonymous Iii Mythical Creatures By Nausicaa Twila ...

beautiful minds anonymous iii mythical creatures by nausicaa twila has actually been available for you. You can obtain the book absolutely free reading online and complimentary downloading. Guide composed by exist with the new version absolutely free. It can be downloaded with the form of pdf, rar ...

from Google Alert - anonymous http://ift.tt/2D46b2m
via IFTTT

I have a new follower on Twitter

Martin Kuppinger
IT Analyst looking at what really connects business and IT #InformationSecurity #blockchain #security #FinTech #digitaltransformation #identitymanagement #psd2
Stuttgart, Deutschland
http://t.co/1jpP9DhD1Y
Following: 8560 - Followers: 9005

January 12, 2018 at 09:21PM via Twitter http://twitter.com/MartinKuppinger

Anonymous donor gives nonverbal child a speech device

Jimmy DeCrescenzo, 2, loves his mommy, his toys and chocolate – he was just unable to say it until an anonymous donor sent his family an expensive communication device.

from Google Alert - anonymous http://ift.tt/2mqs40V
via IFTTT

LiveAgent Review: Experience with live agent by Anonymous Reviewer

What are the best aspects of this product? It offers a would price for all the features it offers, it's fast and it's not complicated to use. What aspects are problematic or could work better? I don't have one at the moment. What features/services would you like to see in future versions of this product? To be able ...

from Google Alert - anonymous http://ift.tt/2Dcl1Du
via IFTTT

Anonymous Guest Post: How to Impress / Annoy a Vendor During an Analyst Briefing?

A little bird has swooped in and dropped a package into a super-secret drop box in my backyard. My dog has found the package and the following was sealed inside. Clearly, the bird has delivered this in response to my post here. The below is NOT edited in any way, and is reposted as delivered.

from Google Alert - anonymous http://ift.tt/2mqkeEs
via IFTTT

Anonymous

Anonymous. By Deepali Borthakur. Info. It was the day I desperately wanted to run. Run to the shadow of new hopes. I never thought life could have despised me so badly. I kept on running until I ended up in a shop where I saw every one was busy with themselves. Boozing ,talking and laughing.

from Google Alert - anonymous http://ift.tt/2DtiaDT
via IFTTT

anonymous historical person portrayed alone

Five Javanese Court Officials. anonymous, c. 1820 - c. 1870. Add to my sets · Five Javanese Court Officials. anonymous, c. 1820 - c. 1870. Add to my sets · Five Javanese Court Officials. anonymous, c. 1820 - c. 1870. Add to my sets · Five Javanese Court Officials. anonymous, c. 1820 - c. 1870. Add to my ...

from Google Alert - anonymous http://ift.tt/2D94AYp
via IFTTT

Orioles: Manny Machado agrees to one-year, $16M deal to avoid arbitration - multiple reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Orioles and closer Zach Britton agree on one-year, $12 million deal to avoid arbitration - multiple reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Store Manager

View details and apply for this store manager job in East Sheen, South West London (SW14) with Anonymous on RetailChoice. Exciting opportunity to be the store manager of a newly opening tile store in the Richmond area.

from Google Alert - anonymous http://ift.tt/2mpf3Vf
via IFTTT

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018. Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012. DNSChanger malware typically changes DNS server settings on infected

from The Hacker News http://ift.tt/2FubjdE
via IFTTT

8th St.'s surf is at least 5.16ft high

Maryland-Delaware, January 17, 2018 at 02:00AM

8th St. Summary
At 2:00 AM, surf min of 5.16ft. At 8:00 AM, surf min of 4.92ft. At 2:00 PM, surf min of 3.97ft. At 8:00 PM, surf min of 4.03ft.

Surf maximum: 5.51ft (1.68m)
Surf minimum: 5.16ft (1.57m)
Tide height: -0.06ft (-0.02m)
Wind direction: NNW
Wind speed: 17.63 KTS

from Surfline http://ift.tt/1kVmigH
via IFTTT

New Intel AMT Vulnerability Lets Hackers Gain Full Control of Laptops in 30 Seconds

It’s been a terrible year-starting for Intel. Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally. As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate

from The Hacker News http://ift.tt/2D5QNCI
via IFTTT

Anonymous user 0e52ea

Name, Anonymous user 0e52ea. User since, Jan. 12, 2018. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet rated ...

from Google Alert - anonymous http://ift.tt/2Fwz4lg
via IFTTT

[FD] SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://ift.tt/2CWp7fk Release Notes: http://ift.tt/2DnNhR6 Release Date: ============= 2018-01-12 Vulnerability Laboratory ID (VL-ID): ==================================== 1819 Common Vulnerability Scoring System: ==================================== 4.1 Vulnerability Class: ==================== Multiple Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Dell SonicWALL`s management and reporting solutions provide a comprehensive architecture for centrally creating and managing security policies, providing real-time monitoring and alerts, and delivering intuitive compliance and usage reports, all from a single management interface. Whether your organization is a small- or medium-sized business, a distributed enterprise or a managed service provider, Dell™ SonicWALL™ offers software and appliance solutions to meet its needs. The award-winning Dell SonicWALL Global Management System (GMS) provides organizations, distributed enterprises and service providers with a flexible, powerful and intuitive solution to centrally manage and rapidly deploy SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. Flexibly deployed as software, hardware—in the form of the Universal Management Appliance (UMA)—or a virtual appliance, SonicWALL GMS also provides centralized real-time monitoring and comprehensive policy and compliance reporting to drive down the cost of owning and managing SonicWALL security appliances. Multiple GMS software, hardware, and virtual appliance agents, when deployed in a cluster, can scale to manage thousands of SonicWALL security appliances. This makes GMS an ideal solution for small- to medium-sized businesses, enterprises and managed service providers that have either single-site or distributed multi-site environments. (Copy of the Vendor Homepage: http://ift.tt/2CRRmf9 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered filter bypass and an application-side input validation vulnerability in the official SonicWall GMS v8.1 appliance web-application. Vulnerability Disclosure Timeline: ================================== 2018-01-12: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== DELL SonicWall Product: SonicWall GMS Networks Appliance Application 8.1 (VA) Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent web vulnerability and filter bypass issue has been discovered in the SonicWall GMS v8.1 appliance web-application. The application-side vulnerability allows remote attacker or privileged user accounts to inject own malicious persistent script codes to the sonicwall gms appliance web-application. The filter bypass issue allows an attacker to bypass the basic application validation. The vulnerability is located in the `newName` and `Name` values of the `/sgms/TreeControl` module POST method request. Attackers are able to inject own payloads as name in the firewall device name listing to compromise session data or the java module. The method to inject is POST and the attack vector is located on the application-side of the sonicwall gms appliance web-application. The basic fitler validation of the gms appliance web-application encodes basic strings like frames and other tags by a restriction of privileges on execution of for example iframes. Remote attackers can bypass the validation by usage of a double path value with double quotes. The way to bypass is very unique to the basic configuration of the appliance web-application. The security risk of the persistent vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.1. Exploitation of the persistent web vulnerability requires a low privileged account with restricted access and low user interaction. Successful exploitation of the vulnerabilities results in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Section(s): [+] Firewall (Device List) Affected Module(s): [+] ./sgms/TreeControl Vulnerable Parameter(s): [+] newName [+] name Proof of Concept (PoC): ======================= The filter bypass issue and persistent vulnerability can be exploited by remote attackers with low privileged user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Login to the gms 8.x appliance web-application 2. Click on top the firewall module in the menu 3. Surf to the firewall device listing 4. Change the input name to a script code payload 5. Save the entry 6. Now the no privleges exception occurs, refresh 7. The code executes in the firewall device listing 8. Successful reproduce of the vulnerability! PoC: Payload(s) ">"

