IRC log for #wowi-lounge on 20071129

00:00.34Saint-Ni know that gpart can read and see it correctly so im wondering if there are any good nix recovery tools that will do better than sorting by file type and then just naming them all 000001.txt 000002.txt
00:00.37foxlitSOB: Save Our Bunkers!
00:01.26Saint-Nor if i could get away with mappingit onto a winders box and recoverying that way
00:07.44*** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-fb69a1746ecef3e3)
00:07.47Adysdid blizzard change anything in the tooltip request api in last ptr build?
00:08.16Tem|AFKyep
00:08.23Tem|AFKand Onyxia deep breaths more too
00:08.32Adysfigured that
00:08.49Tem|AFK(actually, I don't know, but that's my favorite response to patch paranoia)
00:09.12Pandyaso umm, random, haven't played wow for a while but I heard discord is diededed
00:09.22Pandyaanything similar to dart about?
00:09.45Adysmy addon makes me crash in build 7655 so i got reasons to be paranoid :p
00:16.21Kelfarreepanels2 is the new dart http://files.wowace.com
00:16.56*** join/#wowi-lounge Adys|sleep (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr)
00:17.28*** join/#wowi-lounge Adys (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr)
00:17.59Saint-Npandya: closest thing is crounge around for the 2.3 build fan update of duf/dart OR if you're just concerned about pretty pictures get eepanels2
00:20.19*** join/#wowi-lounge Riffage (i=Riffage@87-194-105-200.bethere.co.uk)
00:22.52*** join/#wowi-lounge gnor (n=jaydee@cpe-76-170-71-236.socal.res.rr.com)
00:25.01*** join/#wowi-lounge dinesh-work (n=chatzill@c-68-36-168-161.hsd1.nj.comcast.net)
00:27.01*** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
00:27.25|Jelly|YAR!
00:28.41*** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-f8e4f5be49c1ef1f)
00:42.09*** join/#wowi-lounge DM| (n=dm@cpe-65-24-163-189.columbus.res.rr.com)
00:48.49Cairennnight clad|sleep
00:50.27Cairenn:)
00:50.49clad|sleepnight
00:50.53|Jelly|Night, Clad.
00:50.58|Jelly|How are you, Cairenn?
00:51.04Cairennwell enough, you?
00:51.05*** join/#wowi-lounge Ktron (n=khamer@c-24-61-199-154.hsd1.nh.comcast.net)
00:51.11|Jelly|Don't wanna talk about it. rofl
00:51.17Cairennoh dear :(
00:54.05Intangirok my addon is done
00:54.07Intangirseems to be working 100%
00:54.34Intangiri guess ill test it out for a week then post it up places
00:55.04JoshBorkeIntangir: awesome
00:55.25Nechckn_LurkWhat do you have Intangir?
00:58.13batrickSurrender your lootz or u will be destroyed
01:03.00GuillotineIntangir: what does it do?
01:03.28foxlit"If you need more than 3 levels of indentation, you're screwed anyway, and should fix your program"
01:03.55Guillotinenah, thats not true
01:04.43foxlitquoth the Linux Kernel coding style?
01:04.46Guillotineif you're indenting for functions, you'll have 3 levels if you just have a while loop with a for in it :P
01:06.41foxlitclearly the while loop should call something
01:06.43foxlit:)
01:07.27foxlitSubjectively, that feels somewhat right. I dislike sections of my code that are deeper than three levels in
01:15.15*** join/#wowi-lounge KarlKFI (n=AnduinLo@ip72-211-199-75.oc.oc.cox.net)
01:22.29*** join/#wowi-lounge Mike-N-Go (n=MikeNGoS@64.193.93.197)
01:26.19bleeterI got a serious question... looking for some *really nice* BoE or non-binding shoes for my AH mule, who's wearing full tuxedo set. Anyone got any suggestions?
01:26.30bleeterlvl 12
01:26.52pez|barefooted! :D
01:28.00Wobin_I found the Warder set, from the BE starting suit works well for dwarves
01:28.11Wobin_although I want the shirt
01:29.49KasoBasically the only boots that match the tux pants well are black mageweave but theyre lvl41
01:30.34GuillotineCairenn: in files, the "Edit" button is showing up instead of the "Quote" button for other user's comments. it isn't actually letting edits go through though :)
01:30.55Guillotineoh, maybe there is no quotes button. but either way, the Edit button is showing when it shouldn't :P
01:31.57bleeterKaso: I feared as much :(
01:34.44GuillotineArrowmaster: thanks for the file reports :)
01:36.17*** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten)
01:36.17*** mode/#wowi-lounge [+v Kaelten] by ChanServ
01:38.10Thunder_Child~seen iriel
01:38.13purliriel <n=Iriel@adsl-71-158-244-138.dsl.pltn13.sbcglobal.net> was last seen on IRC in channel #wowi-lounge, 21h 40m 10s ago, saying: 'I'm not sure the best way of representing it, but it's got merit'.
01:43.38Shirikhahaha
01:43.40Shirikevading totem
01:44.04Shirik[#] 20:42:02 Your Shadow Word: Death was evaded by Amani Healing Ward.
01:51.22Dumanheh
01:51.24Dumanhax
01:51.57*** join/#wowi-lounge nymbia (n=nymbia@71-218-136-127.hlrn.qwest.net)
01:56.24*** join/#wowi-lounge kd3 (i=kd3@gateway/tor/x-57bba900bebca46a)
01:57.59*** join/#wowi-lounge KarlThePagan (n=andross@lanip-170-65.go180.net)
01:58.04*** join/#wowi-lounge nuoHep (i=nuoHep@89.222.156.36)
02:00.39*** join/#wowi-lounge alestane (n=nevin@c-76-24-240-47.hsd1.ma.comcast.net)
02:02.56*** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36)
02:04.33*** part/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
02:05.27KasoWtf never seen that before
02:06.00Kasoa google page saying my search looked like a bot and couldnt be processed till i entered a capatcha
02:06.47Wobin_<PROTECTED>
02:08.04Kelfarrsome guy said he wouldn't go to files.wowace.com because it looks iffy and might hack him
02:08.26Wobin_omg hacks
02:08.30Wobin_And that's -never- good =(
02:09.09Kasoto be honest the current look of files.wowace isnt the most reasuring
02:09.44Wobin_Needs more penguins?
02:09.46Wobin_Monkeys?
02:09.51Wobin_ads?
02:10.05Kasoit does have the feel of one of those "fake search engine" type sites
02:20.24*** join/#wowi-lounge |Jelly|___ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
02:23.58Kelfarrwow wowincgamers has a trojan on the website now
02:25.16*** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36)
02:37.14*** join/#wowi-lounge nuoHep` (i=nuoHep@89.222.156.36)
02:42.08*** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net)
02:42.36bleeterKelfarr: they're idiots... they take a thread about Oceanic forums, and read into it something about 2.3/Season 3.
02:42.44bleeterer s/forums/realm queue lengths/
02:43.24bleetermind you, that's pretty much what Drysc did until he discovered a specific realm mentioned in the thread (which he originally mis-identified) is queued 50% of the time
02:47.49*** join/#wowi-lounge Thelyna (n=burp@222-154-153-20.jetstream.xtra.co.nz)
03:13.25*** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116)
03:25.06Corrodiasi don't like tomtom's new map icons
03:25.55Mr_Rabies2i don't like your face
03:25.57Mr_Rabies2>:[
03:26.09Corrodiasi don't like your ass!
03:26.13Corrodiasokay i do
03:31.14JoshBorkei like Cairenn's ass
03:31.18JoshBorkeor are we talking about a different ass?
03:33.31*** join/#wowi-lounge Drea|AFK (n=llsirsha@ip24-255-56-178.tc.ph.cox.net)
03:33.43Thunder_ChildCairenn's ass is already spoken for
03:34.10bleeterlucky donkey
03:34.35Thunder_Childhave you been peeking at her husband again?
03:35.34batrickdon't you love those moments where u write ugly code that you think is the only way to do it for about 2 hours and then it dawns on u what the right way to do something is and you spend 5 minutes writing ~10 lines
03:35.47*** join/#wowi-lounge deadlock (n=deadlock@12-214-50-87.client.mchsi.com)
03:36.01Intangirwhats the proper way to add on to an existing menu?
03:36.01cogwheelbatrick: that happens a lot with state headers :P
03:36.03bleeterlexicographally(‽) speaking, I wonder when the ass/arse split happened, and what the cause was
03:36.08Intangirdo i just doo AddButton with a new Info variable?
03:36.13Intangiror do i .. reinitialize the whole thing?
03:36.19Intangircause actually NEITHER are working for me
03:36.34ales|wowIriel and I are discussing how the state header thing might be cut down a bit.
03:37.02cogwheelAlestane: yeah, i wouldn't be surprised if they did a major revamp for 3.0
03:37.02deadlockCan anyone else get into the WOW account management?
03:37.33AlestaneThis isn't even a major revamp, but I think it would largely obsolete the whole button remappign thing.
03:37.38cogwheelThe introduction of macro options so late in the game changed a lot of fundamental concepts
03:37.49bleeterdeadlock: yup
03:38.55AlestaneI figure that about 10 lines added to SecureStateHeader_Refresh() should do the trick.
03:39.07deadlockDamn it wont let me. Im getting a 404 error
03:39.57AlestaneSeems broken to me too.
03:40.41deadlockkk ty for confirmation
03:42.15AlestaneApparently they're running Apache?
03:42.54*** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net)
03:44.02Intangirwhats the proper way to add on to an existing menu?
03:44.04Intangirdo i just doo AddButton with a new Info variable?
03:44.07Intangircause actually NEITHER are working for me
03:44.25batricku should QQ
03:44.31AlestaneMenus not my string suit, sorry.
03:44.35*** join/#wowi-lounge Tierrie_ (n=tierrie@adsl-68-126-192-197.dsl.pltn13.pacbell.net)
03:51.22Intangirdamn i just .. bah
03:51.26Corrodiascan you put a [modifier] conditional in a /script line of a macro?
03:53.10Corrodiasit would appear not...
03:56.30JoshBorkeCorrodias: no
03:59.01Corrodiasbut i can use "if IsAltKeyDown()" or whatever it is
04:00.33JoshBorkeCorrodias: correct
04:01.37AlestaneOr I believe you can use MacroTalk to write lines like /opt [modifier] /run some(Lua)
04:03.21*** join/#wowi-lounge dylanm (n=dylanmor@c-98-224-225-196.hsd1.mi.comcast.net)
04:03.25Corrodiasthat will simplify my stuff in the future
04:04.44*** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
04:05.21*** join/#wowi-lounge |Jelly|___ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
04:06.27*** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
04:08.25*** join/#wowi-lounge Lunessa (n=Lunessa@129.7.94.10)
04:08.29Lunessastation
04:08.48Alestane?
04:25.42Drea|AFKhow do you set text on a lua made button? buttonname.SetText("text"); sdon't seem to work
04:28.09Corrodiastomtom is also not always being able to pick up on lightheaded's coordinate links any more, it seems
04:28.18Corrodiasmight be i have a version from a few days ago
04:31.26Intangiris the a built in scale configuring frame?
04:32.54CorrodiasCLICK CLICK CLICK, tomtom. where are you?
04:33.43Dreawho u talkin to intangir?
04:37.53Intangiranyone who knows
04:38.45*** join/#wowi-lounge JoshBork1 (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
04:40.49DreaHey Josh, remember that thing with gettin text to appear on my buttons?
04:43.25*** join/#wowi-lounge JoshBork2 (n=Josh@frontend.gtri.gatech.edu)
04:48.36*** join/#wowi-lounge batrick (n=batrick@c-76-18-69-99.hsd1.nm.comcast.net)
04:49.45Antiarchttp://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31679942357&sid=1#9 <-- heads up, folks. Looks like a trojan with a keylogger payload is being distributed with wowui's UICentral program.
04:50.04Tem|AFKlawl
04:50.14Tem|AFKI can't believe anyone still uses their site
04:51.13Antiarceasy enough
04:51.18ScytheBlade1Oh never mind
04:51.24ScytheBlade1We have screenshots of assembly
04:51.28ShirikScytheBlade1: I already did, it's pretty safe to do :) If you know how to
04:52.02ScytheBlade1Yeah, I've removed spyware from the "unkillable or you instantly BSOD" threads before... it's not that I don't know how to, it's that I don't have a link :)
04:52.56cogwheelShirik: ltns
04:53.01Shirik?
04:53.16Shirikltns?
04:53.20Shirik~wtf ltns
04:53.20cogwheelI haven't seen you talking on irc for like 3 days :P
04:53.24Shirikoh
04:53.27ShirikSorry ><
04:53.33ShirikThis week is hell
04:53.36Shirikthank god it ends friday
04:53.41*** join/#wowi-lounge Tierrie (n=tierrie@adsl-68-126-223-138.dsl.pltn13.pacbell.net)
04:54.02Shirikthen everything is cool for a week
04:54.05Shirikthen finals in 2 weeks
04:54.23cogwheelah... i guess i understood the timeframe wrong...
04:54.25ScytheBlade1Haha... I can't resolve their DNS entries..
04:54.47ShirikScytheBlade1: Whose?
04:54.54ScytheBlade1incgamers.com
04:54.59ScytheBlade1Their primary nameservers aren't responding at all
04:55.18kd3ooh, another keylogger to play with
04:55.39ScytheBlade1Yeah, still trying to get a copy of it myself.
04:56.07AntiarcI'll post the copy I got like 10 minutes ago
04:56.19ScytheBlade1I want to see where it sends the data
04:56.21ScytheBlade1tcpdump ftw
04:56.25Antiarchttp://wow.tachyonsix.com/UICentralSetup-1194307582.zip
04:56.31AntiarcDeleting that file in 5 minutes, FYI
04:56.45ScytheBlade1It's cool, I've already mirrored it ;P
04:56.51ScytheBlade1(Kidding)
04:57.15kd3awesome. thanks. wireshark, here we go
04:57.18ThraeThraeBot automatically mirrors any file listed on IRC, in case it's porn.
04:57.22AntiarcTahts' fine, I just don't want people wandering by it and downloading it off my domain without knowing what it does :P
04:57.23ScytheBlade1lol
04:58.29ScytheBlade1Actually, I could just keep the changes in RAM...
04:58.53*** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net)
05:00.00ScytheBlade1Bah, what's that overlay filesystem...
05:01.01Shirik:D
05:01.15ScytheBlade1UnionFS!
05:01.16ScytheBlade1There we go
05:01.49batrick-->nil
05:01.49batbotbatrick: > nil
05:05.28*** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
05:08.42ScytheBlade1Oh screw it, I'd have to recompile crap
05:10.46ScytheBlade10_0
05:10.50*** join/#wowi-lounge batrick (n=batrick@c-76-18-69-99.hsd1.nm.comcast.net)
05:10.52ScytheBlade1I have 35GB in ~/.wine/drive_c/ ...
05:12.14Dreablast
05:12.16kd3bah, it's a .net app. don't want to install the windows version of mono in wine
05:12.40Dreahow come button.SetText don't work??
