Notations On Our World (W-End Edition): On the Up & Comers....

We wanted to share this "snapshot" of companies in the hunt for money courtesy of the team at Flashfunders in line with our quest here #Visions to share such interesting up-and-comers: 

STARTUPS FUNDRAISING:

Senseye – A Smart Contact Lens That Will Help Diagnose Diseases$345,350 Raised

• US Office of Naval Science Research award winning technology
• Investors and Advisors include: Director of Washington Homeland Security Roundtable, former Chief of Staff to U.S. congressman, former Deputy Assistant Secretary of State, and more.

Spective – LA Times Feature Garnering Major VC Traction
$50,000 Raised

• Spective's unique product line and fundraising campaign via FlashFunders' platform featured in recent LA Times article.

FLASHFUNDERS UPDATE:

Likeminder – 100% Successfully Funded 
$100,000 Raised via FlashFunders

• Likeminder's innovative mental health social networking solution backed by Former Oracle VP, founder and former CEO of Copeman Healthcare, and
  founder of Carebook.

View of the Week (W-End Edition): 8 Things Successful People Never Waste Time Doing

We here @ #Outsiders welcome you to the Weekend!!



We hope all find this of interest!!



We "kind of disagree" with the Social Media admonition because we view Social Media as an Education & Empowerment Tool which we use to engage our community!!



8 Things Successful People Never Waste Time Doing

The Friday Musical Interlude (Special Edition): Remembering Maurice White, The Founder of Earth, Wind & Fire

February is African American History Month.    As we welcome you all to Friday here in #outsiders, we wanted to use the interlude this week to remember and honor the legacy of Maurice White, the Founder of Earth, Wind & Fire.   He passed away this week from complications from Parkinsons.

Please enjoy the selections we have chosen throughout our Network: 

An #Outsider Newsflash: The "C.H.I.P" Has actually shipped!!!

One of our +Kickstarter backed projects, the "CHIP", has shipped.    Watch this space for further updates on this:

That’s right! C.H.I.P. has left the building ... rather our shipping facility in Hong Kong. Either way it’s on its way straight away! Candles have been burnt at both ends. Sheep have been left uncounted. We’ve bled, sweated and teared (up) but we couldn’t possibly be prouder. None of this would be possible without you and we cannot wait to get C.H.I.P. into your hands. We’re so excited to see what you can do with a 9 dollar computer.

Notations From the Grid (Special Edition): ***Facebook is 12 Years Old Today*****

Facebook is 12 Years Old Today!!   They are celebrating by delivering a personalized Video Clip to the User Feeds which is really cool.    Our team had a chance to check it--The team at +Fast Company reported on it earlier today which we wanted to feature here:

Facebook Turns 12 Today, And Here's How It's Celebrating Social network celebrates "Friend's Day" by delivering personalized video to a user's feed.

An #Outsider Newsflash (Special Edition): On #Techwatch w/the latest from US-CERT

Our team received this compilation of the latest from US-CERT which we wanted to feature here:


National Cyber Awareness System:
SB16-032: Vulnerability Summary for the Week of January 25, 2016
Original release date: February 1, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology(NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying informaton, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- modular_encoding_platform_d9036_software	Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.	2016-01-22	10.0	CVE-2015-6412 CISCO
cisco -- unified_computing_system	An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.	2016-01-22	10.0	CVE-2015-6435 CISCO
debian -- fuse	An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.	2016-01-26	7.2	CVE-2016-1233 DEBIAN
google -- chrome	Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2016-01-25	9.3	CVE-2016-1620 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2016-01-25	7.5	CVE-2016-2052 CONFIRM CONFIRM CONFIRM
harman -- amx_firmware	The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.	2016-01-22	10.0	CVE-2015-8362 CERT-VN MISC CONFIRM CONFIRM FULLDISC MISC
harman -- amx_firmware	The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.	2016-01-22	10.0	CVE-2016-1984 CERT-VN CONFIRM CONFIRM MISC FULLDISC MISC
hospira -- lifecare_pca_infusion_system	Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.	2016-01-22	10.0	CVE-2015-7909 MISC
lexmark -- printer_firmware	Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.	2016-01-27	10.0	CVE-2016-1896 CONFIRM
microsys -- promotic	Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.	2016-01-26	7.1	CVE-2016-0869 MISC CONFIRM