[FD] Magento Commerce - SSRF & XSPA Web Vulnerability

Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability References (Source): ==================== http://ift.tt/2Dnf0RO Release Date: ============= 2018-01-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1631 Common Vulnerability Scoring System: ==================================== 4.7 Vulnerability Class: ==================== Server Side Request Forgery Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered SSRF/XSPA vulnerability in the official Magento Commerce online service web-application. Vulnerability Disclosure Timeline: ================================== 2018-01-03: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ebay Inc. Product: Magento - Web Application Service 2015 Q4 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ SSRF/XSPA vulnerability has been discovered in the official Magento Commerce online service web-application. The vulnerability allows remote attackers to perform malicious server-side requests to compromise the computer system or to gain unauthorized access to data or sensitive information. The XSPA & SSRF allows to use the process functionality of the magento engine as port scanner for the local or any random remote machine in the same network. The issue is the first documented xspa and ssrf issue in the magento service web-applications. The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.7. Exploitation of the ssrf/xspa vulnerability requires a privileged web-application user account and no user interaction. Successful exploitation of the issue can result in web-server or web-application compromise or unauthorized malicious interactions. Proof of Concept (PoC): ======================= Remote attackers are able to perform a local scan on the protected web-server firewall to magento.com and magentocommerce.com For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open http://ift.tt/1GBRFY7 (Magento Shoplift Bug Tester) 2. Write in the website input www.magento.com:22 3. Click to bug scan for the port 22 4. Successful reproduce of the issue!

Source: Gmail -> IFTTT-> Blogger

[FD] Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

Document Title: =============== Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability References (Source): ==================== http://ift.tt/2Fbw8KQ Release Date: ============= 2018-01-07 Vulnerability Laboratory ID (VL-ID): ==================================== 2111 Common Vulnerability Scoring System: ==================================== 4.8 Vulnerability Class: ==================== Filter or Protection Mechanism Bypass Current Estimated Price: ======================== 1.000€ - 2.000€ Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a permission bypass vulnerability in the Microsoft Sharepoint online service web-application. Vulnerability Disclosure Timeline: ================================== 2018-01-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Microsoft Corporation Product: Sharepoint Online Service - (Web-Application) 2013 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A permission level bypass web vulnerability has been identified in the microsoft sharePoint 2013 online service web-application & maybe prior versions. The security vulnerability allows attackers to open or view restricted items in the site or library. An authenticated user can bypass `Limited Access` permissions to browse a page or library to access a specific content item that was restricted. Proof of Concept (PoC): ======================= POC 1: 1. Search for specific words inside web & mobile sharepoint search box: `password` `pass` `user` `domainuser` `name | lastname` ... [~] web search: http://site/BSearch/results.aspx [~] mobie search: http://site/_layouts/mobile/MobileResults.aspx example : http://site/BSearch/results.aspx?k=password example : http://site/BSearch/results.aspx?k="NSA1377" example : http://site/_layouts/mobile/MobileResults.aspx?k=pass example : http://site/_layouts/mobile/MobileResults.aspx?k=BOB 2. The page shown some of sharepoint's search results like restricted specific item, site, library urls etc 3. so click at the urls to access|viwe|read site page and other restricted library and items POC 2: After capturing packets between our system and the sharepoint site (use fiddler or burpsiute, wireshark ...) We have access to items, list, pages, sites urls like as follows: http://site/IT/Lists/List70/AllItems.aspx Access to restricted items & lists by make /LIST#/ urls Example: http://site/IT/Lists/List100/AllItems.aspx http://site/IT/Lists/List101/AllItems.aspx http://site/IT/Lists/List102/AllItems.aspx Security Risk: ============== The security risk of the bypass vulnerability in the microsoft sharepoint 2013 application is estimated as medium (CVSS 4.8). Credits & Authors: ================== Behnam Vanda [beni.vanda@gmail.com] [redhathackers] - http://ift.tt/2FwD05Q Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: http://ift.tt/1jnqRwA - http://ift.tt/2oPbqHg - http://ift.tt/1kouTut Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Magento Connect T1 - (Claim) Persistent Vulnerability

Document Title: =============== Magento Connect T1 - (Claim) Persistent Vulnerability References (Source): ==================== http://ift.tt/2msTmo7 Release Date: ============= 2018-01-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1469 Common Vulnerability Scoring System: ==================================== 3.8 Vulnerability Class: ==================== Cross Site Scripting - Persistent Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Magento is an open source e-commerce web application that was launched on March 31, 2008 under the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from the programmers within the open source community but is now owned solely by eBay Inc. Magento was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all websites. Our team of security professionals works hard to keep Magento customer information secure. What`s equally important to protecting this data? Our security researchers and user community. If you find a site that isn`t following our policies, or a vulnerability inside our system, please tell us right away. ( Copy of the Vendor Homepage: http://ift.tt/1E22539 & http://ift.tt/1E22539 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered an application-side cross site scripting web vulnerabilityin the Magento Connect web-application. Vulnerability Disclosure Timeline: ================================== 2018-01-08: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ebay Inc. Product: Magento - Connect Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent cross site scripting web vulnerability has been discovered in the official Magento Connect web-application. The vulnerability allows remote attackers to inject own script code on the application-side of the affected application module. The vulnerability is located in the `claim%5Bclaimed_extension_url` value of the `magento-connect/claim/claim/new/` module. Remote attackers are able to inject own script code on the application-side of the service to compromise user/moderator/admin session data. The request method to inject is POST and the attack vector is located on the application-side of the affected module. The security risk of the web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the persistent input validation web vulnerability requires a low privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules (api). Request Method(s): [+] POST Vulnerable Service(s): [+] Magento Connect Vulnerable Module(s): [+] magento-connect/claim/claim/new/ Vulnerable Parameter(s): [+] claim%5Bclaimed_extension_url Proof of Concept (PoC): ======================= The issue in the exception handling can be exploited by remote attackers with privileged application user account and low or medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Surf to http://ift.tt/1GWr3iz 2. In the enter a link to the extension on Connect you have to inject the payload via http session tamper Note: Payload "> 3. Successful reproduce of the persistent xss security vulnerability! POC: Exception Handling

Enter a link to the extension on Connect you believe violates our terms. [MALICIOUS PAYLOAD EXECUTION POINT!]"> Required field. Example: http://ift.tt/2EnUG1R

