00:00.34 | Saint-N | i know that gpart can read and see it correctly so im wondering if there are any good nix recovery tools that will do better than sorting by file type and then just naming them all 000001.txt 000002.txt |
00:00.37 | foxlit | SOB: Save Our Bunkers! |
00:01.26 | Saint-N | or if i could get away with mappingit onto a winders box and recoverying that way |
00:07.44 | *** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-fb69a1746ecef3e3) |
00:07.47 | Adys | did blizzard change anything in the tooltip request api in last ptr build? |
00:08.16 | Tem|AFK | yep |
00:08.23 | Tem|AFK | and Onyxia deep breaths more too |
00:08.32 | Adys | figured that |
00:08.49 | Tem|AFK | (actually, I don't know, but that's my favorite response to patch paranoia) |
00:09.12 | Pandya | so umm, random, haven't played wow for a while but I heard discord is diededed |
00:09.22 | Pandya | anything similar to dart about? |
00:09.45 | Adys | my addon makes me crash in build 7655 so i got reasons to be paranoid :p |
00:16.21 | Kelfarr | eepanels2 is the new dart http://files.wowace.com |
00:16.56 | *** join/#wowi-lounge Adys|sleep (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr) |
00:17.28 | *** join/#wowi-lounge Adys (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr) |
00:17.59 | Saint-N | pandya: closest thing is crounge around for the 2.3 build fan update of duf/dart OR if you're just concerned about pretty pictures get eepanels2 |
00:20.19 | *** join/#wowi-lounge Riffage (i=Riffage@87-194-105-200.bethere.co.uk) |
00:22.52 | *** join/#wowi-lounge gnor (n=jaydee@cpe-76-170-71-236.socal.res.rr.com) |
00:25.01 | *** join/#wowi-lounge dinesh-work (n=chatzill@c-68-36-168-161.hsd1.nj.comcast.net) |
00:27.01 | *** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
00:27.25 | |Jelly| | YAR! |
00:28.41 | *** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-f8e4f5be49c1ef1f) |
00:42.09 | *** join/#wowi-lounge DM| (n=dm@cpe-65-24-163-189.columbus.res.rr.com) |
00:48.49 | Cairenn | night clad|sleep |
00:50.27 | Cairenn | :) |
00:50.49 | clad|sleep | night |
00:50.53 | |Jelly| | Night, Clad. |
00:50.58 | |Jelly| | How are you, Cairenn? |
00:51.04 | Cairenn | well enough, you? |
00:51.05 | *** join/#wowi-lounge Ktron (n=khamer@c-24-61-199-154.hsd1.nh.comcast.net) |
00:51.11 | |Jelly| | Don't wanna talk about it. rofl |
00:51.17 | Cairenn | oh dear :( |
00:54.05 | Intangir | ok my addon is done |
00:54.07 | Intangir | seems to be working 100% |
00:54.34 | Intangir | i guess ill test it out for a week then post it up places |
00:55.04 | JoshBorke | Intangir: awesome |
00:55.25 | Nechckn_Lurk | What do you have Intangir? |
00:58.13 | batrick | Surrender your lootz or u will be destroyed |
01:03.00 | Guillotine | Intangir: what does it do? |
01:03.28 | foxlit | "If you need more than 3 levels of indentation, you're screwed anyway, and should fix your program" |
01:03.55 | Guillotine | nah, thats not true |
01:04.43 | foxlit | quoth the Linux Kernel coding style? |
01:04.46 | Guillotine | if you're indenting for functions, you'll have 3 levels if you just have a while loop with a for in it :P |
01:06.41 | foxlit | clearly the while loop should call something |
01:06.43 | foxlit | :) |
01:07.27 | foxlit | Subjectively, that feels somewhat right. I dislike sections of my code that are deeper than three levels in |
01:15.15 | *** join/#wowi-lounge KarlKFI (n=AnduinLo@ip72-211-199-75.oc.oc.cox.net) |
01:22.29 | *** join/#wowi-lounge Mike-N-Go (n=MikeNGoS@64.193.93.197) |
01:26.19 | bleeter | I got a serious question... looking for some *really nice* BoE or non-binding shoes for my AH mule, who's wearing full tuxedo set. Anyone got any suggestions? |
01:26.30 | bleeter | lvl 12 |
01:26.52 | pez| | barefooted! :D |
01:28.00 | Wobin_ | I found the Warder set, from the BE starting suit works well for dwarves |
01:28.11 | Wobin_ | although I want the shirt |
01:29.49 | Kaso | Basically the only boots that match the tux pants well are black mageweave but theyre lvl41 |
01:30.34 | Guillotine | Cairenn: in files, the "Edit" button is showing up instead of the "Quote" button for other user's comments. it isn't actually letting edits go through though :) |
01:30.55 | Guillotine | oh, maybe there is no quotes button. but either way, the Edit button is showing when it shouldn't :P |
01:31.57 | bleeter | Kaso: I feared as much :( |
01:34.44 | Guillotine | Arrowmaster: thanks for the file reports :) |
01:36.17 | *** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten) |
01:36.17 | *** mode/#wowi-lounge [+v Kaelten] by ChanServ |
01:38.10 | Thunder_Child | ~seen iriel |
01:38.13 | purl | iriel <n=Iriel@adsl-71-158-244-138.dsl.pltn13.sbcglobal.net> was last seen on IRC in channel #wowi-lounge, 21h 40m 10s ago, saying: 'I'm not sure the best way of representing it, but it's got merit'. |
01:43.38 | Shirik | hahaha |
01:43.40 | Shirik | evading totem |
01:44.04 | Shirik | [#] 20:42:02 Your Shadow Word: Death was evaded by Amani Healing Ward. |
01:51.22 | Duman | heh |
01:51.24 | Duman | hax |
01:51.57 | *** join/#wowi-lounge nymbia (n=nymbia@71-218-136-127.hlrn.qwest.net) |
01:56.24 | *** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-57bba900bebca46a) |
01:57.59 | *** join/#wowi-lounge KarlThePagan (n=andross@lanip-170-65.go180.net) |
01:58.04 | *** join/#wowi-lounge nuoHep (i=nuoHep@89.222.156.36) |
02:00.39 | *** join/#wowi-lounge alestane (n=nevin@c-76-24-240-47.hsd1.ma.comcast.net) |
02:02.56 | *** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36) |
02:04.33 | *** part/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
02:05.27 | Kaso | Wtf never seen that before |
02:06.00 | Kaso | a google page saying my search looked like a bot and couldnt be processed till i entered a capatcha |
02:06.47 | Wobin_ | <PROTECTED> |
02:08.04 | Kelfarr | some guy said he wouldn't go to files.wowace.com because it looks iffy and might hack him |
02:08.26 | Wobin_ | omg hacks |
02:08.30 | Wobin_ | And that's -never- good =( |
02:09.09 | Kaso | to be honest the current look of files.wowace isnt the most reasuring |
02:09.44 | Wobin_ | Needs more penguins? |
02:09.46 | Wobin_ | Monkeys? |
02:09.51 | Wobin_ | ads? |
02:10.05 | Kaso | it does have the feel of one of those "fake search engine" type sites |
02:20.24 | *** join/#wowi-lounge |Jelly|___ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
02:23.58 | Kelfarr | wow wowincgamers has a trojan on the website now |
02:25.16 | *** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36) |
02:37.14 | *** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36) |
02:42.08 | *** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net) |
02:42.36 | bleeter | Kelfarr: they're idiots... they take a thread about Oceanic forums, and read into it something about 2.3/Season 3. |
02:42.44 | bleeter | er s/forums/realm queue lengths/ |
02:43.24 | bleeter | mind you, that's pretty much what Drysc did until he discovered a specific realm mentioned in the thread (which he originally mis-identified) is queued 50% of the time |
02:47.49 | *** join/#wowi-lounge Thelyna (n=burp@222-154-153-20.jetstream.xtra.co.nz) |
03:13.25 | *** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116) |
03:25.06 | Corrodias | i don't like tomtom's new map icons |
03:25.55 | Mr_Rabies2 | i don't like your face |
03:25.57 | Mr_Rabies2 | >:[ |
03:26.09 | Corrodias | i don't like your ass! |
03:26.13 | Corrodias | okay i do |
03:31.14 | JoshBorke | i like Cairenn's ass |
03:31.18 | JoshBorke | or are we talking about a different ass? |
03:33.31 | *** join/#wowi-lounge Drea|AFK (n=llsirsha@ip24-255-56-178.tc.ph.cox.net) |
03:33.43 | Thunder_Child | Cairenn's ass is already spoken for |
03:34.10 | bleeter | lucky donkey |
03:34.35 | Thunder_Child | have you been peeking at her husband again? |
03:35.34 | batrick | don't you love those moments where u write ugly code that you think is the only way to do it for about 2 hours and then it dawns on u what the right way to do something is and you spend 5 minutes writing ~10 lines |
03:35.47 | *** join/#wowi-lounge deadlock (n=deadlock@12-214-50-87.client.mchsi.com) |
03:36.01 | Intangir | whats the proper way to add on to an existing menu? |
03:36.01 | cogwheel | batrick: that happens a lot with state headers :P |
03:36.03 | bleeter | lexicographally(‽) speaking, I wonder when the ass/arse split happened, and what the cause was |
03:36.08 | Intangir | do i just doo AddButton with a new Info variable? |
03:36.13 | Intangir | or do i .. reinitialize the whole thing? |
03:36.19 | Intangir | cause actually NEITHER are working for me |
03:36.34 | ales|wow | Iriel and I are discussing how the state header thing might be cut down a bit. |
03:37.02 | cogwheel | Alestane: yeah, i wouldn't be surprised if they did a major revamp for 3.0 |
03:37.02 | deadlock | Can anyone else get into the WOW account management? |
03:37.33 | Alestane | This isn't even a major revamp, but I think it would largely obsolete the whole button remappign thing. |
03:37.38 | cogwheel | The introduction of macro options so late in the game changed a lot of fundamental concepts |
03:37.49 | bleeter | deadlock: yup |
03:38.55 | Alestane | I figure that about 10 lines added to SecureStateHeader_Refresh() should do the trick. |
03:39.07 | deadlock | Damn it wont let me. Im getting a 404 error |
03:39.57 | Alestane | Seems broken to me too. |
03:40.41 | deadlock | kk ty for confirmation |
03:42.15 | Alestane | Apparently they're running Apache? |
03:42.54 | *** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net) |
03:44.02 | Intangir | whats the proper way to add on to an existing menu? |
03:44.04 | Intangir | do i just doo AddButton with a new Info variable? |
03:44.07 | Intangir | cause actually NEITHER are working for me |
03:44.25 | batrick | u should QQ |
03:44.31 | Alestane | Menus not my string suit, sorry. |
03:44.35 | *** join/#wowi-lounge Tierrie_ (n=tierrie@adsl-68-126-192-197.dsl.pltn13.pacbell.net) |
03:51.22 | Intangir | damn i just .. bah |
03:51.26 | Corrodias | can you put a [modifier] conditional in a /script line of a macro? |
03:53.10 | Corrodias | it would appear not... |
03:56.30 | JoshBorke | Corrodias: no |
03:59.01 | Corrodias | but i can use "if IsAltKeyDown()" or whatever it is |
04:00.33 | JoshBorke | Corrodias: correct |
04:01.37 | Alestane | Or I believe you can use MacroTalk to write lines like /opt [modifier] /run some(Lua) |
04:03.21 | *** join/#wowi-lounge dylanm (n=dylanmor@c-98-224-225-196.hsd1.mi.comcast.net) |
04:03.25 | Corrodias | that will simplify my stuff in the future |
04:04.44 | *** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
04:05.21 | *** join/#wowi-lounge |Jelly|___ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
04:06.27 | *** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
04:08.25 | *** join/#wowi-lounge Lunessa (n=Lunessa@129.7.94.10) |
04:08.29 | Lunessa | station |
04:08.48 | Alestane | ? |
04:25.42 | Drea|AFK | how do you set text on a lua made button? buttonname.SetText("text"); sdon't seem to work |
04:28.09 | Corrodias | tomtom is also not always being able to pick up on lightheaded's coordinate links any more, it seems |
04:28.18 | Corrodias | might be i have a version from a few days ago |
04:31.26 | Intangir | is the a built in scale configuring frame? |
04:32.54 | Corrodias | CLICK CLICK CLICK, tomtom. where are you? |
04:33.43 | Drea | who u talkin to intangir? |
04:37.53 | Intangir | anyone who knows |
04:38.45 | *** join/#wowi-lounge JoshBork1 (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
04:40.49 | Drea | Hey Josh, remember that thing with gettin text to appear on my buttons? |
04:43.25 | *** join/#wowi-lounge JoshBork2 (n=Josh@frontend.gtri.gatech.edu) |
04:48.36 | *** join/#wowi-lounge batrick (n=batrick@c-76-18-69-99.hsd1.nm.comcast.net) |
04:49.45 | Antiarc | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31679942357&sid=1#9 <-- heads up, folks. Looks like a trojan with a keylogger payload is being distributed with wowui's UICentral program. |
04:50.04 | Tem|AFK | lawl |
04:50.14 | Tem|AFK | I can't believe anyone still uses their site |
04:51.13 | Antiarc | easy enough |
04:51.18 | ScytheBlade1 | Oh never mind |
04:51.24 | ScytheBlade1 | We have screenshots of assembly |
04:51.28 | Shirik | ScytheBlade1: I already did, it's pretty safe to do :) If you know how to |
04:52.02 | ScytheBlade1 | Yeah, I've removed spyware from the "unkillable or you instantly BSOD" threads before... it's not that I don't know how to, it's that I don't have a link :) |
04:52.56 | cogwheel | Shirik: ltns |
04:53.01 | Shirik | ? |
04:53.16 | Shirik | ltns? |
04:53.20 | Shirik | ~wtf ltns |
04:53.20 | cogwheel | I haven't seen you talking on irc for like 3 days :P |
04:53.24 | Shirik | oh |
04:53.27 | Shirik | Sorry >< |
04:53.33 | Shirik | This week is hell |
04:53.36 | Shirik | thank god it ends friday |
04:53.41 | *** join/#wowi-lounge Tierrie (n=tierrie@adsl-68-126-223-138.dsl.pltn13.pacbell.net) |
04:54.02 | Shirik | then everything is cool for a week |
04:54.05 | Shirik | then finals in 2 weeks |
04:54.23 | cogwheel | ah... i guess i understood the timeframe wrong... |
04:54.25 | ScytheBlade1 | Haha... I can't resolve their DNS entries.. |
04:54.47 | Shirik | ScytheBlade1: Whose? |
04:54.54 | ScytheBlade1 | incgamers.com |
04:54.59 | ScytheBlade1 | Their primary nameservers aren't responding at all |
04:55.18 | kd3 | ooh, another keylogger to play with |
04:55.39 | ScytheBlade1 | Yeah, still trying to get a copy of it myself. |
04:56.07 | Antiarc | I'll post the copy I got like 10 minutes ago |
04:56.19 | ScytheBlade1 | I want to see where it sends the data |
04:56.21 | ScytheBlade1 | tcpdump ftw |
04:56.25 | Antiarc | http://wow.tachyonsix.com/UICentralSetup-1194307582.zip |
04:56.31 | Antiarc | Deleting that file in 5 minutes, FYI |
04:56.45 | ScytheBlade1 | It's cool, I've already mirrored it ;P |
04:56.51 | ScytheBlade1 | (Kidding) |
04:57.15 | kd3 | awesome. thanks. wireshark, here we go |
04:57.18 | Thrae | ThraeBot automatically mirrors any file listed on IRC, in case it's porn. |
04:57.22 | Antiarc | Tahts' fine, I just don't want people wandering by it and downloading it off my domain without knowing what it does :P |
04:57.23 | ScytheBlade1 | lol |
04:58.29 | ScytheBlade1 | Actually, I could just keep the changes in RAM... |
04:58.53 | *** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net) |
05:00.00 | ScytheBlade1 | Bah, what's that overlay filesystem... |
05:01.01 | Shirik | :D |
05:01.15 | ScytheBlade1 | UnionFS! |
05:01.16 | ScytheBlade1 | There we go |
05:01.49 | batrick | -->nil |
05:01.49 | batbot | batrick: > nil |
05:05.28 | *** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
05:08.42 | ScytheBlade1 | Oh screw it, I'd have to recompile crap |
05:10.46 | ScytheBlade1 | 0_0 |
05:10.50 | *** join/#wowi-lounge batrick (n=batrick@c-76-18-69-99.hsd1.nm.comcast.net) |
05:10.52 | ScytheBlade1 | I have 35GB in ~/.wine/drive_c/ ... |
05:12.14 | Drea | blast |
05:12.16 | kd3 | bah, it's a .net app. don't want to install the windows version of mono in wine |
05:12.40 | Drea | how come button.SetText don't work?? |
05:12.45 | ScytheBlade1 | It is? Well, crap. |
05:14.26 | Antiarc | Drea: try button:SetText() |
05:14.41 | JoshBorke | drea: does the buttton have a text field? |
05:15.34 | *** join/#wowi-lounge Nargiddley (n=narg@203-97-236-74.cable.telstraclear.net) |
05:16.43 | Drea | ... yeah that's what i meant. |
05:16.56 | Drea | Here. lemme give ya a pastey. |
05:17.51 | Drea | http://wowi.pastey.net/78215 It's the Very last function, and i try to do buttonname:SetText("TeXT"); and no text. no errors either. |
05:18.23 | JoshBorke | drea: there is no text field on that button for you to set text to |
05:18.25 | Kaso | My my that is alot of comments |
05:18.46 | deadlock | What the hell makes your screen flash red |
05:18.48 | deadlock | when attacked |
05:18.51 | deadlock | annoying as hell |
05:18.55 | Kaso | default UI |
05:19.15 | Drea | lol. Yeah lots of comments. did it for a friend. who'seven newer than me to lua. lol |
05:19.22 | Drea | hmm. how do i make a text field there then Josh? |
05:19.41 | Kaso | deadlock, 2.3.0 patchnotes "When you take damage and have a full screen UI up, the edges of the screen will flash red so you know you are under attack." |
05:19.52 | ScytheBlade1 | kd3: lol |
05:19.54 | Kaso | am i the only one who religously reads patchnotes :< |
05:19.59 | kd3 | 192.168.20.1 -> 255.255.255.255: DNS, Standard query A i |
05:20.00 | ScytheBlade1 | Might want to look into that, lol |
05:20.19 | JoshBorke | drea: inherit from a button that does or create the text field yourself |
05:20.22 | kd3 | and the queries "u", "dP", "u_R9", "ezMQJ59" |
05:20.52 | deadlock | Kaso: Can i disable it |
05:21.00 | Drea | so i'd have to create a text field, and place it on the button? |
05:21.18 | JoshBorke | drea: yes |
05:21.45 | Drea | argh, can i just inherit a button that has a text field? would that be easier? |
05:21.55 | JoshBorke | drea: simple as: b.text = b:CreateFontString(<some magic here>); b.text:SetPoint("CENTER", b, "CENTER", 0, 0); b.text:SetText(<stuff>) |
05:21.58 | ScytheBlade1 | kd3: for what it's worth, I still have random IPX requests seen every so often on my business LAN. Can't figure out where they are coming from for the life of me. |
05:22.00 | JoshBorke | drea: probably |
05:22.11 | Kaso | deadlock, that i am not totally sure about, i think maybe atm you cant but i remebre reading something about them adding the ability to do that some time soon |
05:22.21 | JoshBorke | i can't think of any off the top of my head, but there are a lot of blizzard buttons |
05:22.24 | Drea | hmm. do you know how to do the inheriting on the CreateFrame? it's kinda confusin to me |
05:22.29 | JoshBorke | in fact, all of the standard blizzard buttons have it |
05:22.32 | JoshBorke | ~api CreateFrame |
05:22.33 | purl | http://www.wowwiki.com/API_CreateFrame |
05:23.01 | MentalPower | !api CreateFrame |
05:23.02 | ThraeBot | MentalPower: newFrame = CreateFrame("frameType", "frameName", parentFrame[, "inheritsFrame"]); -- http://www.wowwiki.com/API_CreateFrame |
05:23.11 | JoshBorke | ~lart MentalPower |
05:23.11 | purl | raises middle finger to MentalPower |
05:23.22 | MentalPower | ~whaleshield me |
05:23.25 | JoshBorke | MentalPower: any update on the pull all function from blizzard? |
05:23.25 | Drea | so, CreateFrame( |
05:23.27 | Drea | oops. |
05:23.38 | MentalPower | JoshBorke: it works afaik |
05:23.53 | JoshBorke | MentalPower: oh, good, time for me to check on auctioneer again |
05:23.56 | MentalPower | but the real test is when ther are 10K+ auctions to pull |
05:23.56 | Thunder_Child | MentalPower, w/o the me |
05:24.05 | MentalPower | ~whaleshield |
05:24.05 | purl | ACTION summons a rather dense leaden whale named Billy Bob to shield mentalpower from the blast. |
05:24.17 | Drea | CreateFrame("Button", "Step "..i.."Button", UIFrame[UIBUTTONTEMPLATE]);?? |
05:24.31 | JoshBorke | drea: no, the inheritFrom should be a simple string |
05:24.58 | MentalPower | drea: and you're missing a nil |
05:25.11 | *** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net) |
05:25.24 | Drea | wow, i'm a lil confused now. lol. |
05:25.38 | Drea | err. maybe i'm just bein stupid. |
05:25.48 | JoshBorke | drea: without a nil after the button name it interprets the next field as the parent |
05:26.19 | Drea | local b = CreateFrame("Button", "Step"..i.."Button", nil, UIParent[?]); This is what i need. what would i put in the place of the ? |
05:26.41 | deadlock | kaso i hate it makes me wanan quit wow |
05:27.18 | Kaso | im sure it wouldnt be hard to remove |
05:27.41 | MentalPower | drea: whats the template you're inheriting from? |
05:28.08 | MentalPower | UIParent[?] is not a valid template |
05:28.11 | Drea | no idea yet. know any good ones? lol |
05:28.53 | MentalPower | ~facepalm |
05:28.53 | purl | ACTION facepalms at the situation |
05:29.04 | MentalPower | what are you trying to do? |
05:29.27 | Drea | lmao. i just want a button, i can put text on. need the pastey again? lol |
05:29.37 | JoshBorke | drea: try UIPanelButtonTemplate |
05:29.43 | Drea | http://wowi.pastey.net/78215 |
05:30.02 | MentalPower | ocal b = CreateFrame("Button", "Step"..i.."Button", nil, "UIButtonTemplate") |
05:30.09 | MentalPower | s/oc/loc/ |
05:30.19 | MentalPower | that will give you the standard red button |
05:33.44 | Drea | oy. |
05:34.54 | Drea | well that sure screwed up my settings. lol. dangit. |
05:36.23 | Drea | it worked, they have writing on em, but they are not lined up properly anymore. which i supppose is not that big of a deal, since the scrollbar isn't working properly. |
05:36.26 | *** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net) |
05:37.03 | Drea | argh. if it's not one thing lately... lol |
05:38.19 | JoshBorke | nn |
05:38.31 | *** part/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
05:48.16 | Drea | well at least i fixedthat. it's SOME progress. |
05:48.29 | Drea | tommorrow it is. lol. lates ya'll |
05:49.11 | kd3 | anyone who can read libpcap TCP dumps, take a look at http://spyglass-server.com/pub/routerCompromised.dump |
05:49.28 | kd3 | I'm boggled as to what's causing the router to send those DNS requests |
05:50.16 | Antiarc | UICentral? >_> |
05:50.28 | Shirik | kd3: Will do so in about 10 seconds |
05:50.34 | Shirik | 10 minutes* |
05:50.58 | kd3 | that's not UICentral related. unless it can somehow magically infect a cisco router from inside of a wine instance that didn't even get set up properly |
05:51.23 | kd3 | one hell of a trojan, that |
05:52.58 | Wobin_ | well you know what they say about trojans |
05:53.27 | Shirik | kd3: Those are some pretty cool requests |
05:53.30 | Wobin_ | http://youtube.com/watch?v=_RmKFYhqYG0 |
05:54.25 | Shirik | wierd |
05:54.28 | Shirik | those are broadcast packets |
05:54.41 | Shirik | as if it's trying to flood your ethernet |
05:54.47 | Wobin_ | I love that clip =P |
05:56.03 | Shirik | Kd3: I have telecomms tomorrow I'll ask my professor if he's ever seen it before |
05:56.54 | kd3 | go for it. I'll be giving the network admin a call and handing him the dump to see what he makes of it |
05:57.19 | kd3 | I'm still going "wtf" watching wireshark's live feed of this |
05:59.13 | kd3 | wow @ http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31680944312&sid=1#14 |
05:59.27 | Antiarc | Yup |
05:59.32 | Antiarc | I was pretty @_@ that Slouken bumped it |
06:03.37 | Shirik | kd3: It appears to be a DoS attack attemp |
06:03.58 | Shirik | everything I'm reading about it shows that it is a style of attack which will attempt to get as many possible responses back to that router |
06:04.15 | Shirik | it's probably not coming from that router |
06:04.22 | Shirik | in any case you should let the net admin know :) |
06:11.06 | Thunder_Child | lightroom takes up such a huge ammount of ram |
06:15.32 | Cairenn|afk | omg, again with ui.wow.net (err, incgamers)? |
06:15.47 | Cairenn|afk | (catching up on the forums) |
06:15.58 | Thunder_Child | you should just go by their nickname |
06:16.12 | Cairenn|afk | how're the hand and leg doing now |Jelly|? |
06:16.35 | |Jelly| | Sore as shit. rofl |
06:16.54 | Thunder_Child | thats funny? |
06:16.54 | Cairenn|afk | has the hand stopped swelling yet? |
06:17.17 | |Jelly| | Yeah. It's gone down a lot. I went and took a nap so I wasn't typing and what not for a while. :P |
06:17.23 | Cairenn|afk | good |
06:17.33 | Mr_Rabies2 | what'd i miss? |
06:17.39 | Antiarc | What's amazing is that Rushster, rather than investigating the claims, is just brushing them off. |
06:17.42 | Antiarc | Not that I'm surprised. |
06:17.49 | Cairenn|afk | don't forget, ice for 10 mins every 20 mins |
06:17.50 | Thunder_Child | |Jelly| being dumb i guess |
06:18.00 | Cairenn|afk | Antiarc: where? |
06:18.05 | |Jelly| | What the fuck are you talking about, TC? |
06:18.05 | Antiarc | http://wow.incgamers.com/forums/showthread.php?t=405983&page=2 |
06:18.15 | Antiarc | "The virus did not come from this site. You can also not get a virus from UICentral. UIcentral can not activate/unpack execeutable files. I suggest you look elsewhere for the virus source." |
06:18.24 | Antiarc | "ORLY? *Disassembly*" |
06:18.42 | Thunder_Child | hmm... /poke it seems |Jelly| |
06:18.48 | kd3 | lol. guests aren't allowed to look at the forums right now |
06:19.33 | kd3 | or at least that thread |
06:24.22 | Shirik | Anyone here good with excel? |
06:24.34 | Thunder_Child | to a oint |
06:24.37 | Thunder_Child | point* |
06:24.50 | Antiarc | I can sum columns, Shirik :P |
06:24.54 | Shirik | I just have a formula, ok? And you know how you normally copy that formula and paste it into cells and it adjusts the formula so it lines up? |
06:25.02 | Antiarc | Right |
06:25.13 | Shirik | I want one of the values in there to line up, but one needs to stay constant |
06:25.14 | Shirik | =NPV(A18,Sheet1!B22:R22) |
06:25.15 | cogwheel | use dollar signs |
06:25.17 | Antiarc | $ |
06:25.18 | Shirik | I need the A18 to change |
06:25.23 | Antiarc | $B4 locks it to B |
06:25.27 | Shirik | so that would become $Sheet1? |
06:25.28 | Antiarc | B$4 locks it to 4 |
06:25.32 | Shirik | ah ok |