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cakephp -- cakephp	CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.	2016-01-26	6.8	CVE-2015-8379 CONFIRM BUGTRAQ FULLDISC MISC MISC MISC CONFIRM
cisco -- identity_services_engine_software	Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.	2016-01-23	6.8	CVE-2015-6317 CISCO
cisco -- application_policy_infrastructure_controller_enterprise_module	Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.	2016-01-26	4.3	CVE-2015-6337 CISCO
cisco -- unified_contact_center_express	Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.	2016-01-26	4.3	CVE-2016-1298 CISCO
cisco -- unity_connection	Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.	2016-01-27	4.3	CVE-2016-1300 CISCO
ecryptfs -- ecryptfs-utils	mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.	2016-01-22	4.6	CVE-2016-1572 UBUNTU DEBIAN CONFIRM CONFIRM MLIST
google -- chrome	The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.	2016-01-25	6.8	CVE-2016-1612 CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.	2016-01-25	6.8	CVE-2016-1613 CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.	2016-01-25	4.3	CVE-2016-1614 CONFIRM CONFIRM CONFIRM
google -- chrome	The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.	2016-01-25	4.3	CVE-2016-1615 CONFIRM CONFIRM
google -- chrome	The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.	2016-01-25	4.3	CVE-2016-1616 CONFIRM CONFIRM CONFIRM
google -- chrome	The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.	2016-01-25	4.3	CVE-2016-1617 CONFIRM CONFIRM CONFIRM
google -- chrome	Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.	2016-01-25	4.3	CVE-2016-1618 CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.	2016-01-25	6.8	CVE-2016-1619 CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2016-01-25	6.8	CVE-2016-2051 CONFIRM
greenbone -- greenbone_os	Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.	2016-01-26	4.3	CVE-2016-1926 MISC BUGTRAQ CONFIRM CONFIRM MISC
ibm -- rational_software_architect	Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2016-01-27	4.3	CVE-2015-7439 CONFIRM
ibm -- change_and_configuration_management_database	IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.	2016-01-27	4.9	CVE-2015-7487 CONFIRM
ibm -- websphere_portal	Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-01-27	4.3	CVE-2016-0209 CONFIRM
lenovo -- shareit	Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.	2016-01-26	4.3	CVE-2016-1489 CONFIRM MISC FULLDISC
privoxy -- privoxy	The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.	2016-01-27	5.0	CVE-2016-1982 CONFIRM MLIST MLIST
privoxy -- privoxy	The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.	2016-01-27	5.0	CVE-2016-1983 CONFIRM MLIST MLIST CONFIRM
tuxfamily -- chrony	chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."	2016-01-26	6.8	CVE-2016-1567 FEDORA MISC CONFIRM
wolfssl -- wolfssl	wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.	2016-01-22	5.0	CVE-2015-6925 CONFIRM MISC CONFIRM
xen -- xen	The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.	2016-01-22	6.9	CVE-2016-1570 CONFIRM SECTRACK
xen -- xen	The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.	2016-01-22	4.7	CVE-2016-1571 CONFIRM SECTRACK

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
ibm -- websphere_application_server	Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.	2016-01-23	3.5	CVE-2015-7417 CONFIRM AIXAPAR
ibm -- spectrum_scale	IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.	2016-01-27	2.1	CVE-2015-7488 CONFIRM
lenovo -- shareit	The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.	2016-01-26	2.7	CVE-2016-1490 CONFIRM MISC FULLDISC
lenovo -- shareit	The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.	2016-01-26	3.3	CVE-2016-1491 CONFIRM MISC FULLDISC
lenovo -- shareit	The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.	2016-01-26	2.9	CVE-2016-1492 CONFIRM MISC FULLDISC
wolfssl -- wolfssl	wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorm (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.	2016-01-22	2.6	CVE-2015-7744 CONFIRM MISC MISC CONFIRMCONFIRM