05:12.45ScytheBlade1It is? Well, crap.
05:14.26AntiarcDrea: try button:SetText()
05:14.41JoshBorkedrea: does the buttton have a text field?
05:15.34*** join/#wowi-lounge Nargiddley (n=narg@203-97-236-74.cable.telstraclear.net)
05:16.43Drea... yeah that's what i meant.
05:16.56DreaHere. lemme give ya a pastey.
05:17.51Dreahttp://wowi.pastey.net/78215  It's the Very last function, and i try to do buttonname:SetText("TeXT"); and no text. no errors either.
05:18.23JoshBorkedrea:  there is no text field on that button for you to set text to
05:18.25KasoMy my that is alot of comments
05:18.46deadlockWhat the hell makes your screen flash red
05:18.48deadlockwhen attacked
05:18.51deadlockannoying as hell
05:18.55Kasodefault UI
05:19.15Drealol. Yeah lots of comments. did it for a friend. who'seven newer than me to lua. lol
05:19.22Dreahmm. how do i make a text field there then Josh?
05:19.41Kasodeadlock, 2.3.0 patchnotes "When you take damage and have a full screen UI up, the edges of the screen will flash red so you know you are under attack."
05:19.52ScytheBlade1kd3: lol
05:19.54Kasoam i the only one who religously reads patchnotes :<
05:19.59kd3192.168.20.1 -> 255.255.255.255: DNS, Standard query A i
05:20.00ScytheBlade1Might want to look into that, lol
05:20.19JoshBorkedrea:  inherit from a button that does or create the text field yourself
05:20.22kd3and the queries "u", "dP", "u_R9", "ezMQJ59"
05:20.52deadlockKaso: Can i disable it
05:21.00Dreaso i'd have to create a text field, and place it on the button?
05:21.18JoshBorkedrea: yes
05:21.45Dreaargh, can i just inherit a button that has a text field? would that be easier?
05:21.55JoshBorkedrea: simple as: b.text = b:CreateFontString(<some magic here>); b.text:SetPoint("CENTER", b, "CENTER", 0, 0); b.text:SetText(<stuff>)
05:21.58ScytheBlade1kd3: for what it's worth, I still have random IPX requests seen every so often on my business LAN. Can't figure out where they are coming from for the life of me.
05:22.00JoshBorkedrea:  probably
05:22.11Kasodeadlock, that i am not totally sure about, i think maybe atm you cant but i remebre reading something about them adding the ability to do that some time soon
05:22.21JoshBorkei can't think of any off the top of my head, but there are a lot of blizzard buttons
05:22.24Dreahmm. do you know how to do the inheriting on the CreateFrame? it's kinda confusin to me
05:22.29JoshBorkein fact, all of the standard blizzard buttons have it
05:22.32JoshBorke~api CreateFrame
05:22.33purlhttp://www.wowwiki.com/API_CreateFrame
05:23.01MentalPower!api CreateFrame
05:23.02ThraeBotMentalPower: newFrame = CreateFrame("frameType", "frameName", parentFrame[, "inheritsFrame"]);  -- http://www.wowwiki.com/API_CreateFrame
05:23.11JoshBorke~lart MentalPower
05:23.11purlraises middle finger to MentalPower
05:23.22MentalPower~whaleshield me
05:23.25JoshBorkeMentalPower: any update on the pull all function from blizzard?
05:23.25Dreaso, CreateFrame(
05:23.27Dreaoops.
05:23.38MentalPowerJoshBorke: it works afaik
05:23.53JoshBorkeMentalPower: oh, good, time for me to check on auctioneer again
05:23.56MentalPowerbut the real test is when ther are 10K+ auctions to pull
05:23.56Thunder_ChildMentalPower, w/o the me
05:24.05MentalPower~whaleshield
05:24.05purlACTION summons a rather dense leaden whale named Billy Bob to shield mentalpower from the blast.
05:24.17DreaCreateFrame("Button", "Step "..i.."Button", UIFrame[UIBUTTONTEMPLATE]);??
05:24.31JoshBorkedrea:  no, the inheritFrom should be a simple string
05:24.58MentalPowerdrea: and you're missing a nil
05:25.11*** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net)
05:25.24Dreawow, i'm a lil confused now. lol.
05:25.38Dreaerr. maybe i'm just bein stupid.
05:25.48JoshBorkedrea:  without a nil after the button name it interprets the next field as the parent
05:26.19Drealocal b = CreateFrame("Button", "Step"..i.."Button", nil, UIParent[?]);   This is what i need. what would i put in the place of the ?
05:26.41deadlockkaso i hate it makes me wanan quit wow
05:27.18Kasoim sure it wouldnt be hard to remove
05:27.41MentalPowerdrea: whats the template you're inheriting from?
05:28.08MentalPowerUIParent[?] is not a valid template
05:28.11Dreano idea yet. know any good ones? lol
05:28.53MentalPower~facepalm
05:28.53purlACTION facepalms at the situation
05:29.04MentalPowerwhat are you trying to do?
05:29.27Drealmao. i just want a button, i can put text on. need the pastey again? lol
05:29.37JoshBorkedrea:  try UIPanelButtonTemplate
05:29.43Dreahttp://wowi.pastey.net/78215
05:30.02MentalPowerocal b = CreateFrame("Button", "Step"..i.."Button", nil, "UIButtonTemplate")
05:30.09MentalPowers/oc/loc/
05:30.19MentalPowerthat will give you the standard red button
05:33.44Dreaoy.
05:34.54Dreawell that sure screwed up my settings. lol. dangit.
05:36.23Dreait worked, they have writing on em, but they are not lined up properly anymore. which i supppose is not that big of a deal, since the scrollbar isn't working properly.
05:36.26*** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net)
05:37.03Dreaargh. if it's not one thing lately... lol
05:38.19JoshBorkenn
05:38.31*** part/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
05:48.16Dreawell at least i fixedthat. it's SOME progress.
05:48.29Dreatommorrow it is. lol. lates ya'll
05:49.11kd3anyone who can read libpcap TCP dumps, take a look at http://spyglass-server.com/pub/routerCompromised.dump
05:49.28kd3I'm boggled as to what's causing the router to send those DNS requests
05:50.16AntiarcUICentral? >_>
05:50.28Shirikkd3: Will do so in about 10 seconds
05:50.34Shirik10 minutes*
05:50.58kd3that's not UICentral related. unless it can somehow magically infect a cisco router from inside of a wine instance that didn't even get set up properly
05:51.23kd3one hell of a trojan, that
05:52.58Wobin_well you know what they say about trojans
05:53.27Shirikkd3: Those are some pretty cool requests
05:53.30Wobin_http://youtube.com/watch?v=_RmKFYhqYG0
05:54.25Shirikwierd
05:54.28Shirikthose are broadcast packets
05:54.41Shirikas if it's trying to flood your ethernet
05:54.47Wobin_I love that clip =P
05:56.03ShirikKd3: I have telecomms tomorrow I'll ask my professor if he's ever seen it before
05:56.54kd3go for it. I'll be giving the network admin a call and handing him the dump to see what he makes of it
05:57.19kd3I'm still going "wtf" watching wireshark's live feed of this
05:59.13kd3wow @ http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31680944312&sid=1#14
05:59.27AntiarcYup
05:59.32AntiarcI was pretty @_@ that Slouken bumped it
06:03.37Shirikkd3: It appears to be a DoS attack attemp
06:03.58Shirikeverything I'm reading about it shows that it is a style of attack which will attempt to get as many possible responses back to that router
06:04.15Shirikit's probably not coming from that router
06:04.22Shirikin any case you should let the net admin know :)
06:11.06Thunder_Childlightroom takes up such a huge ammount of ram
06:15.32Cairenn|afkomg, again with ui.wow.net (err, incgamers)?
06:15.47Cairenn|afk(catching up on the forums)
06:15.58Thunder_Childyou should just go by their nickname
06:16.12Cairenn|afkhow're the hand and leg doing now |Jelly|?
06:16.35|Jelly|Sore as shit. rofl
06:16.54Thunder_Childthats funny?
06:16.54Cairenn|afkhas the hand stopped swelling yet?
06:17.17|Jelly|Yeah. It's gone down a lot. I went and took a nap so I wasn't typing and what not for a while. :P
06:17.23Cairenn|afkgood
06:17.33Mr_Rabies2what'd i miss?
06:17.39AntiarcWhat's amazing is that Rushster, rather than investigating the claims, is just brushing them off.
06:17.42AntiarcNot that I'm surprised.
06:17.49Cairenn|afkdon't forget, ice for 10 mins every 20 mins
06:17.50Thunder_Child|Jelly| being dumb i guess
06:18.00Cairenn|afkAntiarc: where?
06:18.05|Jelly|What the fuck are you talking about, TC?
06:18.05Antiarchttp://wow.incgamers.com/forums/showthread.php?t=405983&page=2
06:18.15Antiarc"The virus did not come from this site. You can also not get a virus from UICentral. UIcentral can not activate/unpack execeutable files. I suggest you look elsewhere for the virus source."
06:18.24Antiarc"ORLY? *Disassembly*"
06:18.42Thunder_Childhmm... /poke it seems |Jelly|
06:18.48kd3lol. guests aren't allowed to look at the forums right now
06:19.33kd3or at least that thread
06:24.22ShirikAnyone here good with excel?
06:24.34Thunder_Childto a oint
06:24.37Thunder_Childpoint*
06:24.50AntiarcI can sum columns, Shirik :P
06:24.54ShirikI just have a formula, ok? And you know how you normally copy that formula and paste it into cells and it adjusts the formula so it lines up?
06:25.02AntiarcRight
06:25.13ShirikI want one of the values in there to line up, but one needs to stay constant
06:25.14Shirik=NPV(A18,Sheet1!B22:R22)
06:25.15cogwheeluse dollar signs
06:25.17Antiarc$
06:25.18ShirikI need the A18 to change
06:25.23Antiarc$B4 locks it to B
06:25.27Shirikso that would become $Sheet1?
06:25.28AntiarcB$4 locks it to 4
06:25.32Shirikah ok
06:25.35Shirikso $B$22
06:25.36Shiriketc
06:25.39AntiarcRight
06:25.40cogwheelyep
06:25.42Shirikthanks
06:26.16Shirikalways wondered what that $ meant, heh
06:26.29cogwheelFWIW, I had typed "use dollar signs" before your "but one needs to stay constant" appeared ;)
06:26.40Shirikhaha
06:29.09*** join/#wowi-lounge a^i`SmaN (i=drag@mlr78-3-88-162-68-235.fbx.proxad.net)
06:44.55Mike-N-GoA friend of mine has a question, he ponders of a weapon that allows one to speak to a boss in Sm cath, anyone know what this is?
06:45.31Mike-N-GoHe says it allows one to enter the cath as frendly?
06:46.34AntiarcYeah, Ashbringer, from Naxxramas
06:48.02ShirikOkay, Antiarc / cogwheel, still here?
06:48.09Antiarcyup
06:48.10cogwheelaye
06:48.18ShirikKnow any economics or anything about the PV() or NPV() functions?
06:49.14cogwheeli took macroeconomics a few years ago... let me take a look at the funcs
06:49.19ShirikThis doesn't make sense to me: I have a value of about negative $6 million. I'm calculating the present value of it, and it says it's positive $6.18 million.... Now I know I'm new to this economics stuff, but I'm fairly certain money lost can't become money gained over any amount of time
06:50.35Shirikoh crap
06:50.43Shirikok, 7.5 is 750%, not 7.5%
06:50.44Shirikgot it.
06:50.47Shiriknever mind ^^
06:50.53cogwheelheh
06:51.02Shirik750% discount rate causes some really fun stuff to happen to money, I really wish we could do that IRL
06:51.08Shiriknegative taxes whoo
06:53.30*** join/#wowi-lounge art3mis (n=art3mis@WoWUIDev/WoWI/HKUI/art3mis)
06:53.43*** join/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
06:54.05art3misoh the sheer unadulterated fun!
06:54.50art3misman id be choked if i paid money for some of these data recovery programs
06:55.04art3missure they'd be fine if the drive was in a fire or something i suppose
06:55.17art3misbut it couldnt even find a file that i recently deleted
06:57.12batrickth bot police are demanding i have a single trigger for batbot... bah i say bah!
06:57.23Intangirhow do i iterate thru every element in a list?
06:57.26Intangiror an array
06:57.34art3misyes
06:57.48batrick-->t={1,2,3} for k,v in ipairs(t) do print(k,v) end
06:57.48batbotbatrick: 1  1   2  2   3  3
06:58.09art3mishow many triggers do you have bat?
06:58.36batrick'!' and --> and various "am not" "u r" combinations
06:58.47batricknone of the latter are on in this channel
06:59.16art3miswell ditch the bang
06:59.24art3misthats thraes trigger
06:59.29Thunder_Childsticking with one would be a good idea
06:59.52Thunder_Childand as usual, kiss
07:00.03art3mis!c us Boobies Thunderchild
07:00.18Thunder_Childthats wrong on so many levels
07:00.29art3missee us boobies, TC !
07:00.43art3misor BANG! See us boobies, TC
07:00.55Thunder_Child...not helping
07:01.20Thunder_Childbesides...when did exclimation point == bang?
07:01.29Thunder_Child(i doubt i spelled that correctly)
07:01.36ShirikThunder_Child: Always called it that :)
07:01.40batrick^
07:01.41ShirikAnyway, Excel hates me....
07:01.48ShirikI have the exact same formula in two places
07:01.49batrickno microsoft hates u
07:01.53Shirikand they're different results
07:01.57batricklol!
07:02.03Thunder_ChildShirik, i bet it's you not them
07:02.07Shirik=NPV(A3/100,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80
07:02.08Thunder_ChildPEBKAC
07:02.13art3mis! == bang it's always been called that ;P
07:02.15Thunder_Childit's ALWAYS PEBKAC
07:02.16Shirik=NPV(7.5%,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80
07:02.19art3mis!root
07:02.20Shirik7.5% == A3/100
07:02.43art3misthats 7.5% APR OAC
07:02.52ShirikResult 1: -4,393,864, Result 2: $2,685,135.69
07:03.18Thunder_Childlooks like your formulas are done incorrectly
07:03.33Intangirok
07:03.38Intangirthere is a .. child frame here in this frame
07:03.43Intangirthat im sure exists also in other frames
07:03.47Intangirhow do i make sure im getting the right one?
07:03.54IntangirPlayerMiniArrowFrame
07:04.27Intangirwhats the name of the frame, for the arrows on the minimap and map
07:06.01Corrodiashmm, not sure if i want to do the quests in darkshore now, at 21, or save them for later when i just want rep and they'll be easier
07:06.15Thunder_ChildShirik, have you checked that A3/100 == 7.5%?