06:25.35 | Shirik | so $B$22 |
06:25.36 | Shirik | etc |
06:25.39 | Antiarc | Right |
06:25.40 | cogwheel | yep |
06:25.42 | Shirik | thanks |
06:26.16 | Shirik | always wondered what that $ meant, heh |
06:26.29 | cogwheel | FWIW, I had typed "use dollar signs" before your "but one needs to stay constant" appeared ;) |
06:26.40 | Shirik | haha |
06:29.09 | *** join/#wowi-lounge a^i`SmaN (i=drag@mlr78-3-88-162-68-235.fbx.proxad.net) |
06:44.55 | Mike-N-Go | A friend of mine has a question, he ponders of a weapon that allows one to speak to a boss in Sm cath, anyone know what this is? |
06:45.31 | Mike-N-Go | He says it allows one to enter the cath as frendly? |
06:46.34 | Antiarc | Yeah, Ashbringer, from Naxxramas |
06:48.02 | Shirik | Okay, Antiarc / cogwheel, still here? |
06:48.09 | Antiarc | yup |
06:48.10 | cogwheel | aye |
06:48.18 | Shirik | Know any economics or anything about the PV() or NPV() functions? |
06:49.14 | cogwheel | i took macroeconomics a few years ago... let me take a look at the funcs |
06:49.19 | Shirik | This doesn't make sense to me: I have a value of about negative $6 million. I'm calculating the present value of it, and it says it's positive $6.18 million.... Now I know I'm new to this economics stuff, but I'm fairly certain money lost can't become money gained over any amount of time |
06:50.35 | Shirik | oh crap |
06:50.43 | Shirik | ok, 7.5 is 750%, not 7.5% |
06:50.44 | Shirik | got it. |
06:50.47 | Shirik | never mind ^^ |
06:50.53 | cogwheel | heh |
06:51.02 | Shirik | 750% discount rate causes some really fun stuff to happen to money, I really wish we could do that IRL |
06:51.08 | Shirik | negative taxes whoo |
06:53.30 | *** join/#wowi-lounge art3mis (n=art3mis@WoWUIDev/WoWI/HKUI/art3mis) |
06:53.43 | *** join/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
06:54.05 | art3mis | oh the sheer unadulterated fun! |
06:54.50 | art3mis | man id be choked if i paid money for some of these data recovery programs |
06:55.04 | art3mis | sure they'd be fine if the drive was in a fire or something i suppose |
06:55.17 | art3mis | but it couldnt even find a file that i recently deleted |
06:57.12 | batrick | th bot police are demanding i have a single trigger for batbot... bah i say bah! |
06:57.23 | Intangir | how do i iterate thru every element in a list? |
06:57.26 | Intangir | or an array |
06:57.34 | art3mis | yes |
06:57.48 | batrick | -->t={1,2,3} for k,v in ipairs(t) do print(k,v) end |
06:57.48 | batbot | batrick: 1 1 2 2 3 3 |
06:58.09 | art3mis | how many triggers do you have bat? |
06:58.36 | batrick | '!' and --> and various "am not" "u r" combinations |
06:58.47 | batrick | none of the latter are on in this channel |
06:59.16 | art3mis | well ditch the bang |
06:59.24 | art3mis | thats thraes trigger |
06:59.29 | Thunder_Child | sticking with one would be a good idea |
06:59.52 | Thunder_Child | and as usual, kiss |
07:00.03 | art3mis | !c us Boobies Thunderchild |
07:00.18 | Thunder_Child | thats wrong on so many levels |
07:00.29 | art3mis | see us boobies, TC ! |
07:00.43 | art3mis | or BANG! See us boobies, TC |
07:00.55 | Thunder_Child | ...not helping |
07:01.20 | Thunder_Child | besides...when did exclimation point == bang? |
07:01.29 | Thunder_Child | (i doubt i spelled that correctly) |
07:01.36 | Shirik | Thunder_Child: Always called it that :) |
07:01.40 | batrick | ^ |
07:01.41 | Shirik | Anyway, Excel hates me.... |
07:01.48 | Shirik | I have the exact same formula in two places |
07:01.49 | batrick | no microsoft hates u |
07:01.53 | Shirik | and they're different results |
07:01.57 | batrick | lol! |
07:02.03 | Thunder_Child | Shirik, i bet it's you not them |
07:02.07 | Shirik | =NPV(A3/100,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80 |
07:02.08 | Thunder_Child | PEBKAC |
07:02.13 | art3mis | ! == bang it's always been called that ;P |
07:02.15 | Thunder_Child | it's ALWAYS PEBKAC |
07:02.16 | Shirik | =NPV(7.5%,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80 |
07:02.19 | art3mis | !root |
07:02.20 | Shirik | 7.5% == A3/100 |
07:02.43 | art3mis | thats 7.5% APR OAC |
07:02.52 | Shirik | Result 1: -4,393,864, Result 2: $2,685,135.69 |
07:03.18 | Thunder_Child | looks like your formulas are done incorrectly |
07:03.33 | Intangir | ok |
07:03.38 | Intangir | there is a .. child frame here in this frame |
07:03.43 | Intangir | that im sure exists also in other frames |
07:03.47 | Intangir | how do i make sure im getting the right one? |
07:03.54 | Intangir | PlayerMiniArrowFrame |
07:04.27 | Intangir | whats the name of the frame, for the arrows on the minimap and map |
07:06.01 | Corrodias | hmm, not sure if i want to do the quests in darkshore now, at 21, or save them for later when i just want rep and they'll be easier |
07:06.15 | Thunder_Child | Shirik, have you checked that A3/100 == 7.5%? |
07:06.40 | Thunder_Child | and have you made sure that what it returns is formated properly |
07:06.40 | Corrodias | might just move on to ashenvale and wetlands |
07:06.43 | Shirik | eh, sorry I copied the wrong formula |
07:06.44 | Shirik | =NPV(A77/100,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80 |
07:06.50 | Shirik | A77/100 does indeed equal 7.5% |
07:07.02 | Shirik | which is .0075 |
07:07.07 | Shirik | .075 * |
07:07.07 | batrick | Shirik: ur first mistake was using Excel |
07:07.15 | Shirik | batrick: I didn't start it :P |
07:07.48 | Shirik | I have also determined the NPV() part is the same |
07:07.52 | Shirik | it's the addition it's doing wrong for some reason |
07:07.56 | Corrodias | so A = 0.097402597402597402597402597402597... |
07:07.59 | Shirik | 2 million minus 6 million is not 5 million |
07:08.59 | krka | except for large values of 2 million |
07:09.28 | *** join/#wowi-lounge ckknight_ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
07:14.08 | art3mis | why is metal slug so insanely fun? |
07:18.19 | Thunder_Child | as in a spent bullet, oddly named toy, or band? |
07:18.42 | Shirik | Firefox can't find the server at wowui.incgamers.com |
07:21.29 | art3mis | tc: as in that stupid video game |
07:22.26 | Thunder_Child | art3mis, never heard of it |
07:23.28 | Gngsk | metal slug is a classic 2d shoot 'em up game |
07:24.09 | art3mis | has anyone every watch the tv sohw Profit? |
07:24.36 | art3mis | im starting to believe that TC lives in a cardboard box with a cut out to his computer screen and he's only allowed on irc and wow |
07:25.14 | Tem | Thunder_Child, you've seriously never played metal slug? |
07:25.18 | Tem | you poor thing |
07:25.50 | dolby-wowi | art3mis: do you have these yet? http://wackyjapanese.pandemonium.de/2007/09/23/hello-kitty-wedding-rings/ |
07:25.50 | batrick | i r tired |
07:25.52 | Thunder_Child | Tem, it's hard to play it when you havent heard of it |
07:25.59 | Thunder_Child | art3mis, PC or console? |
07:27.02 | art3mis | started as a neo geo stand up and then went console |
07:27.14 | art3mis | ive been on pretty much every console i can think of |
07:27.50 | art3mis | dolby: not yet im saving up my upc codes ;P |
07:28.56 | art3mis | http://www.gametap.com/home/ |
07:29.05 | art3mis | tc just go there and download the player and select metal slug! |
07:29.54 | art3mis | hrm |
07:30.01 | art3mis | is it wednesday or thursday |
07:30.14 | Thunder_Child | still wed for me |
07:30.18 | Thunder_Child | 30 more min |
07:30.21 | art3mis | i think im missing a day somewhere |
07:30.30 | art3mis | wtf did i do monday |
07:31.31 | *** join/#wowi-lounge zenzelezz (n=zenzelez@ti0140a340-0342.bb.online.no) |
07:38.15 | *** join/#wowi-lounge MoonWolf (n=MoonWolf@i208248.upc-i.chello.nl) |
07:38.15 | *** mode/#wowi-lounge [+v MoonWolf] by ChanServ |
07:43.35 | Xuerian | I love that sensation |
07:43.41 | Xuerian | "I think I missed a day..." |
07:44.29 | *** join/#wowi-lounge Pandya (n=Pandya@bb-87-81-181-46.ukonline.co.uk) |
07:44.50 | art3mis | im serious |
07:45.04 | Corrodias | sigh, the zones past the starting areas are so confusing |
07:45.05 | art3mis | i remmeber patch day and today |
07:45.16 | art3mis | but i dont remember what i did on monday |
07:45.41 | Pandya | what's WoW's current patch situation? |
07:45.45 | Pandya | haven't played for a bit :P |
07:45.54 | Pandya | are we in the wake of a large patch, or about to get slapped with a large patch |
07:46.14 | Duman | still in the wake of 2.3 |
07:46.26 | Pandya | ah ok |
07:46.46 | Pandya | how big be 2.3 |
07:46.57 | Pandya | got about five minutes before I have to go to work :P |
07:48.56 | art3mis | if you havent updated since tbc came out its 700mb ;P |
07:49.44 | Pandya | well seeing how wow isn't installed yet, ye. |
07:49.47 | Pandya | ooo found a download |
07:49.50 | Pandya | 870mb ;_; |
07:56.53 | *** join/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
08:12.17 | *** join/#wowi-lounge ckknight__ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
08:16.33 | *** join/#wowi-lounge zenzio (n=zenzelez@85.19.77.194) |
08:17.04 | *** join/#wowi-lounge Dotted (n=Dotted@82.129.20.243) |
08:17.10 | art3mis | anyone remember when they would release movies and they didnt have a crappy video game associated with them? |
08:18.37 | zenzio | must have been back in the day when every popular TV series didn't get a stupid game also |
08:19.05 | art3mis | ahhh the good old days |
08:19.22 | art3mis | i do miss the days of every cartoon having action figures though |
08:19.53 | art3mis | and incredibly puntastic and sarcastic jokes in kids cartoons and lots of violence |
08:21.05 | art3mis | ie. tiny toons, animaniacs, gi joe, transformers,battle of the planets, samurai jack dextors lab, invader zim rocky and bullwinkle, roget ramjet, |
08:28.37 | *** join/#wowi-lounge leethal (n=leethal@213.187.163.226) |
08:29.08 | *** join/#wowi-lounge widgertick (n=na@ip68-109-67-190.oc.oc.cox.net) |
08:29.08 | *** mode/#wowi-lounge [+o widgertick] by ChanServ |
08:29.17 | *** join/#wowi-lounge krka (n=krka@c83-250-42-60.bredband.comhem.se) |
08:30.04 | *** join/#wowi-lounge dolby-wowi_ (n=Dolby-wo@CPE-70-94-30-72.wi.res.rr.com) |
08:31.30 | *** join/#wowi-lounge Kalroth (n=kalroth@0x573f1066.hjnqu1.broadband.tele.dk) |
08:37.28 | *** join/#wowi-lounge amro (n=amro@82.101.184.161) |
08:38.36 | *** join/#wowi-lounge Cairenn (n=Cairenn@MMOI/Administratrix/Cairenn) |
08:38.36 | *** mode/#wowi-lounge [+o Cairenn] by ChanServ |
08:43.26 | widgertick | WB Cairenn =) |
08:43.32 | Cairenn | thanks |
08:43.42 | Cairenn | internet decided to drop there for a couple |
08:43.50 | widgertick | >_< |
08:48.54 | batrick | zzz |
08:49.15 | batrick | we need some drama for entertainment |
08:49.27 | batrick | i'll start |
08:49.29 | batrick | shirik is bad |
08:49.31 | batrick | lol! |
08:49.42 | Shirik | =( |
08:49.52 | batrick | shirik u were supposed to have a retort |
08:50.02 | Shirik | I'll just go qq |
08:50.22 | batrick | <PROTECTED> |
08:50.47 | Cairenn | batrick: you behind on the news? there's drama, it just isn't in channel atm |
08:50.50 | Antiarc | We already have drama for tonight |
08:50.56 | batrick | where at? |
08:51.02 | batrick | that post on ui forums? |
08:51.07 | batrick | it's moving slow |
08:51.09 | Antiarc | Yes, and the follow up on the wowui forums |
08:51.14 | widgertick | Ooh, drama? |
08:51.15 | Antiarc | Rushster is awake now |
08:51.15 | Cairenn | http://www.wowinterface.com/forums/showthread.php?threadid=13805 |
08:51.33 | Cairenn | (bottom paragraph of my post leads to it all) |
08:51.57 | Cairenn | trojan in incgamers' UICentral auto downloader/installer |
08:52.11 | batrick | that thread is locked where's the fun in that cairenn |
08:52.45 | Cairenn | right, I keep forgetting, they lock out anyone whenever the site is "busy" |
08:53.06 | *** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
08:53.28 | batrick | just need to coordinate all our irc bots to DOS them |
08:53.34 | widgertick | @_@ |
08:53.47 | batrick | we have irc bots out the wazoo |
08:54.03 | Antiarc | What's interesting is that the trojan comes from wowui.incgamersi.com |
08:54.06 | Cairenn | no, no we don't guys |
08:54.07 | Antiarc | Note the extra "i" |
08:54.30 | Antiarc | At this point I think that someone slipped it into the installer without Rush noticing, but that's a pretty freaking huge breach of security |
08:54.54 | batrick | i get the feeling this guy is fun to flame |
08:55.05 | batrick | we don't what Cairenn ? |
08:55.16 | Cairenn | (3:53:26 AM) batrick: just need to coordinate all our irc bots to DOS them |
08:55.39 | batrick | i was joking : / |
08:55.40 | Corrodias | who? |
08:55.41 | batrick | lol |
08:56.03 | batrick | Cairenn: u r 2 serious |
08:56.07 | Corrodias | random IP's? :P |
08:56.27 | *** join/#wowi-lounge dolby-wowi (n=Dolby-wo@MMOI/Administrator/Dolby) |
08:56.27 | *** mode/#wowi-lounge [+o dolby-wowi] by ChanServ |
08:56.33 | Cairenn | batrick: intrawebs r srs bsnss! |
08:56.39 | Cairenn | ^_- |
08:56.57 | batrick | only when bots r involved |
08:57.00 | widgertick | im in ur intarwebz |
08:57.02 | batrick | batbot: rite? |
08:57.03 | batbot | batrick, It is certain. |
08:57.03 | widgertick | fillin ur dump trux |
09:04.13 | Corrodias | okay, the warlock succubus quest for the alliance sucks ASS |
09:04.48 | Corrodias | step 1: "go to stormwind because i'm a twit and don't know what to do" |
09:05.28 | Corrodias | step 2: "go out into the middle of the Barrens, almost as far from a friendly travel point as possible, because i'm a jackass and don't know what you need" |
09:05.52 | Corrodias | step 3: "oh, you just need this thing in ashenvale. bye!" |
09:06.09 | greppy | Corrodias: ratchet has an alliance flight path. |
09:06.22 | Corrodias | well, i said almost. |
09:06.35 | Corrodias | i suppose being at the very south end would have been slightly worse |
09:07.01 | greppy | Or in the crossroads :) |
09:07.11 | Corrodias | heh, yes |
09:08.24 | Corrodias | oh well. good way to keep me up late at night. time for me to sleep. 'ni! |
09:08.58 | *** join/#wowi-lounge Chompers (n=Chomp@cpc2-cove7-0-0-cust20.brhm.cable.ntl.com) |
09:10.43 | amro | it's kinda insulting to hear Not enough rage- I just died 3 times on the same quest |
09:15.43 | *** join/#wowi-lounge Riffage (n=nnscript@87-194-105-200.bethere.co.uk) |
09:16.38 | *** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk) |
09:30.48 | *** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net) |
09:48.12 | *** join/#wowi-lounge ThraeBot (n=ThraeBot@pool-72-81-238-113.bltmmd.fios.verizon.net) |
09:48.48 | *** join/#wowi-lounge Thrae (n=Thrae@pool-72-81-238-113.bltmmd.fios.verizon.net) |
09:50.05 | cladhaire | Corrodias: TomTom works just fine with LightHeaedd. |
10:02.03 | *** join/#wowi-lounge haste (n=haste@c7049BF51.dhcp.bluecom.no) |
10:03.25 | Tem | widgertick, THE INTERNET IS NOT A BIG TRUCK |
10:05.48 | Industrial | its a series of tubes |
10:06.04 | Cairenn | well, duh, of course it is! |
10:09.00 | Cairenn | aaaanyway, it's 5am, I'm going to bed |
10:16.06 | Industrial | nn Cairenn|afk |
10:17.27 | amro | is there an accurate way to get the current date? |
10:17.45 | Tem | os.time |
10:18.32 | *** join/#wowi-lounge Dotted^1 (n=Dotted@82.129.20.243) |
10:23.03 | *** join/#wowi-lounge CrazyMYKL (n=rumors@149.152.112.160) |
10:23.21 | amro | Tem: ingame |
10:23.45 | cladhaire | time() |
10:23.55 | cladhaire | or date() |
10:23.57 | cladhaire | i don't recall which |
10:24.01 | Tem | time AND date |
10:24.05 | cladhaire | LIES |
10:24.07 | cladhaire | and SLANDER |
10:24.07 | Tem | date("formatstring",time()) |
10:24.08 | cladhaire | !!! |
10:24.16 | *** join/#wowi-lounge [dRaCo] (n=drc@p5B229FD2.dip0.t-ipconnect.de) |
10:24.23 | cladhaire | okay, shower time, thenc lass. |
10:24.28 | amro | yep both work |
10:24.30 | nevcairiel | date automagically uses current timestamp if you dont provide one |
10:24.31 | amro | thanks |
10:28.27 | *** join/#wowi-lounge MentalPower|ZzZz (n=MPower@WoWUIDev/Norganna/Administrator/MentalPower) |
10:28.27 | *** mode/#wowi-lounge [+v MentalPower|ZzZz] by ChanServ |
10:28.27 | *** join/#wowi-lounge Tierrie_ (n=tierrie@adsl-68-126-223-138.dsl.pltn13.pacbell.net) |
10:28.44 | *** join/#wowi-lounge Tem (n=tardmrr@WoWUIDev/WoWI/Dongle/Tem) |
10:28.44 | *** mode/#wowi-lounge [+v Tem] by ChanServ |
10:28.53 | *** join/#wowi-lounge Adys|off (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr) |
10:29.16 | *** join/#wowi-lounge |Jelly|____ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
10:29.42 | *** join/#wowi-lounge Xuerian (n=core@216.222.137.173) |
10:35.45 | Rayne`BF2 | O_o |
10:43.33 | *** join/#wowi-lounge Adys|sleep (n=Adys@90.55.33.121) |
10:46.01 | *** join/#wowi-lounge Telrin (n=test@klaagmuur.quince.nl) |
10:50.31 | *** join/#wowi-lounge zenzio_ (n=zenzelez@85.19.77.194) |
10:58.03 | *** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
10:58.29 | *** join/#wowi-lounge nuoHep (i=nuoHep@89.222.156.36) |
11:35.15 | *** join/#wowi-lounge bindi (i=indigo@d54C68C7E.access.telenet.be) |
11:37.37 | *** join/#wowi-lounge Srosh (n=Srosh@c132176.adsl.hansenet.de) |
11:42.28 | *** join/#wowi-lounge Kalroth (n=kalroth@0x573f1066.hjnqu1.broadband.tele.dk) |
11:49.33 | *** join/#wowi-lounge zenzelezz_ (n=zenzelez@ti0140a340-0342.bb.online.no) |
11:50.31 | Tem | oh wow |
11:50.40 | Tem | it's a complete lynching in that thread |
11:50.45 | *** join/#wowi-lounge ven (n=ven@i59F56EDA.versanet.de) |
11:51.09 | Tem | also, shit |
11:51.14 | Tem | it's 6am again |
11:52.31 | Antiarc | After the wowace debacle? Yeah, not too surprising/. |
12:08.39 | [Ammo] | they still advertise as beeing 100% spyware free on the site :) |
12:09.21 | zenzio_ | this sounds interesting, what did I miss? |
12:10.43 | amro | zenzio: http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1 |
12:10.57 | zenzio | cheers |
12:19.57 | *** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com) |
12:20.12 | Kalroth | It's pretty simple. Don't fucking distribute executeable files for others. Ever. |
12:21.33 | amro | yep. but the worst part is their response, nicelly summed up by tekkub |
12:33.13 | zenzio | someone go cook up a lolcat picture please; "im in ur forum, exposin ur troshuns" |
12:35.16 | *** join/#wowi-lounge sylvanaar_work (n=sylvanaa@63.237.23.130) |
12:43.22 | *** join/#wowi-lounge cladhaire (n=cladhair@client0518.vpn.ox.ac.uk) |
12:43.43 | *** mode/#wowi-lounge [+o cladhaire] by ChanServ |
12:46.39 | *** join/#wowi-lounge Nom- (n=nom@standen.id.au) |
12:46.46 | *** join/#wowi-lounge amro (n=amro@82.101.184.161) |
12:48.39 | Shirik | <3 Wobin |
12:48.45 | Shirik | "You euthanised your faithful Trojan more quickly than any test subject on record. Congratulations." |
12:48.56 | Shirik | off to class |
12:49.27 | Wobin | ^^ |
12:53.06 | Industrial | DING 65 |
12:56.09 | zenzio | grats |
13:00.31 | cladhaire | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31680146383&sid=1#45 |
13:04.35 | Wobin | cladhaire: "despicable" |
13:04.40 | cladhaire | thought so |
13:04.41 | cladhaire | :P |
13:09.28 | *** join/#wowi-lounge amro (n=amro@82.101.184.161) |
13:13.17 | Industrial | you tell him cladhaire ! |
13:14.00 | *** join/#wowi-lounge Shirik2 (n=nospam@155.31.172.131) |
13:30.07 | *** join/#wowi-lounge Garns (n=blub@muedsl-82-207-252-175.citykom.de) |
14:00.40 | *** join/#wowi-lounge Funkeh` (n=funk@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh) |
14:06.50 | *** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com) |
14:06.50 | *** mode/#wowi-lounge [+v Cide] by ChanServ |
14:13.06 | *** join/#wowi-lounge Srosh (n=Srosh@c132176.adsl.hansenet.de) |
14:24.45 | *** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@gateway/web/cgi-irc/ircatwork.com/x-854ff90918fcb579) |
14:30.23 | *** join/#wowi-lounge dinesh-sleep (n=chatzill@146.145.196.188) |
14:36.23 | *** join/#wowi-lounge malreth (n=malreth@dhcp-45-31.its.utexas.edu) |
14:36.59 | malreth | i go sleep for a few hours and i miss the start of the GREATEST DRAMA EVAR!@# |
14:37.54 | *** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ |
14:37.58 | *** part/#wowi-lounge Shirik|Ecole (i=9b1f45a9@conspiracy/developer/Shirik) |
14:38.07 | *** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@conspiracy/developer/Shirik) |
14:38.07 | *** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ |
14:44.13 | *** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@gateway/web/cgi-irc/ircatwork.com/x-4d48d1addded0be9) |
14:44.17 | *** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net) |
14:44.19 | Shirik|Ecole | ok, someone confirm I'm not being stupid here |
14:44.30 | Shirik|Ecole | worldofwar.net == incgamers.com |
14:44.33 | Cide | I can confirm the opposite |
14:44.35 | malreth | Shirik: i have never known you to be stupid |
14:44.43 | Cide | correct |
14:44.52 | Cide | same network, anyway |
14:44.56 | Shirik|Ecole | huh |
14:45.03 | Shirik|Ecole | I didn't know that :/ |
14:45.43 | Kalroth | I think Shirik is stupid! |
14:45.47 | Shirik|Ecole | =( |
14:46.18 | malreth | ~lart Kalroth |
14:46.18 | purl | judo chops Kalroth |
14:46.30 | Kalroth | ~wedgie malreth |
14:46.31 | purl | ACTION hangs malreth from the flag pole by his underwear |
14:46.38 | malreth | ~jump Kalroth |
14:46.38 | purl | ACTION scrambles up the nearest tree, screams, then leaps feet first on top of Kalroth |
14:46.45 | Kalroth | ~hug Kalroth |
14:46.46 | purl | ACTION hugs Kalroth tightly until Kalroth turns slightly blue |
14:46.50 | Kalroth | >< |
14:46.55 | malreth | HAH! |
14:48.26 | malreth | so, the Mystery of the Disappearing AddOn Settings has been saved all thanks to Scooby Doo. |
14:48.37 | malreth | s/saved/solved/ |
14:49.44 | Wobin | malreth: You had a blank entry in addons.txt, didn't you? |
14:50.03 | *** join/#wowi-lounge Polarina (n=Polarina@unaffiliated/polarina) |
14:50.04 | malreth | Wobin: i was talking about the forum drama |
14:50.09 | Wobin | ah =P |
14:50.11 | *** join/#wowi-lounge Shirik2 (n=nospam@155.31.172.240) |
14:50.27 | Wobin | Well, that's not really disappearing, just nicely restarting =P |
14:50.59 | malreth | ...to kindly sniff your password and username |
14:51.32 | malreth | i should write a trojan that is all friendly and says 'thank you' and stuff like that |
14:52.45 | malreth | also, it should judge the strength of your WOW password and let you know that you should have set a better one that is more than x characters long or isn't a dictionary word or whatever |
14:53.14 | malreth | it can also praise you for a maximum length password that uses upper/lower/numbers/symbols properly |
14:53.42 | malreth | and then kindly apologize that it is currently informing the Russians about your login information nonetheless |
14:54.26 | Cide | sounds like a winner |
14:54.43 | malreth | "In two days, you can expect to find yourself naked and broke, lying in a Draenei brothel. Sorry." |
14:55.41 | *** join/#wowi-lounge Xuerian (n=core@wireless-216-222-137-173.citizip.com) |
14:56.23 | malreth | Proper grammar and spelling would be a must. |
14:56.59 | Industrial | mmm Draenei brothel |
14:57.20 | malreth | lots of horny chicks |
14:57.27 | malreth | ~rimshot |
14:57.27 | purl | ba-dum CHH |
14:57.59 | Industrial | ^^ |
15:01.34 | Shirik2 | Maldivia: I did something like that once, where it says "hi" |
15:01.54 | Shirik2 | but did it in a system-modal message box that keeps popping up |
15:01.59 | Shirik2 | hehehe |
15:02.06 | *** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ |
15:02.07 | *** join/#wowi-lounge Paradox_ (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
15:03.02 | *** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
15:28.38 | Intangir | hey guys |
15:28.43 | malreth | yeah! |
15:30.03 | Intangir | does anyone use google code? |
15:30.09 | Intangir | does it haveacvs type system aswell? |
15:30.35 | zenzelezz | IIRC it has SVN |
15:30.37 | malreth | google code seems to have an svn |
15:31.05 | Intangir | oh cool |
15:31.09 | Intangir | this is neat, this is all free? |
15:31.40 | malreth | it can be considered free if you don't mind sucking the black greasy cock of your Google Dark Overload |
15:31.48 | Intangir | what do yo u put your addons on? |
15:31.54 | Intangir | malreth: ya.. good point |
15:32.10 | malreth | I don't make, use, or condone addons |
15:32.31 | malreth | ADDONS = SIN |
15:33.03 | JoshBorke | malreth: liar |
15:34.24 | malreth | Righteousness tastes meaty... |
15:34.26 | [dRaCo] | yay for ZA! |
15:34.48 | malreth | [dRaCo]: :D |
15:35.11 | Intangir | BSD license is the most free opensource license right? |
15:35.35 | malreth | well, it allows just about anything |
15:35.55 | zenzelezz | depends how you define "open source" |
15:36.00 | malreth | as long as copyright notices are carried over |
15:36.04 | zenzelezz | I'm sure mr. Stallman would have an objection |
15:36.15 | malreth | and it has that non-promotion clause thing in it |
15:36.38 | Intangir | non promotion? |
15:37.42 | malreth | you couldn't take code from StopTheSpam!, put it in your addon, and then release your addon and say "New! Includes awesome code written by Malreth!" as a 'selling point' |
15:38.25 | malreth | in other words, you can't use the name of the original author to promote your derivative work |
15:38.40 | Intangir | oh that sounds wise |