Source: Gmail -> IFTTT-> Blogger

[FD] Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

Document Title: =============== Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities References (Source): ==================== http://ift.tt/2Ft6d1n Release Date: ============= 2018-01-12 Vulnerability Laboratory ID (VL-ID): ==================================== 2005 Common Vulnerability Scoring System: ==================================== 3.6 Vulnerability Class: ==================== Cross Site Scripting - Non Persistent Current Estimated Price: ======================== 500€ - 1.000€ Product & Service Introduction: =============================== Piwigo is a photo gallery software for the web, built by an active community of users and developers. Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource. Piwigo site is available to 13 languages, piwigo to 56 languages. (Copy of the Homepage: http://piwigo.org/ ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered multiple client-side cross site scripting vulnerabilities in the Piwigo v2.8.2, 2.9.1 & 2.9.2 CMS. Vulnerability Disclosure Timeline: ================================== 2018-01-12: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Piwigo Product: Piwigo - Content Management System (Web-Application) 2.8.2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple client-side cross site scripting vulnerabilities has been discovered in the Piwigo v2.8.2 content management system. The vulnerability allows remote attackers to inject malicious script code to client-side browser to web-application requests. The client-side cross site scripting vulnerabilities are located in the `tab`,`to`,`section`,`mode`, `installstatus` and `display` parameters of the `admin.php` file. Remote attackers are able to inject own malicious script code to hijack admin or moderator session credentials or to manipulate the affected webpages. The attack vector is non-persistent and the request method to inject is GET. The injection points are the vulnerable parameters and the execution point occurs in the status message or exception of the backend. The issues affect the backend within the vulnerable modules context. The security risk of the vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the web vulnerability requires no privileged web-application user account and only low user interaction. Successful exploitation of the vulnerability results in non-persistent phishing attacks, session hijacking, non-persistent external redirect to malicious sources and non-persistent manipulation of affected or connected web module context. Request Method(s): [+] GET Vulnerable File(s): [+] admin.php Vulnerable Parameter(s): [+] tab [+] to [+] section [+] mode [+] installstatus [+] display Affected Module(s): [+] Backend Proof of Concept (PoC): ======================= The client-side xss vulnerabilities can be exploited by remote attackers without privileged user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Payloads http://ift.tt/2muvu3s>"

http://ift.tt/2qVKoEl>"

[FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability

[FD] Flash Operator Panel v2.31.03 - Command Execution Vulnerability

Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References (Source): ==================== http://ift.tt/2mv4KzT Release Date: ============= 2018-01-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1907 Common Vulnerability Scoring System: ==================================== 6.2 Vulnerability Class: ==================== Command Injection Current Estimated Price: ======================== 2.000€ - 3.000€ Product & Service Introduction: =============================== The most comprehensive and affordable reporting and realtime monitor package for Asterisk© based Call Centers. A new approach on getting CDR reports for your phone system, centered on the user and call direction. Top lists, Usage pattern and real time view are included. This version works under any Linux flavor (i386, x86_64 and R-Pi3). Versions 1.2, 1.4, 1.6, 1.8, 10, 11 and 12 with the manager interface enabled to asterisk. PHP 5 & MySQL 5: only required for the visual phonebook, call history and recordings interface. (Copy of the Vendor Homepage: http://ift.tt/2dreeL8 ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a remote command execution in the official Flash Operator Panel v2.31.03. Vulnerability Disclosure Timeline: ================================== 2018-01-08: Non-Public Disclosure (Vulnerability Laboratory - Shared Customer Research Feed) Discovery Status: ================= Published Affected Product(s): ==================== Nicolas Gudino (Asternic) Product: Flash Operator Panel 2 - User Control Panel (Web-Application) CentOS 2.31.03, Debian 2.31.03 & RPI-ARM 2.30.03 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A command inject web vulnerability has been discovered in the official Flash Operator Panel v2.31.03 web-application. The security vulnerability allows remote attackers to inject own system specific commands via web-application. The command inject web vulnerability is located in the the `command` path variable paramter of the `index.php` file. Remote attackers with low privileged web-application user account roles are able to perform command requests via callforward module. Thus allows an user account with restricted privileges to perform unauthorized command requests to compromise the operator panel web-application. The request method to inject the malicious command to the index path variable is GET. The attack is limited on exploitation to a restricted authenticated user account of the application. The security risk of the command injection is estimated as high with a cvss (common vulnerability scoring system) count of 6.2. Exploitation of the command inject vulnerability requires a low privileged web-application user account and no user interaction. Successful exploitation of the vulnerability results in web-application-, database management system or web-server -compromise. Request Method(s): [+] GET Vulnerable Module(s): [+] UCP - User Control Panel Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] command Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without user interaction and with low privileged user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation http://ift.tt/2D4qJEF Command Inject Vulnerability!] PoC: Vulnerable Source (command) ($_REQUEST['quietmode']) && $user !== false && !empty($user)) (isset($_REQUEST['command']) && ($_REQUEST['command'] == 'login' $_REQUEST['command'] == 'forgot' $_REQUEST['command'] == 'reset'))) { $m = !empty($_REQUEST['module']) ? $_REQUEST['module'] : null; $ucp->Ajax->doRequest($m,$_REQUEST['command']); Note: The request can be performed by restricted user accounts of the user control panel for higher access privileges. The main administrator can use the command parameter to attack the backend of the main administrator by the same method. The callforward uses the command variable to execute which is the same method performed for basic restricted user accounts. Reference(s): http://ift.tt/2qZxVQa http://ift.tt/2muv2Ci http://ift.tt/2qXUSmJ http://ift.tt/2mvC89x http://ift.tt/2qW3Jpd http://ift.tt/2mwLnGJ Solution - Fix & Patch: ======================= The command injection web vulnerability can be patched by a secure approval of the command parameter in the index.php file GET method request. Sanitize the command path variable and disallow the usage of special chars to prevent further command injection attacks. Security Risk: ============== The security risk of the command injection vulnerability via path variable in the web-application is estimated as high (CVSS 6.2). Credits & Authors: ================== Benjamin K.M. [bkm@vulnerability-lab.com] - http://ift.tt/2CTH1QS. Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: http://ift.tt/1jnqRwA - http://ift.tt/2oPbqHg - http://ift.tt/1kouTut Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1oSBx0A Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Social: twitter.com/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

Narcotics Anonymous-Wake Up Your Spirit Support Group

A non-profit fellowship of men and women for whom drugs had become a major problem. Meet regularly to help each other remain clean. Weekly meetings are held every Friday night. Open to all.

from Google Alert - anonymous http://ift.tt/2EzwmKC
via IFTTT

Psychology Teacher

Psychology Teacher - September 2018 in Education & Teaching with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2Fu5Ofe
via IFTTT

Skype Finally Adds End-to-End Encryption for Private Conversations

Good news for Skype users who are concerned about their privacy. Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger. End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages. Signal Protocol is an open source cryptographic protocol

from The Hacker News http://ift.tt/2D216Hb
via IFTTT

I love this customizable software!

What are the best aspects of this product? The best aspect of this product is its customizability. I am not a big corporation; I needed something easy and efficient to invoice customers and handle accounting. So this software enabled me to do all that on a small scale. Its ease of use is quite good and it is ...

from Google Alert - anonymous http://ift.tt/2EA8czK
via IFTTT

Test Engineer

Test Engineer in Engineering with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2Dnvv0s
via IFTTT

Blue Comet PanSTARRS

Discovered with the PanSTARRS telescope on September 7, 2016, this Comet PanSTARRS, C/2016 R2, is presently about 24 light minutes (3 AU) from the Sun, sweeping through planet Earth's skies across the background of stars in the constellation Taurus. An inbound visitor from our Solar System's distant Oort Cloud, its beautiful and complex ion tail is a remarkable shade of blue. Still relatively far from the Sun, the comet's already well-developed ion tail is very impressive. Emission from unusually abundant ionized carbon monoxide (CO+) atoms fluorescing in the increasing sunlight is largely responsible for the pretty blue tint. This color image of the blue comet is a combination of data taken from two different telescopes during the night of January 7. Located at the apex of the V-shaped Hyades star cluster in Taurus, bright star Gamma Tauri is responsible for the glow at the bottom left corner of the frame. via NASA http://ift.tt/2qQZf39

Thursday, January 11, 2018

Anonymous function with variable number of input and output arguments

Anonymous function with variable number of input... Learn more about varargin, variable input, variable output, variadic functions, anonymous functions.

from Google Alert - anonymous http://ift.tt/2Ewy5AA
via IFTTT

How to open an anonymous page in chrome with katalon.