07:06.40Thunder_Childand have you made sure that what it returns is formated properly
07:06.40Corrodiasmight just move on to ashenvale and wetlands
07:06.43Shirikeh, sorry I copied the wrong formula
07:06.44Shirik=NPV(A77/100,Sheet1!$C$80:$R$80)+Sheet1!$B$80:$R$80
07:06.50ShirikA77/100 does indeed equal 7.5%
07:07.02Shirikwhich is .0075
07:07.07Shirik.075 *
07:07.07batrickShirik: ur first mistake was using Excel
07:07.15Shirikbatrick: I didn't start it :P
07:07.48ShirikI have also determined the NPV() part is the same
07:07.52Shirikit's the addition it's doing wrong for some reason
07:07.56Corrodiasso A = 0.097402597402597402597402597402597...
07:07.59Shirik2 million minus 6 million is not 5 million
07:08.59krkaexcept for large values of 2 million
07:09.28*** join/#wowi-lounge ckknight_ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
07:14.08art3miswhy is metal slug so insanely fun?
07:18.19Thunder_Childas in a spent bullet, oddly named toy, or band?
07:18.42ShirikFirefox can't find the server at wowui.incgamers.com
07:21.29art3mistc: as in that stupid video game
07:22.26Thunder_Childart3mis, never heard of it
07:23.28Gngskmetal slug is a classic 2d shoot 'em up game
07:24.09art3mishas anyone every watch the tv sohw Profit?
07:24.36art3misim starting to believe that TC lives in a cardboard box with a cut out to his computer screen and he's only allowed on irc and wow
07:25.14TemThunder_Child, you've seriously never played metal slug?
07:25.18Temyou poor thing
07:25.50dolby-wowiart3mis: do you have these yet?  http://wackyjapanese.pandemonium.de/2007/09/23/hello-kitty-wedding-rings/
07:25.50batricki r tired
07:25.52Thunder_ChildTem, it's hard to play it when you havent heard of it
07:25.59Thunder_Childart3mis, PC or console?
07:27.02art3misstarted as a neo geo stand up and then went console
07:27.14art3misive been on pretty much every console i can think of
07:27.50art3misdolby: not yet im saving up my upc codes ;P
07:28.56art3mishttp://www.gametap.com/home/
07:29.05art3mistc just go there and download the player and select metal slug!
07:29.54art3mishrm
07:30.01art3misis it wednesday or thursday
07:30.14Thunder_Childstill wed for me
07:30.18Thunder_Child30 more min
07:30.21art3misi think im missing a day somewhere
07:30.30art3miswtf did i do monday
07:31.31*** join/#wowi-lounge zenzelezz (n=zenzelez@ti0140a340-0342.bb.online.no)
07:38.15*** join/#wowi-lounge MoonWolf (n=MoonWolf@i208248.upc-i.chello.nl)
07:38.15*** mode/#wowi-lounge [+v MoonWolf] by ChanServ
07:43.35XuerianI love that sensation
07:43.41Xuerian"I think I missed a day..."
07:44.29*** join/#wowi-lounge Pandya (n=Pandya@bb-87-81-181-46.ukonline.co.uk)
07:44.50art3misim serious
07:45.04Corrodiassigh, the zones past the starting areas are so confusing
07:45.05art3misi remmeber patch day and today
07:45.16art3misbut i dont remember what i did  on monday
07:45.41Pandyawhat's WoW's current patch situation?
07:45.45Pandyahaven't played for a bit :P
07:45.54Pandyaare we in the wake of a large patch, or about to get slapped with a large patch
07:46.14Dumanstill in the wake of 2.3
07:46.26Pandyaah ok
07:46.46Pandyahow big be 2.3
07:46.57Pandyagot about five minutes before I have to go to work :P
07:48.56art3misif you havent updated since tbc came out its 700mb ;P
07:49.44Pandyawell seeing how wow isn't installed yet, ye.
07:49.47Pandyaooo found a download
07:49.50Pandya870mb ;_;
07:56.53*** join/#wowi-lounge ckknight (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
08:12.17*** join/#wowi-lounge ckknight__ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
08:16.33*** join/#wowi-lounge zenzio (n=zenzelez@85.19.77.194)
08:17.04*** join/#wowi-lounge Dotted (n=Dotted@82.129.20.243)
08:17.10art3misanyone remember when they would release movies and they didnt have a crappy video game associated with them?
08:18.37zenziomust have been back in the day when every popular TV series didn't get a stupid game also
08:19.05art3misahhh the good old days
08:19.22art3misi do miss the days of every cartoon having action figures though
08:19.53art3misand incredibly puntastic and sarcastic jokes in kids cartoons and lots of violence
08:21.05art3misie. tiny toons, animaniacs, gi joe, transformers,battle of the planets, samurai jack dextors lab, invader zim rocky and bullwinkle, roget ramjet,
08:28.37*** join/#wowi-lounge leethal (n=leethal@213.187.163.226)
08:29.08*** join/#wowi-lounge widgertick (n=na@ip68-109-67-190.oc.oc.cox.net)
08:29.08*** mode/#wowi-lounge [+o widgertick] by ChanServ
08:29.17*** join/#wowi-lounge krka (n=krka@c83-250-42-60.bredband.comhem.se)
08:30.04*** join/#wowi-lounge dolby-wowi_ (n=Dolby-wo@CPE-70-94-30-72.wi.res.rr.com)
08:31.30*** join/#wowi-lounge Kalroth (n=kalroth@0x573f1066.hjnqu1.broadband.tele.dk)
08:37.28*** join/#wowi-lounge amro (n=amro@82.101.184.161)
08:38.36*** join/#wowi-lounge Cairenn (n=Cairenn@MMOI/Administratrix/Cairenn)
08:38.36*** mode/#wowi-lounge [+o Cairenn] by ChanServ
08:43.26widgertickWB Cairenn =)
08:43.32Cairennthanks
08:43.42Cairenninternet decided to drop there for a couple
08:43.50widgertick>_<
08:48.54batrickzzz
08:49.15batrickwe need some drama for entertainment
08:49.27batricki'll start
08:49.29batrickshirik is bad
08:49.31batricklol!
08:49.42Shirik=(
08:49.52batrickshirik u were supposed to have a retort
08:50.02ShirikI'll just go qq
08:50.22batrick<PROTECTED>
08:50.47Cairennbatrick: you behind on the news? there's drama, it just isn't in channel atm
08:50.50AntiarcWe already have drama for tonight
08:50.56batrickwhere at?
08:51.02batrickthat post on ui forums?
08:51.07batrickit's moving slow
08:51.09AntiarcYes, and the follow up on the wowui forums
08:51.14widgertickOoh, drama?
08:51.15AntiarcRushster is awake now
08:51.15Cairennhttp://www.wowinterface.com/forums/showthread.php?threadid=13805
08:51.33Cairenn(bottom paragraph of my post leads to it all)
08:51.57Cairenntrojan in incgamers' UICentral auto downloader/installer
08:52.11batrickthat thread is locked where's the fun in that cairenn
08:52.45Cairennright, I keep forgetting, they lock out anyone whenever the site is "busy"
08:53.06*** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
08:53.28batrickjust need to coordinate all our irc bots to DOS them
08:53.34widgertick@_@
08:53.47batrickwe have irc bots out the wazoo
08:54.03AntiarcWhat's interesting is that the trojan comes from wowui.incgamersi.com
08:54.06Cairennno, no we don't guys
08:54.07AntiarcNote the extra "i"
08:54.30AntiarcAt this point I think that someone slipped it into the installer without Rush noticing, but that's a pretty freaking huge breach of security
08:54.54batricki get the feeling this guy is fun to flame
08:55.05batrickwe don't what Cairenn ?
08:55.16Cairenn(3:53:26 AM) batrick: just need to coordinate all our irc bots to DOS them
08:55.39batricki was joking : /
08:55.40Corrodiaswho?
08:55.41batricklol
08:56.03batrickCairenn: u r 2 serious
08:56.07Corrodiasrandom IP's? :P
08:56.27*** join/#wowi-lounge dolby-wowi (n=Dolby-wo@MMOI/Administrator/Dolby)
08:56.27*** mode/#wowi-lounge [+o dolby-wowi] by ChanServ
08:56.33Cairennbatrick: intrawebs r srs bsnss!
08:56.39Cairenn^_-
08:56.57batrickonly when bots r involved
08:57.00widgertickim in ur intarwebz
08:57.02batrickbatbot: rite?
08:57.03batbotbatrick, It is certain.
08:57.03widgertickfillin ur dump trux
09:04.13Corrodiasokay, the warlock succubus quest for the alliance sucks ASS
09:04.48Corrodiasstep 1: "go to stormwind because i'm a twit and don't know what to do"
09:05.28Corrodiasstep 2: "go out into the middle of the Barrens, almost as far from a friendly travel point as possible, because i'm a jackass and don't know what you need"
09:05.52Corrodiasstep 3: "oh, you just need this thing in ashenvale. bye!"
09:06.09greppyCorrodias: ratchet has an alliance flight path.
09:06.22Corrodiaswell, i said almost.
09:06.35Corrodiasi suppose being at the very south end would have been slightly worse
09:07.01greppyOr in the crossroads :)
09:07.11Corrodiasheh, yes
09:08.24Corrodiasoh well. good way to keep me up late at night. time for me to sleep. 'ni!
09:08.58*** join/#wowi-lounge Chompers (n=Chomp@cpc2-cove7-0-0-cust20.brhm.cable.ntl.com)
09:10.43amroit's kinda insulting to hear Not enough rage- I just died 3 times on the same quest
09:15.43*** join/#wowi-lounge Riffage (n=nnscript@87-194-105-200.bethere.co.uk)
09:16.38*** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk)
09:30.48*** join/#wowi-lounge batbot (n=batbot@c-76-18-69-99.hsd1.nm.comcast.net)
09:48.12*** join/#wowi-lounge ThraeBot (n=ThraeBot@pool-72-81-238-113.bltmmd.fios.verizon.net)
09:48.48*** join/#wowi-lounge Thrae (n=Thrae@pool-72-81-238-113.bltmmd.fios.verizon.net)
09:50.05cladhaireCorrodias: TomTom works just fine with LightHeaedd.
10:02.03*** join/#wowi-lounge haste (n=haste@c7049BF51.dhcp.bluecom.no)
10:03.25Temwidgertick, THE INTERNET IS NOT A BIG TRUCK
10:05.48Industrialits a series of tubes
10:06.04Cairennwell, duh, of course it is!
10:09.00Cairennaaaanyway, it's 5am, I'm going to bed
10:16.06Industrialnn Cairenn|afk
10:17.27amrois there an accurate way to get the current date?
10:17.45Temos.time
10:18.32*** join/#wowi-lounge Dotted^1 (n=Dotted@82.129.20.243)
10:23.03*** join/#wowi-lounge CrazyMYKL (n=rumors@149.152.112.160)
10:23.21amroTem: ingame
10:23.45cladhairetime()
10:23.55cladhaireor date()
10:23.57cladhairei don't recall which
10:24.01Temtime AND date
10:24.05cladhaireLIES
10:24.07cladhaireand SLANDER
10:24.07Temdate("formatstring",time())
10:24.08cladhaire!!!
10:24.16*** join/#wowi-lounge [dRaCo] (n=drc@p5B229FD2.dip0.t-ipconnect.de)
10:24.23cladhaireokay, shower time, thenc lass.
10:24.28amroyep both work
10:24.30nevcairieldate automagically uses current timestamp if you dont provide one
10:24.31amrothanks
10:28.27*** join/#wowi-lounge MentalPower|ZzZz (n=MPower@WoWUIDev/Norganna/Administrator/MentalPower)
10:28.27*** mode/#wowi-lounge [+v MentalPower|ZzZz] by ChanServ
10:28.27*** join/#wowi-lounge Tierrie_ (n=tierrie@adsl-68-126-223-138.dsl.pltn13.pacbell.net)
10:28.44*** join/#wowi-lounge Tem (n=tardmrr@WoWUIDev/WoWI/Dongle/Tem)
10:28.44*** mode/#wowi-lounge [+v Tem] by ChanServ
10:28.53*** join/#wowi-lounge Adys|off (n=Adys@APoitiers-257-1-34-238.w90-38.abo.wanadoo.fr)
10:29.16*** join/#wowi-lounge |Jelly|____ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
10:29.42*** join/#wowi-lounge Xuerian (n=core@216.222.137.173)
10:35.45Rayne`BF2O_o
10:43.33*** join/#wowi-lounge Adys|sleep (n=Adys@90.55.33.121)
10:46.01*** join/#wowi-lounge Telrin (n=test@klaagmuur.quince.nl)
10:50.31*** join/#wowi-lounge zenzio_ (n=zenzelez@85.19.77.194)
10:58.03*** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
10:58.29*** join/#wowi-lounge nuoHep (i=nuoHep@89.222.156.36)
11:35.15*** join/#wowi-lounge bindi (i=indigo@d54C68C7E.access.telenet.be)
11:37.37*** join/#wowi-lounge Srosh (n=Srosh@c132176.adsl.hansenet.de)
11:42.28*** join/#wowi-lounge Kalroth (n=kalroth@0x573f1066.hjnqu1.broadband.tele.dk)
11:49.33*** join/#wowi-lounge zenzelezz_ (n=zenzelez@ti0140a340-0342.bb.online.no)
11:50.31Temoh wow
11:50.40Temit's a complete lynching in that thread
11:50.45*** join/#wowi-lounge ven (n=ven@i59F56EDA.versanet.de)
11:51.09Temalso, shit
11:51.14Temit's 6am again
11:52.31AntiarcAfter the wowace debacle? Yeah, not too surprising/.
12:08.39[Ammo]they still advertise as beeing 100% spyware free on the site :)
12:09.21zenzio_this sounds interesting, what did I miss?
12:10.43amrozenzio: http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1
12:10.57zenziocheers
12:19.57*** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com)
12:20.12KalrothIt's pretty simple. Don't fucking distribute executeable files for others. Ever.
12:21.33amroyep. but the worst part is their response, nicelly summed up by tekkub
12:33.13zenziosomeone go cook up a lolcat picture please; "im in ur forum, exposin ur troshuns"
12:35.16*** join/#wowi-lounge sylvanaar_work (n=sylvanaa@63.237.23.130)
12:43.22*** join/#wowi-lounge cladhaire (n=cladhair@client0518.vpn.ox.ac.uk)
12:43.43*** mode/#wowi-lounge [+o cladhaire] by ChanServ
12:46.39*** join/#wowi-lounge Nom- (n=nom@standen.id.au)
12:46.46*** join/#wowi-lounge amro (n=amro@82.101.184.161)
12:48.39Shirik<3 Wobin
12:48.45Shirik"You euthanised your faithful Trojan more quickly than any test subject on record. Congratulations."
12:48.56Shirikoff to class
12:49.27Wobin^^
12:53.06IndustrialDING 65
12:56.09zenziograts
13:00.31cladhairehttp://forums.worldofwarcraft.com/thread.html?topicId=3168328825&postId=31680146383&sid=1#45
13:04.35Wobincladhaire: "despicable"
13:04.40cladhairethought so
13:04.41cladhaire:P
13:09.28*** join/#wowi-lounge amro (n=amro@82.101.184.161)
13:13.17Industrialyou tell him cladhaire !