15:39.02 | *** join/#wowi-lounge dylanm (n=dylanmor@c-98-224-225-196.hsd1.mi.comcast.net) |
15:39.03 | *** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
15:53.38 | *** join/#wowi-lounge deadlock (n=deadlock@12-214-50-87.client.mchsi.com) |
15:56.14 | Intangir | im uploading my addon now on googlecode |
15:56.27 | mikma | WRYYYYYY |
15:56.34 | Intangir | MURLOC! |
15:58.05 | art3mis | any of you mac people know of a util that can recover deleted files WITH filename instead of m131234.mp3 style recover? |
15:58.25 | dreamss | spinrite dint do full filenames? |
15:58.38 | malreth | art3mis: not off the top of my head |
15:58.57 | art3mis | the drives not damaged |
15:59.04 | art3mis | it just had a backup issue |
15:59.09 | dreamss | i belive most good restore progs do filename if the name is on the file list tables |
15:59.25 | dreamss | try spinrite |
15:59.33 | art3mis | partway through the sync backup from drive to drive it encounters an error and started copying 0kb files to the destination |
15:59.47 | art3mis | and the source |
15:59.52 | art3mis | since it was set to sync |
15:59.56 | malreth | ouch |
16:00.12 | dreamss | so it renamed the file |
16:00.20 | dreamss | and made a new one |
16:00.43 | art3mis | so it overwrote a majority of files as 0kb, ive gotten back most of them and many revisions of the same files but the naming scheme in every mac recovery program ive used doesnt recovery with filename, only file type |
16:01.06 | art3mis | downside is that its 96k files ;) |
16:01.27 | art3mis | dreamss: more or less |
16:01.37 | malreth | my suspicion is the filename went away when the file's inode was changed |
16:02.02 | art3mis | i wish mac had a preview option |
16:02.07 | malreth | the file-recovery software just looks for unlinked file-looking data |
16:02.15 | malreth | art3mis: for mp3s? |
16:02.22 | art3mis | so i could just open a dir see thumbnails of everything and find the names that way |
16:02.29 | malreth | you can |
16:02.34 | art3mis | xls doc pdf etc etc etc |
16:02.38 | art3mis | mp3s is easy |
16:02.43 | malreth | especially in 10.5 |
16:02.44 | art3mis | since they store id3 tags |
16:02.52 | art3mis | oh? |
16:02.57 | malreth | yah |
16:03.08 | malreth | for the filetypes that you mentioned |
16:03.16 | Cide | http://youtube.com/watch?v=2x2W12A8Qow |
16:03.19 | malreth | .xls .doc .pdf especially |
16:03.21 | dreamss | http://www.grc.com/sr/spinrite.htm |
16:03.33 | malreth | all image types should get icon previews |
16:03.43 | malreth | and failing that, there's always quicklook or cover view |
16:04.00 | malreth | in fact, cover view mode would be perfect for that |
16:04.34 | art3mis | dreamss i dont think that will work |
16:04.48 | malreth | oh.. i take back the .xls one... those don't seem to get automatic previews |
16:05.02 | art3mis | the drive itself is fine, it's the contents of said drive thats gotten gimpy... i'd need some util that would allow me to rollback |
16:05.02 | malreth | either that or it only works with older .xls formats |
16:05.56 | Intangir | omg our lag here is so freaking terrible |
16:06.49 | dreamss | hmmm |
16:07.13 | art3mis | but i think im gonna set up a subversion for him |
16:07.22 | ScytheBlade1 | Antiarc: "Trojans are a lie. Trust the Administrators. There has never been any such thing as a trojan. The Administrators are Truth. The Administrators are Safety." 10/10, would lol irl again, A++ |
16:07.24 | art3mis | that way his important stuff is offsite ;P |
16:07.41 | dreamss | bofh is allways right |
16:07.42 | malreth | ScytheBlade1: yeah, i liked that one too |
16:07.56 | ScytheBlade1 | That was just incredibly well done |
16:08.39 | dreamss | like i said, to make a self ofbsucating self updating trojan thats never the same on 2 pcs is very easly |
16:09.10 | dreamss | sigh |
16:09.15 | *** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
16:09.43 | *** join/#wowi-lounge |Jelly|____ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net) |
16:09.44 | *** join/#wowi-lounge cog|work (n=chatzill@intra.kistlerwine.com) |
16:10.55 | ScytheBlade1 | "You euthanised your faithful Trojan more quickly than any test subject on record. Congratulations" was incredible also |
16:10.57 | |Jelly| | the incgamers drama continues! woot |
16:11.21 | ScytheBlade1 | I'm just catching up from when I went to bed last night |
16:11.28 | ScytheBlade1 | Some of these replies are nothing short of awesome |
16:11.29 | |Jelly| | me too lol |
16:11.41 | |Jelly| | I first had to laugh at my troll and now, it's reading time! :P |
16:12.03 | ScytheBlade1 | Ding ding |
16:12.24 | |Jelly| | How DARE YOU provide evidence, Shirik! |
16:12.32 | Shirik | =P |
16:12.43 | ScytheBlade1 | "You're posting from my closet aren't you? You can come out now, it's safe." another lol from me |
16:12.46 | malreth | the entire incgamers thing... everything from the wowace stuff to this is just nothing short of amazing |
16:12.46 | |Jelly| | I'm not there yet, it was just one of the pauses while I was scrolling. |
16:13.51 | malreth | if allakhazam never really recovered fully from the negative PR years ago that wasn't even their fault and that they handled correctly, i can't even fathom the extent of the negative mindshare that incgamers will have from this |
16:14.12 | art3mis | dreamss: we call that Warden ;P |
16:14.39 | Shirik | incgamers is lucky they don't get sued, tbph |
16:14.51 | Shirik | with the enormous amount of evidence that this is actually them covering up an intentional attack? |
16:15.19 | ScytheBlade1 | malreth: I'll be honest, I *HATE* vBulletin based sites... but in this case, all of the other sites reeked of excessive suck, incgamers being one of them (imo).. even if I didn't know their history, I'm not the least bit surprised |
16:15.33 | ScytheBlade1 | They'll never hear the end of this |
16:15.43 | Shirik | oh come now |
16:15.48 | Shirik | anything's better than blizzard's forums :P |
16:15.53 | ScytheBlade1 | Ha |
16:15.55 | malreth | Shirik: what's the evidence again that this was intentional? |
16:16.25 | Shirik | It's really just circumstantial |
16:16.30 | malreth | ah |
16:16.47 | |Jelly| | roflamo...Shirik owned his face off on Page 2 and it goes on for another two pages. This is going to be beautiful. |
16:16.49 | ScytheBlade1 | I really do like the WoW forum design, in all truth.. it handles simply amazing amounts of load, all things considered |
16:17.16 | ScytheBlade1 | And they do have the "click to continue" page for sites that they don't trust (read: all of them) |
16:17.24 | Shirik | The fact that the file was there, the fact that the program requests another program from his site (meaning two breakin points had to exist). The fact that the setup file seems to be seamlessly packaged, yet executes the viral file immediately on exit. The fact that he seems to have been covering it up even after I posted the exact lines of code that are malicious. |
16:17.27 | Shirik | Need I continue? |
16:17.53 | ScytheBlade1 | He's boned. |
16:17.58 | malreth | Shirik: it could be an inside job |
16:18.12 | Shirik | that would still make it incgamers at fault |
16:18.19 | ScytheBlade1 | " |
16:18.19 | Shirik | I'm not necessarily saying "him," but the organization |
16:18.48 | Shirik | what I absolutely can't stand, though, is the amount of coverup work he does |
16:18.51 | *** join/#wowi-lounge Kirkburn (n=Kirkburn@82-32-40-219.cable.ubr06.azte.blueyonder.co.uk) |
16:18.55 | ScytheBlade1 | "2. I cant apologise for something I dont know how it has happned or what has happened. We always do if something screws up." <-- bam, and with that line, any form of respect (myself as a modding site 'admin') - GONE. |
16:18.56 | |Jelly| | <PROTECTED> |
16:19.04 | Shirik | oh I was mad at him there, yeah |
16:19.16 | |Jelly| | I'm laughing so hard. |
16:19.30 | malreth | i wouldn't be quick to say someone who gets infiltrated is at fault... but yeah he should quit with the coverup doublespeak |
16:19.31 | Shirik | I had tor all lined up and ready to go, too; he never banned me =( |
16:19.48 | Shirik | He banned Tek though, haha! |
16:19.49 | art3mis | new drama? |
16:20.05 | deadlock | Is there a way to make the chat tabs already visible |
16:20.06 | malreth | Shirik: yeah! banning tekkub was priceless |
16:20.37 | malreth | art3mis: oh my yes |
16:20.47 | art3mis | someone should mirror the forums ;) so he can stop getting ad revenue from the flame war ;P |
16:21.42 | art3mis | whats the new drama? |
16:21.58 | malreth | the way he comes off calling all of this a 'campaign' against him and his site or something |
16:21.59 | art3mis | i lost interest after the whole wowace thing |
16:22.08 | malreth | i'm all thinking, 'dude, you do this to yourself' |
16:22.43 | malreth | art3mis: you know all those increasing reports on the forums about people who keep repeatedly losing their addon settings |
16:22.49 | malreth | and nothing seems to be the culprit? |
16:23.08 | art3mis | nope didnt read that |
16:23.17 | dreamss | art3mis, dont be retardedm warden is a piece of crap |
16:23.37 | malreth | turns out it may be caused by a trojan that is bundled with the UIC updater thing or something |
16:23.56 | art3mis | yeah but its a self hiding self replicating polymorphic encrypted piece of crap ;P |
16:24.09 | dreamss | ohhh |
16:24.09 | art3mis | mal: hahah |
16:24.23 | dreamss | i take it back i was being the tard |
16:24.30 | dreamss | true |
16:25.01 | art3mis | somehow the uic updater getting trojaned is kind of funny |
16:25.50 | malreth | well, the implication is that the trojan's been there for some time now |
16:26.04 | malreth | and by all indications looks like it was always intended to be there |
16:26.30 | malreth | so, either they were really moronic |
16:26.42 | malreth | or someone has done a good job in setting them up to look like morons |
16:26.56 | Cide | I hope someone set them up |
16:27.01 | ScytheBlade1 | Postin' in a thread because everyone else is, whee! |
16:27.06 | Cide | it'd be such a conspiracy |
16:28.15 | art3mis | so what did the trojan do supposedly? just reset yer ui? |
16:28.36 | art3mis | maybe thats how cog got haxxored |
16:28.54 | ScytheBlade1 | Read page one of that thread for details |
16:28.55 | cog|work | art3mis: i've only ever used WAU |
16:29.02 | dreamss | now should i be pissed that my guild filled their za raid without even asking me, one of the core healers |
16:29.06 | Shirik | art3mis: I already took it apart bit by bit |
16:29.09 | ScytheBlade1 | art3mis: http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=1 |
16:29.10 | dreamss | whos allways there for raids.. |
16:29.11 | Shirik | read the first page, it's all there :) |
16:29.25 | Shirik | but suffice to say, it's a keylogger |
16:29.29 | Shirik | one specifically designed for wow |
16:29.41 | dreamss | do u have it? |
16:29.45 | *** join/#wowi-lounge Kaso (n=Kaso@resnet31.nat.lancs.ac.uk) |
16:29.47 | dreamss | the executable |
16:29.59 | Shirik | I'm actually working on reconstructing the protocol along with Antiarc so we can flood the server with fake usernames and passwords |
16:30.07 | Shirik | there are quite a few |
16:30.16 | Shirik | one downloads another which downloads another which injects it into lsass.exe |
16:30.23 | dreamss | is it irc based |
16:30.28 | Shirik | and that all is started by the setup.exe |
16:30.28 | dreamss | or http based |
16:30.30 | Shirik | it appears to be HTTP based |
16:30.45 | ScytheBlade1 | Shirik: I'd STRONGLY suggest that you do so and e-mail your findings to hacks@blizzard.com |
16:30.53 | dreamss | no ssl certs? lol |
16:30.53 | ScytheBlade1 | I was thinking the same thing last night |
16:31.13 | Shirik | dreamss: lol, no |
16:31.21 | Shirik | basic HTTP |
16:31.33 | Shirik | the only reason I haven't fully reconstructed it is because stupid VirtualPC doesn't have a 3d accelerator |
16:31.34 | *** join/#wowi-lounge Hobinheim|ubuntu (n=mark@207-38-224-165.c3-0.43d-ubr9.qens-43d.ny.cable.rcn.com) |
16:31.38 | ScytheBlade1 | dreamss: any client can connect to an SSL'd host (duh). The only way to actually secure the data is to use server AND client certs, which no one does. And even then, you'd have to distribute the private key with the trojan.... which would be pointless |
16:31.41 | Shirik | and I've never used vmware before |
16:32.08 | *** join/#wowi-lounge Lopeppeppy (n=Lopeppep@141.222.29.30) |
16:32.33 | dreamss | scy, mostly was wondering about dumping the packets |
16:32.52 | ScytheBlade1 | dreamss: it's still plaintext somewhere along the line. :) |
16:33.13 | dreamss | oh of course |
16:33.44 | dreamss | but ur aware of the dcc exploit on some routers right? |
16:33.51 | dreamss | it was protection agaist trojan |
16:33.51 | Intangir | what does ace2 do for you? |
16:33.57 | ScytheBlade1 | lol yes |
16:33.59 | dreamss | nothing |
16:33.59 | ScytheBlade1 | STARTKEYLOGGER |
16:34.04 | ScytheBlade1 | *bam* |
16:34.27 | dreamss | yeah i was wondering if the guy who made it tought of protecting it agaist that |
16:34.27 | ScytheBlade1 | That was actually Norton AV, not a router, but close enough. (Unless you're thinking of something else) |
16:34.32 | |Jelly| | <PROTECTED> |
16:34.39 | |Jelly| | Sorry...got distracted for a minute. |
16:34.40 | dreamss | nah diff routers had that feature |
16:34.55 | dreamss | i think u killed kirk ::P |
16:35.03 | Kirkburn | :O |
16:35.30 | ScytheBlade1 | Well he IS on XP... so maybe ;) |
16:35.45 | dreamss | make Norton and some retarded Linksys / Netgear routers shit on the connection. |
16:36.02 | Riffage | wireshark go? :P |
16:36.07 | dreamss | btw that was a kickass feature.. if it wasent limited to port 6667 |
16:36.16 | Kirkburn | I only use this PC for net browsing and IRC, my Vista PC does everything else :P |
16:36.16 | ScytheBlade1 | Heh, yeah |
16:36.24 | ScytheBlade1 | I'm connected to :8888 right now, iirc |
16:36.25 | |Jelly| | Oh look. Another wall of SHIRIK OWNING RUSH. |
16:37.22 | dreamss | whmm why a war is on coilskar cistern |
16:37.25 | dreamss | if he dosent mine |
16:37.28 | dreamss | or skin |
16:38.26 | *** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com) |
16:39.00 | *** join/#wowi-lounge Kalroth (n=kalroth@port114.ds1-hj.adsl.cybercity.dk) |
16:40.27 | pez| | heck, I want a itemlist instead of itemicons for ordering my guildbank >__0 |
16:42.28 | wereHamster | is any interesting theread on incgamers.com or is all the funny stuff already posted on forums.worldofwarcraft.com? |
16:42.44 | Shirik | incgamers is where it started |
16:42.45 | Shirik | and is locked |
16:42.47 | Cide | pez|: addons |
16:42.52 | Shirik | but yeah have fun, especially starting with my post :D |
16:43.03 | Shirik | http://wow.incgamers.com/forums/showthread.php?t=405983 |
16:43.26 | pez| | Cide: Workin on it ;P |
16:43.27 | ScytheBlade1 | Bah, requires a login |
16:43.36 | wereHamster | incgamers requires registration, and unless I get heaps of fun for it I won't do it ;) |
16:43.50 | ScytheBlade1 | Same. |
16:44.00 | ScytheBlade1 | Anyone want to change their password and distribute? ;) |
16:44.05 | wereHamster | bugmenot anyone? |
16:44.41 | Shirik | |Jelly| was amused by my posts |
16:44.49 | ScytheBlade1 | rofl |
16:44.54 | ScytheBlade1 | There IS a bugmenot for them |
16:45.04 | |Jelly| | Jelly was amused by the posts on the UI forums. I'm not going to register there. |
16:45.11 | ScytheBlade1 | Oh bah, it's been disabled |
16:45.42 | wereHamster | let's set up another one, bugmenot provides free email accounts :) |
16:46.27 | ScytheBlade1 | haha |
16:46.31 | |Jelly| | Is it just me or on Page 1/2 did Rush deny that there was a Trojan...and then on Page 3, he says "Nobody is denying a trojan exists." ? |
16:47.00 | malreth | better screenshot or quote it before he changes his tune, |Jelly| |
16:47.03 | ScytheBlade1 | Not just you. |
16:47.14 | |Jelly| | malreth: roflamo |
16:47.37 | |Jelly| | <PROTECTED> |
16:48.19 | pez| | read some of that earlier today, interesting read. |
16:48.43 | cog|work | anyone mind taking a moment away from the UICENTRAL thread and addressing something else? I'm all alone over here... http://forums.worldofwarcraft.com/thread.html?topicId=3168479124&sid=1 |
16:49.03 | |Jelly| | Jesus Cog. It's always about you, isn't it? :P |
16:49.15 | cog|work | that's the thing... i don't want it to be all about me :P |
16:49.27 | ScytheBlade1 | Holy walls of text |
16:49.33 | ScytheBlade1 | That'll take me a minute to read |
16:49.55 | Shirik | omg |Jelly| |
16:49.56 | zenzelezz | is there something wrong with the Armory? Keep getting "An error has occurred." |
16:49.57 | |Jelly| | I see like 7 posts by Cog in a row. :\ |
16:49.58 | Shirik | he edited that thread!! |
16:50.03 | Shirik | He deleted half of my posts |
16:50.04 | Shirik | damn him |
16:50.07 | *** part/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com) |
16:50.08 | |Jelly| | rofl |
16:50.13 | Shirik | you can get the original version on the WoW forums |
16:50.15 | dylanm | zenzelezz: Happens all the time. |
16:50.15 | *** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com) |
16:50.15 | *** mode/#wowi-lounge [+v Cide] by ChanServ |
16:50.17 | Shirik | second page I started quoting him |
16:50.28 | cog|work | |Jelly|: which is exactly why i brought it up just now :P |
16:50.44 | cog|work | i'm tired of monopolizing the thread >< |
16:50.51 | |Jelly| | I guess I don't see what you need backup on, Cog. You seem to have everyone owned pretty well. :P |
16:51.12 | cog|work | Oh I know i own their faces for all eternity... |
16:51.25 | cog|work | but the fact that they don't realize that really irks the shit out of me |
16:51.27 | |Jelly| | By the way, I love the new sig. |
16:51.58 | |Jelly| | I'll keep the tab open and wait for a response. If I don't have one by the time I'm done _reading_ the uicentral thread, I'll post something. |
16:52.01 | dreamss | Bush Appointee investigating Rove calls IT to wipe drives: claims 'virus' <-- prolly plays wow |
16:52.02 | dreamss | ;) |
16:52.19 | Shirik | anyone having a problem with the wow forums? |
16:52.31 | cog|work | Shirik: besides the people posting on it? |
16:52.32 | cog|work | no |
16:52.33 | Shirik | maybe I got banned, haha :P |
16:52.36 | |Jelly| | OH NOES! THEY BANNED THE INTERNET! :P |
16:53.02 | Shirik | I keep getting "You may not use the World of Warcraft Community forums to:" ... bunch of rules "Please enter birth date" |
16:53.06 | Shirik | I enter birth date, that pops up again |
16:53.14 | *** join/#wowi-lounge Beladona (n=Beladona@24.129.136.26) |
16:53.14 | *** mode/#wowi-lounge [+o Beladona] by ChanServ |
16:53.18 | dreamss | cookie issue? |
16:53.19 | |Jelly| | that's strange |
16:53.20 | cog|work | cookies |
16:53.28 | Shirik | I was posting 5 minutes ago :/ |
16:53.35 | dreamss | ur not allowing wow to save cookies |
16:53.37 | dreamss | basicly |
16:53.40 | cog|work | ~fail Shirik |
16:53.41 | purl | Shirik: Fail. |
16:53.43 | cog|work | :P |
16:53.47 | wereHamster | Rushyman: hehe. I think Slouken is slightly more intellgient than getting involved in flame wars :) I guess Rushy is less so |
16:53.54 | Shirik | how did cookies get disabled?! |
16:53.55 | Shirik | bah |
16:53.57 | ScytheBlade1 | cog|work: posted |
16:54.55 | dreamss | anyone have the binary of this trojan handy? i like to disasemble it a bit |
16:55.13 | Lopeppeppy | No disassemble Johnny-5. |
16:55.20 | |Jelly| | PEPPY! |
16:55.22 | dreamss | :( |
16:55.33 | zenzelezz | see, talk about cookies and she wakes up |
16:55.38 | Lopeppeppy | Morning, |Jelly|-dear. |
16:56.27 | Shirik | dreamss: Which one? |
16:56.33 | Shirik | There are several packages you can play with |
16:56.39 | dreamss | fun |
16:56.41 | art3mis | umm |
16:56.42 | Shirik | each with its own unique features |
16:56.52 | art3mis | if wowdigger.com isnt his site why is it in his signature? |
16:57.04 | dreamss | i want to see if any were irc based so i could take over their botnet |
16:57.09 | Shirik | ScreenhotConverter.exe goes to incgamers.com and downloads an exe, runs it with permissions, and then deletes itself |
16:57.24 | Shirik | that exe runs itself, injects a service into lsass.exe, and then deletes itself |
16:57.26 | dreamss | !dos forums.worlfofwarcraft.com :P |
16:57.45 | Shirik | that service infects mouse.dll and an IME dll which then provides a keylogging capability |
16:58.07 | dreamss | someone gonna have to format |
16:58.08 | dreamss | gezz |
16:58.10 | art3mis | i bet it logged more than wow stuff too |
16:58.17 | art3mis | it just spawned on wow ;) |
16:58.18 | Shirik | As far as I can tell it's only WoW |
16:58.23 | Shirik | it looks for that exact process |
16:58.33 | art3mis | if you've got wow open in windowed and browse the web..... |
16:58.39 | wereHamster | Can WoW be run without admin privileges? |
16:58.41 | dreamss | lsass.exe is the shittiest idea ever, i swar |
16:58.41 | Shirik | fair enough |
16:58.52 | art3mis | were: yup |
16:58.54 | dreamss | wereHamster, of course |
16:59.21 | wereHamster | .. many apps can't :( |
16:59.38 | ScytheBlade1 | wereHamster: every Blizzard game can, file system permissions permitting. |
16:59.44 | dreamss | games only access registry, and most use a user dir for saves |
17:00.03 | dreamss | u need admin to install sometimes tho |
17:00.13 | dreamss | and access windows dir |
17:00.15 | Shirik | actually |
17:00.27 | ScytheBlade1 | You don't have to install in Program Files |
17:00.29 | Shirik | WoW does need admin privileges due to the way it manipulates files |
17:00.35 | wereHamster | can a non-admin app register a dll with lsass.exe? |
17:00.38 | Shirik | if you install in Program Files folder, it will need admin |
17:00.58 | Shirik | wereHamster: I don't believe so, but the installer requests admin privileges anyway |
17:01.15 | Shirik | so ScreenhotConverter.exe will be spawned with admin, which means the next exe will be spawned with admin |
17:01.32 | Shirik | (Permissions can be and by default are inherited) |
17:02.24 | Shirik | and once it's a service, iirc, it automatically is given admin at startup |
17:02.30 | Shirik | what's the #1 purpose of a service |
17:02.40 | Shirik | is that it becomes a system process instead of a user one |
17:03.16 | *** join/#wowi-lounge Valaron|Work (n=esochan@132.241.2.13) |
17:03.27 | dreamss | yeah once u use lsass the system is fucked |
17:03.51 | art3mis | i love how every post that rushy posts on the wow forums contains [edited by rushyman] at the bottom |
17:04.03 | art3mis | he should just make that his sig |
17:05.20 | *** join/#wowi-lounge Lin (n=igor@unaffiliated/lincity) |
17:06.09 | Lopeppeppy | It's pretty common in a hot debate to post a blank post so that you can hold your "spot" in the flow of the debate, and then take your time to analyze the stuff above you. Always seems odd to me, but whatever. |
17:06.11 | Lin | hi all! |
17:06.29 | Shirik | hi Lin |
17:06.41 | Lin | ;-) |
17:06.41 | *** join/#wowi-lounge Ktron (n=khamer@WPIS-64-140-241-82.worldpath.net) |
17:06.42 | dreamss | thankfully u cant do that on irc |
17:07.11 | Lopeppeppy | Reality (such as it exists on the internet) is preserved in real-time chat. |
17:07.59 | |Jelly| | lol. just dropped my laptop |
17:08.21 | Shirik | lies |
17:08.27 | Shirik | he who types faster clearly has the upper hand |
17:08.33 | *** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
17:08.39 | Shirik | this cannot be denied |
17:08.48 | |Jelly| | YOUR FACE CAN NOT BE DENIED! |
17:08.51 | |Jelly| | sick burn |
17:08.54 | Shirik | your mom cannot be denied |
17:09.13 | |Jelly| | touché |
17:09.14 | Shirik | cmon, where's the comeback? |
17:09.17 | mikma | i like caps lock and i cannot lie |
17:09.25 | |Jelly| | I don't use caps lock. |
17:09.28 | Shirik | you other hackers can't deny? |
17:09.40 | |Jelly| | I'm one of those people that can type while holding down shift. :P |
17:09.42 | [dRaCo] | try something along the lines of "NO U!", jelly |
17:09.42 | mikma | shirik got it xD |
17:09.47 | dreamss | i have all your wow passwords and i cannot lie |
17:10.04 | |Jelly| | dreamss: No you don't! I didn't install the UICentral program! |
17:10.09 | art3mis | when a wall text thats capitalized you eyeballs can't deny you get SPRUNG |
17:10.17 | dreamss | u installed wow.exe |
17:10.31 | |Jelly| | No I didn't! |
17:10.35 | dreamss | jelly's pass is "ponnies" |
17:10.38 | |Jelly| | There is no wow.exe on my machine! |
17:10.46 | |Jelly| | Oh sorry...taking Rush's stance on things. |
17:10.49 | Polarina | Ding 70! |
17:10.51 | Shirik | you other hackers can't deny. When a noob walks in, I take all her weapons, then she's a hot naked BE and you get SPRUNG |
17:10.52 | Shirik | haha |
17:10.53 | |Jelly| | GRATS! |
17:10.54 | art3mis | dreamss: thats his pass on www.barnyardsex.com |
17:11.01 | Shirik | ok |
17:11.04 | dreamss | and bank account |
17:11.07 | dreamss | but hes broke.. |
17:11.17 | art3mis | well baryard isnt cheap ;) |
17:11.31 | |Jelly| | iTunes isn't opening. This is making me mad. |
17:11.37 | Shirik | is there a window behind? |
17:11.39 | zenzelezz | finally replaced my last blue last night... took ages to get something to replace the Devilshark Cape |
17:11.43 | Shirik | I always get this stupid popup that I have to find |
17:11.44 | Shirik | and click OK |
