/srv/irclogs.ubuntu.com/2012/11/06/#ubuntu-us-or.txt

youpankeys	Hi to everybody	04:47
=== philballew_ is now known as philballew
bkerensa	kees: do you know by chance if Google's Account System takes a while to propagate password changes globally? I am having trouble doing svn check in with google code	08:08
bkerensa	oh	08:16
bkerensa	:s you create a svn password	08:16
bkerensa	I see	08:16
kees	bkerensa: did you find out how the bad people got into your stuff?	16:26
bkerensa	kees: so I have not and I am leaning towards thinking it was neither an app or account compromise	16:27
bkerensa	I think something different happened	16:27
bkerensa	:s	16:27
bkerensa	kees: http://pastebin.com/baRxUH4y	16:31
bkerensa	I have been getting e-mails like that are forged and allegedly come from my facebook friends	16:32
bkerensa	your name has been in them too :)	16:32
bkerensa	but in following up with each person they said I never sent them any message	16:32
bkerensa	nor them to me	16:32
bkerensa	so I did some searching and found out that for some period of time Facebook had a leak of friend data	16:32
bkerensa	I think someone found a way to forge @facebook.com e-mails which deliver messages like a chat on FB	16:33
bkerensa	but FB notably sees that these are forgeries and puts a little icon when it displays the message on FB (why it doesnt completely block them idk)	16:33
kees	bkerensa: oh, maybe I misunderstood? I thought you were cleaning up iframes from an intrusion?	16:39
bkerensa	kees: lol oh	16:40
bkerensa	kees: that was a consulting thing but yeah on that I did find out how :)	16:40
bkerensa	looks like I was confused	16:40
kees	ah-ha, okay	16:40
bkerensa	kees: the client had outdated themes that were using the timthumb image library which had a vulnerability that allowed xss	16:41
bkerensa	http://code.google.com/p/timthumb/issues/detail?id=49	16:42
bkerensa	:s	16:42
bkerensa	sadly wordpress has had native image resizing support for some time now	16:42
* kees nods		16:44
kees	what OS is under that wordpress?	16:44
kees	(not that it would help XSS)	16:44
bkerensa	kees: I believe either CentOS or RHEL since it was a cpanel server	16:45
bkerensa	cpanel = :s	16:45
kees	hehe	16:46
bkerensa	kees: http://www.youtube.com/watch?v=QdpGd74DrBM	16:50
bkerensa	you see this?	16:50
kees	gotta love touch screen calibration SIGH	16:53
bkerensa	kees: :s I hope that gets sorted and is just one machine	16:55
bkerensa	:(	16:55
bkerensa	kees: look look :) they left a backdoor http://pastebin.com/SJuSvJVx	17:59
bkerensa	these guys are fun bad guys :s kind of? :)	17:59
kees	heh, is that a php shell?	18:02
bkerensa	kees: yes	18:03
bkerensa	lol funny their ip re-directs to google	18:03
bkerensa	hah	18:03
bkerensa	slangasek: do you know how I can mark a Debian bug as Invalid?	22:30
bkerensa	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692303	22:30
lubotu1	Debian bug 692303 in searchmonkey "Upgrade Searchmonkey from 0.8.1-8 to 2.0.0" [Wishlist,Open]	22:30
bkerensa	upstream is EOL development of this app so we wont be able to grant the wishlist bug	22:31
slangasek	bkerensa: invalid == closed in Debian	22:32
slangasek	however, I don't see how upstream EOLing prevents the Debian maintainer from upgrading to the last available version?	22:32
bkerensa	slangasek: the latest available source package is windows source not linux	22:32
bkerensa	he has no plans to release for linux or continue development at all	22:33
slangasek	it's still for the Debian maintainer to decide whether to put effort into making the software work on Debian	22:35
bkerensa	slangasek: I'm the co-maintainer	22:57
bkerensa	the maintainer is to busy to maintain	22:57
bkerensa	:s	22:57
slangasek	oh, well	22:57
slangasek	then yeah, close the bug ;)	22:57
slangasek	an optionally set the 'wontfix' tag	22:57
bkerensa	kk	23:00

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!