13:14.00*** join/#wowi-lounge Shirik2 (n=nospam@155.31.172.131)
13:30.07*** join/#wowi-lounge Garns (n=blub@muedsl-82-207-252-175.citykom.de)
14:00.40*** join/#wowi-lounge Funkeh` (n=funk@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh)
14:06.50*** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com)
14:06.50*** mode/#wowi-lounge [+v Cide] by ChanServ
14:13.06*** join/#wowi-lounge Srosh (n=Srosh@c132176.adsl.hansenet.de)
14:24.45*** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@gateway/web/cgi-irc/ircatwork.com/x-854ff90918fcb579)
14:30.23*** join/#wowi-lounge dinesh-sleep (n=chatzill@146.145.196.188)
14:36.23*** join/#wowi-lounge malreth (n=malreth@dhcp-45-31.its.utexas.edu)
14:36.59malrethi go sleep for a few hours and i miss the start of the GREATEST DRAMA EVAR!@#
14:37.54*** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ
14:37.58*** part/#wowi-lounge Shirik|Ecole (i=9b1f45a9@conspiracy/developer/Shirik)
14:38.07*** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@conspiracy/developer/Shirik)
14:38.07*** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ
14:44.13*** join/#wowi-lounge Shirik|Ecole (i=9b1f45a9@gateway/web/cgi-irc/ircatwork.com/x-4d48d1addded0be9)
14:44.17*** join/#wowi-lounge cogwheel (n=chatzill@c-67-164-121-134.hsd1.ca.comcast.net)
14:44.19Shirik|Ecoleok, someone confirm I'm not being stupid here
14:44.30Shirik|Ecoleworldofwar.net == incgamers.com
14:44.33CideI can confirm the opposite
14:44.35malrethShirik: i have never known you to be stupid
14:44.43Cidecorrect
14:44.52Cidesame network, anyway
14:44.56Shirik|Ecolehuh
14:45.03Shirik|EcoleI didn't know that :/
14:45.43KalrothI think Shirik is stupid!
14:45.47Shirik|Ecole=(
14:46.18malreth~lart Kalroth
14:46.18purljudo chops Kalroth
14:46.30Kalroth~wedgie malreth
14:46.31purlACTION hangs malreth from the flag pole by his underwear
14:46.38malreth~jump Kalroth
14:46.38purlACTION scrambles up the nearest tree, screams, then leaps feet first on top of Kalroth
14:46.45Kalroth~hug Kalroth
14:46.46purlACTION hugs Kalroth tightly until Kalroth turns slightly blue
14:46.50Kalroth><
14:46.55malrethHAH!
14:48.26malrethso, the Mystery of the Disappearing AddOn Settings has been saved all thanks to Scooby Doo.
14:48.37malreths/saved/solved/
14:49.44Wobinmalreth: You had a blank entry in addons.txt, didn't you?
14:50.03*** join/#wowi-lounge Polarina (n=Polarina@unaffiliated/polarina)
14:50.04malrethWobin: i was talking about the forum drama
14:50.09Wobinah =P
14:50.11*** join/#wowi-lounge Shirik2 (n=nospam@155.31.172.240)
14:50.27WobinWell, that's not really disappearing, just nicely restarting =P
14:50.59malreth...to kindly sniff your password and username
14:51.32malrethi should write a trojan that is all friendly and says 'thank you' and stuff like that
14:52.45malrethalso, it should judge the strength of your WOW password and let you know that you should have set a better one that is more than x characters long or isn't a dictionary word or whatever
14:53.14malrethit can also praise you for a maximum length password that uses upper/lower/numbers/symbols properly
14:53.42malrethand then kindly apologize that it is currently informing the Russians about your login information nonetheless
14:54.26Cidesounds like a winner
14:54.43malreth"In two days, you can expect to find yourself naked and broke, lying in a Draenei brothel. Sorry."
14:55.41*** join/#wowi-lounge Xuerian (n=core@wireless-216-222-137-173.citizip.com)
14:56.23malrethProper grammar and spelling would be a must.
14:56.59Industrialmmm Draenei brothel
14:57.20malrethlots of horny chicks
14:57.27malreth~rimshot
14:57.27purlba-dum CHH
14:57.59Industrial^^
15:01.34Shirik2Maldivia: I did something like that once, where it says "hi"
15:01.54Shirik2but did it in a system-modal message box that keeps popping up
15:01.59Shirik2hehehe
15:02.06*** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ
15:02.07*** join/#wowi-lounge Paradox_ (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
15:03.02*** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
15:28.38Intangirhey guys
15:28.43malrethyeah!
15:30.03Intangirdoes anyone use google code?
15:30.09Intangirdoes it haveacvs type system aswell?
15:30.35zenzelezzIIRC it has SVN
15:30.37malrethgoogle code seems to have an svn
15:31.05Intangiroh cool
15:31.09Intangirthis is neat, this is all free?
15:31.40malrethit can be considered free if you don't mind sucking the black greasy cock of your Google Dark Overload
15:31.48Intangirwhat do yo u put your addons on?
15:31.54Intangirmalreth: ya.. good point
15:32.10malrethI don't make, use, or condone addons
15:32.31malrethADDONS = SIN
15:33.03JoshBorkemalreth: liar
15:34.24malrethRighteousness tastes meaty...
15:34.26[dRaCo]yay for ZA!
15:34.48malreth[dRaCo]: :D
15:35.11IntangirBSD license is the most free opensource license right?
15:35.35malrethwell, it allows just about anything
15:35.55zenzelezzdepends how you define "open source"
15:36.00malrethas long as copyright notices are carried over
15:36.04zenzelezzI'm sure mr. Stallman would have an objection
15:36.15malrethand it has that non-promotion clause thing in it
15:36.38Intangirnon promotion?
15:37.42malrethyou couldn't take code from StopTheSpam!, put it in your addon, and then release your addon and say "New! Includes awesome code written by Malreth!" as a 'selling point'
15:38.25malrethin other words, you can't use the name of the original author to promote your derivative work
15:38.40Intangiroh that sounds wise
15:39.02*** join/#wowi-lounge dylanm (n=dylanmor@c-98-224-225-196.hsd1.mi.comcast.net)
15:39.03*** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
15:53.38*** join/#wowi-lounge deadlock (n=deadlock@12-214-50-87.client.mchsi.com)
15:56.14Intangirim uploading my addon now on googlecode
15:56.27mikmaWRYYYYYY
15:56.34IntangirMURLOC!
15:58.05art3misany of you mac people know of a util that can recover deleted files WITH filename instead of m131234.mp3  style recover?
15:58.25dreamssspinrite dint do full filenames?
15:58.38malrethart3mis: not off the top of my head
15:58.57art3misthe drives not damaged
15:59.04art3misit just had a backup issue
15:59.09dreamssi belive most good restore progs do filename if the name is on the file list tables
15:59.25dreamsstry spinrite
15:59.33art3mispartway through the sync backup from drive to drive it encounters an error and started copying 0kb files to the destination
15:59.47art3misand the source
15:59.52art3missince it was set to sync
15:59.56malrethouch
16:00.12dreamssso it renamed the file
16:00.20dreamssand made a new one
16:00.43art3misso it overwrote a majority of files as 0kb, ive gotten back most of them and many revisions of the same files but the naming scheme in every mac recovery program ive used doesnt recovery with filename, only file type
16:01.06art3misdownside is that its 96k files ;)
16:01.27art3misdreamss: more or less
16:01.37malrethmy suspicion is the filename went away when the file's inode was changed
16:02.02art3misi wish mac had a preview option
16:02.07malreththe file-recovery software just looks for unlinked file-looking data
16:02.15malrethart3mis: for mp3s?
16:02.22art3misso i could just open a dir see thumbnails of everything and find the names that way
16:02.29malrethyou can
16:02.34art3misxls doc pdf etc etc etc
16:02.38art3mismp3s is easy
16:02.43malrethespecially in 10.5
16:02.44art3missince they store id3 tags
16:02.52art3misoh?
16:02.57malrethyah
16:03.08malrethfor the filetypes that you mentioned
16:03.16Cidehttp://youtube.com/watch?v=2x2W12A8Qow
16:03.19malreth.xls .doc .pdf especially
16:03.21dreamsshttp://www.grc.com/sr/spinrite.htm
16:03.33malrethall image types should get icon previews
16:03.43malrethand failing that, there's always quicklook or cover view
16:04.00malrethin fact, cover view mode would be perfect for that
16:04.34art3misdreamss i dont think that will work
16:04.48malrethoh.. i take back the .xls one... those don't seem to get automatic previews
16:05.02art3misthe drive itself is fine, it's the contents of said drive thats gotten gimpy... i'd need some util that would allow me to rollback
16:05.02malretheither that or it only works with older .xls formats
16:05.56Intangiromg our lag here is so freaking terrible
16:06.49dreamsshmmm
16:07.13art3misbut i think im gonna set up a subversion for him
16:07.22ScytheBlade1Antiarc: "Trojans are a lie. Trust the Administrators. There has never been any such thing as a trojan. The Administrators are Truth. The Administrators are Safety." 10/10, would lol irl again, A++
16:07.24art3misthat way his important stuff is offsite ;P
16:07.41dreamssbofh is allways right
16:07.42malrethScytheBlade1: yeah, i liked that one too
16:07.56ScytheBlade1That was just incredibly well done
16:08.39dreamsslike i said, to make a self ofbsucating self updating trojan thats never the same on 2 pcs is very easly
16:09.10dreamsssigh
16:09.15*** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
16:09.43*** join/#wowi-lounge |Jelly|____ (n=chatzill@adsl-76-196-0-150.dsl.rcsntx.sbcglobal.net)
16:09.44*** join/#wowi-lounge cog|work (n=chatzill@intra.kistlerwine.com)
16:10.55ScytheBlade1"You euthanised your faithful Trojan more quickly than any test subject on record. Congratulations" was incredible also
16:10.57|Jelly|the incgamers drama continues! woot
16:11.21ScytheBlade1I'm just catching up from when I went to bed last night
16:11.28ScytheBlade1Some of these replies are nothing short of awesome
16:11.29|Jelly|me too lol
16:11.41|Jelly|I first had to laugh at my troll and now, it's reading time! :P
16:12.03ScytheBlade1Ding ding
16:12.24|Jelly|How DARE YOU provide evidence, Shirik!
16:12.32Shirik=P
16:12.43ScytheBlade1"You're posting from my closet aren't you? You can come out now, it's safe." another lol from me
16:12.46malreththe entire incgamers thing... everything from the wowace stuff to this is just nothing short of amazing
16:12.46|Jelly|I'm not there yet, it was just one of the pauses while I was scrolling.
16:13.51malrethif allakhazam never really recovered fully from the negative PR years ago that wasn't even their fault and that they handled correctly, i can't even fathom the extent of the negative mindshare that incgamers will have from this
16:14.12art3misdreamss: we call that Warden ;P
16:14.39Shirikincgamers is lucky they don't get sued, tbph
16:14.51Shirikwith the enormous amount of evidence that this is actually them covering up an intentional attack?
16:15.19ScytheBlade1malreth: I'll be honest, I *HATE* vBulletin based sites... but in this case, all of the other sites reeked of excessive suck, incgamers being one of them (imo).. even if I didn't know their history, I'm not the least bit surprised
16:15.33ScytheBlade1They'll never hear the end of this
16:15.43Shirikoh come now
16:15.48Shirikanything's better than blizzard's forums :P
16:15.53ScytheBlade1Ha
16:15.55malrethShirik: what's the evidence again that this was intentional?
16:16.25ShirikIt's really just circumstantial
16:16.30malrethah
16:16.47|Jelly|roflamo...Shirik owned his face off on Page 2 and it goes on for another two pages. This is going to be beautiful.
16:16.49ScytheBlade1I really do like the WoW forum design, in all truth.. it handles simply amazing amounts of load, all things considered
16:17.16ScytheBlade1And they do have the "click to continue" page for sites that they don't trust (read: all of them)
16:17.24ShirikThe fact that the file was there, the fact that the program requests another program from his site (meaning two breakin points had to exist). The fact that the setup file seems to be seamlessly packaged, yet executes the viral file immediately on exit. The fact that he seems to have been covering it up even after I posted the exact lines of code that are malicious.
16:17.27ShirikNeed I continue?
16:17.53ScytheBlade1He's boned.
16:17.58malrethShirik: it could be an inside job
16:18.12Shirikthat would still make it incgamers at fault
16:18.19ScytheBlade1"
16:18.19ShirikI'm not necessarily saying "him," but the organization
16:18.48Shirikwhat I absolutely can't stand, though, is the amount of coverup work he does
16:18.51*** join/#wowi-lounge Kirkburn (n=Kirkburn@82-32-40-219.cable.ubr06.azte.blueyonder.co.uk)
16:18.55ScytheBlade1"2. I cant apologise for something I dont know how it has happned or what has happened. We always do if something screws up." <-- bam, and with that line, any form of respect (myself as a modding site 'admin') - GONE.
16:18.56|Jelly|<PROTECTED>
16:19.04Shirikoh I was mad at him there, yeah
16:19.16|Jelly|I'm laughing so hard.
16:19.30malrethi wouldn't be quick to say someone who gets infiltrated is at fault... but yeah he should quit with the coverup doublespeak
16:19.31ShirikI had tor all lined up and ready to go, too; he never banned me =(
16:19.48ShirikHe banned Tek though, haha!
16:19.49art3misnew drama?
16:20.05deadlockIs there a way to make the chat tabs already visible
16:20.06malrethShirik: yeah! banning tekkub was priceless
16:20.37malrethart3mis: oh my yes
16:20.47art3missomeone should mirror the forums ;) so he can stop getting ad revenue from the flame war ;P
16:21.42art3miswhats the new drama?
16:21.58malreththe way he comes off calling all of this a 'campaign' against him and his site or something
16:21.59art3misi lost interest after the whole wowace thing
16:22.08malrethi'm all thinking, 'dude, you do this to yourself'
16:22.43malrethart3mis: you know all those increasing reports on the forums about people who keep repeatedly losing their addon settings
16:22.49malrethand nothing seems to be the culprit?
16:23.08art3misnope didnt read that
16:23.17dreamssart3mis, dont be retardedm warden is a piece of crap
16:23.37malrethturns out it may be caused by a trojan that is bundled with the UIC updater thing or something
16:23.56art3misyeah but its a self hiding self replicating polymorphic encrypted piece of crap ;P
16:24.09dreamssohhh
16:24.09art3mismal: hahah
16:24.23dreamssi take it back i was being the tard
16:24.30dreamsstrue
16:25.01art3missomehow the uic updater getting trojaned is kind of funny
16:25.50malrethwell, the implication is that the trojan's been there for some time now
16:26.04malrethand by all indications looks like it was always intended to be there
16:26.30malrethso, either they were really moronic
16:26.42malrethor someone has done a good job in setting them up to look like morons
16:26.56CideI hope someone set them up
16:27.01ScytheBlade1Postin' in a thread because everyone else is, whee!
16:27.06Cideit'd be such a conspiracy
16:28.15art3misso what did the trojan do supposedly? just reset yer ui?