17:11.48 | Shirik | it's annoying as hell |
17:12.00 | Shirik | it doesn't come up on the task bar or anything |
17:12.04 | |Jelly| | ./sigh |
17:12.05 | dreamss | itunes is the main reason i dont own an ipod |
17:12.23 | |Jelly| | Choose Library. THE ONLY F**KING ONE I HAVE! |
17:12.24 | art3mis | i would have gone with you being a hobo as a reason |
17:12.42 | dreamss | oh wait, itunes is #2 |
17:12.45 | dreamss | art is right |
17:13.05 | |Jelly| | I like itunes |
17:13.22 | Shirik | So |Jelly|, that was it? |
17:13.23 | Lopeppeppy | I like.... dayquil. A lot. |
17:13.27 | |Jelly| | Yes. |
17:13.31 | Shirik | stupid itunes |
17:13.32 | |Jelly| | ~facepalm |
17:13.33 | purl | ACTION facepalms at the situation |
17:14.34 | art3mis | myquil has a better slogan though |
17:14.39 | art3mis | nyquil |
17:14.54 | art3mis | i can never remmeber anything more than "bright eyed, bushy tailed" |
17:15.02 | art3mis | for dayquil |
17:17.03 | *** join/#wowi-lounge Gryphen (n=gryphon@71.216.187.10) |
17:17.35 | Shirik | dreamss: Still want that executable? |
17:17.45 | Shirik | pop quiz to anyone, what is incgamersi.com? |
17:18.04 | dreamss | sounds like u guys have done evrything |
17:18.37 | wereHamster | Shirik, 218.85.132.165:8383 |
17:18.43 | Shirik | well... thank you >< |
17:18.45 | Shirik | I figured that one out |
17:18.59 | Shirik | I just realized after having sifted through all my logs |
17:19.07 | Shirik | I didn't realize it was incgamersi.com instead of incgamers.com |
17:19.13 | Lin | is professions skill limited per level as weapons? |
17:19.22 | dreamss | no |
17:19.26 | Shirik | That is where it connected to get piece #2 of the puzzle |
17:19.36 | Lin | <PROTECTED> |
17:19.39 | dreamss | its limited by level but not per |
17:19.46 | wereHamster | San Zhang web@domain.com |
17:19.50 | Lin | dreamss: got it. |
17:20.04 | wereHamster | Fujian province,Xiamen City, Xiamen Hainan 361004 |
17:20.05 | Lin | dreamss: where can I see these limits? |
17:21.12 | ScytheBlade1 | Lin: it's +5 total every level... at level 15, I have a cap of 75 |
17:21.20 | ScytheBlade1 | Oh, professions skill |
17:21.28 | Lin | ScytheBlade1: yes.. professions.. not weapon. |
17:21.41 | ScytheBlade1 | The only limits are you need level 30(35?) to train 300, and 55 to train 375. |
17:22.02 | Lin | ScytheBlade1: and 20? what is the limit? |
17:22.14 | ScytheBlade1 | Er? 20...? |
17:22.18 | Lin | yes! |
17:22.19 | dreamss | 175 ? |
17:22.42 | Lin | dreamss: hmm this is not included First aid =D |
17:22.49 | dreamss | i dunno.. google |
17:24.52 | |Jelly| | !c us burning legion jelly |
17:24.54 | ThraeBot | |Jelly|: Jelly, Level 70 Blood Elf Priest (23/38/0). 6621 HP; 9885 Mana; 343 mana regen; 162 mp5; 612 +spell dmg; 1627 +heal; 5.06% dodge; 18 resilience;[[ TBR: 760 ][ Link: http://tinyurl.com/yrmc88 ][ Talents: http://tinyurl.com/2mw2d7 ][ Updated: Thu Nov 29 12:24:54 2007 EST ]] |
17:29.16 | Shirik | !vs us drenden kimina us burning legion jelly |
17:29.19 | ThraeBot | Shirik: Kimina vs Jelly! Two 70 priests square off!; 20/41/0 vs 23/38/0; Kimina wins by 98 TBRs! |
17:29.36 | |Jelly| | Kimina fucking hacks. Everyone knows it. |
17:29.56 | Shirik | actually I was the one who made this keylogger thing |
17:29.58 | zenzelezz | !vs us drenden kimina eu silvermoon zenzio |
17:30.06 | Shirik | so I can log into your account and make you naked before I run these !vs commands |
17:30.18 | zenzelezz | stupid armory |
17:30.59 | ThraeBot | zenzelezz: I failed on the second listed character. You half-fail. |
17:31.19 | zenzelezz | no I don't, the website does |
17:32.38 | JoshBorke | !vs us drenden kimina us stormreaver dagh |
17:32.40 | ThraeBot | JoshBorke: Kimina vs Dagh! Two 70 priests square off!; 20/41/0 vs 14/0/47; Dagh wins by 236 TBRs! |
17:32.54 | Shirik | wtf |
17:32.57 | Shirik | what happened to you being holy?! |
17:33.07 | JoshBorke | Shirik: i healed on VR |
17:33.13 | JoshBorke | and promptly changed my mind |
17:33.17 | Shirik | weak. |
17:33.25 | JoshBorke | i was #2 on healing done though |
17:33.33 | JoshBorke | with 20%? overheal |
17:34.00 | JoshBorke | which was #2 on overheal |
17:34.05 | Shirik | going to try to get an hour of sleep now |
17:34.06 | Shirik | ttyl |
17:34.07 | JoshBorke | #1 healing and #1 overhealing were a paladin |
17:34.08 | JoshBorke | nn |
17:35.01 | |Jelly| | Night Shirik |
17:38.33 | Xuerian | lol. |
17:38.46 | Xuerian | All in the name of ease of use |
17:38.53 | dylanm | Whatever it takes to stop idiots from using dev versions |
17:40.09 | Lopeppeppy | Download and install by hand. .exe doesn't even ahve to happen. |
17:43.58 | *** join/#wowi-lounge kaiden|work (n=kaiden@63.229.62.12) |
17:47.11 | *** join/#wowi-lounge cncfanatics (i=evolve@106.152-240-81.adsl-dyn.isp.belgacom.be) |
17:48.53 | cncfanatics | hello all |
17:50.00 | malreth | YO! |
17:50.17 | cncfanatics | yo |
17:50.17 | cncfanatics | :p |
17:50.35 | kaiden|work | cncfanatics, hussy <3 ;) |
17:55.24 | Lopeppeppy | Wait... competition for the title? |
17:57.45 | kaiden|work | Lopeppeppy, lol ;) |
17:57.49 | kaiden|work | you can be a hussy too |
17:57.51 | kaiden|work | everyone can |
17:57.56 | Lopeppeppy | Oh, that's okay then. |
17:58.31 | zenzelezz | don't suppose anyone knows of a quality one-piece Naxxramas video? Only ones I've found are either too short or not to my taste, mostly everyone seems to have just made videos of the individuals fights/wings |
17:59.22 | Mr_Rabies2 | did anyone do the whole instance in one night really? |
17:59.39 | Mr_Rabies2 | oh |
17:59.41 | zenzelezz | doesn't have to be done in one night to be a one-piece video |
17:59.42 | Mr_Rabies2 | durh |
17:59.46 | Mr_Rabies2 | yeah |
17:59.48 | Mr_Rabies2 | i wasn't thinking |
17:59.59 | Mr_Rabies2 | but yeah, it'd probably still be a pretty long video D: |
18:00.06 | zenzelezz | aye |
18:00.27 | zenzelezz | well, it's what, fourteen bosses? Too fast for me when the total video is 10 minutes then :-| |
18:01.04 | kd3 | heh. it appears that the UICentral thread has disappeared from wowblues |
18:01.10 | *** join/#wowi-lounge Thunder_Child (i=Thunder_@cpe-76-171-184-46.socal.res.rr.com) |
18:02.27 | *** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten) |
18:02.27 | *** mode/#wowi-lounge [+v Kaelten] by ChanServ |
18:02.33 | *** join/#wowi-lounge Matrix110 (i=blubb@pD957FDDC.dip.t-dialin.net) |
18:03.27 | kaiden|work | Rushter seems like he's working hard to hide his screwup |
18:04.09 | Mr_Rabies2 | http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=280178750924&_trksid=p3907.m32&_trkpa |
18:04.13 | Mr_Rabies2 | bwahahhaa |
18:04.22 | Fisker- | poor rushter kaiden|work |
18:04.32 | Fisker- | what is he trying to hide? |
18:05.39 | *** join/#wowi-lounge Legorol (i=Legorol@dhcp-83-219-109-95.customers.tvtnet.ch) |
18:05.39 | *** mode/#wowi-lounge [+v Legorol] by ChanServ |
18:12.45 | *** join/#wowi-lounge leethal (n=leethal@cm-84.215.168.253.getinternet.no) |
18:18.08 | Fisker- | fragile alliance |
18:18.25 | Fisker- | nooo |
18:19.04 | Shadowed | Fisker- read the UI forums |
18:19.04 | Fisker- | so talk |
18:19.17 | Fisker- | ah still the wowace stuff? |
18:19.26 | Fisker- | thought that was resolved |
18:20.04 | Lopeppeppy | Wowace? UI Central. |
18:20.20 | [Ammo] | trojan in the uicentral package |
18:20.22 | Fisker- | yeah ui central was offering wowace addons? |
18:20.23 | [Ammo] | nothing to do with wowace |
18:20.25 | zenzelezz | I'd not even heard of this UI Central until today |
18:20.32 | cog|work | Fisker-: that's not what this is about |
18:20.36 | Fisker- | oh |
18:20.38 | Lopeppeppy | This is another different thing. |
18:20.50 | Lopeppeppy | Easily confused, as it's similar and the same site invovled. |
18:21.26 | Fisker- | link me :P |
18:21.35 | cog|work | it's not hard to find... |
18:21.35 | Fisker- | this is relevant to my interests |
18:21.38 | cog|work | slouken posted in it |
18:21.48 | Fisker- | ah |
18:22.04 | Fisker- | didn't know you meant official forums |
18:22.16 | Lopeppeppy | Oh, quite. |
18:23.17 | Fisker- | ahahha |
18:23.20 | Fisker- | it's not on wowblues.com |
18:23.27 | Fisker- | guess i gotta change back to blue.cardplace.com then |
18:24.45 | wereHamster | I'm gonna register wowjazz.com :) |
18:25.05 | wereHamster | err.. wowrap.com |
18:25.18 | Thunder_Child | ~lart wereHamster |
18:25.18 | purl | eats wereHamster and falls over dead |
18:27.15 | wereHamster | ~mourn purl |
18:27.16 | purl | ACTION lights some candles for purl |
18:27.43 | Lopeppeppy | Elmo needs more acid. |
18:28.25 | Thunder_Child | right, because elmo wasnt weird enough |
18:29.17 | Thunder_Child | though i do remember the elmo fad |
18:29.47 | Lopeppeppy | purl just made me have a flashback, that's all. |
18:30.45 | *** join/#wowi-lounge ckknight_ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com) |
18:33.22 | Thunder_Child | along with pogs, beanie babies, giga pets, wearing pajams to school, (painted rocks were a little before my time), and i think i ran out |
18:33.49 | Cide | http://cgi.ebay.com/ROCK-BAND-PS3-GUITAR-HERO-3-BUNDLE-SANTAS-HELPER-2-80_W0QQitemZ270190941684QQihZ017QQcmdZViewItem |
18:34.38 | Lopeppeppy | Cabbage Patch dolls, Atari video games, Chia pets, beanie babies, Pound Puppies, My Little Pony, Rainbow Brite, Care Bears and Garbage Pail Kids. |
18:35.29 | Mr_Rabies2 | that sounds like a good way to wind up with a dead model |
18:35.36 | Thunder_Child | i think that chia pets ended up being more for adults than kids |
18:37.03 | Lopeppeppy | I think Chia Pets ended up being the lump of coal in a lot of people's "white elephant" gift exchanges. |
18:37.47 | wereHamster | Cide, she's got a friend: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&rd=1&item=270191155384&ssPageName=STRK:MESE:IT= |
18:38.21 | Cide | not as hot though |
18:38.54 | Fisker- | btw kaiden|work |
18:39.02 | Fisker- | remember that you support child porn |
18:39.04 | Fisker- | and abuse |
18:39.09 | Fisker- | so i don't believe you about ui central!1 |
18:40.35 | kaiden|work | Fisker-, excuse me? |
18:40.58 | Lopeppeppy | Ugh with the smear and counter smear. |
18:41.13 | Fisker- | kaiden|work didn't you see that newspost rushter made? |
18:41.34 | kaiden|work | no, i've only read the official forums |
18:41.36 | Fisker- | essentially said that the ui sites related to affinity was supporting child porn |
18:42.31 | ScytheBlade1 | Bah, why not |
18:42.37 | ScytheBlade1 | I think I'm going to reboot and play with that trojan |
18:43.09 | ScytheBlade1 | (On a live windows install ;P) |
18:43.53 | kaiden|work | has anyone bothered running wireshark and watch what the trojan is trying to do |
18:43.57 | kaiden|work | in terms of connections outbound? |
18:44.00 | ScytheBlade1 | That's what I'm about to do |
18:44.02 | ScytheBlade1 | Back in a moment |
18:44.06 | kaiden|work | or is it all he said she said.. it looks like this or looks like that |
18:44.31 | *** join/#wowi-lounge Daede (i=Daede@d47-69-127-141.nap.wideopenwest.com) |
18:44.55 | Fisker- | i hope i can his site removed from the fsp |
18:45.05 | Fisker- | but i doubt it |
18:45.13 | Daede | hey, I sent an update for 1.2.5 of my interface, thenb realized i left the bliz addons in, so i set 1.2.5a directly after that. please make note of that when you're looking through the queue |
18:45.13 | Fisker- | +get |
18:45.21 | *** join/#wowi-lounge Lunessa (n=Lunessa@129.7.88.193) |
18:45.28 | Lunessa | STATION! |
18:47.10 | amro | is there a way to make wow report syntax errors again? |
18:47.19 | Daede | ? |
18:47.28 | kd3 | esc -> interface -> show Lua errors |
18:47.38 | Daede | nice |
18:48.20 | amro | usually when there's a syntax error in a lua file a message box shows up on login/reloadui, it's not happening |
18:48.30 | amro | kd3: it's set |
18:48.48 | Daede | oh |
18:48.52 | kd3 | do you have any enhanced error log mods running? |
18:48.53 | Daede | do you have swatter? |
18:48.55 | wereHamster | kaiden|work, shirik analyzed the trojan a bit |
18:49.22 | ScytheBlade1 | Indeed he did... I'm just going to poke at the protocol and servers involved |
18:50.01 | Shirik | kaiden|work: Yes, I have.. pretty specific details on how it works :) |
18:50.14 | amro | swatted swatter and it works, thanks |
18:50.22 | *** join/#wowi-lounge KarlThePagan (n=andross@lanip-170-65.go180.net) |
18:50.38 | Daede | makes my life so much easier |
18:51.07 | amro | if it breaks syntax error reporting, that's really lame |
18:51.34 | Daede | i know it captures any error worth reporting *shrug* |
18:52.22 | kd3 | <PROTECTED> |
18:52.36 | kaiden|work | Shirik, I understand you analyzed the file but running decompilers on an executable doesn't always tell you what's really going on whereas a packet capture will tell you exactly what it's sending and receiving |
18:52.50 | kaiden|work | Shirik, not saying you didn't do good, i'm just trying to add ammunition to the firefight |
18:52.51 | kaiden|work | :) |
18:52.57 | Shirik | I didn't use a decompiler |
18:53.02 | Daede | iptraf is your friend |
18:53.20 | ScytheBlade1 | Whee, it's downloading the trojan now |
18:53.36 | Shirik | I used a disassembler. After that, Antiarc and I have been logging the packets for quiet some time now, and we intend to make use of this information later |
18:53.36 | ScytheBlade1 | That's a lot of XML |
18:53.56 | kd3 | ya know, part of me is still in shock that slouken actually touched that thread. |
18:54.18 | cog|work | kd3: same |
18:54.32 | Daede | so where did you guys find this keylogger? not in someone's interface, i hope.. |
18:54.36 | ScytheBlade1 | kd3: I thought the same, then I realized what he was really saying - "not our fault, not our problem, you need to be self aware" |
18:54.49 | zenzelezz | actually worse than in an addon |
18:54.53 | Shirik | Daede: UICentral |
18:55.02 | kaiden|work | Shirik, all i'm saying is there are any number of reasons why something labeled ScreenshotConverter would have network hooks.. what if they called it externally with a url that way it could grab a proprietary screenshot and convert it to a format their program could use |
18:55.08 | cog|work | Daede: addons can't have keyloggers |
18:55.12 | kaiden|work | Shirik, i'm not trying to validate UICentral by any means.. |
18:55.17 | kaiden|work | just trying to understand what's going on |
18:55.44 | Fisker- | i still don't believe that trojan thingy because you all support child porn :( |
18:55.45 | Fisker- | including me |
18:56.11 | Shirik | kaiden|work: There aren't many reasons it could connect to the network, download a file named Updata.exe from a chinese IP, execute that program with full permissions, then that program downloads another file, injects it as a service into lsass.exe, then both files delete themselves... |
18:56.31 | Shirik | then that service infects mouse.dll and some other IME dll |
18:56.51 | amro | yep it's pretty clear there's something shady going on |
18:56.51 | Shirik | and then continues sending data constantly over to that same chinese IP every time you open WoW |
18:56.56 | kaiden|work | well see that's more that i knew before |
18:57.01 | Shirik | =) |
18:57.03 | kaiden|work | didn't know it was touching the mouse system |
18:57.17 | Daede | cog, i know, but someone could stick one in their interface cleverly disguised with a renaming routine in a custom addon *shrug* im just paranoid, i guess |
18:57.19 | ScytheBlade1 | Shirik: 218.85.132.165 ring any bells? |
18:57.20 | Shirik | but yes, I do have wireshark logs too |
18:57.32 | kaiden|work | Shirik, just making sure you have all your bases covered |
18:57.36 | Shirik | that is indeed an IP that is all over the logs ScytheBlade1 |
18:57.42 | ScytheBlade1 | That's what I thought |
18:58.03 | Shirik | kaiden|work: of course :) |
18:58.17 | Daede | shirik, this is a ui website installing this trojan? |
18:58.20 | kaiden|work | that ip is in australlia |
18:58.21 | sylvanaar_work | i just want to know how it got in there |
18:58.38 | Shirik | kaiden|work: I only say "chinese" because the site itself is written in chinese if you go to that IP |
18:58.40 | Shirik | I didn't bother to look it up |
18:58.59 | kd3 | as do we all |
18:59.32 | Shirik | Daede: No they really couldn't |
18:59.45 | Shirik | WoW will not execute binary files, only uncompiled Lua scripts |
18:59.57 | Daede | fair enough |
18:59.58 | ScytheBlade1 | Shirik: that executable it downloads... where do they save it? |
18:59.59 | kaiden|work | Shirik, what's the url it's downloading updata.exe from? |
19:00.01 | cog|work | Daede: that would still require packaging up an exe, bat, or other executable file |
19:00.06 | cog|work | and getting the user to run it |
19:00.13 | Daede | i wont pretend to know more about how it works than i do.. i only maintain a compilation |
19:00.37 | Shirik | kaiden|work: http://wowui.incgamersi.com/updata.exe <-- WARNING TO ALL OTHERS, DO NOT GO THERE |
19:00.43 | Daede | which someone should really approve so i can get back to the game.. |
19:00.53 | kaiden|work | written in .net? |
19:01.01 | kaiden|work | deobfuscation ftw? :] |
19:01.06 | ScytheBlade1 | Yes, it is written in .net |
19:01.17 | Daede | .net in and of itself is a security nightmare |
19:01.28 | Shirik | is it really? I tried to run reflector on it but it complained about a missing CLI header |
19:01.31 | Shirik | I don't think it's .net |
19:01.32 | kd3 | lol... and the trojan writers are getting lazy now. a trojan in .net? ahaha |
19:01.39 | ScytheBlade1 | The ScreenshotConverter.exe is |
19:01.43 | ScytheBlade1 | Pretty sure, anyways |
19:01.48 | Shirik | Whatabout ScreenhotConverter? |
19:01.53 | ScytheBlade1 | It's .net |
19:01.54 | Shirik | there's a difference ;) |
19:02.04 | ScytheBlade1 | lol, meh |
19:02.15 | amro | "Could not connect to host www.wowinterface.com." can anyone reach it? |
19:02.29 | Industrial | fine here |
19:02.34 | Shirik | works for me |
19:02.37 | Daede | so basically i should just blacklist incgamers.com? |
19:02.55 | ScytheBlade1 | That's odd.. I don't have any registry entries |
19:03.40 | kaiden|work | well you can always go one better |
19:03.49 | ScytheBlade1 | Oh they changed the service |
19:03.56 | ScytheBlade1 | That's dirty, I actually USE that service |
19:04.19 | Daede | and one better being? |
19:04.44 | Daede | btw looks like soemone approved it |
19:05.03 | Daede | Get the latest DaedeUI only at WoWInterface.com! http://www.wowinterface.com/downloads/info7826-DaedeUI.html |
19:05.18 | Daede | xD |
19:06.40 | amro | congrats |
19:07.46 | Industrial | I bet it has unitframes actionbars chat mods info bars and raid frames! |
19:08.09 | Daede | among a lot of under the hood stuff that makes playing the game and being productive a lot easier |
19:09.21 | Daede | lightheaded+mobmap+levelator=really easy questing |
19:09.37 | ScytheBlade1 | Oh, heh |
19:09.38 | ScytheBlade1 | Whoops |
19:09.46 | ScytheBlade1 | That's what I get for suspending lsass.exe |
19:11.14 | Daede | i dont know about suspending lsass but if you terminate it it just restarts |
19:11.19 | ScytheBlade1 | I suspended it in process explorer... and then did something which required it functioning... |
19:11.27 | ScytheBlade1 | Locked up process explorer nicely |
19:11.32 | Daede | heh |
19:12.22 | ScytheBlade1 | Bah, it's still loaded post hard reset |
19:12.23 | ScytheBlade1 | Hmm |
19:13.27 | Daede | I'm Mr. T and this is my Night-Elf Mohawk |
19:13.42 | Lopeppeppy | *laugh* |
19:13.49 | Daede | i love that commercial |
19:14.15 | Daede | "Uhh, T, there's no such thing as a Night-Elf Mohawk" "SHUTUP FOO, now as I was saying.." |
19:14.18 | Lopeppeppy | I sorta like the shaman one better. |
19:15.12 | ScytheBlade1 | Wow, access denied to changing service startup paramaters |
19:15.18 | ScytheBlade1 | This is a somewhat competent trojan |
19:15.35 | Daede | i think bliz should hold L70ETC concerts regularly.. charge like 5g to get in |
19:16.00 | Antiarc | ScytheBlade1: Yeah, I have the DLLs if you want to poke at them in a disassembler |
19:16.17 | amro | ScytheBlade1: I'm beginning to think this is you http://imgs.xkcd.com/comics/network.png |
19:17.20 | ScytheBlade1 | Antiarc: I've got them here... just found them in memory and suspended the thread.. working on terminating them from my system now ;) |
19:18.54 | ScytheBlade1 | lol, it's vulnerable to the old "rename and reboot" trick |
19:18.55 | ScytheBlade1 | hahaha |
19:19.04 | ScytheBlade1 | So close to being a quality trojan |
19:19.23 | Lopeppeppy | Y'all make give me the shivers, having fun poking at a keylogger. |
19:19.25 | *** join/#wowi-lounge Antiar1 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net) |
19:19.44 | ScytheBlade1 | Lopeppeppy: I've got a second one here, if you're interested |
19:19.55 | ScytheBlade1 | Somewhere... |
19:20.14 | kd3 | meh. I handed it to the professor who teaches the security elective in the CS program. he's going to hand it to the wow players in his class and let them have fun with it |
19:20.24 | ScytheBlade1 | lol nice |
19:20.30 | *** join/#wowi-lounge malreth (i=817441e9@gateway/web/cgi-irc/ircatwork.com/x-702fcd28c443b069) |
19:21.46 | ScytheBlade1 | And it's gone |
19:21.52 | Lopeppeppy | Gods.... y'all would poke at the Black Death in a petri dish, wouldn't ya? |
19:22.12 | kd3 | if I was similarly inclined to biology? probably |
19:22.13 | Antiar1 | Hell yes. |
19:22.41 | Antiarc | I was super safe and did mine in a VM >_> |
19:22.58 | ScytheBlade1 | I'm doing it on my live windows partition. Complete with a copy of WoW that I use. |
19:24.00 | kd3 | https://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=6 |
19:24.08 | kd3 | lol, it continues |
19:24.30 | ScytheBlade1 | And clean |
19:24.54 | malreth | you just gotta wonder what's really going on at uicentral |
19:25.00 | ScytheBlade1 | No kidding |
19:25.58 | Industrial | Daede: I cant find mobmap |
19:26.02 | malreth | maybe they smack babies... and their names are Mr. Babysmack... and they inject puppies with AIDS |
19:26.07 | Fisker- | FUCK kd3 |
19:26.09 | Gngsk | is that thread gonna get locked? |
19:26.22 | Fisker- | another reason to buy an US account |
19:26.28 | *** join/#wowi-lounge Antiar1 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net) |
19:26.30 | Fisker- | this is fuckign awesome |
19:26.39 | Fisker- | awesome to the max |
19:26.46 | kd3 | there was a thread in general. dunno if it's still kicking |
19:27.26 | ScytheBlade1 | Kicking? Not really |
19:30.00 | wereHamster | Latest news on wow.incgamers.com: Blizzard Learning by Their Mistakes. Oh the irony |
19:31.09 | malreth | the damage to incgamers in the mindshare of the community is irreparable |
19:31.54 | *** join/#wowi-lounge Shirik|Ecole (n=nospam@conspiracy/developer/Shirik) |
19:31.55 | *** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ |
19:32.11 | ScytheBlade1 | .... wait, there's ANOTHER trojan on their website? |
19:32.19 | Shirik|Ecole | j'ai retourne! |
19:32.20 | Shirik|Ecole | ooh |
19:32.22 | Shirik|Ecole | what other one?! |
19:32.24 | malreth | either they're pure evil maniacs that inject puppies with AIDS and cancer or someone has gone through a lot of trouble to make them look like the debil |
19:32.31 | Shirik|Ecole | show me show me!!! |
19:32.34 | ScytheBlade1 | Page 6 of said thread |
19:32.38 | ScytheBlade1 | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=6 |
19:32.53 | ScytheBlade1 | Probably the same thing |
19:32.58 | *** join/#wowi-lounge Antiar2 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net) |
19:33.03 | *** join/#wowi-lounge cladhaire (n=cladhair@c223.worc.ox.ac.uk) |
19:33.04 | *** mode/#wowi-lounge [+o cladhaire] by ChanServ |
19:33.22 | Daede | i think im gonna buy my kids this for xmas http://www.pcsurplusonline.com/viewprod.cfm?ID=13793 |
19:34.50 | malreth | half a gig of ram... |
19:35.00 | Daede | and a 2g processor |
19:35.06 | Daede | works for me |
19:35.23 | malreth | how are they expected to download torrents on a machine like that? |
19:35.30 | malreth | :O |
19:35.48 | Daede | the oldest is 11, im not worried about them downloading torrents |
19:36.01 | kaiden|work | oooh |
19:36.03 | kaiden|work | loving this |
19:36.05 | kaiden|work | GetSystemDirectoryW |
19:36.09 | Lopeppeppy | But... how will they *learn* to torrent? |
19:36.36 | malreth | Daede: kids are smarter every day |
19:36.44 | Daede | ur telling me this? |
19:36.53 | Daede | i have 3, got it figured out =P |
19:37.05 | malreth | Daede: did they teach you how to spell too? |
19:37.07 | Lopeppeppy | No... *they* have it all figured out! :) |
19:37.12 | Daede | hush |
19:37.13 | malreth | :D |
19:37.54 | kaiden|work | not sure who cares.. but from what i can see from that program Updatea.exe it writes itself to the system, adds itself to autostart in the registry |
19:38.05 | kaiden|work | creates a file and latches onto the wow process in memory |
19:38.09 | Antiar2 | Yup |
19:38.10 | kaiden|work | and outputs text that it see's |
19:38.59 | malreth | Antiarc, what news have you to bring from the hills? |
19:39.28 | kaiden|work | anyone here actually ran that updatea.exe on a clean system? |
19:39.36 | kaiden|work | if so can you please tell me if it add's anything to the "hosts" file |
19:39.39 | ScytheBlade1 | kaiden|work: I *could* right now |
