youpankeys | Hi to everybody | 04:47 |
---|---|---|
=== philballew_ is now known as philballew | ||
bkerensa | kees: do you know by chance if Google's Account System takes a while to propagate password changes globally? I am having trouble doing svn check in with google code | 08:08 |
bkerensa | oh | 08:16 |
bkerensa | :s you create a svn password | 08:16 |
bkerensa | I see | 08:16 |
kees | bkerensa: did you find out how the bad people got into your stuff? | 16:26 |
bkerensa | kees: so I have not and I am leaning towards thinking it was neither an app or account compromise | 16:27 |
bkerensa | I think something different happened | 16:27 |
bkerensa | :s | 16:27 |
bkerensa | kees: http://pastebin.com/baRxUH4y | 16:31 |
bkerensa | I have been getting e-mails like that are forged and allegedly come from my facebook friends | 16:32 |
bkerensa | your name has been in them too :) | 16:32 |
bkerensa | but in following up with each person they said I never sent them any message | 16:32 |
bkerensa | nor them to me | 16:32 |
bkerensa | so I did some searching and found out that for some period of time Facebook had a leak of friend data | 16:32 |
bkerensa | I think someone found a way to forge @facebook.com e-mails which deliver messages like a chat on FB | 16:33 |
bkerensa | but FB notably sees that these are forgeries and puts a little icon when it displays the message on FB (why it doesnt completely block them idk) | 16:33 |
kees | bkerensa: oh, maybe I misunderstood? I thought you were cleaning up iframes from an intrusion? | 16:39 |
bkerensa | kees: lol oh | 16:40 |
bkerensa | kees: that was a consulting thing but yeah on that I did find out how :) | 16:40 |
bkerensa | looks like I was confused | 16:40 |
kees | ah-ha, okay | 16:40 |
bkerensa | kees: the client had outdated themes that were using the timthumb image library which had a vulnerability that allowed xss | 16:41 |
bkerensa | http://code.google.com/p/timthumb/issues/detail?id=49 | 16:42 |
bkerensa | :s | 16:42 |
bkerensa | sadly wordpress has had native image resizing support for some time now | 16:42 |
* kees nods | 16:44 | |
kees | what OS is under that wordpress? | 16:44 |
kees | (not that it would help XSS) | 16:44 |
bkerensa | kees: I believe either CentOS or RHEL since it was a cpanel server | 16:45 |
bkerensa | cpanel = :s | 16:45 |
kees | hehe | 16:46 |
bkerensa | kees: http://www.youtube.com/watch?v=QdpGd74DrBM | 16:50 |
bkerensa | you see this? | 16:50 |
kees | gotta love touch screen calibration *SIGH* | 16:53 |
bkerensa | kees: :s I hope that gets sorted and is just one machine | 16:55 |
bkerensa | :( | 16:55 |
bkerensa | kees: look look :) they left a backdoor http://pastebin.com/SJuSvJVx | 17:59 |
bkerensa | these guys are fun bad guys :s kind of? :) | 17:59 |
kees | heh, is that a php shell? | 18:02 |
bkerensa | kees: yes | 18:03 |
bkerensa | lol funny their ip re-directs to google | 18:03 |
bkerensa | hah | 18:03 |
bkerensa | slangasek: do you know how I can mark a Debian bug as Invalid? | 22:30 |
bkerensa | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692303 | 22:30 |
lubotu1 | Debian bug 692303 in searchmonkey "Upgrade Searchmonkey from 0.8.1-8 to 2.0.0" [Wishlist,Open] | 22:30 |
bkerensa | upstream is EOL development of this app so we wont be able to grant the wishlist bug | 22:31 |
slangasek | bkerensa: invalid == closed in Debian | 22:32 |
slangasek | however, I don't see how upstream EOLing prevents the Debian maintainer from upgrading to the last available version? | 22:32 |
bkerensa | slangasek: the latest available source package is windows source not linux | 22:32 |
bkerensa | he has no plans to release for linux or continue development at all | 22:33 |
slangasek | it's still for the Debian maintainer to decide whether to put effort into making the software work on Debian | 22:35 |
bkerensa | slangasek: I'm the co-maintainer | 22:57 |
bkerensa | the maintainer is to busy to maintain | 22:57 |
bkerensa | :s | 22:57 |
slangasek | oh, well | 22:57 |
slangasek | then yeah, close the bug ;) | 22:57 |
slangasek | an optionally set the 'wontfix' tag | 22:57 |
bkerensa | kk | 23:00 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!