Good afternoon, Does anyone know how to open an anonymous page in chrome with katalon.

from Google Alert - anonymous http://ift.tt/2Fv9VHF
via IFTTT

Concept*Feuerpudel: Anonymous reading stage with live illustrations

The concept*Feuerpudel, Berlin's first reading stage where authors can test their texts anonymously in front of an audience, will be a guest at the bread factory on 8 February 2018. The principle: a reader named Diether Kabow, eight texts, three winners chosen by the audience - and a piece of ...

from Google Alert - anonymous http://ift.tt/2CR4Bg5
via IFTTT

Microsoft/TypeScript

var Base = /** @class */ (function () { function Base() { } return Base; }()); var foo = new ; var default_1 = /** @class */ (function (_super) { __extends(default_1, _super); function default_1() { return _super !== null && _super.apply(this, arguments) || this; } default_1 = __decorate([ lodash_decorators_1.

from Google Alert - anonymous http://ift.tt/2Dkrh9N
via IFTTT

Anonymous donor gives CAMH $100 million donation

An anonymous donor has given CAMH a $100 million donation. The Centre for Addiction and Mental Health says the money will be used to help transform the lives of people living with mental illness.

from Google Alert - anonymous http://ift.tt/2mirLVK
via IFTTT

NAKIVO Review: Amazing by Anonymous Reviewer

What are the best aspects of this product? Simplicity, easy to install, easy to configure, an amazing schedule to choose how process the backups. What aspects are problematic or could work better? Not yet detected. What features/services would you like to see in future versions of this product? Scale out ...

from Google Alert - anonymous http://ift.tt/2D4GspC
via IFTTT

An Anonymous Donor is Giving $100 Million to CAMH for Research

An anonymous donor who has insisted on not being named is pledging $100 million to Toronto's Centre for Addiction and Mental Health. The money has been pegged to support research into mental illnesses. “I believe CAMH is well-positioned to make a transformational impact in the field of mental ...

from Google Alert - anonymous http://ift.tt/2EzcPdx
via IFTTT

Kansas legislator proposes measure ending anonymous bills

But some lawmakers have defended the use of anonymous bills, saying bills proposed by an entire committee carry more weight because it indicates wider approval. Many lawmakers also argue that because their bills sometimes get amended or even replaced through a process known as "gut-and-go," ...

from Google Alert - anonymous http://ift.tt/2Fsl9Ne
via IFTTT

Anonymous user 6d96ff

Name, Anonymous user 6d96ff. User since, Jan. 11, 2018. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet rated ...

from Google Alert - anonymous http://ift.tt/2EzcM1l
via IFTTT

Anonymous user 3d3646

Name, Anonymous user 3d3646. User since, Jan. 11, 2018. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet rated ...

from Google Alert - anonymous http://ift.tt/2Fsl3VS
via IFTTT

anonymous

Orangebag.nl, brands en basics. De grootste online fashion shop met uitgebreide collecties van meer dan honderd merken voor vrouwen, mannen en kinderen. Gezien in de bladen, bij ons te vinden.

from Google Alert - anonymous http://ift.tt/2EyO54N
via IFTTT

Treasury Analyst / Financial Analyst

Treasury Analyst / Financial Analyst in Accounting and public practice, Financial analyst with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2FsXkoo
via IFTTT

Senior Financial Accountant

Senior Financial Accountant in Accounting and public practice, Financial accountant with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2EzcIyD
via IFTTT

Commercial Accountant

Commercial Accountant in Accounting and public practice, Commercial accountant with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2FtgZVq
via IFTTT

Tours Agent

Apply for the Tours agent vacancy at Anonymous Employer today! Subscribe to alerts for similar jobs from top companies and employers.

from Google Alert - anonymous http://ift.tt/2EzcG9Z
via IFTTT

Altoholics Anonymous

Hey there fellow Wyrmrest Accordians! This week on For The Roleplay we will be discussing alts and their place in RP. We welcome you to join us this Saturday at 7pm PST / 10pm EST on http://ift.tt/2D33Ogq and take part in our discussion live! In the meantime, we would love your ...

from Google Alert - anonymous http://ift.tt/2AQkaD6
via IFTTT

How to build a public anonymous chat app in JavaScript

We're all familiar with instant messaging and using it to chat with people in real-time. Sometimes, though, we might want an app which allows us to send messages anonymously to friends, or to chat...

from Google Alert - anonymous http://ift.tt/2APPNwB
via IFTTT

Anonymous

See the latest Anonymous jobs on CatererGlobal. Get Anonymous jobs sent direct to your email and apply online today!

from Google Alert - anonymous http://ift.tt/2AR8xM9
via IFTTT

ISS Daily Summary Report – 1/10/2018

Airway Monitoring Measurement Operations: Using the Portable Pulmonary Function System (PPFS) for guidance, today two crewmembers performed two different measurement protocols; the low Nitric Oxide (NO) protocol which determines how much NO is exhaled with the respiration, and the high NO protocol, which determines how much NO is diffused into the blood. The protocols were … Continue reading

from ISS On-Orbit Status Report http://ift.tt/2mvVA6j
via IFTTT

Alcoholics Anonymous Big Books

Currently have 3 Third Edition and 3 Fourth Edition A. A. big books for sale. Also, 4 softcovers. Prices are: Big books for $6 each or all for $5 each. Soft covers less.

from Google Alert - anonymous http://ift.tt/2DjqpC3
via IFTTT

I have a new follower on Twitter

Data Center Systems
Home of the future-defined data center. We’re helping our customers change the world – one transformation at a time.
Worldwide
https://t.co/o3elGM1pp3
Following: 24733 - Followers: 22500

January 11, 2018 at 11:36AM via Twitter http://twitter.com/LenovoServers

[FD] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough

** Advisory Information Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Blog URL: http://ift.tt/2yCaPRM Vendor: Jungo Date Published: 10/01/2017 CVE: CVE-2018-5189 ** Vulnerability Summary Leveraging a race condition/double fetch to trigger a pool overflow within the Jungo Windriver allowing a local privilage escalation to SYSTEM. ** Vendor Response Jungo have released a new version of the driver thus mitigating exploitation of this issue. ** Report Timeline Disclosed to vendor – 23/12/2017 Response from vendor, request for initial advisory – 24/12/2017 Initial advisory sent – 29/12/2017 Beta patch sent for testing by vendor – 01/01/2018 Patch confirmed to mitigate vulnerabilities – 01/01/2017 Patch released – 10/01/2017 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References http://ift.tt/2yCaPRM ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://ift.tt/e9zF8v

Source: Gmail -> IFTTT-> Blogger

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability Advisory ID: DC-2018-01-005 Advisory Title: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability Advisory URL: http://ift.tt/2rhPqdW Software: WordPress Testimonial Slider plugin Language: PHP Version: 1.2.4 and below Vendor Status: Vendor contacted, update released Release Date: 2018/01/10 Risk: Medium 1. General Overview =================== During the security audit of Testimonial Slider plugin for WordPress CMS, security vulnerability was discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the plugin developers, Testimonial Slider shows the testimonials and feedbacks submitted by your Happy Customers in a clean, responsive and beautiful Slider format. The "Testimonials" are a Custom Post Type so it is very easy to add, modify and delete testimonials. According to wordpress.org, it has more than 10 000 active installs. Homepage: http://ift.tt/2CKHIuL http://ift.tt/2DgSRoi 3. Vulnerability Description ============================ During the security analysis, ThunderScan discovered SQL injection vulnerability in Testimonial Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings page. Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Due to the missing nonce token, the vulnerable code is also directly exposed to attack vectors such as Cross Site request forgery (CSRF). 3.1. SQL injection Function: $wpdb->query(); Variable: POST['current_slider_id']; Vulnerable URL: http://ift.tt/2mnuSML File: smooth-slider-forks\testimonial-slider\settings\sliders.php