19:39.41 | kaiden|work | \windows\system32\drivers\etc\hosts |
19:39.41 | ScytheBlade1 | lol |
19:39.42 | malreth | Harvest time draws near and the villagers fear for their safety from maruauders |
19:39.47 | Antiarc | kaiden|work: I ran it on a VM |
19:39.49 | Antiarc | I'll check |
19:39.58 | ScytheBlade1 | No it does not |
19:40.04 | wereHamster | I don't see Updatea.exe in the latest uicentral download |
19:40.05 | ScytheBlade1 | As my hosts file is clean still |
19:40.16 | kaiden|work | wereHamster, it never was |
19:40.19 | Antiarc | Hosts is clean. |
19:40.21 | kaiden|work | screenshotconverter.exe downloads it |
19:40.36 | kaiden|work | Antiar1, ok it must be creating a dns entry in the registry then |
19:40.39 | wereHamster | I don't have that exe either |
19:41.10 | Shirik|Ecole | bleh, had to go help these kids >< |
19:41.15 | Shirik|Ecole | so, other trojan *goes to look* |
19:41.29 | Antiarc | The original is gone |
19:41.38 | Antiarc | I'm going over filemon logs from a new install at the moment |
19:42.02 | wereHamster | maybe it refuses to install under wine :-/ |
19:44.19 | Antiarc | Well, it auto-ran Patcher.exe on install |
19:44.19 | Antiarc | But I don't know if that's malicious or not. |
19:44.19 | *** join/#wowi-lounge Valaron|Work (n=esochan@techshop.ecst.csuchico.edu) |
19:44.27 | Shirik|Ecole | that's scary |
19:44.37 | ScytheBlade1 | Nope, I'm trojaned still |
19:44.44 | ScytheBlade1 | Well, again |
19:44.58 | Shirik|Ecole | wait I don't have my kit on this computer |
19:44.59 | Shirik|Ecole | damnit! |
19:45.52 | Antiarc | 11:30:38 AMPatcher.exe:744QUERY INFORMATIONC:\PROGRA~1\CA\eTrust Antivirus\UI.exePATH NOT FOUNDAttributes: Error |
19:45.55 | Antiarc | That's a little interesting. |
19:46.03 | Antiarc | There's no eTrust Antivirus installed on this machine. |
19:46.05 | ScytheBlade1 | ... haha |
19:46.07 | Antiarc | Why would it look for that? |
19:46.08 | malreth | shirik: you're my hero... you fight for the users |
19:46.10 | ScytheBlade1 | "Little"? |
19:46.31 | Shirik|Ecole | Antiarc: rofl |
19:46.50 | Shirik|Ecole | malreth =) |
19:46.50 | ScytheBlade1 | Yup same trojan |
19:46.50 | ScytheBlade1 | wzcsvbc.dll |
19:46.50 | ScytheBlade1 | Again, rename/reboot and it's gone. |
19:46.50 | Shirik|Ecole | I feel kinda evil because I have all these programs on my computers, "crackers kit" "keygen" etc |
19:46.52 | malreth | but Tron fights for the programs... and he's 1337 so you're probably gonna lose |
19:47.04 | *** join/#wowi-lounge Thunder_Child (i=Thunder_@cpe-76-171-184-46.socal.res.rr.com) [NETSPLIT VICTIM] |
19:47.04 | *** join/#wowi-lounge Kirkburn (n=Kirkburn@82-32-40-219.cable.ubr06.azte.blueyonder.co.uk) |
19:47.04 | *** join/#wowi-lounge amro (n=amro@82.101.184.161) |
19:47.04 | *** join/#wowi-lounge MoonWolf (n=MoonWolf@i208248.upc-i.chello.nl) |
19:47.04 | *** join/#wowi-lounge KaoS` (i=spam@about/apple/macbookpro/KaoS) |
19:47.04 | *** join/#wowi-lounge Tain (n=tain@c-24-218-72-243.hsd1.ma.comcast.net) [NETSPLIT VICTIM] |
19:47.04 | *** join/#wowi-lounge kergoth (n=kergoth@neutrino.joshua-colp.com) |
19:47.04 | *** join/#wowi-lounge deltron (i=ryan@24-207-198-203.dhcp.stls.mo.charter.com) |
19:47.04 | *** join/#wowi-lounge Fisker- (i=xD@62.61.142.209.generic-hostname.arrownet.dk) |
19:47.04 | *** mode/#wowi-lounge [+v MoonWolf] by irc.freenode.net |
19:47.18 | Antiarc | A locksmith has lockpicks, but he is not evil! |
19:47.18 | Shirik|Ecole | but I use them for realistic purposes =) |
19:47.18 | Shirik|Ecole | realistic isn't the word but I couldn't think of the right one |
19:47.28 | sylvanaar_work | legitimate? |
19:47.36 | Shirik|Ecole | that works :) |
19:47.38 | Daede | yeah legit fits |
19:48.00 | *** join/#wowi-lounge Cidan (n=aj@ip68-98-130-180.dc.dc.cox.net) |
19:48.00 | malreth | i have a host of tools like that that I used to clean malware from people's computers |
19:48.13 | malreth | but that was back before rootkits were so commonplace |
19:48.17 | *** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk) |
19:48.22 | malreth | my skills haven't kept up with this new job |
19:48.23 | *** join/#wowi-lounge kaiden|work (n=kaiden@63.229.62.12) [NETSPLIT VICTIM] |
19:48.25 | kaiden|work | yay for netsplits |
19:48.29 | *** join/#wowi-lounge Pandya (n=Pandya@bb-87-81-181-46.ukonline.co.uk) |
19:48.45 | malreth | nowadays, it's just easier for me to ghost a machine that's infected |
19:48.48 | kaiden|work | now back to where i was.... it injects itself into services pretending to be the wireless zero config service that windows runs |
19:48.56 | ScytheBlade1 | Yup |
19:49.00 | Pandya | hai everybody! |
19:49.12 | kaiden|work | it puts itself in as \windows\system32\wzcsvbc.dll |
19:49.20 | ScytheBlade1 | Kill the thread with process monitor and it's gone |
19:49.31 | malreth | Pandya has a heart of pure black evil and it is said that he can stare into the souls of man! |
19:49.38 | kaiden|work | it creates an entry in dns telling the system that any attempt to access http://updateserviceaddress goes to a specific ip |
19:49.49 | Pandya | its true malreth |
19:49.57 | Cidan | nuke it from space, it's the only way to be sure. |
19:49.58 | Pandya | I try to hide it, but you know |
19:50.05 | wereHamster | kaiden|work, which IP? |
19:50.10 | kaiden|work | i can't find the ip |
19:50.12 | Cide | rushster's. |
19:50.14 | kaiden|work | all i see is what it's doing |
19:50.25 | wereHamster | incgamersi.com? |
19:50.28 | kaiden|work | gimme a second |
19:50.29 | Cide | (just kidding, don't take me seriously) |
19:50.30 | Pandya | lol wut |
19:50.31 | ScytheBlade1 | I lied, it's still resident |
19:50.31 | Shirik|Ecole | Cidan! |
19:50.32 | Pandya | rush? |
19:50.38 | Shirik|Ecole | I've been having so much fun, you're missing out on it |
19:50.54 | Cidan | Shirik|Ecole: I saw your IM, wth were you talking about? |
19:50.57 | Shirik|Ecole | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1 |
19:50.58 | Cidan | Shirik|Ecole: I was in class. |
19:51.03 | Shirik|Ecole | look for my post, first page :) |
19:51.15 | wereHamster | Cidan, that's no excuse! |
19:51.21 | Shirik|Ecole | and then if you're amused, read the rest of the forums |
19:51.26 | Shirik|Ecole | posts* |
19:51.34 | Pandya | incgamers nameservers were dead this morning |
19:51.34 | kaiden|work | basically the steps that it takes is.. it latches onto wow.exe looks to makes ure it's running |
19:51.37 | Pandya | made me a sad panda |
19:51.56 | kaiden|work | hooks to it, then runs urlmon.dll tand URLDownloadToFile to download another file |
19:52.22 | Shirik|Ecole | then immediately runs ShellExecuteEx() to execute that newly downloaded file, then deletes itself after confirming that it ran successfully |
19:52.24 | Antiarc | I actually suspect that's the publish mechanism, kaiden|work |
19:52.28 | Cidan | Shirik|Ecole: Shakespeare loved regexes too: /(bb|[^b]{2})/ |
19:52.29 | Cidan | lol |
19:52.33 | Shirik|Ecole | Cidan: hehe |
19:52.33 | Cidan | That so wins. |
19:52.36 | Antiarc | I think it's publishing user/passes via HTTP GET |
19:52.42 | kaiden|work | Antiarc, i think so too |
19:52.46 | Shirik|Ecole | Antiarc: That's how it gets Updata.exe |
19:52.53 | ScytheBlade1 | Antiarc: it sure isn't using plaintext though |
19:52.55 | kaiden|work | Shirik|AFK, naw, this is actually updata.exe |
19:53.00 | Shirik|Ecole | oh ok |
19:53.04 | Antiarc | Shirik|Ecole: I mean mouse.dll, once updata.exe is planted |
19:53.09 | Shirik|Ecole | got it :) |
19:53.17 | Shirik|Ecole | haven't really looked much at that yet, haven't had the time |
19:53.38 | Pandya | oo ye the question I meant to ask last night |
19:53.43 | Pandya | any decent replacements for dart? |
19:53.49 | Pandya | something else that makes me a sadpanda |
19:53.52 | Lunessa | EEPanels2 |
19:54.12 | Pandya | to the intertubes. |
19:54.14 | ScytheBlade1 | Okay, clean system again |
19:54.28 | Shirik|Ecole | oopsie |
19:54.32 | Shirik|Ecole | I might have just infected this system |
19:54.35 | Shirik|Ecole | oh well |
19:54.36 | ScytheBlade1 | lol |
19:54.39 | Shirik|Ecole | I don't use it for anything anyway |
19:54.42 | ScytheBlade1 | Rename/reboot, tada |
19:54.55 | Shirik|Ecole | what's the name of that dll again? |
19:54.57 | ScytheBlade1 | It's a somewhat stupid piece of malware |
19:54.59 | ScytheBlade1 | wzcsvbc.dll |
19:55.09 | ScytheBlade1 | wireless zero config service with a 'b' |
19:55.25 | Shirik|Ecole | in system32? |
19:55.29 | ScytheBlade1 | Aye |
19:55.31 | Shirik|Ecole | not there :/ |
19:55.31 | Shirik|Ecole | hrm |
19:55.31 | ScytheBlade1 | Hidden/system file |
19:55.34 | ScytheBlade1 | It is |
19:55.34 | Cidan | lol |
19:55.42 | Fisker- | we might support PC |
19:55.42 | Fisker- | CP |
19:55.44 | Antiarc | And mouse.dll |
19:55.49 | Fisker- | but we don's support trojans :D |
19:55.57 | Cidan | For fscks sake, if you're going to work with a live virus |
19:56.01 | Cidan | setup a VM |
19:56.07 | Shirik|Ecole | maybe I didn't infect my system ha |
19:56.11 | Shirik|Ecole | Cidan: I did |
19:56.13 | Shirik|Ecole | on my desktop |
19:56.20 | Shirik|Ecole | but they just released a new one I want to playyyy |
19:56.23 | Shirik|Ecole | and I'm at school |
19:56.23 | Cidan | lol |
19:56.36 | Antiarc | It's repacked without ScreenhotConverter.exe |
19:56.46 | Shirik|Ecole | yeah I noticed that |
19:56.50 | Cidan | I have an XP install just for working with any type of worm, etc. |
19:56.57 | Shirik|Ecole | so how does it get in? I'm going to look at UICentral.exe |
19:57.03 | kd3 | meh. it's a school computer. who cares if it gets infected |
19:57.12 | Shirik|Ecole | kd3: No it's definitely mine :P |
19:57.31 | Daede | haha |
19:57.40 | kd3 | oh, bleh. still. lab computers are always waiting to be absued |
19:57.42 | Pandya | just checked it out Lunessa, thanks! |
19:57.48 | kd3 | s/absued/abused/ |
19:57.58 | Daede | on my realm someone just asked if anybody sane plays wow, and people started spitting out their clinically diagnosed conditions |
19:58.25 | ScytheBlade1 | What in the crap |
19:58.33 | ScytheBlade1 | Anyone review the filemon logs? |
19:58.42 | kaiden|work | Shirik|AFK, have you attempted putting a fake CLI header into Updatea so that Reflector can decompile it? |
19:59.21 | Shirik|Ecole | nope, are you sure that it's .net? |
19:59.24 | Daede | take er easy people.. im out |
19:59.28 | kaiden|work | it looks like .net to me |
19:59.38 | kaiden|work | granted i can't see much of it |
19:59.38 | kaiden|work | :P |
19:59.44 | Antiarc | ScytheBlade1: I've been looking over them. What'd you find? |
20:00.30 | Antiarc | The new re-pack seems clean so far. |
20:00.37 | ScytheBlade1 | Antiarc: right when I start the installer, explorer starts searching for hundreds of seemingly random files - from .exe to .drv to .sys - Me2Cam.sys, CLIFFORD.exe, win98\setup.exe |
20:00.39 | kaiden|work | Shirik|AFK, i got it "reflected" |
20:00.43 | kaiden|work | it's written in .net 1.1 |
20:00.49 | ScytheBlade1 | And how new is the "new" repack? |
20:00.52 | *** join/#wowi-lounge malreth (i=817441e9@gateway/web/cgi-irc/ircatwork.com/x-df2eabb2d8588cf4) |
20:00.54 | Antiarc | Today |
20:01.00 | ScytheBlade1 | The one I downloaded a few moments ago is indeed trojaned |
20:01.39 | Antiarc | What's the filename? |
20:01.44 | ScytheBlade1 | Same as before |
20:01.49 | Antiarc | UICentral3-1196355777.zip is the new one |
20:01.49 | ScytheBlade1 | wzcsvbc.dll |
20:01.54 | ScytheBlade1 | Oh, that, sec |
20:01.55 | Antiarc | I meant the distribution |
20:02.05 | ScytheBlade1 | 1196355777.zip |
20:02.08 | ScytheBlade1 | Yup, same one |
20:02.17 | Shirik|Ecole | =( I can' get the trojan to install itself |
20:02.21 | Shirik|Ecole | maybe because I quit setup early |
20:02.23 | Antiarc | Hrm |
20:02.28 | Antiarc | I can't find the trojan in it |
20:02.35 | Antiarc | Are you sure it wasn't just remaining from the last install, ScytheBlade1? |
20:02.38 | ScytheBlade1 | Very |
20:03.00 | ScytheBlade1 | Let me clean it out and verify that it's gone, and give it another shot |
20:04.09 | Antiarc | So I'm looking at patcher.exe in reflector |
20:04.11 | Antiarc | And let me just say |
20:04.24 | Antiarc | I wish I was surprised that it was VB code riddled with "goto", but...well, I'm not. |
20:04.38 | ScytheBlade1 | lol |
20:04.53 | Antiarc | I'm really hoping that's just the disassembly, and not the original code. |
20:05.18 | Shirik|Ecole | no |
20:05.19 | Cidan | I didn't realize disassembly was a language |
20:05.20 | Cidan | ;P |
20:05.28 | Shirik|Ecole | reflector shows the original code :) |
20:05.31 | *** part/#wowi-lounge Lopeppeppy (n=Lopeppep@141.222.29.30) |
20:06.00 | Cidan | So okay, I read the thread, but I'm not quite getting it |
20:06.13 | Pandya | Antiarc, this wow's patcher? |
20:06.18 | Shirik|Ecole | Cidan: basically, they have a program, it gots a virus |
20:06.21 | Cidan | This guy has a program, it became infected with a trojen on his website |
20:06.28 | Cidan | and tons of people now have it or something |
20:06.36 | Shirik|Ecole | Some people said "hey yo, you gots a virus" and he's like "no we couldn't possibly have one, we're too good for that" |
20:06.43 | Antiarc | Pandya: UICentral's |
20:06.47 | Pandya | oic |
20:06.51 | Cidan | Okay... so what's the deal then? |
20:06.51 | Shirik|Ecole | so I respond with "here's some proof, disassembly of your program:" and he's like "This couldn't possibly be coming from ours" |
20:06.55 | Cidan | lol |
20:06.59 | Cidan | I see |
20:07.07 | Shirik|Ecole | so for the next 5 pages we try to convince him that he really does have one |
20:07.18 | Shirik|Ecole | he finally gave in, and now he deleted half my posts off his fourms to cover up this stuff |
20:07.32 | Shirik|Ecole | and this isn't the first time they've acted like this |
20:07.32 | Cidan | Well, what proof do you have? |
20:07.37 | Shirik|Ecole | it's on the first page :) |
20:07.40 | Shirik|Ecole | well, parts of it are |
20:07.52 | Shirik|Ecole | I did more analysis later, along with some wireshark logs, etc. |
20:07.57 | Shirik|Ecole | Antiarc has too |
20:08.04 | Shirik|Ecole | we know pretty solidly how it worked |
20:08.13 | Cairenn | and in the log files of this channel, the ace channel, the wh channel .... |
20:08.21 | Cidan | have you been able to see where it hooks onto the hardware for keylogging? |
20:08.28 | Shirik|Ecole | yup |
20:08.32 | Shirik|Ecole | it uses an IME dll |
20:08.39 | Cidan | Hm |
20:08.40 | malreth | CAIRENN!!! |
20:08.42 | Antiarc | Iiiinteresting. |
20:08.49 | Cairenn | malreth :) |
20:08.52 | wereHamster | 'wh' channel, do I have a private channel? |
20:08.53 | Cidan | Let me take a look at it, give me a bit |
20:09.00 | Cidan | Where can I get this file? |
20:09.05 | Shirik|Ecole | um |
20:09.06 | Antiarc | Patcher.exe has been run through Xenocode, which is an assembly obfuscation tool. |
20:09.10 | Cairenn | wereHamster: lol, sorry, my typical abbreviation for wowhead |
20:09.25 | Cidan | obfuscation is nothing |
20:09.27 | Shirik|Ecole | Cidan: Easiest way to get to it is from the source directly |
20:09.29 | Cairenn | with as many tabs as I have open, I have to abbreviate their names |
20:09.43 | Shirik|Ecole | http://wowui.incgamersi.com/Updata.exe |
20:09.48 | Shirik|Ecole | ^^ DO NOT GO THERE ANYONE ELSE :P |
20:09.48 | Cidan | which is? I don't even know what this program does |
20:09.49 | Cidan | okay |
20:09.58 | kd3 | http://wowui.incgamers.com/?p=mod&m=2106 <-- warning! Download link at URL contains keylogger! |
20:10.00 | Antiarc | I'm just curious as to why they would bother obfuscating the assembly |
20:10.26 | Cidan | Antiarc: IF these claims are true (I trust no one but my self) then it's likely it was done on purpose |
20:10.32 | Cidan | They sell the keys to the highest bidder |
20:10.38 | Cidan | overseas |
20:11.12 | Cidan | In which case, affected parties are encouraged to file suit against these jerk-offs and motion for discovery, ;P |
20:12.18 | *** join/#wowi-lounge malreth (n=chatzill@care-pc-08.lab.la.utexas.edu) |
20:12.28 | Cidan | But that kind of code doesn't get "injected" into files |
20:12.31 | mikma | i believe that the authors of ui central has coded the keylogger in so they can dis your purplez |
20:12.36 | Cidan | It takes a special kind of skill |
20:12.39 | Cidan | to be able to do that |
20:12.48 | Cidan | very... very special kind of skill |
20:13.45 | malreth | so... constructive thread time... how would *you* make WoW more keylogger resistant? |
20:13.47 | malreth | http://forums.worldofwarcraft.com/thread.html?topicId=3168399790&sid=1 |
20:14.05 | Cidan | you can't really |
20:14.17 | Cidan | The question that needs to be asked is how you would make WINDOWS more keylogger resistant |
20:14.29 | Lunessa | You know, a year ago I would occasionally find something I was looking for on their site I couldn't find elsewhere. Then they changed their name and look and I quit bothering for the occasional item they might have. Now? Now I just think think they're fucktards out to steal from n00bs. |
20:14.34 | Cidan | To which I say, you can't really. |
20:14.41 | malreth | nonsense... you could always not use keys |
20:14.43 | Shirik|Ecole | I gotta run, sorry |
20:14.44 | Shirik|Ecole | have fun |
20:14.48 | Cidan | baii |
20:14.49 | malreth | or randomize the keys that get used |
20:14.59 | Cidan | malreth: lol..wut? |
20:15.02 | |Jelly| | BAI SHIRIK |
20:15.31 | cog|work | Cidan: read malreth's post in tha thred |
20:15.36 | cog|work | + missing letters |
20:15.40 | Fisker- | well do keyloggers check out the account name when "Remember account name" is flagged? |
20:15.41 | ScytheBlade1 | I'd love it if they allowed public key authentication for WoW accounts. |
20:15.44 | ScytheBlade1 | That'd just about make my day. |
20:16.19 | malreth | ScytheBlade1: problem is if you're infected with a trojan, it likely can access your private key as well |
20:16.43 | krka | use an external device! |
20:16.43 | ScytheBlade1 | malreth: for most people, yes. |
20:16.44 | kd3 | hm, another response from rush |
20:17.03 | krka | wow login prints some number sequence, you enter that on your device and get a one time key |
20:17.06 | Fisker- | "Fuck you, i got all your accounts now?" |
20:17.19 | malreth | krka: yeah, OTPs would also work |
20:17.25 | wereHamster | Cidan, you can't make the os more keylogger resistant, you need to make the app resistant |
20:17.30 | kd3 | he's still denying any culpability |
20:17.32 | krka | OTP:s are harder to come by |
20:17.40 | wereHamster | under X that would work very well.. |
20:17.49 | krka | just keep the private key on an external device, that would stop keyloggers from being effective |
20:17.55 | krka | that's what banks do, essentially |
20:18.10 | Fisker- | he's a jerk anyways |
20:18.20 | ScytheBlade1 | I actually keep my SSH private keys in RAM and disable suspend. They're stored on a flash drive I have, and loaded with pagent. |
20:18.21 | krka | actually, my bank uses OTP i guess :) |
20:18.23 | Cidan | The idea that you can stop a keylogger with the way windows is setup right now is just not possible. I don't care what protections you may think you can code into the program at any level, I can still hook onto your keyboard at the hardware level, which windows will allow, and grab everything you do. |
20:18.24 | malreth | blizzard could even sell the keygen fobs |
20:18.33 | Fisker- | didn't think there was anything wrong by sending out mails to people registered on their site even when not signed up for any newsletter to notify them of wowdigger |
20:18.44 | wereHamster | krka, as soon as wow needs access to the private key, the trojan can read it too |
20:18.55 | malreth | Cidan: then the solution is to make the result of the keylogging useless |
20:19.04 | Antiarc | Cidan: This trojan doesn't hook the keyboard, it watches the memory space in WoW.exe that holds your credentials as you type them in |
20:19.04 | Cidan | again, not possible. |
20:19.07 | *** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116) |
20:19.17 | *** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk) |
20:19.24 | Cidan | Well then the coder is new to it. |
20:19.24 | krka | wereHamster: wow would never read the private key directly |
20:19.45 | krka | just the result of f(private key, some random value) |
20:19.46 | Cidan | IF I were to do something this horrible, I would hook on to your hardware before the data is even sent to WoW. |
20:19.50 | ScytheBlade1 | Okay, mouse.dll is resident... somewhere else |
20:19.53 | ScytheBlade1 | As another name |
20:20.09 | Cidan | There is no protection against it; sans a good virus protection software. |
20:20.10 | wereHamster | krka, f would need access to the key then.. |
20:20.13 | Cidan | And even those can be fooled. |
20:20.14 | malreth | krka: i like your idea... there could even be collector edition versions of the keygen device... sell them for $10 a pop |
20:20.31 | malreth | wereHamster: f is contained on a separate hardware device |
20:20.36 | Fisker- | well we all know that cog|work uses UIC now |
20:20.37 | krka | wereHamster: yes, like i said, the key would be stored on the device |
20:20.46 | wereHamster | ah, alright then.. |
20:20.59 | kaiden|work | well can you really expect anything less, in china your account is hacked less than 7 minutes after you set your password |
20:21.00 | krka | the keylogger could only catch the one time login keys |
20:21.04 | krka | which are useless |
20:21.22 | kaiden|work | in fact.. keylogging/hacking of wow over there is SO bad they have an 8 digit # that they have to enter along with their passwords as a seed |
20:21.32 | Cidan | which again ergh |
20:21.38 | Cidan | it won't work, period |
20:21.39 | malreth | kaiden|work: no kidding? |
20:21.55 | kaiden|work | malreth, naw they talk about it all the time in news reports |
20:22.01 | malreth | Cidan: a one-time password is useless after it's been used |
20:22.02 | kaiden|work | i have a friend who's chinese and he reads the news to me |
20:22.14 | Cidan | malreth: And how do you suppose this one time password is generated? |
20:22.15 | cog|work | Fisker-: or not |
20:22.22 | Cidan | How does the server communicate to the client what the key is? |
20:22.35 | Cidan | and then push that data to a dongle |
20:22.38 | kaiden|work | Cidan, i think a not so bad idea is that you are asked a question a random question from your history |
20:22.39 | malreth | Cidan: as krka has mentioned, by using a hardware device separate from the computer |
20:22.42 | *** join/#wowi-lounge Kandoko (n=Testing@adsl-068-159-119-207.sip.gsp.bellsouth.net) |
20:22.44 | kaiden|work | and everytime a password is generated |
20:22.50 | kaiden|work | and it's visual it tells you the password, you key it in |
20:22.53 | krka | same way that account keys are created |
20:22.56 | kaiden|work | and you login and the password is immediately deleted |
20:22.59 | Cidan | dongles have been cracked 20 thousand times over |
20:23.00 | krka | printed inside boxes |
20:23.02 | Cidan | they are worthless |
20:23.08 | malreth | o_O |
20:23.14 | krka | what do you mean cracked? |
20:23.19 | malreth | yeah... |
20:23.21 | Cidan | cracked, reversed, made WORTHLESS |
20:23.22 | kaiden|work | krka, stepped on |
20:23.23 | kaiden|work | lol |
20:23.24 | kaiden|work | ;p |
20:23.28 | krka | please elaborate |
20:23.33 | malreth | yes, please |
20:23.38 | krka | also, isn't a dongle typically something that's plugged into the computer? |
20:23.49 | krka | or do i have the wrong definition of dongle in my mind? |
20:23.58 | Cidan | yes, isn't that what you meant by using a hardware device separate from the computer? |
20:24.01 | malreth | ah, yeah. we're not talking about dongles |
20:24.07 | Cidan | elaborate then |
20:24.10 | malreth | dongles connect to the computer |
20:24.15 | krka | separate = not connected to the computer |
20:24.28 | kd3 | aren't RSA-style keys still safe unless they pull a paypal style stunt |
20:24.33 | Cidan | so... then what? a network device? magic fairy dust? |
20:24.35 | malreth | OTP fobs are sent directly from blizzard to you |
20:24.42 | krka | you're not reading what i am writing |
20:24.59 | krka | 1) the blizzard login page writes a challenge-key |
20:25.05 | kd3 | separate physical device, generates an 8-digit key every 30 seconds or so. never touches the computer itself |
20:25.06 | Cidan | to where/what? |
20:25.06 | krka | 2) you enter the challenge-key on your dongle |
20:25.14 | Cidan | oh |
20:25.14 | krka | errr. or not a dongle |
20:25.15 | krka | whatever |
20:25.16 | wereHamster | news from Rush: The new virus is a false positive |
20:25.16 | Cidan | hahaha |
20:25.17 | Cidan | hahaha |
20:25.18 | Cidan | no |
20:25.21 | Intangir | hey wereHamster i made an addon |
20:25.27 | Cidan | Give me like 3 hours, and I'll have that undone |
20:25.29 | krka | 3) the device outputs a one time password |
20:25.33 | Intangir | intangir.googlecode.com |
20:25.36 | krka | 4) you enter that password at the wow login |
20:25.48 | malreth | Cidan: ok... you do that |
20:26.07 | krka | Cidan: is there something fundamentally unsound with that strategy? |
20:26.14 | Cidan | hm |
20:26.15 | Cidan | let's see |