16:28.36art3mismaybe thats how cog got haxxored
16:28.54ScytheBlade1Read page one of that thread for details
16:28.55cog|workart3mis: i've only ever used WAU
16:29.02dreamssnow should i be pissed that my guild filled their za raid without even asking me, one of the core healers
16:29.06Shirikart3mis: I already took it apart bit by bit
16:29.09ScytheBlade1art3mis: http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=1
16:29.10dreamsswhos allways there for raids..
16:29.11Shirikread the first page, it's all there :)
16:29.25Shirikbut suffice to say, it's a keylogger
16:29.29Shirikone specifically designed for wow
16:29.41dreamssdo u have it?
16:29.45*** join/#wowi-lounge Kaso (n=Kaso@resnet31.nat.lancs.ac.uk)
16:29.47dreamssthe executable
16:29.59ShirikI'm actually working on reconstructing the protocol along with Antiarc so we can flood the server with fake usernames and passwords
16:30.07Shirikthere are quite a few
16:30.16Shirikone downloads another which downloads another which injects it into lsass.exe
16:30.23dreamssis it irc based
16:30.28Shirikand that all is started by the setup.exe
16:30.28dreamssor http based
16:30.30Shirikit appears to be HTTP based
16:30.45ScytheBlade1Shirik: I'd STRONGLY suggest that you do so and e-mail your findings to hacks@blizzard.com
16:30.53dreamssno ssl certs? lol
16:30.53ScytheBlade1I was thinking the same thing last night
16:31.13Shirikdreamss: lol, no
16:31.21Shirikbasic HTTP
16:31.33Shirikthe only reason I haven't fully reconstructed it is because stupid VirtualPC doesn't have a 3d accelerator
16:31.34*** join/#wowi-lounge Hobinheim|ubuntu (n=mark@207-38-224-165.c3-0.43d-ubr9.qens-43d.ny.cable.rcn.com)
16:31.38ScytheBlade1dreamss: any client can connect to an SSL'd host (duh). The only way to actually secure the data is to use server AND client certs, which no one does. And even then, you'd have to distribute the private key with the trojan.... which would be pointless
16:31.41Shirikand I've never used vmware before
16:32.08*** join/#wowi-lounge Lopeppeppy (n=Lopeppep@141.222.29.30)
16:32.33dreamssscy, mostly was wondering about dumping the packets
16:32.52ScytheBlade1dreamss: it's still plaintext somewhere along the line. :)
16:33.13dreamssoh of course
16:33.44dreamssbut ur aware of the dcc exploit on some routers right?
16:33.51dreamssit was protection agaist trojan
16:33.51Intangirwhat does ace2 do for you?
16:33.57ScytheBlade1lol yes
16:33.59dreamssnothing
16:33.59ScytheBlade1STARTKEYLOGGER
16:34.04ScytheBlade1*bam*
16:34.27dreamssyeah i was wondering if the guy who made it tought of protecting it agaist that
16:34.27ScytheBlade1That was actually Norton AV, not a router, but close enough. (Unless you're thinking of something else)
16:34.32|Jelly|<PROTECTED>
16:34.39|Jelly|Sorry...got distracted for a minute.
16:34.40dreamssnah diff routers had that feature
16:34.55dreamssi think u killed kirk ::P
16:35.03Kirkburn:O
16:35.30ScytheBlade1Well he IS on XP... so maybe ;)
16:35.45dreamssmake Norton and some retarded Linksys / Netgear routers shit on the connection.
16:36.02Riffagewireshark go? :P
16:36.07dreamssbtw that was a kickass feature.. if it wasent limited to port 6667
16:36.16KirkburnI only use this PC for net browsing and IRC, my Vista PC does everything else :P
16:36.16ScytheBlade1Heh, yeah
16:36.24ScytheBlade1I'm connected to :8888 right now, iirc
16:36.25|Jelly|Oh look. Another wall of SHIRIK OWNING RUSH.
16:37.22dreamsswhmm why a war is on coilskar cistern
16:37.25dreamssif he dosent mine
16:37.28dreamssor skin
16:38.26*** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com)
16:39.00*** join/#wowi-lounge Kalroth (n=kalroth@port114.ds1-hj.adsl.cybercity.dk)
16:40.27pez|heck, I want a itemlist instead of itemicons for ordering my guildbank >__0
16:42.28wereHamsteris any interesting theread on incgamers.com or is all the funny stuff already posted on forums.worldofwarcraft.com?
16:42.44Shirikincgamers is where it started
16:42.45Shirikand is locked
16:42.47Cidepez|: addons
16:42.52Shirikbut yeah have fun, especially starting with my post :D
16:43.03Shirikhttp://wow.incgamers.com/forums/showthread.php?t=405983
16:43.26pez|Cide: Workin on it ;P
16:43.27ScytheBlade1Bah, requires a login
16:43.36wereHamsterincgamers requires registration, and unless I get heaps of fun for it I won't do it ;)
16:43.50ScytheBlade1Same.
16:44.00ScytheBlade1Anyone want to change their password and distribute? ;)
16:44.05wereHamsterbugmenot anyone?
16:44.41Shirik|Jelly| was amused by my posts
16:44.49ScytheBlade1rofl
16:44.54ScytheBlade1There IS a bugmenot for them
16:45.04|Jelly|Jelly was amused by the posts on the UI forums. I'm not going to register there.
16:45.11ScytheBlade1Oh bah, it's been disabled
16:45.42wereHamsterlet's set up another one, bugmenot provides free email accounts :)
16:46.27ScytheBlade1haha
16:46.31|Jelly|Is it just me or on Page 1/2 did Rush deny that there was a Trojan...and then on Page 3, he says "Nobody is denying a trojan exists." ?
16:47.00malrethbetter screenshot or quote it before he changes his tune, |Jelly|
16:47.03ScytheBlade1Not just you.
16:47.14|Jelly|malreth: roflamo
16:47.37|Jelly|<PROTECTED>
16:48.19pez|read some of that earlier today, interesting read.
16:48.43cog|workanyone mind taking a moment away from the UICENTRAL thread and addressing something else? I'm all alone over here... http://forums.worldofwarcraft.com/thread.html?topicId=3168479124&sid=1
16:49.03|Jelly|Jesus Cog. It's always about you, isn't it? :P
16:49.15cog|workthat's the thing... i don't want it to be all about me :P
16:49.27ScytheBlade1Holy walls of text
16:49.33ScytheBlade1That'll take me a minute to read
16:49.55Shirikomg |Jelly|
16:49.56zenzelezzis there something wrong with the Armory? Keep getting "An error has occurred."
16:49.57|Jelly|I see like 7 posts by Cog in a row. :\
16:49.58Shirikhe edited that thread!!
16:50.03ShirikHe deleted half of my posts
16:50.04Shirikdamn him
16:50.07*** part/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com)
16:50.08|Jelly|rofl
16:50.13Shirikyou can get the original version on the WoW forums
16:50.15dylanmzenzelezz: Happens all the time.
16:50.15*** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com)
16:50.15*** mode/#wowi-lounge [+v Cide] by ChanServ
16:50.17Shiriksecond page I started quoting him
16:50.28cog|work|Jelly|: which is exactly why i brought it up just now :P
16:50.44cog|worki'm tired of monopolizing the thread ><
16:50.51|Jelly|I guess I don't see what you need backup on, Cog. You seem to have everyone owned pretty well. :P
16:51.12cog|workOh I know i own their faces for all eternity...
16:51.25cog|workbut the fact that they don't realize that really irks the shit out of me
16:51.27|Jelly|By the way, I love the new sig.
16:51.58|Jelly|I'll keep the tab open and wait for a response. If I don't have one by the time I'm done _reading_ the uicentral thread, I'll post something.
16:52.01dreamssBush Appointee investigating Rove calls IT to wipe drives: claims 'virus' <-- prolly plays wow
16:52.02dreamss;)
16:52.19Shirikanyone having a problem with the wow forums?
16:52.31cog|workShirik: besides the people posting on it?
16:52.32cog|workno
16:52.33Shirikmaybe I got banned, haha :P
16:52.36|Jelly|OH NOES! THEY BANNED THE INTERNET! :P
16:53.02ShirikI keep getting "You may not use the World of Warcraft Community forums to:" ... bunch of rules "Please enter birth date"
16:53.06ShirikI enter birth date, that pops up again
16:53.14*** join/#wowi-lounge Beladona (n=Beladona@24.129.136.26)
16:53.14*** mode/#wowi-lounge [+o Beladona] by ChanServ
16:53.18dreamsscookie issue?
16:53.19|Jelly|that's strange
16:53.20cog|workcookies
16:53.28ShirikI was posting 5 minutes ago :/
16:53.35dreamssur not allowing wow to save cookies
16:53.37dreamssbasicly
16:53.40cog|work~fail Shirik
16:53.41purlShirik: Fail.
16:53.43cog|work:P
16:53.47wereHamsterRushyman: hehe. I think Slouken is slightly more intellgient than getting involved in flame wars :)   I guess Rushy is less so
16:53.54Shirikhow did cookies get disabled?!
16:53.55Shirikbah
16:53.57ScytheBlade1cog|work: posted
16:54.55dreamssanyone have the binary of this trojan handy? i like to disasemble it a bit
16:55.13LopeppeppyNo disassemble Johnny-5.
16:55.20|Jelly|PEPPY!
16:55.22dreamss:(
16:55.33zenzelezzsee, talk about cookies and she wakes up
16:55.38LopeppeppyMorning, |Jelly|-dear.
16:56.27Shirikdreamss: Which one?
16:56.33ShirikThere are several packages you can play with
16:56.39dreamssfun
16:56.41art3misumm
16:56.42Shirikeach with its own unique features
16:56.52art3misif wowdigger.com isnt his site why is it in his signature?
16:57.04dreamssi want to see if any were irc based so i could take over their botnet
16:57.09ShirikScreenhotConverter.exe goes to incgamers.com and downloads an exe, runs it with permissions, and then deletes itself
16:57.24Shirikthat exe runs itself, injects a service into lsass.exe, and then deletes itself
16:57.26dreamss!dos forums.worlfofwarcraft.com :P
16:57.45Shirikthat service infects mouse.dll and an IME dll which then provides a keylogging capability
16:58.07dreamsssomeone gonna have to format
16:58.08dreamssgezz
16:58.10art3misi bet it logged more than wow stuff too
16:58.17art3misit just spawned on wow ;)
16:58.18ShirikAs far as I can tell it's only WoW
16:58.23Shirikit looks for that exact process
16:58.33art3misif you've got wow open in windowed and browse the web.....
16:58.39wereHamsterCan WoW be run without admin privileges?
16:58.41dreamsslsass.exe is the shittiest idea ever, i swar
16:58.41Shirikfair enough
16:58.52art3miswere: yup
16:58.54dreamsswereHamster, of course
16:59.21wereHamster.. many apps can't :(
16:59.38ScytheBlade1wereHamster: every Blizzard game can, file system permissions permitting.
16:59.44dreamssgames only access registry, and most use a user dir for saves
17:00.03dreamssu need admin to install sometimes tho
17:00.13dreamssand access windows dir
17:00.15Shirikactually
17:00.27ScytheBlade1You don't have to install in Program Files
17:00.29ShirikWoW does need admin privileges due to the way it manipulates files
17:00.35wereHamstercan a non-admin app register a dll with lsass.exe?
17:00.38Shirikif you install in Program Files folder, it will need admin
17:00.58ShirikwereHamster: I don't believe so, but the installer requests admin privileges anyway
17:01.15Shirikso ScreenhotConverter.exe will be spawned with admin, which means the next exe will be spawned with admin
17:01.32Shirik(Permissions can be and by default are inherited)
17:02.24Shirikand once it's a service, iirc, it automatically is given admin at startup
17:02.30Shirikwhat's the #1 purpose of a service
17:02.40Shirikis that it becomes a system process instead of a user one
17:03.16*** join/#wowi-lounge Valaron|Work (n=esochan@132.241.2.13)
17:03.27dreamssyeah once u use lsass the system is fucked
17:03.51art3misi love how every post that rushy posts on the wow forums contains [edited by rushyman] at the bottom
17:04.03art3mishe should just make that his sig
17:05.20*** join/#wowi-lounge Lin (n=igor@unaffiliated/lincity)
17:06.09LopeppeppyIt's pretty common in a hot debate to post a blank post so that you can hold your "spot" in the flow of the debate, and then take your time to analyze the stuff above you.  Always seems odd to me, but whatever.
17:06.11Linhi all!
17:06.29Shirikhi Lin
17:06.41Lin;-)
17:06.41*** join/#wowi-lounge Ktron (n=khamer@WPIS-64-140-241-82.worldpath.net)
17:06.42dreamssthankfully u cant do that on irc
17:07.11LopeppeppyReality (such as it exists on the internet) is preserved in real-time chat.
17:07.59|Jelly|lol. just dropped my laptop
17:08.21Shiriklies
17:08.27Shirikhe who types faster clearly has the upper hand
17:08.33*** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
17:08.39Shirikthis cannot be denied
17:08.48|Jelly|YOUR FACE CAN NOT BE DENIED!
17:08.51|Jelly|sick burn
17:08.54Shirikyour mom cannot be denied
17:09.13|Jelly|touché
17:09.14Shirikcmon, where's the comeback?
17:09.17mikmai like caps lock and i cannot lie
17:09.25|Jelly|I don't use caps lock.
17:09.28Shirikyou other hackers can't deny?
17:09.40|Jelly|I'm one of those people that can type while holding down shift. :P
17:09.42[dRaCo]try something along the lines of "NO U!", jelly
17:09.42mikmashirik got it xD
17:09.47dreamssi have all your wow passwords and i cannot lie
17:10.04|Jelly|dreamss: No you don't! I didn't install the UICentral program!
17:10.09art3miswhen a wall text thats capitalized you eyeballs can't deny you get SPRUNG
17:10.17dreamssu installed wow.exe
17:10.31|Jelly|No I didn't!
17:10.35dreamssjelly's pass is "ponnies"
17:10.38|Jelly|There is no wow.exe on my machine!
17:10.46|Jelly|Oh sorry...taking Rush's stance on things.
17:10.49PolarinaDing 70!
17:10.51Shirikyou other hackers can't deny. When a noob walks in, I take all her weapons, then she's a hot naked BE and you get SPRUNG
17:10.52Shirikhaha
17:10.53|Jelly|GRATS!
17:10.54art3misdreamss: thats his pass on www.barnyardsex.com
17:11.01Shirikok
17:11.04dreamssand bank account
17:11.07dreamssbut hes broke..
17:11.17art3miswell baryard isnt cheap ;)
17:11.31|Jelly|iTunes isn't opening. This is making me mad.
17:11.37Shirikis there a window behind?
17:11.39zenzelezzfinally replaced my last blue last night... took ages to get something to replace the Devilshark Cape
17:11.43ShirikI always get this stupid popup that I have to find
17:11.44Shirikand click OK
17:11.48Shirikit's annoying as hell
17:12.00Shirikit doesn't come up on the task bar or anything
17:12.04|Jelly|./sigh
17:12.05dreamssitunes is the main reason i dont own an ipod
17:12.23|Jelly|Choose Library. THE ONLY F**KING ONE I HAVE!