Source: Gmail -> IFTTT-> Blogger

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory ID: DC-2018-01-004 Advisory Title: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory URL: http://ift.tt/2rhPqdW Software: WordPress Smooth Slider plugin Language: PHP Version: 2.8.6 and below Vendor Status: Vendor contacted, update released Release Date: 2018/01/10 Risk: Medium 1. General Overview =================== During the security audit of Smooth Slider plugin for WordPress CMS, security vulnerability was discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the plugin developers, Smooth Slider is a free WordPress slider plugin to create image slider, post slider, content slider, video slideshow with responsive design. According to wordpress.org, it has more than 20 000 active installs. Homepage: http://ift.tt/1it77rl http://ift.tt/1s1DHs2 3. Vulnerability Description ============================ During the security analysis, ThunderScan discovered SQL injection vulnerability in Smooth Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings page. Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Due to the missing nonce token, the vulnerable code is also directly exposed to attack vectors such as Cross Site request forgery (CSRF). 3.1. SQL injection Function: $wpdb->get_var() Variable: $_GET['trid'] Vulnerable URL: http://ift.tt/2mlaE6u OR SLEEP(5) File: smooth-slider\smooth-slider.php

Source: Gmail -> IFTTT-> Blogger

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities Advisory ID: DC-2017-01-003 Advisory Title: WordPress Dbox 3D Slider Lite Plugin Multiple SQL injection Security Vulnerabilities Advisory URL: http://ift.tt/2rhPqdW Software: WordPress Dbox 3D Slider Lite plugin Language: PHP Version: 1.2.2 and below Vendor Status: Vendor contacted Release Date: 2018/01/10 Risk: Medium 1. General Overview =================== During the security audit of Dbox 3D Slider Lite plugin for WordPress CMS, multiple vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform. More information about ThunderScan is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the plugin developers, Dbox 3D Slider Lite plugin for WordPress enables users to embed 3D Responsive Slider of Media Library Images, Recent Posts, Category Posts and Custom Post Types. Homepage: http://ift.tt/1nYP8RF http://ift.tt/1DcOWCE 3. Vulnerability Description ============================ During the security analysis, ThunderScan discovered SQL injection vulnerabilities in Dbox 3D Slider Lite WordPress plugin. The easiest way to reproduce the vulnerabilities is to modify the POST request for the slider rename or reorder and append parts of the SQL query to the current_slider_id parameter, the result being something like "current_slider_id=1 AND SLEEP(5)". Users that do not have full administrative privileges could abuse the database access the vulnerabilities provide to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Due to the missing nonce token, the vulnerable code is also directly exposed to attack vectors such as Cross Site request forgery (CSRF). 3.1. SQL injection Function: $wpdb->query() Variable: $_POST['current_slider_id']; Vulnerable URL: http://ift.tt/2EvuTVP File: dbox-slider-lite\settings\sliders.php

Source: Gmail -> IFTTT-> Blogger

[FD] SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities

SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Full report: http://ift.tt/2AQsWRl Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities summary The following advisory describes two (2) unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.” Credit An independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response Seagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory Vulnerabilities details Seagate Media Server uses Django web framework and is mapped to the .psp extension. Any URL that ends with .psp is automatically send to the Seagate Media Server application using the FastCGI protocol. /etc/lighttpd/conf.d/django-host.conf: === fastcgi.server += ( ".psp"=> (( "socket" => "/var/run/manage_py-fastcgi.socket", "check-local" => "disable", "stream-post" => "enable", "allow-x-send-file" => "enable", )), ".psp/"=> (( "socket" => "/var/run/manage_py-fastcgi.socket", "check-local" => "disable", "stream-post" => "enable", "allow-x-send-file" => "enable", )) ) === URLs are mapped to specific views in the file /usr/lib/django_host/seagate_media_server/urls.py. Two views were found to be affected by unauthenticated command injection. The affected views are: uploadTelemetry getLogs These views takes user input from GET parameters and pass these unvalidated/unsanitized to methods of the commands Python module. This allows an attacker to inject arbitrary system commands, that will be executed with root privileges. /usr/lib/django_host/seagate_media_server/views.py: === @csrf_exempt def uploadTelemetry(request): ts = request.GET.get('TimeStamp','') if (checkDBSQLite()) : response = '{"stat":"failed","code":"80","message":"The Database has not been initialized or mounted yet!"}' else : if ts == "": response = '{"stat":"failed","code":"380","message":"TimeStamp parameter missing"}' return HttpResponse(response); cmd = "/usr/local/bin/log_telemetry "+str(ts) commands.getoutput(cmd) return HttpResponse('{"stat":"ok"}') === /usr/lib/django_host/seagate_media_server/views.py: === @csrf_exempt def getLogs (request): try: cmd_base='/usr/bin/log-extract-manager.sh' uID = request.GET.get ( 'arch_id', None ) time_stamp = request.GET.get ( 'time_stamp', '' ) if uID: (status, output) = commands.getstatusoutput(cmd_base + ' status ' + uID); if ('In progress' in output) and (uID in output) : return HttpResponse ('{"stat":"ok", "data": {"status":"In Progress"}}') elif (status == 0) : return HttpResponse ('{"stat":"ok", "data": {"url":"%s", "fileSize":"%d"}}' % ( urllib.quote(output.encode('utf-8')), os.path.getsize(output) )) else : return HttpResponse ('{"stat":"failed", "code":"853","message":"Id not recognized."}' ) else: (status, output) = commands.getstatusoutput(cmd_base + ' start ' + time_stamp); if (status == 0) : return HttpResponse ('{"stat":"ok", "data": {"archiveID":"%s"}}' % (output)) return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' ) except : return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' ) === Note that both views contain the csrf_exempt decorator, which disables the default Cross-Site Request Forgery protection of Django. As such, these issues can be exploited via Cross-Site Request Forgery.