20:26.21 | krka | assuming that the device and blizzard login server have a shared secret key |
20:26.28 | krka | (or some assymmetric variant) |
20:26.35 | Cidan | where do we begin? |
20:26.38 | wereHamster | why doesn't windows have a function that locks the GUI for one process only? So nobody else can read input events? |
20:26.41 | Cidan | now, all I need is your account name |
20:26.51 | wereHamster | .. like XGrabServer()? |
20:26.52 | Cidan | since I can crack the hash on that silly hardware machine in 3 hours |
20:26.59 | Cidan | I type your password |
20:26.59 | ScytheBlade1 | Anyone know how to restart lsass? ;) |
20:26.59 | Cairenn | so, the new version popping positive is a false positive? |
20:27.02 | Cidan | er, user |
20:27.03 | krka | crack the hash? |
20:27.09 | krka | do you even know what the hash function is? |
20:27.14 | Cidan | it gives me the OTP hash on screen |
20:27.15 | malreth | Cidan: no... you'd have to crack the hash on *my* silly hardware machine |
20:27.28 | Cidan | oh, so they are paired? |
20:27.33 | Cidan | account to machine? |
20:27.35 | malreth | you are not in posession of my keygen fob |
20:27.52 | krka | you can crack sha-256 in 3 hours? |
20:28.03 | krka | you should publish some scientific paper, i think |
20:28.29 | Cidan | consider it for a second |
20:28.34 | Cidan | just think about what you're saying |
20:28.48 | Cidan | You have a hardware coded to your account |
20:28.48 | malreth | Cidan: we are thinking about what we're saying |
20:28.58 | |Jelly| | Kraqule <-- any of you? |
20:29.09 | krka | 5d1d0866fa1e502ef60a636f4e6f9bb581190a68619c6f965da5ac2a698ba59b |
20:29.13 | krka | what does that say for instance? |
20:29.16 | krka | let me know in 3 hours :) |
20:29.20 | kd3 | http://en.wikipedia.org/wiki/Hardware_token |
20:29.24 | kd3 | one of those ^ |
20:30.00 | ScytheBlade1 | To anyone who has played with the keylogger: clean out your IE cache... |
20:30.02 | krka | Cidan: yes, that's right. the device would be included with the wow box |
20:30.02 | Cidan | Hm |
20:30.06 | ScytheBlade1 | Even if you don't use IE, it's in there |
20:30.53 | krka | ScytheBlade1: what about linux users? :) |
20:31.04 | Antiarc | ScytheBlade1: Elaborate? |
20:31.10 | ScytheBlade1 | krka: it's cached in there somewhere ;P |
20:31.13 | kaiden|work | how about we get back to the problems at hand |
20:31.15 | kd3 | ie's still got a cache inside of wine |
20:31.24 | kaiden|work | where does this trojan inside of UICentral send it's data to |
20:31.32 | ScytheBlade1 | Antiarc: one thing I noticed is that it spawns some iexplore.exe processes, and uses that to download updata.exe |
20:31.41 | |Jelly| | www.rushisalyingfuckwad.net ? |
20:31.52 | Antiarc | Ahh, I missed the process spawn. I figured it was direct. |
20:31.55 | ScytheBlade1 | Antiarc: likewise, it's sitting around in your cache, and in my case, in multiple places due to how IE stores it all |
20:31.57 | amro | krka: feel good that we use competent operating systems |
20:31.58 | ScytheBlade1 | Nope |
20:32.04 | Antiarc | ScytheBlade1: Not in mine :P |
20:32.05 | krka | check |
20:32.10 | Antiarc | I wiped that virtual drive already. |
20:32.14 | Fisker- | FLAWLESS VICTORY |
20:32.15 | ScytheBlade1 | haha |
20:32.18 | Antiarc | Nuke it from orbit. It's the only way to be sure. |
20:32.18 | ScytheBlade1 | That's one way to do it |
20:32.21 | Fisker- | Leo down with 5 up |
20:32.22 | Fisker- | no healers |
20:32.33 | krka | Cidan: busy cracking my example? :) |
20:32.39 | ScytheBlade1 | Antiarc: er, lol... it's in the LocalService profile. Hahaha. |
20:32.47 | kd3 | fisker; most adrenaline-packed way to finish boss fights |
20:32.48 | ScytheBlade1 | Which makes sense, but still |
20:32.55 | Cidan | Well I can think of one way. The game will spit out a random string/auth to the user. The user inputs that string/auth into the hardware and out it comes with the OTP based on a mathematical algorithm. |
20:33.09 | Fisker- | i was kiting the shadowimage |
20:33.12 | Cidan | All of which seems fine, but the issue here is we don't need to crack the algorithm |
20:33.20 | Fisker- | worked for a good 20 seconds or so |
20:33.24 | *** join/#wowi-lounge Shirik|Ecole (n=nospam@155.31.172.121) |
20:33.30 | Cidan | All we need to do is find out what the seed of it is, if any, or how it works. |
20:33.48 | krka | that's a very difficult task for cryptographic hash functions, such as sha-256 |
20:34.25 | Fisker- | noes |
20:34.28 | Fisker- | no itamz for me |
20:34.37 | ScytheBlade1 | Antiarc: and NetworkService.. |
20:34.45 | Cidan | You're relying on data->hardware->hash, you have the plain unencrypted data at somepoint, you can like do something like the ac crew did with WEP/WPA, which is trivial. |
20:34.52 | Cairenn | (seriously, guys, if someone can confirm or deny please? I want to be sure before I kick it to the next level - the new version of UIC is clean? Rushster says that it is and you guys were getting a false positive) |
20:34.57 | krka | basically, the server knows K and prints the challenge C. Your hardware device responds with sha256(K .. C). The server can then verify that the sha256-value is correct |
20:35.13 | ScytheBlade1 | Cairenn: give me one moment to reboot and confirm that I'm clean and I'll give it a go |
20:35.21 | Cairenn | k |
20:35.37 | Shirik|Ecole | Cairenn: I haven't been able to find it, but that doesn't mean it doesn't exist |
20:35.40 | Shirik|Ecole | he may have just hid it better |
20:35.46 | krka | if you don't know what K is (which a trojan won't know), it's hard to calculate what the hash will be |
20:35.52 | Intangir | http://intangir.org/gallery2/main.php?g2_itemId=10850 |
20:35.59 | Cairenn | (sorry for the interruption, go back to where you were with the conversation) |
20:35.59 | krka | even if you've collected several C - hash pairs |
20:35.59 | malreth | Cidan: and a key point is that K isn't ever sent from the server to you or to your computer. |
20:36.08 | Antiarc | Cairenn: I believe it is clean. |
20:36.09 | krka | am i making any sense? anyone? :) |
20:36.15 | ScytheBlade1 | Cairenn: give me just a few. |
20:36.16 | Intangir | http://intangir.org/gallery2/main.php?g2_itemId=10859 |
20:36.24 | Antiarc | Cairenn: I did a install on a completely fresh VM image with no signs on infection |
20:36.24 | Cidan | Right, it's on the hardware, K is on the server, and on the hardware, but not the computer |
20:36.25 | malreth | krka: i get you |
20:36.35 | Shirik|Ecole | Cairenn: I agree with Antiarc |
20:36.37 | Antiarc | And disassembly of the installer seems to indicate that it is gone. |
20:36.38 | Cidan | but K is still static |
20:36.42 | Cairenn | okay, so it *was* a false positive? |
20:36.52 | Antiarc | Cairenn: I believe so, and said as much in the thread. |
20:36.57 | krka | Cidan: true |
20:37.03 | Cairenn | good enough, thank you, all I needed to know |
20:37.05 | Xinhuan | lol the new uicentral zip false-positived again? |
20:37.07 | Cidan | and K can't be too long, unless you want a really really long password |
20:37.18 | Cidan | I don't know, seems flaky, security through obscurity, etc. |
20:37.19 | malreth | Cidan: not necessarily |
20:37.26 | krka | no it's not |
20:37.30 | Fisker- | the initial one wasn't false positive right? |
20:37.33 | krka | it's a well known technique |
20:37.37 | kaiden|work | Can anyone give me the old infected version of UICentral |
20:37.39 | malreth | Cidan: it is very much not obscurity... the mathematics behind it are very sound |
20:37.40 | Cairenn | Fisker-: correct |
20:37.40 | Xinhuan | the initial one also false positived fisker |
20:37.43 | Xinhuan | i think? |
20:37.45 | krka | security by shared secret key |
20:37.46 | kaiden|work | so i can do some analysis of it from a network standpoint |
20:37.57 | Xinhuan | kaiden|work, pm Antiarc for a copy |
20:38.13 | ScytheBlade1 | Is it still available on their website? As /updata.exe? |
20:38.17 | ScytheBlade1 | Might be worth a shot |
20:38.20 | malreth | and the secret key can be very long |
20:38.29 | kaiden|work | i was gonna look at screenshotconverter and updata |
20:38.31 | krka | and should be |
20:38.49 | Cidan | it would have to be a pretty large key, I mean, above 2048 bits |
20:38.51 | kaiden|work | gonna look at it from wireshark, processmonitor and apimon |
20:38.54 | kaiden|work | to see what calls it's making |
20:39.02 | krka | Cidan: why would you think that? |
20:39.15 | krka | i think you'd have problems with 256 bits |
20:39.16 | Cidan | because anything lower is becoming much easier to get around? |
20:39.21 | Cidan | see: AC/WPA/WEP |
20:39.36 | kd3 | http://spyglass-server.com/keylogger/ |
20:39.42 | kd3 | that's the known-infected version |
20:39.44 | malreth | Cidan: you're confounding the issue |
20:40.01 | krka | this isn't like WEP, imo |
20:40.07 | Fisker- | the trojan was in system32 right? |
20:40.15 | Cidan | but the principle is the same, shared secret key |
20:40.18 | Shirik|Ecole | Fisker-: Affirmative |
20:40.25 | Fisker- | mouse.dll and what was that other one? |
20:40.31 | |Jelly| | Shirik: RED ALERT! |
20:40.57 | Antiarc | Fisker-: wzcsvbc.dll |
20:41.06 | ScytheBlade1 | Cairenn: just downloaded and installed, coming up clean with the file on the website now |
20:41.10 | krka | WEP suffers from a crappy algorithm, afaik |
20:41.12 | Cidan | You should know that on my laptop I have something like 400 WEP/WPA secret keys I've decoded from my schools wireless |
20:41.18 | Cairenn | thank you |
20:41.18 | ScytheBlade1 | So have another confirmation ;) |
20:41.28 | |Jelly| | Cairenn! |
20:41.34 | Cairenn | |Jelly|! |
20:41.38 | kd3 | huzzah. finally. only took a few months... water bill's back where it's supposed to be. ~22 bucks compared to ~150 |
20:41.39 | Industrial | Cairenn! |
20:41.41 | Cidan | so a larger key will work, and I suppose it won't be an issue until really the game dies |
20:41.47 | mikma | mikma! |
20:41.51 | Industrial | lol |
20:41.52 | Antiarc | Donkey! |
20:41.52 | Cairenn | lol |
20:41.53 | Cidan | Shirik! |
20:41.55 | Fisker- | i love the people who says MAC Filtering > Encryption |
20:41.55 | Fisker- | :D |
20:42.08 | Cidan | Fisker-: Anyone who says that should be shot, :P |
20:42.13 | kd3 | spoofing MACs: cake |
20:42.21 | ScytheBlade1 | BULL |
20:42.21 | ScytheBlade1 | NO |
20:42.25 | ScytheBlade1 | IT'S NOT CLEAN |
20:42.29 | Antiarc | Oh? |
20:42.33 | Antiarc | What'd you find? |
20:42.33 | Cidan | forget that, data unencrypted going through the air? even better cake |
20:42.35 | malreth | Mac Filtering > Windows Filtering |
20:42.36 | ScytheBlade1 | It's just not running ScreenshotConverter.exe anymore |
20:42.38 | Shirik|Ecole | Cidan! |
20:42.41 | mikma | http://www.kuvaton.com/kuvei/mc_donalds_kopio.jpg |
20:42.44 | ScytheBlade1 | Antiarc: click said exe, see what happens |
20:42.52 | Antiarc | ScytheBlade1: ScreenshotConverter.exe? |
20:42.53 | Xinhuan | what ScytheBlade1? |
20:42.54 | Antiarc | The real one?> |
20:42.55 | ScytheBlade1 | Antiarc: yes |
20:42.57 | ScytheBlade1 | Yes |
20:42.58 | mikma | http://www.kuvaton.com/kuvei/chernobylxxx.jpg |
20:43.06 | ScytheBlade1 | I nuked my UICentral folder, reinstalled |
20:43.07 | ScytheBlade1 | It's back |
20:43.12 | ScytheBlade1 | I clicked, bam, bad DLLs |
20:43.16 | Antiarc | ScytheBlade1: I did, nothing in my system32 dir |
20:43.30 | ScytheBlade1 | Something isn't right... |
20:43.33 | Intangir | http://intangir.org/gallery2/main.php?g2_itemId=10859 |
20:43.39 | Xinhuan | so ScreenhotConverter contained a trojan and ScreenshotConverter contained one too? |
20:43.42 | Intangir | oh oops |
20:43.52 | Shirik|Ecole | Xinhuan: afaik, only ScreenhotConverter did |
20:43.55 | Cidan | Shirik|Ecole: So, what should I do? Did you see my newest post on the website? |
20:43.55 | deltron | lol nice |
20:43.58 | Cairenn | ScytheBlade1: you serious? |
20:44.01 | Shirik|Ecole | Cidan: negative |
20:44.03 | Intangir | wtf? trojans? in what? |
20:44.07 | ScytheBlade1 | Cairenn: let me clean my system *again* and give it a shot |
20:44.09 | Cairenn | it's still infected? |
20:44.10 | Cidan | Shirik|Ecole: I'm thinking either college prof or C.I.A. after I get out of school. |
20:44.16 | cladhaire | anyone able to logon to Stormrage to help me |
20:44.19 | Antiarc | ScytheBlade1: I'm unable to replicate |
20:44.23 | cladhaire | ideally someone who already joined my guild and ran to IF |
20:44.24 | Xinhuan | hmm |
20:44.31 | Intangir | Cidan: why would you join the CIA? you fancy a career in organized crime? |
20:44.31 | ScytheBlade1 | Antiarc: I'm liking your VM idea more and more ;P |
20:44.36 | Intangir | the cia is freaking criminal as hell |
20:44.38 | Cidan | Intangir: You bet! |
20:44.39 | Antiarc | Heheh, see, this is the way to do it :P |
20:44.47 | Antiarc | http://www.microsoft.com/downloads/details.aspx?FamilyId=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en |
20:44.48 | Antiarc | Enjoy |
20:44.49 | Cidan | Intangir: I live like, 15 minutes away |
20:44.52 | Xinhuan | does the actual ScreenshotConverter actually convert screenshots? |
20:44.55 | ScytheBlade1 | Yeah, I have it installed |
20:44.58 | ScytheBlade1 | Just apathetic |
20:45.04 | Intangir | Cidan: i pray for your soul's sake that you cant get a job there |
20:45.04 | Antiarc | Xinhuan: Yes |
20:45.10 | Antiarc | I went through it with Reflector |
20:45.11 | Xinhuan | amazing! |
20:45.16 | Xinhuan | shocking even |
20:45.31 | Antiarc | It looks for TGAs in the WoW screenshots dir and converts them using the DevIL lib packaged with UICentral |
20:45.31 | Shirik|Ecole | Cidan: I've considered going into a field like that |
20:45.35 | Intangir | they are probably the most criminal element of our government |
20:45.37 | Shirik|Ecole | more frequently FBI, but CIA too |
20:45.37 | krka | someone correct me if i am wrong, but the problem with WEP is that the keysize is extremely small, and that the random seed gets reused |
20:45.45 | krka | none of those is true in my proposal |
20:46.15 | Cidan | Shirik|Ecole: They are hiring like mad, I'm seriously considering it. |
20:46.20 | Intangir | i had considered FBI before.. but i mean they just keep getting more and more evasive, less about defense and more and more about intrusion and illegal raids |
20:46.33 | Intangir | i mean invasive, not evasive.. |
20:48.02 | Shirik|Ecole | okay, class is starting I gotta run |
20:48.07 | Shirik|Ecole | keep me informed of any updates!! |
20:48.25 | krka | Cidan: how about this then - write down a theoretical attack on my proposal. feel free to use existing wep attacks if you think they apply. i have a problem seeing that. |
20:49.09 | Cidan | lol, sure, just let me find time to do all this school work + finish Conspiracy first, then I'll write an entire research paper on it |
20:49.35 | krka | cool |
20:49.38 | ScytheBlade1 | Footnote: if you kill lasss.exe, the shutdown button is removed from the start menu. |
20:49.56 | Intangir | Cidan: having conspiracy be riddled all over your name when you do a search on you, theres no way you will get thru cia screening ;) |
20:49.57 | ScytheBlade1 | *lsass.exe |
20:50.03 | Xinhuan | hahaha |
20:50.05 | Cidan | lol |
20:50.09 | Cidan | I never thought of that |
20:50.10 | Xinhuan | who needs a shutdown button imo |
20:50.13 | Cidan | Ah, it'll be fine |
20:50.23 | Industrial | tip: just dont download open any exe from any addon site ever, because we are working with TEXT files anyway. |
20:50.25 | Intangir | im going to past fake documents about you being a spy |
20:50.27 | krka | server says: 123112635123651351723163 |
20:50.28 | Intangir | oops, i just did |
20:50.31 | Industrial | I win |
20:50.33 | krka | client says: 0a5376294dcda46f917da9cb63e79a3f4ff853bc35312258dc7251e436271bab |
20:50.38 | krka | what's the secret key? |
20:50.53 | wereHamster | krka, 42 |
20:51.14 | wereHamster | teh win!! |
20:51.21 | krka | client says: sha256(S .. '123112635123651351723163') |
20:51.28 | Cidan | I'd need some more data, I'd need to see that done about... oh, 300-400 times |
20:51.38 | krka | sure, i can generate that data set for you |
20:52.11 | Cidan | go crazy, .tar.gz it somewhere |
20:52.13 | Cidan | also |
20:52.18 | Antiarc | You know, I really do feel bad for Rush in a way |
20:52.32 | Cidan | can someone give me the download link again for this trojan-whatever? |
20:52.42 | wereHamster | or make a php script so he can get as many pairs as he wants |
20:52.44 | Antiarc | Because I've been there. We had Code Red hit our network way back when. Infected all our legacy Windows servers. |
20:52.51 | Antiarc | That was a really, really long day. |
20:53.05 | kd3 | http://spyglass-server.com/keylogger/ |
20:53.09 | kd3 | it's in the unsafe directory |
20:53.17 | Cidan | is that the newest one? |
20:53.32 | kd3 | the newest one's in unknown |
20:53.51 | *** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
20:53.59 | kaiden|work | ok |
20:54.09 | kaiden|work | wtf is 218.85.132.165/msx1/mouse.dll :P |
20:54.15 | ScytheBlade1 | Antiarc: getting a *positive* again. |
20:54.15 | kaiden|work | that's what updata.exe is grabbing |
20:54.31 | Antiarc | kaiden|work: That's the hook/reporter module |
20:54.39 | krka | Cidan: |
20:54.40 | krka | for i in `seq 1 10`; do res=`echo -n $S$i|sha256sum`; echo $i $res; done |
20:54.40 | krka | 1 bf6ccc3125d92739e17e38e06120d9e9456b7cba4dcaf42edba4f9e06be24afa - |
20:54.47 | krka | is that format ok for you? |
20:54.47 | Cidan | krka: 256 bit key? |
20:54.49 | krka | yeah |
20:54.58 | Cidan | sure, I'll do mah best. |
20:54.58 | Antiarc | ScytheBlade1: Still unable to replicate it here. Try this: http://forums.worldofwarcraft.com/thread.html?topicId=3168479210&sid=1 - post 5 |
20:55.05 | Cidan | really the more the better |
20:55.24 | krka | how many do you think you need? |
20:55.36 | krka | i am so confident, i think i could give you as many as you want :) |
20:55.41 | Cidan | oh? |
20:55.51 | Cidan | give me a hundred thousand. |
20:55.52 | malreth | Cidan: actually, yes... he should |
20:55.53 | Cidan | lol |
20:56.10 | krka | malreth: you have confidence in me? =) |
20:56.16 | malreth | if there was a vulnerability then it should be researched and found |
20:56.16 | Antiarc | Patch 2.5: Blizzard introduces biometric login system. Please purchase a fingerprint scanner at your nearest hardware store to log in, now available in Arthas Collector's Editions! |
20:56.17 | kaiden|work | OUCH |
20:56.18 | kaiden|work | ok |
20:56.21 | ScytheBlade1 | Antiarc: would killing lsass.exe/explorer.exe, killing the thread in svchost.exe, nuking the relative files (wzcsvbc.dll and mouse.dll), fixing the registry for the WZC service manually (while setting it to disabled), rebooting, and finding a clean system count? |
20:56.22 | kaiden|work | this is a very bad file |
20:56.28 | ScytheBlade1 | Antiarc: moment as I upload this .zip I have |
20:56.40 | Antiarc | kaiden|work: No shit. :P |
20:56.43 | krka | 100 000 it is! |
20:56.46 | zenzelezz | good luck killing some of those processes |
20:56.55 | kaiden|work | Antiarc, load it up and go to Analyze on that ip address |
20:56.59 | kaiden|work | and do a Follow TCP Stream |
20:57.03 | ScytheBlade1 | zenzelezz: shutdown /a works wonders |
20:57.08 | kaiden|work | you can see all the data that's going out unencoded |
20:57.10 | krka | so, the first column is "random challenge number", second column is what the client sends to the server |
20:57.11 | Antiarc | Oooh |
20:57.13 | kaiden|work | and everything it's doing |
20:57.14 | Antiarc | <PROTECTED> |
20:57.16 | kaiden|work | sure |
20:57.20 | kaiden|work | it's very very bad |
20:57.20 | Antiarc | I can't get WoW running in my VM |
20:57.24 | ScytheBlade1 | Just because windows starts a shutdown doesn't mean that it has to go through with it. :) |
20:57.25 | Antiarc | I would love to see the data |
20:57.27 | Pandya | Antiarc, tbh, if i was releasing an MMO, with a similar model to wow (subsciption + have to buy the box), I'd dump a fingerprint scanner in and make biometric mandatory |
20:57.34 | kaiden|work | it looks in your WTF\Account\SavedVariables folder |
20:57.38 | Pandya | it makes sense :) |
20:57.40 | kaiden|work | and looks for your realm name |
20:57.43 | deltron | lol pand |
20:57.44 | Antiarc | kaiden|work: Yeah, I know about that |
20:57.44 | kaiden|work | to know what realm you play on |
20:57.46 | Antiarc | Realmlist too |
20:57.48 | kaiden|work | yup |
20:57.51 | krka | hm, this will be a really big data file |
20:57.53 | wereHamster | ScytheBlade1, time to reinstall windows ;) |
20:57.53 | Pandya | deltron, no really |
20:57.54 | Cidan | fingerprint scanners are insecure, they aren't used for any type of serious protection anymore |
20:58.00 | Pandya | of course they're insecure |
20:58.09 | kaiden|work | Antiarc, yes but can you see the .php file it's grabbing the data from |
20:58.09 | kaiden|work | ;) |
20:58.10 | kaiden|work | i can |
20:58.17 | Antiarc | Awesome. WTB logs. >_> |
20:58.19 | Pandya | you do need access to the person or the person's machine though |
20:58.30 | wereHamster | Cidan, except notebooks :) |
20:58.32 | Pandya | and you're into major issues if they have that access anyways |
20:58.36 | kaiden|work | Antiarc, it's sending the data back as variables to a .php |
20:58.39 | Cidan | wereHamster: no...? |
20:58.48 | Cidan | wereHamster: I mean they are on there, but it's worthless. |
20:58.49 | Thunder_Child | Vein authentication is the new big thing |
20:58.55 | kaiden|work | /?u=var&p=var&s=var&a=var&r=var&t=var |
20:58.58 | ScytheBlade1 | Antiarc: okay, have to go. Will get back in a bit... and we'll see |
20:59.01 | kaiden|work | u i would assume is username |
20:59.01 | Pandya | given how much $$$ you could probably save due to not getting bad press and less wasted moeny on support and account thieving issues... |
20:59.02 | kaiden|work | p password |
20:59.05 | kaiden|work | s server |
20:59.08 | Pandya | I actually reckon theres something in it :P |
20:59.12 | kaiden|work | dunno the others |
20:59.14 | malreth | Pandya: also, a trojan can just sniff the output of the biometric scanner and use a replay attack to gain access |
20:59.15 | Antiarc | kaiden|work: Yeah, I suspected as much from the disassembly |
20:59.26 | Pandya | oh yeah, its still vulnerable, no doubt |
20:59.31 | Cidan | Pandya: That data has to be sent over a wire somewhere, it can be sniffed by software |
20:59.35 | Cidan | it's no better than a password |
20:59.36 | ScytheBlade1 | wereHamster: I refuse to reinstall windows on principle :P |
20:59.49 | wereHamster | malreth, that would be bad design! |
20:59.59 | Pandya | cidan, it has to be sniffed with a fingerprint, password by keyboard is more succeptible to a keylogger |
21:00.07 | Cidan | ... |
21:00.20 | Pandya | geh |
21:00.22 | malreth | Pandya: i agree with Cidan |
21:00.23 | Xinhuan | you can log both either way, keyboardpassword or fingerprint ;p |
21:00.23 | Pandya | I think its a good idea |
21:00.26 | Pandya | I'm just simple ;_; |
21:00.34 | Xinhuan | its just that one is easier than the other |
21:01.07 | malreth | Pandya: you're not simple... you just have no need to worry about such trivial things for you have civilizations who worship you and your dark art powers |
21:01.08 | Pandya | how about this then |
21:01.16 | Pandya | FINGARPRINT SCANNARZ R KEWL. |
21:01.18 | Pandya | kkthx. |
21:01.42 | Thunder_Child | http://www.hitachi.com.sg/cat_index_214.shtml |
21:01.58 | wereHamster | "That data has to be sent over a wire somewhere, it can be sniffed by software" - you mean hardware, since software can always make sure nobody else is spying |
21:02.27 | krka | i think my data file will be about 8 mb uncompressed |
21:02.32 | krka | not too bad i suppose |
21:02.42 | krka | anyone else want to try to crack my secret key? |
21:02.59 | malreth | krka: do you want to see my secret toilet tool? |
21:03.12 | krka | errr... what now? |
21:03.18 | malreth | it safeguards against 'secret listeners' |
21:03.24 | krka | haha |
21:03.31 | malreth | with it i'm not afraid to go to the toilet anymore |
21:03.46 | malreth | that's security that money CAN'T buy |
21:04.03 | kaiden|work | Antiarc, www.qiangewang.com |
21:04.06 | kaiden|work | is the domain |
21:05.11 | kd3 | oh wow. I've seen that style of trojan before |
21:06.19 | kaiden|work | gotcha fucker |
21:06.42 | kd3 | exceptthe main page isn't even trojaned. an older wow keylogger used to throw that page with a payload at the bottom |
21:06.43 | deltron | hmm |
21:06.45 | kd3 | bah |
21:06.54 | krka | halfway done with the data |
21:07.59 | deltron | are you hacking the matrix? |
21:09.39 | Cidan | no, finding his secret key using a SHA-2 family algo |
21:10.01 | Cidan | I have no idea if I'll work it out, we'll see I guess |
21:10.07 | malreth | it's what geeks do to have fun |
21:10.11 | Fisker- | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=8 <- :O |
21:10.13 | malreth | some guys go out and bowl |
21:10.14 | Cidan | pretty much |
21:10.16 | malreth | others get drunk |
21:10.27 | malreth | we try to hack each other's secret keys |
21:10.41 | krka | done! |
21:11.41 | wereHamster | I give you my passphrase and you tell me my pin (which is encoded in the passphrase), ok? |
21:12.52 | deltron | wowi got haxxed? |