17:12.24art3misi would have gone with  you being a hobo as a reason
17:12.42dreamssoh wait, itunes is #2
17:12.45dreamssart is right
17:13.05|Jelly|I like itunes
17:13.22ShirikSo |Jelly|, that was it?
17:13.23LopeppeppyI like.... dayquil.  A lot.
17:13.27|Jelly|Yes.
17:13.31Shirikstupid itunes
17:13.32|Jelly|~facepalm
17:13.33purlACTION facepalms at the situation
17:14.34art3mismyquil has a better slogan though
17:14.39art3misnyquil
17:14.54art3misi can never remmeber anything more than "bright eyed, bushy tailed"
17:15.02art3misfor dayquil
17:17.03*** join/#wowi-lounge Gryphen (n=gryphon@71.216.187.10)
17:17.35Shirikdreamss: Still want that executable?
17:17.45Shirikpop quiz to anyone, what is incgamersi.com?
17:18.04dreamsssounds like u guys have done evrything
17:18.37wereHamsterShirik, 218.85.132.165:8383
17:18.43Shirikwell... thank you ><
17:18.45ShirikI figured that one out
17:18.59ShirikI just realized after having sifted through all my logs
17:19.07ShirikI didn't realize it was incgamersi.com instead of incgamers.com
17:19.13Linis  professions skill limited per level as weapons?
17:19.22dreamssno
17:19.26ShirikThat is where it connected to get piece #2 of the puzzle
17:19.36Lin<PROTECTED>
17:19.39dreamssits limited by level but not per
17:19.46wereHamsterSan Zhang web@domain.com
17:19.50Lindreamss: got it.
17:20.04wereHamsterFujian province,Xiamen City, Xiamen Hainan 361004
17:20.05Lindreamss: where can I see these limits?
17:21.12ScytheBlade1Lin: it's +5 total every level... at level 15, I have a cap of 75
17:21.20ScytheBlade1Oh, professions skill
17:21.28LinScytheBlade1: yes.. professions.. not weapon.
17:21.41ScytheBlade1The only limits are you need level 30(35?) to train 300, and 55 to train 375.
17:22.02LinScytheBlade1: and  20? what is the limit?
17:22.14ScytheBlade1Er? 20...?
17:22.18Linyes!
17:22.19dreamss175 ?
17:22.42Lindreamss: hmm this is not included First aid =D
17:22.49dreamssi dunno.. google
17:24.52|Jelly|!c us burning legion jelly
17:24.54ThraeBot|Jelly|: Jelly, Level 70 Blood Elf Priest (23/38/0). 6621 HP; 9885 Mana; 343 mana regen; 162 mp5; 612 +spell dmg; 1627 +heal; 5.06% dodge; 18 resilience;[[ TBR: 760 ][ Link: http://tinyurl.com/yrmc88 ][ Talents: http://tinyurl.com/2mw2d7 ][ Updated: Thu Nov 29 12:24:54 2007 EST ]]
17:29.16Shirik!vs us drenden kimina us burning legion jelly
17:29.19ThraeBotShirik: Kimina vs Jelly! Two 70 priests square off!; 20/41/0 vs 23/38/0; Kimina wins by 98 TBRs!
17:29.36|Jelly|Kimina fucking hacks. Everyone knows it.
17:29.56Shirikactually I was the one who made this keylogger thing
17:29.58zenzelezz!vs us drenden kimina eu silvermoon zenzio
17:30.06Shirikso I can log into your account and make you naked before I run these !vs commands
17:30.18zenzelezzstupid armory
17:30.59ThraeBotzenzelezz: I failed on the second listed character. You half-fail.
17:31.19zenzelezzno I don't, the website does
17:32.38JoshBorke!vs us drenden kimina us stormreaver dagh
17:32.40ThraeBotJoshBorke: Kimina vs Dagh! Two 70 priests square off!; 20/41/0 vs 14/0/47; Dagh wins by 236 TBRs!
17:32.54Shirikwtf
17:32.57Shirikwhat happened to you being holy?!
17:33.07JoshBorkeShirik: i healed on VR
17:33.13JoshBorkeand promptly changed my mind
17:33.17Shirikweak.
17:33.25JoshBorkei was #2 on healing done though
17:33.33JoshBorkewith 20%? overheal
17:34.00JoshBorkewhich was #2 on overheal
17:34.05Shirikgoing to try to get an hour of sleep now
17:34.06Shirikttyl
17:34.07JoshBorke#1 healing and #1 overhealing were a paladin
17:34.08JoshBorkenn
17:35.01|Jelly|Night Shirik
17:38.33Xuerianlol.
17:38.46XuerianAll in the name of ease of use
17:38.53dylanmWhatever it takes to stop idiots from using dev versions
17:40.09LopeppeppyDownload and install by hand.  .exe doesn't even ahve to happen.
17:43.58*** join/#wowi-lounge kaiden|work (n=kaiden@63.229.62.12)
17:47.11*** join/#wowi-lounge cncfanatics (i=evolve@106.152-240-81.adsl-dyn.isp.belgacom.be)
17:48.53cncfanaticshello all
17:50.00malrethYO!
17:50.17cncfanaticsyo
17:50.17cncfanatics:p
17:50.35kaiden|workcncfanatics, hussy <3 ;)
17:55.24LopeppeppyWait... competition for the title?
17:57.45kaiden|workLopeppeppy, lol ;)
17:57.49kaiden|workyou can be a hussy too
17:57.51kaiden|workeveryone can
17:57.56LopeppeppyOh, that's okay then.
17:58.31zenzelezzdon't suppose anyone knows of a quality one-piece Naxxramas video? Only ones I've found are either too short or not to my taste, mostly everyone seems to have just made videos of the individuals fights/wings
17:59.22Mr_Rabies2did anyone do the whole instance in one night really?
17:59.39Mr_Rabies2oh
17:59.41zenzelezzdoesn't have to be done in one night to be a one-piece video
17:59.42Mr_Rabies2durh
17:59.46Mr_Rabies2yeah
17:59.48Mr_Rabies2i wasn't thinking
17:59.59Mr_Rabies2but yeah, it'd probably still be a pretty long video D:
18:00.06zenzelezzaye
18:00.27zenzelezzwell, it's what, fourteen bosses? Too fast for me when the total video is 10 minutes then :-|
18:01.04kd3heh. it appears that the UICentral thread has disappeared from wowblues
18:01.10*** join/#wowi-lounge Thunder_Child (i=Thunder_@cpe-76-171-184-46.socal.res.rr.com)
18:02.27*** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten)
18:02.27*** mode/#wowi-lounge [+v Kaelten] by ChanServ
18:02.33*** join/#wowi-lounge Matrix110 (i=blubb@pD957FDDC.dip.t-dialin.net)
18:03.27kaiden|workRushter seems like he's working hard to hide his screwup
18:04.09Mr_Rabies2http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=280178750924&_trksid=p3907.m32&_trkpa
18:04.13Mr_Rabies2bwahahhaa
18:04.22Fisker-poor rushter kaiden|work
18:04.32Fisker-what is he trying to hide?
18:05.39*** join/#wowi-lounge Legorol (i=Legorol@dhcp-83-219-109-95.customers.tvtnet.ch)
18:05.39*** mode/#wowi-lounge [+v Legorol] by ChanServ
18:12.45*** join/#wowi-lounge leethal (n=leethal@cm-84.215.168.253.getinternet.no)
18:18.08Fisker-fragile alliance
18:18.25Fisker-nooo
18:19.04ShadowedFisker- read the UI forums
18:19.04Fisker-so talk
18:19.17Fisker-ah still the wowace stuff?
18:19.26Fisker-thought that was resolved
18:20.04LopeppeppyWowace?  UI Central.
18:20.20[Ammo]trojan in the uicentral package
18:20.22Fisker-yeah ui central was offering wowace addons?
18:20.23[Ammo]nothing to do with wowace
18:20.25zenzelezzI'd not even heard of this UI Central until today
18:20.32cog|workFisker-: that's not what this is about
18:20.36Fisker-oh
18:20.38LopeppeppyThis is another different thing.
18:20.50LopeppeppyEasily confused, as it's similar and the same site invovled.
18:21.26Fisker-link me :P
18:21.35cog|workit's not hard to find...
18:21.35Fisker-this is relevant to my interests
18:21.38cog|workslouken posted in it
18:21.48Fisker-ah
18:22.04Fisker-didn't know you meant official forums
18:22.16LopeppeppyOh, quite.
18:23.17Fisker-ahahha
18:23.20Fisker-it's not on wowblues.com
18:23.27Fisker-guess i gotta change back to blue.cardplace.com then
18:24.45wereHamsterI'm gonna register wowjazz.com :)
18:25.05wereHamstererr.. wowrap.com
18:25.18Thunder_Child~lart wereHamster
18:25.18purleats wereHamster and falls over dead
18:27.15wereHamster~mourn purl
18:27.16purlACTION lights some candles for purl
18:27.43LopeppeppyElmo needs more acid.
18:28.25Thunder_Childright, because elmo wasnt weird enough
18:29.17Thunder_Childthough i do remember the elmo fad
18:29.47Lopeppeppypurl just made me have a flashback, that's all.
18:30.45*** join/#wowi-lounge ckknight_ (n=ckknight@rrcs-74-62-251-185.west.biz.rr.com)
18:33.22Thunder_Childalong with pogs, beanie babies, giga pets, wearing pajams to school, (painted rocks were a little before my time), and i think i ran out
18:33.49Cidehttp://cgi.ebay.com/ROCK-BAND-PS3-GUITAR-HERO-3-BUNDLE-SANTAS-HELPER-2-80_W0QQitemZ270190941684QQihZ017QQcmdZViewItem
18:34.38LopeppeppyCabbage Patch dolls, Atari video games, Chia pets, beanie babies, Pound Puppies, My Little Pony, Rainbow Brite, Care Bears and Garbage Pail Kids.
18:35.29Mr_Rabies2that sounds like a good way to wind up with a dead model
18:35.36Thunder_Childi think that chia pets ended up being more for adults than kids
18:37.03LopeppeppyI think Chia Pets ended up being the lump  of coal in a lot of people's "white elephant" gift exchanges.
18:37.47wereHamsterCide, she's got a friend: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&rd=1&item=270191155384&ssPageName=STRK:MESE:IT=
18:38.21Cidenot as hot though
18:38.54Fisker-btw kaiden|work
18:39.02Fisker-remember that you support child porn
18:39.04Fisker-and abuse
18:39.09Fisker-so i don't believe you about ui central!1
18:40.35kaiden|workFisker-, excuse me?
18:40.58LopeppeppyUgh with the smear and counter smear.
18:41.13Fisker-kaiden|work didn't you see that newspost rushter made?
18:41.34kaiden|workno, i've only read the official forums
18:41.36Fisker-essentially said that the ui sites related to affinity was supporting child porn
18:42.31ScytheBlade1Bah, why not
18:42.37ScytheBlade1I think I'm going to reboot and play with that trojan
18:43.09ScytheBlade1(On a live windows install ;P)
18:43.53kaiden|workhas anyone bothered running wireshark and watch what the trojan is trying to do
18:43.57kaiden|workin terms of connections outbound?
18:44.00ScytheBlade1That's what I'm about to do
18:44.02ScytheBlade1Back in a moment
18:44.06kaiden|workor is it all he said she said.. it looks like this or looks like that
18:44.31*** join/#wowi-lounge Daede (i=Daede@d47-69-127-141.nap.wideopenwest.com)
18:44.55Fisker-i hope i can his site removed from the fsp
18:45.05Fisker-but i doubt it
18:45.13Daedehey, I sent an update for 1.2.5 of my interface, thenb realized i left the bliz addons in, so i set 1.2.5a directly after that. please make note of that when you're looking through the queue
18:45.13Fisker-+get
18:45.21*** join/#wowi-lounge Lunessa (n=Lunessa@129.7.88.193)
18:45.28LunessaSTATION!
18:47.10amrois there a way to make wow report syntax errors again?
18:47.19Daede?
18:47.28kd3esc -> interface -> show Lua errors
18:47.38Daedenice
18:48.20amrousually when there's a syntax error in a lua file a message box shows up on login/reloadui, it's not happening
18:48.30amrokd3: it's set
18:48.48Daedeoh
18:48.52kd3do you have any enhanced error log mods running?
18:48.53Daededo you have swatter?
18:48.55wereHamsterkaiden|work, shirik analyzed the trojan a bit
18:49.22ScytheBlade1Indeed he did... I'm just going to poke at the protocol and servers  involved
18:50.01Shirikkaiden|work: Yes, I have.. pretty specific details on how it works :)
18:50.14amroswatted swatter and it works, thanks
18:50.22*** join/#wowi-lounge KarlThePagan (n=andross@lanip-170-65.go180.net)
18:50.38Daedemakes my life so much easier
18:51.07amroif it breaks syntax error reporting, that's really lame
18:51.34Daedei know it captures any error worth reporting *shrug*
18:52.22kd3<PROTECTED>
18:52.36kaiden|workShirik, I understand you analyzed the file but running decompilers on an executable doesn't always tell you what's really going on whereas a packet capture will tell you exactly what it's sending and receiving
18:52.50kaiden|workShirik, not saying you didn't do good, i'm just trying to add ammunition to the firefight
18:52.51kaiden|work:)
18:52.57ShirikI didn't use a decompiler
18:53.02Daedeiptraf is your friend
18:53.20ScytheBlade1Whee, it's downloading the trojan now
18:53.36ShirikI used a disassembler. After that, Antiarc and I have been logging the packets for quiet some time now, and we intend to make use of this information later
18:53.36ScytheBlade1That's a lot of XML
18:53.56kd3ya know, part of me is still in shock that slouken actually touched that thread.
18:54.18cog|workkd3: same
18:54.32Daedeso where did you guys find this keylogger? not in someone's interface, i hope..
18:54.36ScytheBlade1kd3: I thought the same, then I realized what he was really saying - "not our fault, not our problem, you need to be self aware"
18:54.49zenzelezzactually worse than in an addon
18:54.53ShirikDaede: UICentral
18:55.02kaiden|workShirik, all i'm saying is there are any number of reasons why something labeled ScreenshotConverter would have network hooks.. what if they called it externally with a url that way it could grab a proprietary screenshot and convert it to a format their program could use
18:55.08cog|workDaede: addons can't have keyloggers
18:55.12kaiden|workShirik, i'm not trying to validate UICentral by any means..
18:55.17kaiden|workjust trying to understand what's going on
18:55.44Fisker-i still don't believe that trojan thingy because you all support child porn :(
18:55.45Fisker-including me
18:56.11Shirikkaiden|work: There aren't many reasons it could connect to the network, download a file named Updata.exe from a chinese IP, execute that program with full permissions, then that program downloads another file, injects it as a service into lsass.exe, then both files delete themselves...