Source: Gmail -> IFTTT-> Blogger

Format Manuscript/Mixed Material

Results: 1-2 of 2 | Refined by: Original Format: Manuscript/Mixed Material Remove Look Inside: George Washington Papers, Series 4, General Correspondence: Anonymous to George Washington, August 20, 1790, Signed, A Friend (mgw4.099_0749_0750/) Remove ...

from Google Alert - anonymous http://ift.tt/2mk4nab
via IFTTT

macOS Malware Creator Charged With Spying on Thousands of PCs Over 13 Years

The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years. According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged author of FruitFly malware that was found targeting Apple Mac users earlier last year worldwide,

from The Hacker News http://ift.tt/2mrVlJ6
via IFTTT

Cocktail Bartender

View details and apply for this cocktail bartender job in Ipswich (IP5) with Anonymous on Caterer.com. We are a boutique hotel in Ipswich Suffolk.

from Google Alert - anonymous http://ift.tt/2D0AhTx
via IFTTT

Send anonymous text uk

Send Anonymous SMS allows you to send SMSs to anyone without them being able to trace it sales@anonymoussms. The article provide top 4 websites and apps that will allow you to send anonymous text message with no disclosure of your identity. com Spoof Text Message Send fake SMS ...

from Google Alert - anonymous http://ift.tt/2mh6Y4O
via IFTTT

Series 1. General Correspondence. 1833-1916: Anonymous to Barnum, Sunday, April 21, 1861

Title: Abraham Lincoln papers: Series 1. General Correspondence. 1833-1916: Anonymous to Barnum, Sunday, April 21, 1861 (Telegram regarding troops in Maryland); Contributor Names: Lincoln, Abraham, 1809-1865; Created / Published: April 21, 1861; Subject Headings: - United ...

from Google Alert - anonymous http://ift.tt/2mgUw54
via IFTTT

Financial Analyst, Central Norwich, up to

R13 recruitment are currently searching a fantastic opportunity for a highly capable and numerically minded individual to join the data/analysis function of the UK's leading provider of personal finance data on a permanent basis. The business is a leading national financial data organisation with this ...

from Google Alert - anonymous http://ift.tt/2CZurBY
via IFTTT

Travel Consultant

Travel Consultant in Travel & Tourism with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2mkeUT9
via IFTTT

Alcoholics anonymous terms

The Irrationality of Alcoholics Anonymous. It is a jokey reference that goes back to AA's humble beginnings. The comprehensive list of 245 Alcoholics Anonymous acronyms and abbreviations by All Acronyms dictionary. In letter index Meeting Types and Descriptions. copyrights are held in trust for A.

from Google Alert - anonymous http://ift.tt/2CY9Y0t
via IFTTT

Famous anonymous poems

Famous anonymous poems. A Prayer for My Daughter by William Butler Yeats. 1904. The Road Not Taken. Name Stars Updated Here you will find a collection of famous poems of Anonymous English, the list includes famous , short and funny poems of Anonymous English listed alphabatically ...

from Google Alert - anonymous http://ift.tt/2mgUnyy
via IFTTT

Anonymous user 4d2995

Name, Anonymous user 4d2995. User since, Jan. 11, 2018. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet rated ...

from Google Alert - anonymous http://ift.tt/2D156aQ
via IFTTT

Hotel Cooks

Apply for the Hotel cooks vacancy at Anonymous Employer today! Subscribe to alerts for similar jobs from top companies and employers.

from Google Alert - anonymous http://ift.tt/2mkeUm7
via IFTTT

[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all). A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all. <!-- adsense

from The Hacker News http://ift.tt/2mqeD1B
via IFTTT

RCW 114: A Dragon s Heart in Ara

Large and dramatically shaped, this cosmic cloud spans nearly 7 degrees or 14 full moons across planet Earth's sky toward the southern constellation Ara. Difficult to image, the filamentary apparition is cataloged as RCW 114 and traced in this telescopic mosaic by the telltale reddish emission of ionized hydrogen atoms. In fact, RCW 114 has been recognized as a supernova remnant. Its extensive filaments of emission are produced as the still expanding shockwave from the death explosion of a massive star sweeps up the surrounding interstellar medium. Consistent estimates place its distance at over 600 light-years, indicating a diameter of about 100 light-years or so. Light from the supernova explosion that created RCW 114 would have reached Earth around 20,000 years ago. A neutron star or pulsar has recently been identified as the collapsed remains of the stellar core. via NASA http://ift.tt/2mm1tTg

I have a new follower on Twitter

Bay Stage Live
A full-service production & event management firm specializing in rentals, sales, custom designs, and full productions .
Tampa, Fl
http://t.co/hfGzxBNA7C
Following: 1777 - Followers: 2243

January 11, 2018 at 03:06AM via Twitter http://twitter.com/BayStageLive

Wednesday, January 10, 2018

I have a new follower on Twitter

Kristen Wilson Day
Get seen online! SEO, PPC & social media digital boss babe. Rita Connoisseur! Love shooting S&W M&P Pro! Biker babe but lost her to Harvey, damnit.
Texas, USA
https://t.co/4211vuAszG
Following: 17150 - Followers: 21027

January 10, 2018 at 09:06PM via Twitter http://twitter.com/k10wilson

I have a new follower on Twitter

My Wedding Songs
Create your wedding ceremony and wedding reception playlist from hundreds of wedding song lists, FREE. Visit https://t.co/NGAFtnN8v1 now.
Las Vegas, NV
https://t.co/cnSHSvNt6W
Following: 2347 - Followers: 2513

January 10, 2018 at 08:11PM via Twitter http://twitter.com/mywedsongs

Tabs are showing up for anonymous users after upgrading to 8.4.4

After upgrading my site from 8.3 to 8.4.4 I am now seeing the View and Latesion Tab always displaying when user is not logged in. I know that this is coming from the menu-local-tasks.html.twig template but not sure why it is printed out always. It wasn't prior to upgrading to Drupal 8.4.4.

from Google Alert - anonymous http://ift.tt/2Fpg5ZW
via IFTTT

I have a new follower on Twitter

Blackhawk
Specialist investigation and business analysis services in the UK and internationally. We reduce risk and find facts.
London
https://t.co/h0ZJDXAkGV
Following: 21130 - Followers: 20760

January 10, 2018 at 07:16PM via Twitter http://twitter.com/BHIntelligence

Anonymous - Event Planner

Anonymous – Event Planner. Posted on January 10, 2018. Established neighborhood restaurant in Kendall Square Cambridge is hiring a private events coordinator. Applicants should have experience in food service and a working understanding of daily restaurant functions, take pride in executing a ...

from Google Alert - anonymous http://ift.tt/2APifi1
via IFTTT

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps. Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services. The primary purpose of having

from The Hacker News http://ift.tt/2CNSf8p
via IFTTT

Snapchatter Nabilla Promoting Bitcoin

TLDR; Frensh starlet Nabila on Snapchat recommends you make money with bitcoin without opening your eyes because there is nothing to loose (lol). Then pitches a €549 “learn to trade bitcoin…

from Google Alert - anonymous http://ift.tt/2CNwpCg
via IFTTT

mlp/ - I bet this was Thompson and Meghan on an anonymous - Pony

I bet this was Thompson and Meghan on an anonymous tumblr. We were warned, gents. - "/mlp/ - Pony" is 4chan's imageboard dedicated to the discussion of My Little Pony: Friendship is Magic.

from Google Alert - anonymous http://ift.tt/2DhXkap
via IFTTT

I have a new follower on Twitter

Click Boarding
Onboarding's never been so easy for HR and new hires! Now you really can have that great onboarding experience. #onboarding #HRTech
Minneapolis, MN
https://t.co/Uq8YC0pf2S
Following: 2923 - Followers: 2501

January 10, 2018 at 03:11PM via Twitter http://twitter.com/ClickBoardingHR

I have a new follower on Twitter

Alex Kwiatkowski
Senior Industry Consultant, Global Banking Practice, SAS Institute (note: opinions are my own)
36,000ft
https://t.co/JReCdEbd21
Following: 3616 - Followers: 4800

January 10, 2018 at 01:38PM via Twitter http://twitter.com/alexkwiatkowski

Financial Accountant - MNC

Financial Accountant - MNC in Accounting and public practice, Financial accountant with Anonymous. Apply Today.

from Google Alert - anonymous http://ift.tt/2AOfXzH
via IFTTT

Marketing Manager

View details and apply for this marketing manager job in South East London (SE10) with Anonymous Recruiter on Caterer.com. An exciting opportunity has arisen at the historic waterside Trafalager Tavern.

from Google Alert - anonymous http://ift.tt/2ErIzkI
via IFTTT

Why I started a computer vision and deep learning conference

The vast majority of blog posts here on PyImageSearch are very hands-on and follow a particular pattern:

We explore a problem.
We write some code to solve the problem.
We look at the results, explaining what worked went well, what didn’t, and how we can improve on the solution.