21:13.00 | deltron | oh those 2 other ones? |
21:13.36 | Cairenn | deltron: incgamers had a trojan in their auto installer/updater |
21:13.48 | krka | http://kristofer.no-ip.info/~krka/crack_challenge/ |
21:13.50 | krka | there you go Cidan |
21:13.51 | Cairenn | (formerly known as ui.wow.net) |
21:13.55 | krka | and anyone else, if you want to try to crack my key |
21:14.07 | deltron | that's just awesome /rolleyes |
21:14.21 | deltron | Cairenn: I feel sorry for anyone who used it |
21:14.25 | Cairenn | http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1 |
21:14.33 | dylanm | Cairenn: Is my memory bad or were they ragging on wowi for gold selling or something? |
21:14.45 | krka | i tried to also include a useful problem description, in case we forget it later |
21:14.50 | malreth | your memory is correct |
21:15.01 | dylanm | Classy dudes. |
21:15.07 | Cairenn | your memory is correct, and they're wrong |
21:15.27 | Cairenn | but that is old news, they just like to keep trying |
21:15.40 | dylanm | Cairenn: Speaking of wowi, the little square ad on the right seems a little borked |
21:15.43 | Cidan | lol |
21:15.45 | Cidan | cheeky bastard |
21:15.46 | Cidan | export S="wouldn't you like to know?" |
21:15.49 | deltron | jeez can't they run clamav on their boxes? |
21:16.06 | Cairenn | dylanm: which ad? the blizz hiring box? |
21:16.10 | dylanm | I just get a black box that says "DEFAULT" and when I click on it I get taken to what looks like an ad control panel? |
21:16.22 | deltron | dylanm: you're using adblock plus |
21:16.27 | dylanm | Nope. |
21:16.32 | deltron | hmm |
21:16.35 | dylanm | I don't adblock. |
21:16.49 | Cairenn | right below the FSP blurb? |
21:17.01 | dylanm | Naw. Right below "remove ads" |
21:17.06 | krka | Cidan: i have to make it a challenge! |
21:17.07 | Cairenn | ah, okay |
21:17.09 | dylanm | And above New & Updated |
21:17.23 | dylanm | Are you seeing it? It's there for me upon every reload |
21:17.34 | Cairenn | yeah - was just making sure which one we were talking about, since there is also the blizz PSA down the right side as well |
21:17.45 | Cidan | right well, wgetting it now, don't expect a reply for a few |
21:18.00 | Cidan | I have finals coming, :/ |
21:18.01 | dylanm | The link goes to ads.zam.com and redirs to |
21:18.06 | dylanm | http://66.228.120.99/servlet/control |
21:18.07 | Cairenn | hmmm, showing fine for me |
21:18.10 | dylanm | Whcih is kinda odd |
21:18.23 | Cairenn | very |
21:19.38 | wereHamster | I always wondered, these fine looking men and women on the spammer websites (like http://66.228.120.99/servlet/control), do they know what for their pictures are being used? |
21:19.44 | cog|work | my ads have been ninjaed or i'd verify... :P |
21:19.55 | Cairenn | cog|work: log out ;) |
21:20.06 | cog|work | NEVAH! |
21:20.12 | Cairenn | hehehehe |
21:20.37 | Cairenn | unfortunately, dylanm, nothing is showing as wrong for me, but I'm not always the best to try to verify, since I get a different ad stream |
21:21.03 | Cairenn | (since I get the Canadian one) |
21:21.10 | cog|work | dylanm: browser? |
21:21.15 | dylanm | cog|work: Safari |
21:22.31 | Cairenn | okay, have some details about it, pinging someone else on it |
21:22.52 | Cairenn | thanks for the heads up dylanm :) |
21:25.04 | zenzelezz | I get the DEFAULT too often, but I also get it on other sites |
21:25.57 | Cairenn | (4:20:39 PM) dolby-wowi: default is just that |
21:25.58 | Cairenn | (4:20:50 PM) dolby-wowi: they must be switching ad campaigns |
21:25.58 | Cairenn | (4:21:03 PM) dolby-wowi: default means it ran out of ads |
21:25.58 | Cairenn | (4:23:02 PM) dolby-wowi: may have been a momentary thing |
21:25.58 | Cairenn | (4:23:08 PM) dolby-wowi: if they were changeing ads |
21:25.58 | Cairenn | (4:23:09 PM) dolby-wowi: or soemthing |
21:27.41 | |Jelly| | (It's said default on my screen for a long time) |
21:35.32 | *** join/#wowi-lounge DM| (n=dm@cpe-65-24-59-218.columbus.res.rr.com) |
21:36.32 | dolby-wowi | Sure, quote me when I type like a first grader. =p |
21:37.12 | Thunder_Child | dolby-wowi, how is that different from usual? |
21:37.21 | dolby-wowi | =p |
21:37.23 | Cidan | dolby-wowi: You play EQ2 often? |
21:37.44 | dolby-wowi | Yeah |
21:38.06 | Cidan | I just started up; I'm likely going to somewhat port Conspiracy in someway over to it. |
21:38.21 | Cidan | I've been tinkering with the XML, it's decent |
21:39.15 | Cidan | I'm actually surprised at how much I really like EQ2 |
21:39.49 | dolby-wowi | nice, yeah theres no lua :( but their xml customization is quite nice. |
21:40.19 | Cidan | It's decent enough to allow for some nice things. Is it possible to save variables to disk though? |
21:40.28 | dolby-wowi | I've been enjoying Rise of Kunark. I'd have to say its their best expansion |
21:40.41 | Cidan | Well I'm only level 16, ;P |
21:40.43 | dolby-wowi | no Cidan |
21:41.02 | dolby-wowi | they have content 1- 20 in RoK |
21:41.09 | Cidan | oh? |
21:41.10 | dolby-wowi | for the Sarnak race |
21:41.29 | Cidan | Ah, I'm a human |
21:41.34 | Cidan | It's all new to me anyways |
21:41.37 | Cidan | so I'm enjoying it all |
21:42.10 | dolby-wowi | good to hear! I still play wow, my guild plays both. |
21:42.35 | Cidan | I sent a /feedback, requesting saving of variables, fixing <!-- --> multiline comments and a request to see group member's pets stats. |
21:42.52 | Cidan | I dislike using that graphical editor though, it slows me down, :P |
21:43.12 | dolby-wowi | yeah, works for some people though |
21:43.15 | Cidan | I play WoW just to code, and not even on my own account. |
21:44.27 | krka | damn it, i already forgot my own secret key |
21:44.33 | krka | i only stored it in a terminal |
21:45.34 | Cidan | rofl |
21:45.38 | Cidan | this will be entertaining then. |
21:45.49 | krka | yeah |
21:46.25 | Thunder_Child | heh, i just signed up for a class in S. Africa |
21:48.02 | Cidan | my school was offereing a cruise through the Nile and staying all over Egypt/Jordan for two weeks |
21:48.06 | Cidan | I *almost* went |
21:50.41 | Thunder_Child | fully paid for? |
21:51.27 | *** join/#wowi-lounge a^i`SmaN (i=drag@mlr78-3-88-162-68-235.fbx.proxad.net) |
21:51.35 | Cidan | no |
21:51.50 | Cidan | thus why I didn't go, I didn't want to blow 3500 on it. |
21:53.33 | Antiarc | Hey, keylogger people |
21:53.35 | Antiarc | OSSW...PPP.VNFI@BPFI@.DHJ.JTT..WHTS.FTW |
21:53.39 | Antiarc | That's your URL, encoded somehow |
21:54.03 | Antiarc | 10g says OSSW... = http:// |
21:54.05 | Antiarc | :) |
21:54.31 | Thunder_Child | hmm... "Wal-Mart Promotions <Walmart_srkxcjf@ronlinespg72.com>" doesnt seem all that valid..... |
21:55.17 | |Jelly| | http://www.youtube.com/watch?v=juOQhTuzDQ0 |
21:58.36 | *** join/#wowi-lounge Wraanger (n=Valle@vpn-111.su29.ru) |
21:59.00 | *** join/#wowi-lounge Shirik|Ecole (n=nospam@155.31.172.121) |
21:59.06 | Wraanger | heyaz |
22:00.00 | *** join/#wowi-lounge Drea (n=llsirsha@ip24-255-56-178.tc.ph.cox.net) |
22:00.09 | Drea | hey ya'll! hows ya doin today? |
22:00.12 | Shirik|Ecole | hi |
22:01.02 | kaiden|work | Antiarc, looks like mime encoding |
22:01.03 | Drea | Sup Shirik? how's things? |
22:01.26 | Antiarc | I'm not convinced. There's a function in this file with a huge switch table. I suspect that's the translation function. |
22:01.44 | Thunder_Child | this is a very odd photographer (nsfw) http://www.holgerpooten.com/ |
22:02.40 | Shirik|Ecole | Antiarc: Any new news? |
22:02.42 | Shirik|Ecole | Drea: Same old |
22:02.56 | Antiarc | Shirik|Ecole: Working on tracking down where it's sending the data, and what format. |
22:03.01 | Antiarc | It's definitely in mouse.dll |
22:03.02 | Shirik|Ecole | the old one, right? |
22:03.10 | Shirik|Ecole | mind sending me that dll directly? |
22:03.27 | Shirik|Ecole | I don't have a VM to mess with =( |
22:04.06 | Antiarc | I'm trying to find the call to IsDebuggerPresent() so I can haxxor it |
22:04.26 | Shirik|Ecole | pulled it up in ollydbg yet? :) |
22:04.35 | Antiarc | Doing that now actually. |
22:04.52 | Antiarc | I got a string that I think is the target URL |
22:04.54 | Antiarc | But it's encoded |
22:05.30 | Antiarc | 10002BA1 |. 68 18600010 PUSH mouse.10006018 ; /String2 = "OSSW...PPP.___.DHJ.JM.WHTS.FTW" |
22:05.55 | Antiarc | Wait. It looks like it's just a character swap. |
22:05.57 | Antiarc | P = W |
22:06.31 | Cairenn | so, what's the news on the new version guys? is it clean, infected or are we still trying to find out for sure? |
22:06.38 | Antiarc | It's clean |
22:06.51 | Shirik|Ecole | Cairenn: It's clean |
22:06.56 | Antiarc | Now we're just reverse engineering the keylogger so we can flood its target server wiht a million billion fake user/pass combos |
22:07.05 | kaiden|work | well... |
22:07.08 | kaiden|work | we know the target server |
22:07.13 | kaiden|work | and we know the subfolder |
22:07.19 | Cairenn | okay |
22:07.19 | kaiden|work | but we need to know the file it's accessing |
22:07.27 | Antiarc | kaiden|work: What's the subfolder? |
22:07.28 | Shirik|Ecole | Antiarc: Why do you need to know where IsDebuggerPresent() is? |
22:07.37 | Thunder_Child | for all of you south park whores "MTV Networks plans to make every clip from every episode of hit animated comedy “South Park” available for free online next year as part of a strategy to reach consumers everywhere." |
22:07.40 | kaiden|work | Antiarc, http://www.qiangewang.com/msx1/ |
22:07.43 | kaiden|work | i'm missing the filename |
22:07.49 | kaiden|work | then it calls |
22:07.50 | Antiarc | Thanks kaiden|work |
22:07.53 | Antiarc | Working on that now |
22:07.55 | kaiden|work | /?u=var&p=var&s=var&a=var&r=var&t=var |
22:07.56 | Antiarc | It's 4 characters |
22:07.58 | Antiarc | Probably .asp |
22:08.00 | Cidan | Cairenn: I haven't looked at any of it, and I don't know what you have to do with say-so and what not, but I would consider it wise to not endorse it in anyway, ever |
22:08.20 | kaiden|work | which to me screams username password server account realm and then the last one i dont know |
22:08.21 | Shirik|Ecole | wtf is this huge switch statement I'm seeing >.> |
22:08.32 | Shirik|Ecole | Cidan: Oh she's not endorsing |
22:08.35 | Cairenn | Cidan: not why I was checking, but thanks :) |
22:08.36 | Antiarc | I suspect that's the URL decoder, Shirik| |
22:08.39 | Cidan | Oh okay, :P |
22:08.56 | Antiarc | Hahahahahah |
22:08.58 | Cairenn | (check the front page of wowi :p ) |
22:09.02 | Antiarc | You're going to love this, kaiden|work |
22:09.05 | Shirik|Ecole | Antiarc: Found that call |
22:09.15 | Shirik|Ecole | 10004C04 |. FF15 80100010 CALL DWORD PTR DS:[<&KERNEL32.IsDebugger>; [IsDebuggerPresent |
22:09.27 | kaiden|work | Antiarc, lol is the switch statement a letter for letter |
22:09.29 | Antiarc | kaiden|work: I think it's post.xxx |
22:09.45 | kaiden|work | lets find out |
22:09.48 | Shirik|Ecole | IS that what you were looking for, Antiarc? |
22:09.51 | Antiarc | Yes, it's post.asp |
22:10.03 | Antiarc | http://www.qiangewang.com/msx1/post.asp |
22:10.06 | Antiarc | that's your full URL. |
22:10.08 | kaiden|work | nope |
22:10.11 | kaiden|work | that's an http 404 |
22:10.12 | Antiarc | I suspect it is :) |
22:10.18 | Antiarc | Well |
22:10.19 | kaiden|work | HTTP 404 - ?????? |
22:10.19 | kaiden|work | Internet ???? |
22:10.21 | Antiarc | It's possible it's gone dark |
22:10.27 | Antiarc | Or it's a spoofed 404 |
22:10.31 | Antiarc | So prevent snooping |
22:10.35 | kaiden|work | and i'm positive it's a .php |
22:10.35 | deltron | you guys investigating the trojan? |
22:10.39 | Antiarc | yeah, deltron |
22:10.43 | Antiarc | kaiden|work: Why do you think that? |
22:10.51 | kaiden|work | because i can see it accessing a .php |
22:10.58 | kaiden|work | i just can't decode the .php it's accessing |
22:11.04 | Antiarc | Paste that? |
22:11.05 | kaiden|work | it just comes up as jTn.E.php |
22:11.05 | Cidan | it's a fake 404 |
22:11.19 | Antiarc | OSSW...PPP.VNFI@BPFI@.DHJ.JTT..WHTS.FTW |
22:11.19 | Antiarc | http://www.qiangewang.com/msx1/post.asp |
22:11.20 | Antiarc | See |
22:11.22 | Antiarc | If you line those up |
22:11.30 | Antiarc | THose match up perfectly with a letter swap algorithm |
22:11.34 | Antiarc | O = H, for example |
22:11.37 | Antiarc | H = O |
22:11.47 | kaiden|work | oh well.. if it does match up perfectly |
22:12.00 | Shirik|Ecole | heh |
22:12.01 | Shirik|Ecole | .FTW |
22:12.02 | Shirik|Ecole | awesome |
22:12.07 | deltron | hehe |
22:12.16 | Cidan | yeah, and look at the letters |
22:12.18 | kaiden|work | well.. at least i was able to provide the first and last half of it |
22:12.19 | kaiden|work | ;) |
22:12.21 | Cidan | it does match up rather nicely |
22:12.47 | Shirik|Ecole | Antiarc, you never asnwered me >< |
22:12.57 | Antiarc | Shirik|Ecole: What was the question? |
22:13.09 | Shirik|Ecole | you said you needed to find the call to IsDebuggerPresent() ? |
22:13.17 | Antiarc | Oh. Heh, thanks, got sidetracked |
22:13.20 | deltron | that site uses fake 404 pages, I am viewing it in links and it shows the IE error page heh |
22:13.23 | Shirik|Ecole | I found it |
22:13.37 | Cidan | aye, I'm using linux and it's showing me MS 404's |
22:13.43 | kaiden|work | deltron, haha nice |
22:13.46 | kaiden|work | i should have gotten that |
22:13.50 | kaiden|work | since i'm viewing it in firefox |
22:13.52 | kaiden|work | << nub |
22:13.54 | Shirik|Ecole | Cidan: They might use IIS |
22:14.01 | deltron | :P |
22:14.07 | deltron | I think it is IIS |
22:14.14 | Antiarc | I'm pretty sure it is IIS. |
22:14.19 | deltron | since 'virtual directory' is an IIS thing |
22:14.29 | Cairenn | it's a .php? |
22:14.31 | kaiden|work | they do use iis |
22:14.32 | Shirik|Ecole | .asp |
22:14.45 | kaiden|work | i personally still think it's a .php but it does match up nicely as a .asp |
22:14.46 | kaiden|work | :P |
22:15.04 | Antiarc | How do you see it connecting to a php, out of curiosity? |
22:15.08 | Antiarc | Like, what's the log message? |
22:15.10 | Cidan | Hm, so now we have to figure out, was it on purpose? I haven't taken a look at it, how deeply embedded is this code? |
22:15.18 | kaiden|work | Antiarc, i'll have to load virtualbox back up |
22:15.20 | kaiden|work | gimme a minute |
22:15.33 | Cairenn | how very interesting, since we had someone upload a bruting .php to wowi last week (which, surprise surprise, never made it out to the masses) |
22:15.37 | Antiarc | Cidan: Rush says that someone got a rootkit on their machine via a compromised image upload script |
22:15.56 | kaiden|work | he doesn't get off scott free |
22:15.58 | Pandya | owned. |
22:15.59 | Cidan | hm |
22:16.02 | kaiden|work | we've been telling him about this for a while |
22:16.11 | kaiden|work | he was told about this and he ignored it |
22:16.16 | Cairenn | (at least a month, kaiden|work) |
22:16.26 | deltron | he's a bad admin then |
22:16.36 | Antiarc | I'm getting an HTTP/1.1 404 header back from that URL |
22:16.42 | Antiarc | So I kinda suspect it's gone dark |
22:16.51 | Antiarc | Because I'm pretty positive that's the right URL. |
22:16.51 | kaiden|work | Antiarc, i'll tell you for sure |
22:16.52 | kaiden|work | just gimme a second |
22:16.55 | Antiarc | great |
22:17.23 | Cidan | Now I don't know what you guys think, but I only know a handfull amount of people who can inject code this complex into a precompiled program |
22:17.34 | Antiarc | Cidan: It was attached as a rider in the install program |
22:17.42 | Antiarc | How they GOT it into the installer is another question, but yeah |
22:17.59 | kaiden|work | no post.asp is an actual 404 |
22:18.00 | Cidan | well they use the nullsoft installer, right? |
22:18.02 | Antiarc | The installer was modified to install this trojan, which downloads and delivers the payload |
22:18.06 | Antiarc | yeah |
22:18.08 | kaiden|work | HTTP/1.1 404 Object Not Found |
22:18.08 | kaiden|work | Server: Microsoft-IIS/5.0 |
22:18.08 | kaiden|work | Date: Thu, 29 Nov 2007 22:08:35 GMT |
22:18.08 | kaiden|work | Connection: close |
22:18.08 | kaiden|work | Content-Length: 3733 |
22:18.08 | kaiden|work | Content-Type: text/html |
22:18.15 | Antiarc | kaiden|work: Same result here |
22:18.34 | kaiden|work | gimme a second i'll show you the original tcp stream from the trojan itself trying to call home |
22:18.42 | Shirik|Ecole | Directory Listing Denied |
22:18.42 | Shirik|Ecole | This Virtual Directory does not allow contents to be listed. |
22:18.43 | Shirik|Ecole | qq |
22:18.50 | Cidan | that's not really an issue then, I guess |
22:19.08 | Antiarc | Great, thanks kaiden|work |
22:19.40 | Antiarc | Ooooh. |
22:19.41 | Antiarc | www.qiangewang.com/msx/mouse.dll |
22:19.44 | Antiarc | <-- that's good. |
22:19.45 | Cidan | You can just unzip the NSIS installer, or just install it, monitor what it does, the remake the installer with your files added. I suppose I can sort-of buy his story then. |
22:19.48 | kaiden|work | we already knew that antiarx |
22:19.49 | kaiden|work | :) |
22:20.03 | Antiarc | QQ |
22:20.07 | deltron | hehe |
22:20.09 | deltron | check this out |
22:20.14 | *** join/#wowi-lounge dolby-wowi (n=Dolby-wo@MMOI/Administrator/Dolby) |
22:20.14 | *** mode/#wowi-lounge [+o dolby-wowi] by ChanServ |
22:20.26 | deltron | telnet www.qiangewang.com 80 |
22:20.35 | deltron | then type in get /msx1/post.asp |
22:20.36 | deltron | :) |
22:21.07 | deltron | http://218.85.132.165:8383/msx1/post.asp |
22:21.08 | Cidan | lol |
22:21.08 | Cidan | nice |
22:21.12 | Shirik|Ecole | oh my |
22:21.18 | Shirik|Ecole | most impressive. |
22:21.20 | Antiarc | Oh, nice |
22:21.25 | Antiarc | Must have a filter in place |
22:21.29 | Antiarc | For bad user agents |
22:21.33 | deltron | yeah |
22:21.33 | Antiarc | To prevent browsers from seeing it. |
22:21.35 | Antiarc | Good work. |
22:21.43 | Shirik|Ecole | intelligent |
22:21.45 | deltron | lol my pastey didn't work either |
22:21.54 | Antiarc | Oh man. |
22:21.58 | Antiarc | I'll bet that login gets you a view page |
22:22.02 | Antiarc | Of all the stolen info. |
22:22.05 | deltron | ^ |
22:22.06 | Shirik|Ecole | yeah |
22:22.09 | Shirik|Ecole | let's hack it! |
22:22.10 | Shirik|Ecole | lol |
22:22.20 | kaiden|work | dont get ahead of yourself |
22:22.26 | kaiden|work | you get that from just going to http://theip |
22:22.28 | Shirik|Ecole | ok so, let's test feeding it some info? |
22:22.38 | deltron | admin admin |
22:22.38 | deltron | lol |
22:22.45 | kaiden|work | the website runs on port 8383 we already knew this just from going to http://218.85.132.165/ |
22:22.56 | Antiarc | deltron: already tried that |
22:23.03 | Cairenn | if you guys do get in, screenshot it all and let's get it to the folks at Blizz so they can warn their customers about it |
22:23.29 | Cairenn | since they will be able to trace the accounts with the information that'll be stored there |
22:23.56 | kaiden|work | guys post.asp is not a file |
22:23.58 | deltron | sure wish I could read chinese |
22:23.59 | kaiden|work | it doesn't exist |
22:24.06 | kaiden|work | it's an auto forward to a "webmail" system |
22:24.06 | kaiden|work | :P |
22:24.06 | deltron | oh |
22:24.08 | Cidan | If you guys give me like |
22:24.09 | Cidan | 2 hours |
22:24.10 | Cidan | actually |
22:24.16 | Cidan | let me e-mail my girlfriend at work |
22:24.17 | Antiarc | Cairenn: Of course. |
22:24.21 | Cidan | she's chinese |
22:24.22 | Cidan | sec |
22:24.29 | Shirik|Ecole | <3 Cidan |
22:24.41 | Antiarc | ...oh shits. |
22:24.43 | Antiarc | http://218.85.132.165:8383/msx1/images/login_1.jpg |
22:24.45 | Cairenn | loving the theoretical and challenge of trying to get into it, but remember the practical as well :) |
22:24.54 | Shirik|Ecole | so, do you think this site has a lockout for using too many login attempts? |
22:25.00 | kaiden|work | Antiarc, told you |
22:25.02 | deltron | holy crap Antiarc |
22:25.03 | kaiden|work | it's using IMail |
22:25.27 | Antiarc | Iwebmail Version2.0 |
22:26.01 | Antiarc | Time to go a-googlein' for exploits! |
22:26.06 | Shirik|Ecole | screw google |
22:26.10 | deltron | lawl |
22:26.16 | kaiden|work | i think you already found an exploit |
22:26.17 | kaiden|work | haha |
22:26.17 | Shirik|Ecole | what's it called? iwebmail? |
22:26.20 | Antiarc | yeah |
22:26.24 | Duman | heh |
22:26.36 | Antiarc | Hm |
22:26.39 | Antiarc | mbx = mailbox |
22:26.48 | Shirik|Ecole | no matching CVE entry =( |
22:27.15 | deltron | nothing on the exploit sites I know about |
22:27.23 | Shirik|Ecole | hmmm |
22:27.24 | Shirik|Ecole | Summary: Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. |
22:27.27 | Shirik|Ecole | is IMail the same thing? |
22:27.30 | deltron | no |
22:27.31 | Shirik|Ecole | boo |
22:27.47 | deltron | imail is a mail server |
22:27.55 | Drea | lets say, i wanna do an if statement with two things to look for such as if ( "number" == isNumber() AND frame == is not hidden) then.. what's the syntax for and? |
22:28.29 | Antiarc | Just and |
22:28.31 | kaiden|work | and |
22:28.31 | Shirik|Ecole | "and" |
22:28.32 | kaiden|work | lol |
22:28.38 | Drea | right on. just makin sure. :D |
22:28.45 | Shirik|Ecole | must be lowercase though |
22:28.57 | Shirik|Ecole | lol Antiarc did you still want this IsDebuggerPresent() call? |
22:29.00 | Shirik|Ecole | keep getting sidetracked |
22:29.02 | Antiarc | hehe, no, I'm good |
22:29.04 | Drea | what about not equal? ~=? |
22:29.07 | Antiarc | Yes |
22:29.21 | Drea | thanks again! |
22:29.30 | Cidan | lol |
22:29.35 | Cidan | reply from girlfriend for login page |
22:30.05 | Cidan | hah |
22:30.14 | Cidan | Account number |
22:30.14 | Cidan | Password |
22:30.14 | Cidan | Security "something" (Automatic calendar on the back) |
22:30.15 | Cidan | wtf? |
22:30.26 | Cidan | the "wtf?" were her own words |
22:30.29 | deltron | heh |
22:30.31 | kaiden|work | the account number is 31481 |
22:30.42 | deltron | tell her you're trying to save nerd-dom |
22:30.46 | kaiden|work | the first check is Save Password loosely translated |
22:30.47 | Antiarc | kaiden|work: Where did you get that? |
22:30.50 | kaiden|work | the second is obviously cookies |
22:31.01 | kaiden|work | Antiarc: :) |
22:31.44 | deltron | anyone got a copy of the trojan handy? |
22:32.04 | Cidan | Eh, at this point I'd give it up. We have all we can get. |
22:32.32 | Cidan | The server is in Beijing, bleh. |
22:32.52 | cog|work | deltron: http://spyglass-server.com/keylogger/ in the unsafe directory |
22:33.01 | cog|work | err... it's not there now |
22:33.23 | cog|work | oh... RTFM i guess :P |
22:33.43 | kd3 | it's there |
22:33.48 | kd3 | look closely at the top |
22:33.49 | deltron | oh nice it's there |
22:34.10 | cog|work | kd3: <cog|work>oh... RTFM i guess :P |
22:34.24 | kd3 | bah, boo at lag |
22:34.55 | cog|work | ;) |
22:34.57 | Antiarc | Hm. That Javascript at the bottom of the page, when decoded, reads <SCRIPT src="http://www.cbiznet.com/iwebmail/checkuser.asp?userid=10000003"></script> |
22:35.29 | cladhaire | i'm so sick of users asking me to post my addons at other websites. |
22:35.52 | kaiden|work | cladhaire, you should post to mine! |
22:35.53 | kaiden|work | j/k |
22:35.57 | cladhaire | :P |
22:36.21 | deltron | cladhaire: post them to UIcentral! I heard it's safe there |
22:38.09 | deltron | hmm how to extract Setup.exe in lunix |
22:38.29 | *** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com) |
22:38.29 | Cidan | unzip it |
22:38.34 | *** join/#wowi-lounge |Jelly|_____ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:39.00 | deltron | tried |
22:39.28 | *** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:39.38 | Esamynn|Work | you guys having fun? |
22:39.48 | Cidan | unzip -a Setup.exe? |
22:39.57 | kaiden|work | Antiarc, can you use that character switcher on this D.:.\.B.T.\.1.1.y.u.e.1.7.\.$ |
22:40.06 | kaiden|work | wtf is d:\bt\11yue17\ |
22:40.16 | Antiarc | Hm |
22:40.19 | Antiarc | I was doing it mnaually |
22:40.27 | Antiarc | We may have to get access to that function to run it |
22:40.56 | kaiden|work | hrm.. www.google.cn and search for 11yue17 |
22:40.59 | kaiden|work | comes up with a lot |
22:41.01 | Antiarc | D:\BT\11yue17\$ |
22:41.11 | Cide | Drea: www.lua.org/pil |
22:41.29 | *** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:42.16 | Saint-N | ya know |
22:42.41 | Saint-N | if you guys talked to slouken i bet he could get a flag set up for a specific account login to get the ip ;P |
22:42.55 | Saint-N | and then just infect and connect once ;P |
22:42.59 | kaiden|work | verified.. |
22:43.05 | kaiden|work | 11yue17 is a chinese worm |
22:43.09 | deltron | heh |
22:43.10 | kaiden|work | quite popular apparently |
22:43.15 | kaiden|work | http://bbs.cnworms.com/archiver/?tid-20229.html |
22:43.21 | Antiarc | So that's just the working path of the project |
22:43.30 | kaiden|work | yeah |
22:43.39 | Xinhuan | lol? |
22:43.47 | kaiden|work | i just kept seeing it come up in mouse.dll |
22:43.49 | Saint-N | i blame xin |
22:43.55 | Xinhuan | :( |
22:43.56 | Saint-N | ;) |
22:43.58 | kaiden|work | Xinhuan... speak the chinese for us! what's it say?! |
22:43.59 | kaiden|work | lol |
22:44.09 | Xinhuan | which link |
22:44.12 | kaiden|work | http://bbs.cnworms.com/archiver/?tid-20229.html |