18:56.31Shirikthen that service infects mouse.dll and some other IME dll
18:56.51amroyep it's pretty clear there's something shady going on
18:56.51Shirikand then continues sending data constantly over to that same chinese IP every time you open WoW
18:56.56kaiden|workwell see that's more that i knew before
18:57.01Shirik=)
18:57.03kaiden|workdidn't know it was touching the mouse system
18:57.17Daedecog, i know, but someone could stick one in their interface cleverly disguised with a renaming routine in a custom addon *shrug* im just paranoid, i guess
18:57.19ScytheBlade1Shirik: 218.85.132.165 ring any bells?
18:57.20Shirikbut yes, I do have wireshark logs too
18:57.32kaiden|workShirik, just making sure you have all your bases covered
18:57.36Shirikthat is indeed an IP that is all over the logs ScytheBlade1
18:57.42ScytheBlade1That's what I thought
18:58.03Shirikkaiden|work: of course :)
18:58.17Daedeshirik, this is a ui website installing this trojan?
18:58.20kaiden|workthat ip is in australlia
18:58.21sylvanaar_worki just want to know how it got in there
18:58.38Shirikkaiden|work: I only say "chinese" because the site itself is written in chinese if you go to that IP
18:58.40ShirikI didn't bother to look it up
18:58.59kd3as do we all
18:59.32ShirikDaede: No they really couldn't
18:59.45ShirikWoW will not execute binary files, only uncompiled Lua scripts
18:59.57Daedefair enough
18:59.58ScytheBlade1Shirik: that executable it downloads... where do they save it?
18:59.59kaiden|workShirik, what's the url it's downloading updata.exe from?
19:00.01cog|workDaede: that would still require packaging up an exe, bat, or other executable file
19:00.06cog|workand getting the user to run it
19:00.13Daedei wont pretend to know more about how it works than i do.. i only maintain a compilation
19:00.37Shirikkaiden|work: http://wowui.incgamersi.com/updata.exe <-- WARNING TO ALL OTHERS, DO NOT GO THERE
19:00.43Daedewhich someone should really approve so i can get back to the game..
19:00.53kaiden|workwritten in .net?
19:01.01kaiden|workdeobfuscation ftw? :]
19:01.06ScytheBlade1Yes, it is written in .net
19:01.17Daede.net in and of itself is a security nightmare
19:01.28Shirikis it really? I tried to run reflector on it but it complained about a missing CLI header
19:01.31ShirikI don't think it's .net
19:01.32kd3lol... and the trojan writers are getting lazy now. a trojan in .net? ahaha
19:01.39ScytheBlade1The ScreenshotConverter.exe is
19:01.43ScytheBlade1Pretty sure, anyways
19:01.48ShirikWhatabout ScreenhotConverter?
19:01.53ScytheBlade1It's .net
19:01.54Shirikthere's a difference ;)
19:02.04ScytheBlade1lol, meh
19:02.15amro"Could not connect to host www.wowinterface.com." can anyone reach it?
19:02.29Industrialfine here
19:02.34Shirikworks for me
19:02.37Daedeso basically i should just blacklist incgamers.com?
19:02.55ScytheBlade1That's odd.. I don't have any registry entries
19:03.40kaiden|workwell you can always go one better
19:03.49ScytheBlade1Oh they changed the service
19:03.56ScytheBlade1That's dirty, I actually USE that service
19:04.19Daedeand one better being?
19:04.44Daedebtw looks like soemone approved it
19:05.03DaedeGet the latest DaedeUI only at WoWInterface.com! http://www.wowinterface.com/downloads/info7826-DaedeUI.html
19:05.18DaedexD
19:06.40amrocongrats
19:07.46IndustrialI bet it has unitframes actionbars chat mods info bars and raid frames!
19:08.09Daedeamong a lot of under the hood stuff that makes playing the game and being productive a lot easier
19:09.21Daedelightheaded+mobmap+levelator=really easy questing
19:09.37ScytheBlade1Oh, heh
19:09.38ScytheBlade1Whoops
19:09.46ScytheBlade1That's what I get for suspending lsass.exe
19:11.14Daedei dont know about suspending lsass but if you terminate it it just restarts
19:11.19ScytheBlade1I suspended it in process explorer... and then did something which required it functioning...
19:11.27ScytheBlade1Locked up process explorer nicely
19:11.32Daedeheh
19:12.22ScytheBlade1Bah, it's still loaded post hard reset
19:12.23ScytheBlade1Hmm
19:13.27DaedeI'm Mr. T and this is my Night-Elf Mohawk
19:13.42Lopeppeppy*laugh*
19:13.49Daedei love that commercial
19:14.15Daede"Uhh, T, there's no such thing as a Night-Elf Mohawk" "SHUTUP FOO, now as I was saying.."
19:14.18LopeppeppyI sorta like the shaman one better.
19:15.12ScytheBlade1Wow, access denied to changing service startup paramaters
19:15.18ScytheBlade1This is a somewhat competent trojan
19:15.35Daedei think bliz should hold L70ETC concerts regularly.. charge like 5g to get in
19:16.00AntiarcScytheBlade1: Yeah, I have the DLLs if you want to poke at them in a disassembler
19:16.17amroScytheBlade1: I'm beginning to think this is you http://imgs.xkcd.com/comics/network.png
19:17.20ScytheBlade1Antiarc: I've got them here... just found them in memory and suspended the thread.. working on terminating them from my system now ;)
19:18.54ScytheBlade1lol, it's vulnerable to the old "rename and reboot" trick
19:18.55ScytheBlade1hahaha
19:19.04ScytheBlade1So close to being a quality trojan
19:19.23LopeppeppyY'all make give me the shivers, having fun poking at a keylogger.
19:19.25*** join/#wowi-lounge Antiar1 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net)
19:19.44ScytheBlade1Lopeppeppy: I've got a second one here, if you're interested
19:19.55ScytheBlade1Somewhere...
19:20.14kd3meh. I handed it to the professor who teaches the security elective in the CS program. he's going to hand it to the wow players in his class and let them have fun with it
19:20.24ScytheBlade1lol nice
19:20.30*** join/#wowi-lounge malreth (i=817441e9@gateway/web/cgi-irc/ircatwork.com/x-702fcd28c443b069)
19:21.46ScytheBlade1And it's gone
19:21.52LopeppeppyGods.... y'all would poke at the Black Death in a petri dish, wouldn't ya?
19:22.12kd3if I was similarly inclined to biology? probably
19:22.13Antiar1Hell yes.
19:22.41AntiarcI was super safe and did mine in a VM >_>
19:22.58ScytheBlade1I'm doing it on my live windows partition. Complete with a copy of WoW that I use.
19:24.00kd3https://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=6
19:24.08kd3lol, it continues
19:24.30ScytheBlade1And clean
19:24.54malrethyou just gotta wonder what's really going on at uicentral
19:25.00ScytheBlade1No kidding
19:25.58IndustrialDaede: I cant find mobmap
19:26.02malrethmaybe they smack babies... and their names are Mr. Babysmack... and they inject puppies with AIDS
19:26.07Fisker-FUCK kd3
19:26.09Gngskis that thread gonna get locked?
19:26.22Fisker-another reason to buy an US account
19:26.28*** join/#wowi-lounge Antiar1 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net)
19:26.30Fisker-this is fuckign awesome
19:26.39Fisker-awesome to the max
19:26.46kd3there was a thread in general. dunno if it's still kicking
19:27.26ScytheBlade1Kicking? Not really
19:30.00wereHamsterLatest news on wow.incgamers.com: Blizzard Learning by Their Mistakes. Oh the irony
19:31.09malreththe damage to incgamers in the mindshare of the community is irreparable
19:31.54*** join/#wowi-lounge Shirik|Ecole (n=nospam@conspiracy/developer/Shirik)
19:31.55*** mode/#wowi-lounge [+v Shirik|Ecole] by ChanServ
19:32.11ScytheBlade1.... wait, there's ANOTHER trojan on their website?
19:32.19Shirik|Ecolej'ai retourne!
19:32.20Shirik|Ecoleooh
19:32.22Shirik|Ecolewhat other one?!
19:32.24malretheither they're pure evil maniacs that inject puppies with AIDS and cancer or someone has gone through a lot of trouble to make them look like the debil
19:32.31Shirik|Ecoleshow me show me!!!
19:32.34ScytheBlade1Page 6 of said thread
19:32.38ScytheBlade1http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=6
19:32.53ScytheBlade1Probably the same thing
19:32.58*** join/#wowi-lounge Antiar2 (n=Antiarc@wsip-70-184-82-98.ph.ph.cox.net)
19:33.03*** join/#wowi-lounge cladhaire (n=cladhair@c223.worc.ox.ac.uk)
19:33.04*** mode/#wowi-lounge [+o cladhaire] by ChanServ
19:33.22Daedei think im gonna buy my kids this for xmas http://www.pcsurplusonline.com/viewprod.cfm?ID=13793
19:34.50malrethhalf a gig of ram...
19:35.00Daedeand a 2g processor
19:35.06Daedeworks for me
19:35.23malrethhow are they expected to download torrents on a machine like that?
19:35.30malreth:O
19:35.48Daedethe oldest is 11, im not worried about them downloading torrents
19:36.01kaiden|workoooh
19:36.03kaiden|workloving this
19:36.05kaiden|workGetSystemDirectoryW
19:36.09LopeppeppyBut... how will they *learn* to torrent?
19:36.36malrethDaede: kids are smarter every day
19:36.44Daedeur telling me this?
19:36.53Daedei have 3, got it figured out =P
19:37.05malrethDaede: did they teach you how to spell too?
19:37.07LopeppeppyNo... *they* have it all figured out!  :)
19:37.12Daedehush
19:37.13malreth:D
19:37.54kaiden|worknot sure who cares.. but from what i can see from that program Updatea.exe it writes itself to the system, adds itself to autostart in the registry
19:38.05kaiden|workcreates a file and latches onto the wow process in memory
19:38.09Antiar2Yup
19:38.10kaiden|workand outputs text that it see's
19:38.59malrethAntiarc, what news have you to bring from the hills?
19:39.28kaiden|workanyone here actually ran that updatea.exe on a clean system?
19:39.36kaiden|workif so can you please tell me if it add's anything to the "hosts" file
19:39.39ScytheBlade1kaiden|work: I *could* right now
19:39.41kaiden|work\windows\system32\drivers\etc\hosts
19:39.41ScytheBlade1lol
19:39.42malrethHarvest time draws near and the villagers fear for their safety from maruauders
19:39.47Antiarckaiden|work: I ran it on a VM
19:39.49AntiarcI'll check
19:39.58ScytheBlade1No it does not
19:40.04wereHamsterI don't see Updatea.exe in the latest uicentral download
19:40.05ScytheBlade1As my hosts file is clean still
19:40.16kaiden|workwereHamster, it never was
19:40.19AntiarcHosts is clean.
19:40.21kaiden|workscreenshotconverter.exe downloads it
19:40.36kaiden|workAntiar1, ok it must be creating a dns entry in the registry then
19:40.39wereHamsterI don't have that exe either
19:41.10Shirik|Ecolebleh, had to go help these kids ><
19:41.15Shirik|Ecoleso, other trojan *goes to look*
19:41.29AntiarcThe original is gone
19:41.38AntiarcI'm going over filemon logs from a new install at the moment
19:42.02wereHamstermaybe it refuses to install under wine :-/
19:44.19AntiarcWell, it auto-ran Patcher.exe on install
19:44.19AntiarcBut I don't know if that's malicious or not.
19:44.19*** join/#wowi-lounge Valaron|Work (n=esochan@techshop.ecst.csuchico.edu)
19:44.27Shirik|Ecolethat's scary
19:44.37ScytheBlade1Nope, I'm trojaned still
19:44.44ScytheBlade1Well, again
19:44.58Shirik|Ecolewait I don't have my kit on this computer
19:44.59Shirik|Ecoledamnit!
19:45.52Antiarc11:30:38 AMPatcher.exe:744QUERY INFORMATIONC:\PROGRA~1\CA\eTrust Antivirus\UI.exePATH NOT FOUNDAttributes: Error
19:45.55AntiarcThat's a little interesting.
19:46.03AntiarcThere's no eTrust Antivirus installed on this machine.
19:46.05ScytheBlade1... haha
19:46.07AntiarcWhy would it look for that?
19:46.08malrethshirik: you're my hero... you fight for the users
19:46.10ScytheBlade1"Little"?
19:46.31Shirik|EcoleAntiarc: rofl
19:46.50Shirik|Ecolemalreth =)
19:46.50ScytheBlade1Yup same trojan
19:46.50ScytheBlade1wzcsvbc.dll
19:46.50ScytheBlade1Again, rename/reboot and it's gone.
19:46.50Shirik|EcoleI feel kinda evil because I have all these programs on my computers, "crackers kit" "keygen" etc
19:46.52malrethbut Tron fights for the programs... and he's 1337 so you're probably gonna lose
19:47.04*** join/#wowi-lounge Thunder_Child (i=Thunder_@cpe-76-171-184-46.socal.res.rr.com) [NETSPLIT VICTIM]
19:47.04*** join/#wowi-lounge Kirkburn (n=Kirkburn@82-32-40-219.cable.ubr06.azte.blueyonder.co.uk)
19:47.04*** join/#wowi-lounge amro (n=amro@82.101.184.161)
19:47.04*** join/#wowi-lounge MoonWolf (n=MoonWolf@i208248.upc-i.chello.nl)
19:47.04*** join/#wowi-lounge KaoS` (i=spam@about/apple/macbookpro/KaoS)
19:47.04*** join/#wowi-lounge Tain (n=tain@c-24-218-72-243.hsd1.ma.comcast.net) [NETSPLIT VICTIM]
19:47.04*** join/#wowi-lounge kergoth (n=kergoth@neutrino.joshua-colp.com)
19:47.04*** join/#wowi-lounge deltron (i=ryan@24-207-198-203.dhcp.stls.mo.charter.com)
19:47.04*** join/#wowi-lounge Fisker- (i=xD@62.61.142.209.generic-hostname.arrownet.dk)
19:47.04*** mode/#wowi-lounge [+v MoonWolf] by irc.freenode.net
19:47.18AntiarcA locksmith has lockpicks, but he is not evil!
19:47.18Shirik|Ecolebut I use them for realistic purposes =)
19:47.18Shirik|Ecolerealistic isn't the word but I couldn't think of the right one
19:47.28sylvanaar_worklegitimate?
19:47.36Shirik|Ecolethat works :)
19:47.38Daedeyeah legit fits
19:48.00*** join/#wowi-lounge Cidan (n=aj@ip68-98-130-180.dc.dc.cox.net)
19:48.00malrethi have a host of tools like that that I used to clean malware from people's computers
19:48.13malrethbut that was back before rootkits were so commonplace
19:48.17*** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk)
19:48.22malrethmy skills haven't kept up with this new job
19:48.23*** join/#wowi-lounge kaiden|work (n=kaiden@63.229.62.12) [NETSPLIT VICTIM]
19:48.25kaiden|workyay for netsplits
19:48.29*** join/#wowi-lounge Pandya (n=Pandya@bb-87-81-181-46.ukonline.co.uk)
19:48.45malrethnowadays, it's just easier for me to ghost a machine that's infected
19:48.48kaiden|worknow back to where i was.... it injects itself into services pretending to be the wireless zero config service that windows runs
19:48.56ScytheBlade1Yup
19:49.00Pandyahai everybody!