I love this approach as it enables me to share algorithms and techniques you can apply to your own projects and research.

However, every now and then I write a post that is much more personal and pulls back the curtains to reveal what it’s like running PyImageSearch.

Today is one of those posts.

Inside this post I’ll be giving an intimate look at PyImageConf 2018, including my thoughts and rational behind:

Why the first machine learning conference I attended was a total disaster…
…and why it was completely my fault
Why I started PyImageConf
The two “must have” characteristics of any conference I attend
Why you should attend PyImageConf and the value you’ll get from it

To take a behind the scenes look at PyImageSearch, along with my thought process in starting a conference, just keep reading.

The first machine learning conference I ever attended was a complete disaster

Figure 1: ICMLA 2013, the first conference I presented at, was a complete disaster. And it was totally my fault (but not for the reasons you might think).

What happened?

Basically nothing.

And it was my fault.

The first computer vision/machine learning conference I attended was the IEEE International Conference on Machine Learning and Applications (ICMLA) 2013.

The conference was held in Miami, FL from December 4th-7th 2013. It was a particularly brutal winter in Maryland that year and I was thankful for the chance to escape to somewhere warm (and enjoy the world-famous Miami beaches).

I arrived at the conference a day early to register and continue to prepare/practice my talk. I was a bit nervous to say the least as this was the first paper I ever presented. This paper would later become the crux of my PhD dissertation.

The next day I presented — I must have been the the second or third person to speak that day which further rattled my nerves.

When my time slot came around I pulled myself together and delivered the talk.

The talk went well. The paper was well received. Criticisms were minor but justified. Its was an experience pretty much every young grad student presenting their first paper could hope for.

But that’s where the positives ended.

The rest of the conference was a catastrophe and I have no one to blame but myself.

Back then I was a shy, introverted person — I struggled to approach people and have a basic conversation. And at the evening events I wasn’t comfortable using alcohol to help me loosen up and network with people. As an introvert I tended to gain my energy from alone time, that’s where I was most comfortable.

That entire conference I spoke with a total of five people. One of them was the person running the front desk. Another was a cleaning lady when I asked for more towels. Only three of them were actual conference attendees.

I spent the rest of the conference either:

Walking on the beach, alone
Sitting at a bar, alone
Or hauled up in my room, reading papers (again, you guessed it: alone)

2013 was a really hard year for me. There were a lot of challenging personal/family issues going on, some of which I discussed in this post. I had a lot of personal matters that prevented me from my making the most out of the conference.

But more to the point, I hadn’t learned a valuable skill:

To put yourself out there and really learn from others.

I was comfortable learning from my teachers back at the university…but not from “strangers” I just met at a conference.

On the flight home I remember being frustrated and discouraged with the experience.

And I vowed to never let it happen again.

The next conference wasn’t a disaster…I wouldn’t let it be

Figure 2: At my next conference, I vowed to never let my ICMLA experience happen again.

I got my redemption in April 2014.

This time I wasn’t at a computer vision or machine learning conference — instead I was attending a small entrepreneur conference (MicroConf) in Las Vegas.

I was on the fence about going.

At the time, my introverted self was practically making up excuses to avoid going to a highly stimulating, overwhelming venue such as Las Vegas.

But I remembered my vow from ICMLA:

I wasn’t going to let another conference be a disaster.

I packed my bags and took off for Vegas.

During the registration I chatted with Xander Castro, the conference coordinator (who is now the conference coordinator for PyImageConf, and also one of the best human beings you’ll ever meet), asking him what his favorite places to eat at in Vegas were.

I then walked up to the first group of people I saw and introduced myself, asking what each of them what they did. I spoke with the group for ~45 minutes, learning about each of their businesses.

When my energy levels started to drop and I felt the introverted excuses starting to kick in, telling me to go back to my room and be alone, I walked up to the bar and ordered a beer. I drank a third of the beer immediately and then slowly sipped the rest for the next hour and a half. There would be no excuses this conference — I wasn’t going to let my introverted habits win and force me back to my room when there were so many people around me that I could learn from.

I continued socializing, talking with others, and most importantly, listening to others for the entire rest of the reception. The value I got out of hearing other’s techniques, methods, and war stories was worth the price of the conference ticket alone.

The rest of the conference was a huge success.

Not only had I not let history repeat itself but I had broken out of my shell as well.

You get what you put into a conference

Since then I’ve attended too many conferences to count. Some of them great, some of them a borderline waste of my time.

But by in large I found there are two critical attributes in making a conference great:

You get what you put into it
Smaller, more intimate conferences are typically better

Just like college or practicing a sport/instrument, you get what you put into it.

If you skip class all the time and don’t make any friends, chances are you aren’t going to enjoy college.

Similarly, if you take up learning guitar and then only practice once a month for thirty minutes you can’t expect to get any better at it.

The same goes for a conference.

You need to walk into a conference with a list of what you want out of it. Go in there with goals, such as:

I want to learn how to train my own custom object detectors from Davis King’s talk and workshop
I want to ask Katherine Scott about satellite image analysis
I want to ask Adrian for his advice on what it’s like starting a computer vision/deep learning company

Take the time to write out your goals of attending a conference before you even hop on the plane. This list will guide you and help ensure you make the most out of the experience.

Secondly, I’ve found that smaller, intimate conferences are typically better than larger ones.

There are too many people at large conferences (> 500-1,000 people). You can’t possibly meet them all — and the ones you do meet you can only chat with for 30 seconds before moving on to the next. This isn’t enough time to get to know the person, their projects, and how you might be able to help each other. These are missed connections. Connections that can have a big impact on your career and projects.

Furthermore, smaller conferences help you better plan (and achieve) your goals for attending the conference:

If there are a smaller number of overall attendees, the more time you’ll be able to fit in with the speakers and workshop hosts.
And with less overall attendees, the more intimate conversations you can have with the ones who attend.

Now, don’t get me wrong — you can’t run a poorly planned conference, including a less-than-adequate venue and subpar speakers and expect it to be better than NIPS.

But what you can do is craft a conference that includes the best of both worlds:

Highly renowned speakers
1-on-1 time with experts in the field
Hands-on talks and workshops where you learn skills and techniques you can apply to your own datasets or projects that night
A kick-ass venue with lots of perks (beautiful hotel, views of the SF bay, catered lunch, evening events, open bars, walking distance countless, excellent restaurants in SF, etc.)

And that is exactly what PyImageConf is: small, intimate, and hands-on.

I created PyImageConf to be the conference I would want to attend (and you would too)

Figure 3: PyImageConf, the practical, hands-on computer vision and deep learning conference.

After attending many conferences, both in the computer vision/deep learning and entrepreneurial spaces, there are two must have characteristics that I look for:

Small and intimate (< 250 attendees)
Hands-on and practical — the ideas and algorithms discussed can be applied to your CV/ML (or business, in the case of entrepreneur conferences) that night in your hotel room

One of the worst feelings as a conference attendee is to feel like you’re just another statistic, lost in the crowd.