22:44.18 | *** join/#wowi-lounge |Jelly|______ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:44.35 | kaiden|work | and this one |
22:44.35 | kaiden|work | http://218.85.132.165:8383/msx1/images/login_1.jpg |
22:44.42 | Xinhuan | it seems to be a website forum for a game |
22:44.43 | kaiden|work | that's the actual home address of the worm in UICentral |
22:44.56 | kaiden|work | it's IMail running on their server |
22:44.58 | Xinhuan | the name of this game is called |
22:45.01 | Xinhuan | Football Manager |
22:45.17 | Xinhuan | do i need to explain more? |
22:45.33 | deltron | lol |
22:45.35 | Xinhuan | you are reading a particular thread of that forum ;d |
22:45.53 | kaiden|work | xinhuan, ok what's 11yue17 mean then lol |
22:45.53 | Xinhuan | and it is between 2 teams called WORMS and EDEN |
22:45.59 | kaiden|work | it's in the mouse.dll that's being thrown around |
22:46.11 | Xinhuan | yue is a chinese word for "moon" |
22:46.15 | Xinhuan | that's all i can tell you |
22:46.42 | Antiarc | And "moon" is the English word for "Lua" in Portuguese. |
22:46.45 | Antiarc | IT ALL MAKES SENSE NOW. |
22:46.52 | cog|work | ZOMG! |
22:46.54 | Xinhuan | ~lart Antiarc |
22:46.54 | purl | keeps mailing Antiarc free America Online CDs until he drowns |
22:47.00 | Antiarc | noes :( |
22:47.49 | Xinhuan | d:\bt\11yue17\ |
22:47.55 | Xinhuan | i'm pretty sure that has no meaning in itself |
22:48.01 | Xinhuan | could just be a randomly named folder |
22:48.02 | Antiarc | It's just the internal working path. |
22:48.17 | Xinhuan | or a unicoded chinese char folder or something stupid |
22:48.22 | Xinhuan | non-unicoded rather |
22:48.41 | *** join/#wowi-lounge cirdan (n=chris@c-68-45-23-196.hsd1.nj.comcast.net) |
22:48.43 | cirdan | hey all |
22:49.38 | Cidan | AHHH, IT'S MY EVIL NJ TWIN |
22:49.41 | Cidan | KILL HIM |
22:49.45 | *** join/#wowi-lounge tedrock (n=tedrock@d235-156-27.home1.cgocable.net) |
22:49.48 | Cidan | It's funny, because I'm from NY |
22:50.14 | Drea | hmm. how to explain this one? i got buttons showin up , and not loading unless the frame they are on, is visible, but.. they're showing up underneath the frame they are supposed to be on top of. whats the command to put them on the top? frame strata somethin i think? |
22:50.15 | Duman | haha |
22:50.25 | Cidan | deltron: I just took my XP VM and made a copy of the drive |
22:50.45 | Duman | yay, worms |
22:50.53 | Cidan | Drea: button:SetFrameLevel(parent:GetFrameLevel()+1) |
22:51.05 | Cidan | and make sure they are on the same strata, or the button is on a higher strata |
22:51.06 | Drea | awesome! Thanks Cidan. :D |
22:51.44 | cirdan | ok |
22:51.48 | deltron | oh well time to go home, bbl |
22:51.53 | cirdan | im trying to debug a mod |
22:52.01 | cirdan | trinketmeu isnt working on my pc |
22:52.02 | Cidan | And what mod is that, EVIL TWIN?! |
22:52.08 | cirdan | but works on my mac, go figure |
22:52.25 | Cidan | newest version? |
22:52.25 | cirdan | it gives a global nil error |
22:52.33 | cirdan | newest version is from april |
22:52.38 | cirdan | dev is awol |
22:52.42 | cirdan | but it mostly works |
22:52.56 | cirdan | i have a clean WTF and no other mod and it still doesnt work |
22:53.00 | Drea | That did it! right on |
22:53.20 | cirdan | i added swatter, and the error is |
22:53.29 | Cidan | Drea: :D |
22:53.43 | cirdan | [string "TrinketMenu_IconFrame:OnClick"] line 1; |
22:54.00 | Xinhuan | maybe you should just copy the working copy from your mac to your PC |
22:54.03 | Cidan | Drea: You may want to consider setting your interaction objects on one strata, and the frames on a lower one, so you don't run into this problem. |
22:54.04 | cirdan | attempt to index global 'TrinketMenu (a nil value) |
22:54.06 | cirdan | i do that |
22:54.15 | *** join/#wowi-lounge DM| (n=dm@cpe-65-24-59-218.columbus.res.rr.com) |
22:54.19 | cirdan | Xinhuan: i use rsync to keep my settings the same |
22:54.36 | Xinhuan | no clue then |
22:54.42 | cirdan | the error appears to be in OnClick |
22:54.54 | cirdan | and OnEnter |
22:54.56 | Drea | well, that worked Cidan, shouldn't have any more problems... now i have to figure out how to make the buttons dissappear and redraw when i change selections. |
22:55.01 | Saint-N | is it possible to convert from hfs to some other FS format without losing data? |
22:55.06 | cirdan | no |
22:55.10 | Xinhuan | the fact that it says "line 1" indicates that the file didn't get copied properly and wow is reading the entire file as "1 line" |
22:55.28 | Xinhuan | probably a CRLF or some silly EOL issue |
22:56.07 | Drea | ClearAllPoints do that? |
22:56.12 | Xinhuan | now does that make sense to you? |
22:56.21 | Cidan | Drea: What do you want to do, hide the button? |
22:57.15 | cirdan | Xinhuan: well |
22:57.29 | cirdan | i just unzipped a fresh copy and reloadui |
22:57.31 | cirdan | still error |
22:57.34 | cirdan | let me try to restart wow |
22:57.45 | Xinhuan | no addon i know puts onclick handlers on line 1 of their lua code ~_~ |
22:57.48 | Drea | i have a number of buttons, depending on the selectionin a dropdown, that come up. I want the buttons to go away, and redraw the proper number of buttons when a new selection is made. |
22:57.55 | cirdan | Xinhuan: oh i believe you.. |
22:58.05 | Xinhuan | unless, it uses XML? |
22:58.17 | cirdan | wtf that fixed it |
22:58.22 | cirdan | good eye |
22:58.24 | Xinhuan | i think lua code inside XML starts at line 1 per script? |
22:58.26 | Shirik|Ecole | baaaack |
22:58.27 | Cidan | Drea: button:ClearAllPoints(); button:Hide(); |
22:58.32 | Shirik|Ecole | Xinhuan: Kinda |
22:58.35 | Shirik|Ecole | but yes |
22:58.37 | Cidan | Shirik|Ecole: ...joy... woohoo... |
22:58.42 | *** join/#wowi-lounge |Jelly|_______ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:58.42 | Shirik|Ecole | Cidan: Did you miss me? |
22:58.46 | Shirik|Ecole | of course you did |
22:58.47 | *** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
22:58.48 | Cidan | Oh yeah, a ton, :/ |
22:58.54 | Drea | is there any way to hide all the buttons at once? |
22:58.56 | Cidan | So yeah, I have to go to this stupid dinner party in DC |
22:58.56 | Saint-N | only by a little big |
22:59.05 | Saint-N | Shirik|Ecole: for a fat guy you're rather agile" |
22:59.05 | Shirik|Ecole | 172:582:42 » Join: |Jelly|_______ 2‹n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net2› 2‹clones with: |Jelly|, |Jelly|______ (2)2› |
22:59.10 | Shirik|Ecole | that's a lot of underscores |
22:59.16 | Shirik|Ecole | Saint-N: Hahaha did you just call me fat? |
22:59.24 | Xinhuan | /chuckle |
22:59.28 | Cidan | Drea: Put them inside of an invisible frame as it's parent, then parent that frame to the main frame, hide the invisible frame, woosh. |
22:59.29 | Saint-N | yes i did tubby ;) |
22:59.38 | Shirik|Ecole | Cidan can vouch for this, I am quite the opposite of fat |
22:59.45 | Shirik|Ecole | I'm underweight |
22:59.45 | Cidan | Yeah, no kidding |
22:59.50 | Cidan | that kid is as skinny as a twig |
22:59.52 | |Jelly| | Shirik: It's my laptop. |
22:59.58 | Saint-N | regardless of your actualy weight im going to assume that you're morbidly obese for the sake of jokes ;P |
23:00.03 | Drea | err, not sure that'll do the trick, here lemme pastey. |
23:00.04 | |Jelly| | My desktop kills it's self each time it happens. |
23:00.05 | Shirik|Ecole | ok |
23:00.14 | Cidan | but you can't really even do that, he's so skinny it's not even funny |
23:00.14 | Shirik|Ecole | |Jelly| =( |
23:00.27 | |Jelly| | Trust me, it's super damned frustrating. |
23:00.31 | Drea | http://wowi.pastey.net/78260 |
23:00.48 | Saint-N | cidan: just because he's not big enough for planet status doesnt mean he doesnt deserve the oribtal moons ;) |
23:00.56 | Xinhuan | [11/30 07:01:30] <Cidan> Drea: Put them inside of an invisible frame as it's parent, then parent that frame to the main frame, hide the invisible frame, woosh. |
23:01.06 | Xinhuan | if you hide the invisible frame, its children hide too :D |
23:01.46 | Cidan | correct, invisibleFrame:Hide() and everything that is a child of it will hide as well |
23:01.54 | Saint-N | his sign off always makes me thing of www.godhatesfags.com |
23:01.55 | Cidan | hm |
23:02.04 | *** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com) |
23:02.04 | *** mode/#wowi-lounge [+v Cide] by ChanServ |
23:02.05 | Saint-N | im not sure why though |
23:02.22 | Drea | how will that work out with a scrollin frame? |
23:02.25 | Cidan | does Blizzard lua API have something for getting an iterator of children? |
23:02.39 | Xinhuan | frame:GetChildFrames() |
23:02.43 | Xinhuan | i forgot the return values |
23:02.45 | Xinhuan | look it up |
23:02.47 | Cidan | Drea: Make the invisible frame anysize, it doesn't matter where it is or how big it is |
23:02.56 | Cidan | it doesn't have to be "in" the frame |
23:03.08 | Cidan | it just needs to have the parent->child relation |
23:03.13 | Drea | cause my next step is to get the scrolling to work with the buttons, depending on how many buttons there are |
23:03.28 | Cidan | oh, that's a bit of a pain in the pass, fyi. :P |
23:03.41 | *** join/#wowi-lounge |Jelly|________ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
23:03.45 | Cidan | I dislike scrolling + WoW Lua API |
23:04.02 | Drea | yeah, i know. lol. that's why i gave up and started on gettin the buttons to show up first. lol |
23:04.45 | Drea | ok, well lets try this invisible frame thing. is there a template or somethin? |
23:05.00 | Cidan | local f = CreateFrame("frame"); |
23:05.05 | Cidan | button:SetParent(f); |
23:05.06 | Cidan | done |
23:05.06 | Cidan | lol |
23:05.16 | |Jelly| | clised the client on my laptop |
23:05.19 | Drea | ahh right on |
23:05.39 | zenzelezz | http://www.gallerischeel.dk/sjov/n603175651_500054.jpg |
23:05.44 | Cidan | and it helps if you f:SetParent(yourMainFrame); |
23:05.55 | Cidan | then make sure you just f:Show() or f:Hide() |
23:06.07 | *** join/#wowi-lounge alestane (n=nevin@c-76-24-240-47.hsd1.ma.comcast.net) |
23:06.26 | Drea | hmm. lemme see what i can do with that then. bbs. :D lol |
23:06.56 | alestane | I am really getting sick of hearing about incgamers.com. |
23:07.01 | Cidan | dude |
23:07.08 | Duman | heh |
23:07.10 | Cidan | did you hear about incgamers.com? |
23:07.11 | Cidan | man |
23:07.12 | cirdan | you guys mostly ace users here? |
23:07.19 | Cidan | cirdan: AAAAAAAAAAHAHAHHAHAHAHAHAHAHAHAHAH |
23:07.20 | Cairenn | cirdan: no |
23:07.23 | Cidan | BBBBBBAAAAAAAAAAAAAAAAAAAAAAAAHHAHAHAHAHA |
23:07.26 | cog|work | cirdan: #wowace |
23:07.26 | Antiarc | <-- ace addon developer >_> |
23:07.28 | cirdan | good |
23:07.30 | alestane | Whatever works. |
23:07.30 | zenzelezz | alestane: then yuo may want to step out for a bit, it's a recurring theme here tonight :-p |
23:07.30 | cirdan | :) |
23:07.32 | kd3 | that'd be the #wowace channel |
23:07.33 | Cairenn | there are people from every "school" in here |
23:07.33 | cirdan | ace-- |
23:07.46 | Cidan | Sorry, that was mean. :P |
23:07.57 | cirdan | and now a submod of cartograpehr isnt workin... tells me it has an unknown library |
23:08.01 | cog|work | most of us aren't anti-ace, but we certainly don't deify it ;) |
23:08.01 | cirdan | that's in the lib/ |
23:08.06 | cirdan | hehe |
23:08.13 | alestane | Babble-2.0? |
23:08.13 | cirdan | cog|work: best policy to have :) |
23:08.19 | Cairenn | cirdan: was there something you needed help with? .... nm, you just answered |
23:08.22 | cirdan | AceConsole-2.0 |
23:08.30 | cirdan | but it's there |
23:08.40 | cirdan | maybe it has a confliction version or something |
23:08.48 | alestane | I use Baggins, Cartographer, Omen and oRA2, but because I like them. |
23:09.29 | alestane | Okay, I also have Recount but I don't use it much, it might get uninstalled to relieve system weight. |
23:10.38 | alestane | Then I have DevTools, FocusFrame, HoloFriends, ReappearingUnitFrames and about eight self-authored add-ons. |
23:10.57 | Xinhuan | DevTools...? |
23:11.08 | alestane | So I guess a lot of my mods are Ace after all, but it's not 'cause they're Ace. |
23:11.32 | alestane | DevTools aka the Blessings of Iriel. |
23:11.46 | Xinhuan | what does it do |
23:12.02 | cirdan | yeah it's very odd... |
23:12.29 | cirdan | aceconsole is here... |
23:12.41 | Antiarc | Does anyone have a text file list of all the US realms? |
23:12.43 | Duman | what's the exact error you're getting? |
23:12.44 | Antiarc | I am le lazy |
23:13.08 | Xinhuan | pretty sure Antiarc, you can just go to http://forums.worldofwarcraft.com/child-forum.html?forumId=11119 |
23:13.13 | Xinhuan | and cut/copy the list out |
23:13.16 | Antiarc | Awesome, thanks |
23:13.33 | cirdan | ..\addons\cart_mailboxes\addon.lua line 70; |
23:13.43 | alestane | DEvToolshttp://www.wowinterface.com/downloads/fileinfo.php?id=3999 |
23:13.53 | Xinhuan | if it doesn't come out nicely, try ctrl-dragging the selection in firefox instead - ctrl makes firefox select table cells rather than highlight text |
23:13.53 | alestane | Slipped and hit enter too fast. |
23:14.03 | *** join/#wowi-lounge bleeter_ (n=bleeter@guifications/developer/bleeter) |
23:14.10 | cirdan | Bad argument #3 to 'newmodule'. "AceConsole-2.0" is an unknown library |
23:14.15 | zenzelezz | ~devtools |
23:14.16 | purl | Iriel's DevTools, a highly useful set of debugging tools for developers on WoW. Found at http://www.wowinterface.com/downloads/fileinfo.php?id=3999 Why isn't it in the default client yet? |
23:14.36 | Xinhuan | ah Devtools |
23:15.38 | Xinhuan | not too useful then, since most of the commands are replicated in other places |
23:15.48 | cirdan | Duman: that help any? i checked google |
23:16.01 | cirdan | and it basically said there was a bad version of ace back in april |
23:16.19 | cirdan | but this is very recent svn from files.wowace.com/cartographer_mailboxes |
23:16.26 | Drea | hmm. perhaps i did somethin wrong. but that's not workin |
23:17.35 | Drea | http://wowi.pastey.net/78261 |
23:17.41 | Drea | what'd i do wrong? |
23:17.49 | Kaso | the minimum level you can cast a buff on is (buffLevel - 10) right? |
23:18.04 | Cide | >>? http://wowi.pastey.net/78261 |
23:18.06 | Cide | Cide: input appears to be syntactically correct. |
23:18.13 | kd3 | if you cast the max-rank buff it should auto-downrank as appropriate |
23:18.27 | Cide | Drea: what's the issue? you're not very specific |
23:18.40 | *** join/#wowi-lounge Funkeh`` (n=funk@host81-157-52-135.range81-157.btcentralplus.com) |
23:19.08 | Kaso | yah but im trying to work out what rank has been casted on me by a third party |
23:19.20 | *** join/#wowi-lounge Funkeh` (n=funk@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh) |
23:19.24 | Drea | ok, i changed one thing, that fixed things a little. Basically. i'll give a for instance. |
23:19.32 | Cide | Drea: unrelated, you're probably over-commenting much of the first 121 lines |
23:19.36 | Cide | s/probably// |
23:20.55 | *** join/#wowi-lounge Maul (i=43bd3483@gateway/web/cgi-irc/ircatwork.com/x-2f17cee5121a5ca7) |
23:21.10 | cirdan | Duman: hrm, i have only cartographer and _mailbox loaded, and still errors |
23:21.12 | cog|work | hey Maul |
23:21.15 | Drea | Click on the second dropdown, and choose the first item. it sets up 8 buttons. click on the second dropdown again, and choosethe 5th item. it is supposed to have only 3 buttons. but it has 8! from the first choice. |
23:21.17 | cirdan | let eme try an older build |
23:21.29 | Maul | hey, just eves dropping :) |
23:21.40 | Drea | http://wowi.pastey.net/78262 |
23:22.28 | Lunessa | Hello Maul. : ) |
23:22.44 | Maul | hiya =) |
23:23.19 | Drea | what i want it to do, is when you choose something on the second dropdown, it will remove all the buttons, and redo the list of buttons again. |
23:23.31 | Cairenn | hey Maul, ltns |
23:23.37 | Drea | each choice has a different number of buttons. |
23:23.39 | *** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten) |
23:23.40 | *** mode/#wowi-lounge [+v Kaelten] by ChanServ |
23:25.13 | alestane | cog|work: Any word on the huge pile of gold in your mailbox? |
23:25.15 | |Jelly| | Lunessa: You were the one that recommended Scorched3D, right? |
23:25.22 | Drea | plus the checkboxes, don't change between choices, they stay checked, that i could just put another entry in the table for, no biggie. but it's not redrawing the buttons. |
23:25.29 | Lunessa | Ummm... no? |
23:25.31 | cog|work | alestane: haven't heard back from the GM yet |
23:25.35 | |Jelly| | Oh. |
23:25.38 | |Jelly| | I thought you were. |
23:25.38 | alestane | Just curious. |
23:25.44 | |Jelly| | Well. It's win to the face. Just so you know. |
23:25.45 | Lunessa | never heard of it. |
23:25.59 | |Jelly| | It's Scorched Earth, 3D. |
23:26.21 | Lunessa | It's full of awesome and win? |
23:26.24 | Drea | think about it. i'll be back momentarily. |
23:26.50 | |Jelly| | Yes, it is. Especially if you're bored. |
23:27.19 | Cide | Drea: you should tihnk about it, you know :) |
23:27.24 | Cide | it's your code logic |
23:27.31 | Cide | and honestly, you should get rid of half of your comments |
23:27.45 | *** join/#wowi-lounge Tuller (n=chatzill@c-76-27-166-119.hsd1.va.comcast.net) |
23:27.49 | Cide | they make the code harder to read in their current state |
23:28.12 | Cide | LevelGuide_Restore(); -- tells the restore function to run. |
23:28.17 | Cide | for example.. is completely useless |
23:28.26 | Cide | FauxScrollFrame_Update(LGScrollFrame, 50,5,16); -- 50 is max entries, 5 is number of lines, 16 is pixel height of each line |
23:28.33 | Cide | is probably your only well-placed comment |
23:28.39 | Cide | or one of the few, anyway |
23:29.41 | Cide | Drea: anyway, my guess would be that you're only Show()-ing entries in your LGScrollBar_Update function |
23:29.51 | Cide | thus, when it runs twice, you're not hiding the old entries, so they remain |
23:29.59 | *** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
23:32.11 | cog|work | Yay! I'm finally in the smallest group on a slashdot poll |
23:33.07 | Cide | "I have experienced sexual intercourse?" |
23:33.15 | Cide | ~rimshot |
23:33.16 | purl | ba-dum CHH |
23:33.51 | cog|work | oy |
23:34.00 | Cidan | I'm so gdmfing excited |
23:34.02 | cog|work | but yes... |
23:34.07 | Cidan | I'm going to go see Avenue Q this weekend |
23:34.11 | cog|work | ! |
23:34.12 | Cidan | THE INTERNET IS FOR POOOOOOOORRRNNN |
23:34.14 | cog|work | take me! |
23:34.18 | *** join/#wowi-lounge Wobwork (n=Wobin@203-206-178-228.perm.iinet.net.au) |
23:34.19 | Cide | oh boy |
23:34.26 | Cidan | If you're in the DC area, there are tickets still avail |
23:34.26 | Cairenn | ~internet is for porn |
23:34.27 | purl | ...but internet is already something else... |
23:34.35 | Cairenn | ~for porn |
23:34.35 | purl | http://www.infested.dk/uploads/Forporn.avi |
23:34.36 | Cidan | So get them now! |
23:34.40 | Cairenn | ah, there we go |
23:34.49 | cog|work | i'm in the exact opposite area :( |
23:35.27 | Lunessa | The internet is for porn! |
23:35.31 | Drea | ah, well the comments are there simply for a friend who is tryin to learn and asked me to comment every line to say what it's doing. |
23:35.47 | Cidan | Cairenn: Link is dead, :( |
23:36.14 | Cairenn | nooooo |
23:36.21 | cog|work | Cidan: out of curiosity i checked my latitude and it's almost identical to DC >< |
23:36.30 | Lunessa | Yes KateMonster, but what you think he do /after/ ? |
23:36.50 | Drea | i got to thinking, i went ahead and hid the invisible frame in the function that does selectin for the second dropdown, and it's still not doin it. |
23:37.10 | Cidan | cog|work: rofl |
23:37.14 | *** join/#wowi-lounge Jumpee|AFK (n=icechat5@cpe-76-166-247-247.socal.res.rr.com) |
23:37.28 | Cidan | I've never seen the show, I'm dying to see it |
23:37.39 | Wobwork | I want to see Spamalot =( |
23:37.40 | alestane | What's this smallest poll group you're in? |
23:37.41 | Drea | and ive got a f:Hide() in the update funciton too. and no dice |
23:37.44 | Cidan | When I heard that it was coming to DC, I got tickets the same day |
23:37.45 | Wobwork | and "Not The Messiah" |
23:37.53 | Wobwork | I -SO- want to see Not The Messiah |
23:38.15 | *** join/#wowi-lounge Tem (n=tardmrr@WoWUIDev/WoWI/Dongle/Tem) |
23:38.15 | *** mode/#wowi-lounge [+v Tem] by ChanServ |
23:38.35 | Wobwork | But also Spamalot after seeing Antiarc's brother doing a mimic of the songs =P |
23:39.22 | Mike-N-Go | Items like Netherstrand Longbow, they have 'Tempest Keep' on them, does that mean the raid, or any of the TK inistances? |
23:39.47 | cirdan | Mike-N-Go: the legendary items in TK are for the 1 fight only |
23:39.48 | zenzelezz | raid |
23:39.51 | Drea | seems to me that it's not removing the buttons when it hides it. |
23:39.52 | Wobwork | Aren't they only active and usable in the Kael fight? |
23:39.57 | zenzelezz | yeah |
23:40.00 | cirdan | Wobwork: afaik yeah |
23:40.03 | zenzelezz | once the fight ends, they vanish |
23:40.17 | Drea | just hiding the frame, and when it shows it. it's not redrawing, it's just adding to whats there. |
23:40.24 | Wobwork | although I've heard some instances of "If you dc just before the wipe, you can reconnect with them after the wipe" =P |
23:40.32 | alestane | Do you have a for loop that only goes up to the number of active buttons? |
23:40.38 | zenzelezz | Wobwork: it's true |
23:40.44 | zenzelezz | seen it in my guild |
23:40.51 | deltron | whee |
23:40.54 | cirdan | Wobwork: ooo |
23:40.56 | cirdan | that's cool |
23:40.56 | zenzelezz | not sure if they vanish when you enter combat though |
23:40.57 | kergoth | hmm, why does MailFrame.xml call InboxFrameItem_OnEnter in an onupdate? |
23:40.58 | deltron | you guys find out anything else about the trojan? |
23:41.10 | cirdan | i still cant find the damn error |
23:41.14 | cirdan | evern w/old versions |
23:41.33 | Mike-N-Go | cirdan: Only for one boss fight? |
23:41.52 | Xinhuan | kergoth: to update the GameTooltip every 0.2 secs |
23:41.59 | Xinhuan | like every other thing |
23:42.10 | cirdan | Mike-N-Go: they are only for the Cartographer-r56068.1 |
23:42.12 | zenzelezz | you have to kill all the other bosses in TK to get to Kael'thas, nothing else left to kill - and the room is closed when the fith starts |
23:42.14 | cirdan | err kael fight |
23:42.21 | Xinhuan | actually its not even every 0.2s |
23:42.27 | Xinhuan | that onupdate doesn't even check |
23:42.31 | deltron | kergoth: howdy :) |
23:42.31 | Xinhuan | it just runs as fast as it can |
23:42.36 | Xinhuan | i noted it when i updated Postal's code |
23:42.54 | Xinhuan | and tried to fix it by hooking it but it messed up other addons |
23:43.06 | kergoth | it also calls the onenter for every single item within a multiitem mail, does it really need to reconstruct the "multiple items (#)" tooltip that many times? |
23:43.11 | Xinhuan | so i decided meh, and undid my change |
23:43.12 | kergoth | silly blizzard |
23:43.14 | kergoth | hey deltron |
23:43.30 | Drea | yeah, hiding the invisible frame doesn't actually remove the buttons. |
23:44.13 | Drea | i need a way to remove the buttons completely. between each choice |
23:44.15 | *** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116) |
23:46.06 | Drea | hmm. concieveably, i could have a third dropdown, that allows you to choose the steps. i know i can do that. what i don't get.. is how to allow the user to check the step when they're done with it. |
23:48.40 | Jumpee|AFK | Are the functions in BitLib written by Blizzard or just provided by Blizzard? |
23:50.17 | *** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net) |
23:50.35 | cog|work | Jumpee: bitlib was developed by someone else (open source) and it was included in wow |
23:50.51 | Jumpee | thanks |
23:51.33 | Jumpee | cog|work: I never even knew it existed until I saw your post about it re the 2.4 changes |
23:51.39 | *** join/#wowi-lounge kaiden (n=kaiden@c-67-170-78-181.hsd1.wa.comcast.net) |
23:51.43 | cog|work | http://rrt.sc3d.org/Software/Lua/ |
23:52.39 | cog|work | yeah... it's rather obscure... I doubt many mods use it... Databases & communication mods for compression, perhaps |
23:52.48 | cog|work | 2.4 will chang etha t though |
23:54.27 | cirdan | ok i got ti workign by installing the ace2 mod directly |
23:54.57 | cirdan | one last question |
23:55.02 | cirdan | anyone use wow with wine/cedega? |
23:55.16 | alestane | cog|work: I do that all the time. |
23:55.20 | cirdan | i have a logitech mx revolution, tons of buttons |
23:55.35 | cirdan | wow only sees up to the scroll wheel |
23:55.52 | cirdan | i cant use the left/right scroll nor the 2 thumb buttons |
23:55.57 | cirdan | but they work in other apps and in xev |
23:57.30 | kd3 | I haven't figured out how to get the key events for other buttons working properly. I've found some software that generates keystroke events when I click some buttons, but not native regular mouse events |
23:57.42 | *** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke) |
23:57.56 | kd3 | alt+left, shift+pgup, etc... |
23:59.21 | *** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com) |
23:59.24 | cirdan | darn |
23:59.32 | cirdan | and no way to have an app specific context either i bet |
23:59.41 | pez| | why does this not wooork? |
23:59.45 | cirdan | i'd only want those binding for wow |