Notations On Our World: On Big Oil & Brief Thoughts On The Environment

It is earnings season and the Oil Companies are not doing well at all.  Chevron has posted a loss and is set to be cutting on all fronts.   Exxon-Mobil has also been challenged as well with its' latest earnings reports as BP just also came out with its' earnings report with the biggest loss in history.    

Our team caught BP's CEO on how he was "optimistic" about the future based on his assessment.    Although his optimism may be welcome to the existing investors, we believe his optimism is not warranted with the current realities.    As we went to press, Oil again dropped.    We  found it of special interest though as we saw one of the leading mining companies committed to a future which should also give pause to the Oil Companies: 

Anglo American Platinum puts $4m into fuel cell vehicle value chain BY: MARTIN CREAMER Platinum mining company Anglo American Platinum (Amplats) is investing $4-million to help reduce the cost of fuel cell electric vehicle (FCEV) ownership and lay the foundation for the mass adoption of zero-emission fuel cell technology. The JSE-listed company said on Friday that the investment... Full Article The reality around the Globe though continues to be challenging and we look forward to doing what we can to help spruce on the dialogue because we have a profound challenge before us:  2015 CRUSHED GLOBAL HEAT RECORDS: THREE THINGS YOU SHOULD KNOW NOAA and NASA have both confirmed what scientists have been predicting for months:2015 was globally the hottest year ever recorded (and the direct temperature records date back to 1880). But what else did scientists determine about the state of the climate in 2015? Find out in this blog post.

A Salute To Mother Earth on This First Day of Feburary 2016.....

As we were working away today, our team saw this beauty from the Commander of the International Space Station that we've periodically featured on our Social Media Roundup.    We felt a salute to Our Mother Earth was warranted to celebrate the launch of the new month as we go "dark" on the network to assess a number of key initiatives including Iran (In Development), On the US Election Scene & the Aftermath of Iowa); On Europe & Brexit, On the latest on the Environment  & other key focus areas for us here in #Outsiders.  

As Commander Kelly noted, when we think of beautiful things, let's remember Mother Earth:

Day 311. When you think of beautiful things. Don't forget Earth. #GoodNight from @space_station! #YearInSpace pic.twitter.com/5jOGJbWNHy

— Scott Kelly (@StationCDRKelly) February 2, 2016

Notations From the Grid : On the Twitter Predicament (The Latest)

As we went to press today with the Daily Social Media Curation review, we received this from the team @ +Business Insider on the current Twitter Predicament--it is a developing story that we will be assessing as our team utilizes Twitter for the Daily World Roundup--It is quite a development that Marc Andressen is eyeing Twitter--and yes 300 Million Users (and we are one of them!!!)--is quite a prize!!!

As we await the Feburary 10 earnings annoucement (and also Alphabet (Google's Parent later on today), we are especially keen to seen how Silverlake will help with this especially as they've got their hands full with the Dell/EMC merger especially as we're witness to challenging economic realities.

Truly interesting times indeed.....

Twitter is cheaper than it's ever been 
Potential buyers are circling around Twitter again, according to a report by Jessica Lessin in The Information. This time it's big-time tech investor Marc Andreessen in conjunction with private equity firm Silver Lake. 

Why would they buy it?

Because Twitter, despite all its problems, still has 300 million users and is on track to book $3 billion in revenue this year, up 50% from last year. Plus, as of last Friday, Twitter stock was cheaper than it's ever been since the company went public, as this chart from Statista shows. It's up about 8% this morning, but still well below its IPO price, with a market cap under $13 billion.