[04:47] <youpankeys> Hi to everybody
[08:08] <bkerensa> kees: do you know by chance if Google's Account System takes a while to propagate password changes globally? I am having trouble doing svn check in with google code
[08:16] <bkerensa> oh
[08:16] <bkerensa> :s you create a svn password
[08:16] <bkerensa> I see
[16:26] <kees> bkerensa: did you find out how the bad people got into your stuff?
[16:27] <bkerensa> kees: so I have not and I am leaning towards thinking it was neither an app or account compromise
[16:27] <bkerensa> I think something different happened
[16:27] <bkerensa> :s
[16:31] <bkerensa> kees:  http://pastebin.com/baRxUH4y
[16:32] <bkerensa> I have been getting e-mails like that are forged and allegedly come from my facebook friends
[16:32] <bkerensa> your name has been in them too :)
[16:32] <bkerensa> but in following up with each person they said I never sent them any message
[16:32] <bkerensa> nor them to me
[16:32] <bkerensa> so I did some searching and found out that for some period of time Facebook had a leak of friend data
[16:33] <bkerensa> I think someone found a way to forge @facebook.com e-mails which deliver messages like a chat on FB
[16:33] <bkerensa> but FB notably sees that these are forgeries and puts a little icon when it displays the message on FB (why it doesnt completely block them idk)
[16:39] <kees> bkerensa: oh, maybe I misunderstood? I thought you were cleaning up iframes from an intrusion?
[16:40] <bkerensa> kees: lol oh
[16:40] <bkerensa> kees: that was a consulting thing but yeah on that I did find out how :)
[16:40] <bkerensa> looks like I was confused
[16:40] <kees> ah-ha, okay
[16:41] <bkerensa> kees: the client had outdated themes that were using the timthumb image library which had a vulnerability that allowed xss
[16:42] <bkerensa> http://code.google.com/p/timthumb/issues/detail?id=49
[16:42] <bkerensa> :s
[16:42] <bkerensa> sadly wordpress has had native image resizing support for some time now
[16:44]  * kees nods
[16:44] <kees> what OS is under that wordpress?
[16:44] <kees> (not that it would help XSS)
[16:45] <bkerensa> kees: I believe either CentOS or RHEL since it was a cpanel server
[16:45] <bkerensa> cpanel = :s
[16:46] <kees> hehe
[16:50] <bkerensa> kees: http://www.youtube.com/watch?v=QdpGd74DrBM
[16:50] <bkerensa> you see this?
[16:53] <kees> gotta love touch screen calibration *SIGH*
[16:55] <bkerensa> kees:  :s I hope that gets sorted and is just one machine
[16:55] <bkerensa> :(
[17:59] <bkerensa> kees: look look :) they left a backdoor http://pastebin.com/SJuSvJVx
[17:59] <bkerensa> these guys are fun bad guys :s kind of? :)
[18:02] <kees> heh, is that a php shell?
[18:03] <bkerensa> kees: yes
[18:03] <bkerensa> lol funny their ip re-directs to google
[18:03] <bkerensa> hah
[22:30] <bkerensa> slangasek: do you know how I can mark a Debian bug as Invalid?
[22:30] <bkerensa> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692303
[22:31] <bkerensa> upstream is EOL development of this app so we wont be able to grant the wishlist bug
[22:32] <slangasek> bkerensa: invalid == closed in Debian
[22:32] <slangasek> however, I don't see how upstream EOLing prevents the Debian maintainer from upgrading to the last available version?
[22:32] <bkerensa> slangasek: the latest available source package is windows source not linux
[22:33] <bkerensa> he has no plans to release for linux or continue development at all
[22:35] <slangasek> it's still for the Debian maintainer to decide whether to put effort into making the software work on Debian
[22:57] <bkerensa> slangasek: I'm the co-maintainer
[22:57] <bkerensa> the maintainer is to busy to maintain
[22:57] <bkerensa> :s
[22:57] <slangasek> oh, well
[22:57] <slangasek> then yeah, close the bug ;)
[22:57] <slangasek> an optionally set the 'wontfix' tag
[23:00] <bkerensa> kk