If you’ve ever attended a large conference before, you know it’s hard to make connections at these bigger venues. You either:

Attend the conference with a group/make a group of friends quickly and hang out together the entire conference in order navigate the nearly overwhelming sea of attendees.
Play a never-ending game of “speed dating” where you try to spend 30 seconds chatting with everyone. Not only will you be unable to chat with every person but (most importantly) 30 seconds is far too little for you to develop a lasting relationship.

Another aspect I love regarding small conferences is experts are more willing to share techniques they cannot share publicly, whether this is a new algorithm they are using to obtain higher accuracy than a competitor or a new method they cannot publish due to employer regulations or fear of ridicule. Experts, including myself, are more willing to be open and share in tiny groups.

And the techniques shared can have big impacts on your own projects.

I can’t tell you the number of times I’ve learned a new method at a conference and then applied to my technical work or business on the flight home from a conference (and was able to see the results quickly).

In general, the entrepreneur conferences I’ve attended excel at these practical tips and techniques. Larger computer vision and machine learning conferences have a lot to learn from this area.

Note: I’m making a generalization here to make a point, so please forgive me. Not all entrepreneur conferences are hands-on and practical (there are quite a few that are frankly awful, honestly). Similarly, not all large CV and ML conferences focus just on theory. But when you stick to the two characteristics I’ve suggested above, you’ll find that small entrepreneur conferences do a fantastic job with the tactical content.

The goal of PyImageConf is the blend the positive experiences I’ve had at both types of conferences and apply them to the computer vision and deep learning space.

You’ll learn real-world computer vision and deep learning techniques that you can then apply to your own datasets/projects that very evening (although I would suggest waiting until the flight home so you can make the most of the conference by creating lasting connections at the evening meet ups and open bar).

Why bother starting a conference?

Trust me, it’s not about the money.

Profit margins on conferences are ridiculously low, especially for ones that have capped attendee lists such as PyImageConf.

Unless your full-time job is to make a conference profitable by bringing in as many attendees as you possibly can, running a conference is not a way to make a long-term living. Any profit you do make (which is typically in the 10-20% range for small conferences) is completely and totally lost when you factor the amount of your own time spent planning and executing the conference.

At this point you’re probably wondering:

Adrian, if it’s not even economical for you to run a conference, why would you even bother? Why not invest your time into writing another book or putting together a new course?

The answer is simple:

It’s not about me, it’s about you, the PyImageSearch reader (and hopefully PyImageConf attendee).

PyImageSearch is more than just me.

Yes, I write the blog posts, books, and courses. But that doesn’t matter in the long-term and grand scheme of things.

What really matters is the community here at PyImageSearch.

We learn from each other.

We interact in the comments section.

We chat over email.

And PyImageSearch Gurus members share projects, algorithms, and techniques daily inside the forums.

Each and every day I learn something new from a reader’s question which required me to read up on a new technique, explore a dataset, or look at computer vision/deep learning problem from a different angle.

This is an incredible community and I believe it’s my responsibility to continue growing and nurturing it. While I may be the face of PyImageSearch I also humbly accept my role as the steward of the community — you’re the real PyImageSearch.

Simply put:

PyImageConf is about me facilitating the growth of the computer vision and deep learning community by creating a conference that hasn’t existed at this practical, hands-on level before.

Conferences, and the connections I’ve made at them, changed my life and this conference will do the same for you.

At PyImageConf I’ll make sure you meet at least one remarkable attendee before the conference starts so you’ll go in feeling like you’re part of the family rather than the shy outsider having to work up the courage to start a conversation.

I’d love to see you there and I hope you can make it.

Why should I attend PyImageConf?

You should attend PyImageConf if you:

Are an entrepreneur who is ready to to build the next computer vision or deep learning app
Are a student unsure of your career path, but ready to explore computer vision, deep learning, and AI
Are a computer vision hobbyist who loves building new projects and tools
Are eager to learn from the top computer vision and deep learning educators
Enjoy the teaching style of PyImageSearch and want personalized, live, in-person training

If this sounds like you, rest assured, this conference will be well worth of your investment of time, finances, and travel.

How do I know this?

Because I know there are two components to a conference such as this one:

The education, including talks, workshops, etc.
The connections made during the reception, between talks, and evening events.

For example:

At some point in the conference, you’ll need to get up and head outside to grab a cup of coffee, a snack, or get some fresh air. Perhaps this is during a talk you’re less interested in, the Q&A session, or right after a talk wraps up.

Just outside the doors to the ballroom you’ll also find a small number of other attendees doing the same. Some of these attendees will be engaged in a deep conversation regarding algorithms, techniques to apply to a dataset, or even their businesses/consulting work. Colloquially, this is known as the “hallway track” in conference lingo.

Some of the most valuable, lasting connections can be made during the “hallway track” as there are no distractions. It’s quiet. It’s intimate. It’s easy to strike up a conversation and learn what a small group of people around you are working on — and others will be happy to talk to you. Do not undervalue these conversations.

These connections made through these conversations enable:

You to meet someone who can help with your current project
Help you find your next job in computer vision or deep learning
Find a client for your current image processing business
Demo your latest project on your laptop, get advice, and continue to build your demo into an actual application
Find an attendee who is also struggling with grad school, but confident they want to pursue AI or ML

Here’s how I’ll make sure you get the most out of PyImageConf…

Figure 4: Before PyImageConf starts I’ll be creating a Slack group to help you network, create your list of goals, and find attendees you need to meet up with.

To help facilitate these connections, a couple months before PyImageConf 2018 I’ll be creating a Slack group for PyImageConf attendees.

This group will enable you to chat with other attendees before the conference is even underway. Use this time to learn what the other attendees are working on — and then use this information to help you craft your goal list I suggested above:

“Which speakers do I want 1-on-1 time with?”
“Which attendees can help with my current project?”
“Which attendees do I need to meetup with so I can demo my new project on my laptop?”
“Which group of attendees will I be grabbing dinner with so I can learn from their expertise?”
“Which attendees are hiring so I can land a new job in computer vision/deep learning?”
“Which attendees can give me advice on grad school?”

I’ll also be personally reaching out to each attendee and asking about your goals. If you don’t have a goals list I’ll help you put one together. And if you don’t know which attendees to chat with to achieve your goals, I’ll make sure to help you form a connection.

PyImageSearch is more than just a educational blog, it’s a community as well.

If you want to get to know readers in the community on a more personal level and meet with people that you can work with, consult with, and help you achieve your computer vision goals, then PyImageConf is the place to be.

Don’t miss out on tickets (they’ll likely sell out quickly). Make sure you join the early bird list now.

PyImageConf sounds great, what now?

In order to create a small, intimate conference, I’m capping the total number of attendees at 200.

Early bird tickets to PyImageConf 2018 go sale this Friday, January 19th. The general public sale will start Friday, January 26th.

At this point I’m not sure if there will be any tickets left by the time the general sale starts.

If you’re interested in attending PyImageConf and want a ticket, make sure you click the following link and join the early bird list:

Don’t miss a chance on your chance at a PyImageConf ticket, click here to join the early bird list.

For more information, please refer to:

The official PyImageConf 2018 website
The PyImageConf announcement blog post (which includes the full speaker list, workshops, price, tentative schedule, etc.)

If you have any other questions regarding the conference please use the comments section below or reach out via my contact form.

The conference is going to be a blast, I hope you can make it!

The post Why I started a computer vision and deep learning conference appeared first on PyImageSearch.

from PyImageSearch http://ift.tt/2qPZSKe
via IFTTT

Subscribe to: Posts (Atom)