19:49.12kaiden|workit puts itself in as \windows\system32\wzcsvbc.dll
19:49.20ScytheBlade1Kill the thread with process monitor and it's gone
19:49.31malrethPandya has a heart of pure black evil and it is said that he can stare into the souls of man!
19:49.38kaiden|workit creates an entry in dns telling the system that any attempt to access http://updateserviceaddress goes to a specific ip
19:49.49Pandyaits true malreth
19:49.57Cidannuke it from space, it's the only way to be sure.
19:49.58PandyaI try to hide it, but you know
19:50.05wereHamsterkaiden|work, which IP?
19:50.10kaiden|worki can't find the ip
19:50.12Ciderushster's.
19:50.14kaiden|workall i see is what it's doing
19:50.25wereHamsterincgamersi.com?
19:50.28kaiden|workgimme a second
19:50.29Cide(just kidding, don't take me seriously)
19:50.30Pandyalol wut
19:50.31ScytheBlade1I lied, it's still resident
19:50.31Shirik|EcoleCidan!
19:50.32Pandyarush?
19:50.38Shirik|EcoleI've been having so much fun, you're missing out on it
19:50.54CidanShirik|Ecole: I saw your IM, wth were you talking about?
19:50.57Shirik|Ecolehttp://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1
19:50.58CidanShirik|Ecole: I was in class.
19:51.03Shirik|Ecolelook for my post, first page :)
19:51.15wereHamsterCidan, that's no excuse!
19:51.21Shirik|Ecoleand then if you're amused, read the rest of the forums
19:51.26Shirik|Ecoleposts*
19:51.34Pandyaincgamers nameservers were dead this morning
19:51.34kaiden|workbasically the steps that it takes is.. it latches onto wow.exe looks to makes ure it's running
19:51.37Pandyamade me a sad panda
19:51.56kaiden|workhooks to it, then runs urlmon.dll tand URLDownloadToFile to download another file
19:52.22Shirik|Ecolethen immediately runs ShellExecuteEx() to execute that newly downloaded file, then deletes itself after confirming that it ran successfully
19:52.24AntiarcI actually suspect that's the publish mechanism, kaiden|work
19:52.28CidanShirik|Ecole: Shakespeare loved regexes too: /(bb|[^b]{2})/
19:52.29Cidanlol
19:52.33Shirik|EcoleCidan: hehe
19:52.33CidanThat so wins.
19:52.36AntiarcI think it's publishing user/passes via HTTP GET
19:52.42kaiden|workAntiarc, i think so too
19:52.46Shirik|EcoleAntiarc: That's how it gets Updata.exe
19:52.53ScytheBlade1Antiarc: it sure isn't using plaintext though
19:52.55kaiden|workShirik|AFK, naw, this is actually updata.exe
19:53.00Shirik|Ecoleoh ok
19:53.04AntiarcShirik|Ecole: I mean mouse.dll, once updata.exe is planted
19:53.09Shirik|Ecolegot it :)
19:53.17Shirik|Ecolehaven't really looked much at that yet, haven't had the time
19:53.38Pandyaoo ye the question I meant to ask last night
19:53.43Pandyaany decent replacements for dart?
19:53.49Pandyasomething else that makes me a sadpanda
19:53.52LunessaEEPanels2
19:54.12Pandyato the intertubes.
19:54.14ScytheBlade1Okay, clean system again
19:54.28Shirik|Ecoleoopsie
19:54.32Shirik|EcoleI might have just infected this system
19:54.35Shirik|Ecoleoh well
19:54.36ScytheBlade1lol
19:54.39Shirik|EcoleI don't use it for anything anyway
19:54.42ScytheBlade1Rename/reboot, tada
19:54.55Shirik|Ecolewhat's the name of that dll again?
19:54.57ScytheBlade1It's a somewhat stupid piece of malware
19:54.59ScytheBlade1wzcsvbc.dll
19:55.09ScytheBlade1wireless zero config service with a 'b'
19:55.25Shirik|Ecolein system32?
19:55.29ScytheBlade1Aye
19:55.31Shirik|Ecolenot there :/
19:55.31Shirik|Ecolehrm
19:55.31ScytheBlade1Hidden/system file
19:55.34ScytheBlade1It is
19:55.34Cidanlol
19:55.42Fisker-we might support PC
19:55.42Fisker-CP
19:55.44AntiarcAnd mouse.dll
19:55.49Fisker-but we don's support trojans :D
19:55.57CidanFor fscks sake, if you're going to work with a live virus
19:56.01Cidansetup a VM
19:56.07Shirik|Ecolemaybe I didn't infect my system ha
19:56.11Shirik|EcoleCidan: I did
19:56.13Shirik|Ecoleon my desktop
19:56.20Shirik|Ecolebut they just released a new one I want to playyyy
19:56.23Shirik|Ecoleand I'm at school
19:56.23Cidanlol
19:56.36AntiarcIt's repacked without ScreenhotConverter.exe
19:56.46Shirik|Ecoleyeah I noticed that
19:56.50CidanI have an XP install just for working with any type of worm, etc.
19:56.57Shirik|Ecoleso how does it get in? I'm going to look at UICentral.exe
19:57.03kd3meh. it's a school computer. who cares if it gets infected
19:57.12Shirik|Ecolekd3: No it's definitely mine :P
19:57.31Daedehaha
19:57.40kd3oh, bleh. still. lab computers are always waiting to be absued
19:57.42Pandyajust checked it out Lunessa, thanks!
19:57.48kd3s/absued/abused/
19:57.58Daedeon my realm someone just asked if anybody sane plays wow, and people started spitting out their clinically diagnosed conditions
19:58.25ScytheBlade1What in the crap
19:58.33ScytheBlade1Anyone review the filemon logs?
19:58.42kaiden|workShirik|AFK, have you attempted putting a fake CLI header into Updatea so that Reflector can decompile it?
19:59.21Shirik|Ecolenope, are you sure that it's .net?
19:59.24Daedetake er easy people.. im out
19:59.28kaiden|workit looks like .net to me
19:59.38kaiden|workgranted i can't see much of it
19:59.38kaiden|work:P
19:59.44AntiarcScytheBlade1: I've been looking over them. What'd you find?
20:00.30AntiarcThe new re-pack seems clean so far.
20:00.37ScytheBlade1Antiarc: right when I start the installer, explorer starts searching for hundreds of seemingly random files - from .exe to .drv to .sys - Me2Cam.sys, CLIFFORD.exe, win98\setup.exe
20:00.39kaiden|workShirik|AFK, i got it "reflected"
20:00.43kaiden|workit's written in .net 1.1
20:00.49ScytheBlade1And how new is the "new" repack?
20:00.52*** join/#wowi-lounge malreth (i=817441e9@gateway/web/cgi-irc/ircatwork.com/x-df2eabb2d8588cf4)
20:00.54AntiarcToday
20:01.00ScytheBlade1The one I downloaded a few moments ago is indeed trojaned
20:01.39AntiarcWhat's the filename?
20:01.44ScytheBlade1Same as before
20:01.49AntiarcUICentral3-1196355777.zip is the new one
20:01.49ScytheBlade1wzcsvbc.dll
20:01.54ScytheBlade1Oh, that, sec
20:01.55AntiarcI meant the distribution
20:02.05ScytheBlade11196355777.zip
20:02.08ScytheBlade1Yup, same one
20:02.17Shirik|Ecole=( I can' get the trojan to install itself
20:02.21Shirik|Ecolemaybe because I quit setup early
20:02.23AntiarcHrm
20:02.28AntiarcI can't find the trojan in it
20:02.35AntiarcAre you sure it wasn't just remaining from the last install, ScytheBlade1?
20:02.38ScytheBlade1Very
20:03.00ScytheBlade1Let me clean it out and verify that it's gone, and give it another shot
20:04.09AntiarcSo I'm looking at patcher.exe in reflector
20:04.11AntiarcAnd let me just say
20:04.24AntiarcI wish I was surprised that it was VB code riddled with "goto", but...well, I'm not.
20:04.38ScytheBlade1lol
20:04.53AntiarcI'm really hoping that's just the disassembly, and not the original code.
20:05.18Shirik|Ecoleno
20:05.19CidanI didn't realize disassembly was a language
20:05.20Cidan;P
20:05.28Shirik|Ecolereflector shows the original code :)
20:05.31*** part/#wowi-lounge Lopeppeppy (n=Lopeppep@141.222.29.30)
20:06.00CidanSo okay, I read the thread, but I'm not quite getting it
20:06.13PandyaAntiarc, this wow's patcher?
20:06.18Shirik|EcoleCidan: basically, they have a program, it gots a virus
20:06.21CidanThis guy has a program, it became infected with a trojen on his website
20:06.28Cidanand tons of people now have it or something
20:06.36Shirik|EcoleSome people said "hey yo, you gots a virus" and he's like "no we couldn't possibly have one, we're too good for that"
20:06.43AntiarcPandya: UICentral's
20:06.47Pandyaoic
20:06.51CidanOkay... so what's the deal then?
20:06.51Shirik|Ecoleso I respond with "here's some proof, disassembly of your program:" and he's like "This couldn't possibly be coming from ours"
20:06.55Cidanlol
20:06.59CidanI see
20:07.07Shirik|Ecoleso for the next 5 pages we try to convince him that he really does have one
20:07.18Shirik|Ecolehe finally gave in, and now he deleted half my posts off his fourms to cover up this stuff
20:07.32Shirik|Ecoleand this isn't the first time they've acted like this
20:07.32CidanWell, what proof do you have?
20:07.37Shirik|Ecoleit's on the first page :)
20:07.40Shirik|Ecolewell, parts of it are
20:07.52Shirik|EcoleI did more analysis later, along with some wireshark logs, etc.
20:07.57Shirik|EcoleAntiarc has too
20:08.04Shirik|Ecolewe know pretty solidly how it worked
20:08.13Cairennand in the log files of this channel, the ace channel, the wh channel ....
20:08.21Cidanhave you been able to see where it hooks onto the hardware for keylogging?
20:08.28Shirik|Ecoleyup
20:08.32Shirik|Ecoleit uses an IME dll
20:08.39CidanHm
20:08.40malrethCAIRENN!!!
20:08.42AntiarcIiiinteresting.
20:08.49Cairennmalreth :)
20:08.52wereHamster'wh' channel, do I have a private channel?
20:08.53CidanLet me take a look at it, give me a bit
20:09.00CidanWhere can I get this file?
20:09.05Shirik|Ecoleum
20:09.06AntiarcPatcher.exe has been run through Xenocode, which is an assembly obfuscation tool.
20:09.10CairennwereHamster: lol, sorry, my typical abbreviation for wowhead
20:09.25Cidanobfuscation is nothing
20:09.27Shirik|EcoleCidan: Easiest way to get to it is from the source directly
20:09.29Cairennwith as many tabs as I have open, I have to abbreviate their names
20:09.43Shirik|Ecolehttp://wowui.incgamersi.com/Updata.exe
20:09.48Shirik|Ecole^^ DO NOT GO THERE ANYONE ELSE :P
20:09.48Cidanwhich is?  I don't even know what this program does
20:09.49Cidanokay
20:09.58kd3http://wowui.incgamers.com/?p=mod&m=2106 <-- warning! Download link at URL contains keylogger!
20:10.00AntiarcI'm just curious as to why they would bother obfuscating the assembly
20:10.26CidanAntiarc: IF these claims are true (I trust no one but my self) then it's likely it was done on purpose
20:10.32CidanThey sell the keys to the highest bidder
20:10.38Cidanoverseas
20:11.12CidanIn which case, affected parties are encouraged to file suit against these jerk-offs and motion for discovery, ;P
20:12.18*** join/#wowi-lounge malreth (n=chatzill@care-pc-08.lab.la.utexas.edu)
20:12.28CidanBut that kind of code doesn't get "injected" into files
20:12.31mikmai believe that the authors of ui central has coded the keylogger in so they can dis your purplez
20:12.36CidanIt takes a special kind of skill
20:12.39Cidanto be able to do that
20:12.48Cidanvery... very special kind of skill
20:13.45malrethso... constructive thread time... how would *you* make WoW more keylogger resistant?
20:13.47malrethhttp://forums.worldofwarcraft.com/thread.html?topicId=3168399790&sid=1
20:14.05Cidanyou can't really
20:14.17CidanThe question that needs to be asked is how you would make WINDOWS more keylogger resistant
20:14.29LunessaYou know, a year ago I would occasionally find something I was looking for on their site I couldn't find elsewhere.  Then they changed their name and look and I quit bothering for the occasional item they might have.  Now?  Now I just think think they're fucktards out to steal from n00bs.
20:14.34CidanTo which I say, you can't really.
20:14.41malrethnonsense... you could always not use keys
20:14.43Shirik|EcoleI gotta run, sorry
20:14.44Shirik|Ecolehave fun
20:14.48Cidanbaii
20:14.49malrethor randomize the keys that get used
20:14.59Cidanmalreth: lol..wut?
20:15.02|Jelly|BAI SHIRIK
20:15.31cog|workCidan: read malreth's post in tha thred
20:15.36cog|work+ missing letters
20:15.40Fisker-well do keyloggers check out the account name when "Remember account name" is flagged?
20:15.41ScytheBlade1I'd love it if they allowed public key authentication for WoW accounts.
20:15.44ScytheBlade1That'd just about make my day.
20:16.19malrethScytheBlade1: problem is if you're infected with a trojan, it likely can access your private key as well
20:16.43krkause an external device!
20:16.43ScytheBlade1malreth: for most people, yes.
20:16.44kd3hm, another response from rush
20:17.03krkawow login prints some number sequence, you enter that on your device and get a one time key
20:17.06Fisker-"Fuck you, i got all your accounts now?"
20:17.19malrethkrka: yeah, OTPs would also work
20:17.25wereHamsterCidan, you can't make the os more keylogger resistant, you need to make the app resistant
20:17.30kd3he's still denying any culpability
20:17.32krkaOTP:s are harder to come by
20:17.40wereHamsterunder X that would work very well..
20:17.49krkajust keep the private key on an external device, that would stop keyloggers from being effective
20:17.55krkathat's what banks do, essentially
20:18.10Fisker-he's a jerk anyways
20:18.20ScytheBlade1I actually keep my SSH private keys in RAM and disable suspend. They're stored on a flash drive I have, and loaded with pagent.
20:18.21krkaactually, my bank uses OTP i guess :)
20:18.23CidanThe idea that you can stop a keylogger with the way windows is setup right now is just not possible.  I don't care what protections you may think you can code into the program at any level, I can still hook onto your keyboard at the hardware level, which windows will allow, and grab everything you do.
20:18.24malrethblizzard could even sell the keygen fobs
20:18.33Fisker-didn't think there was anything wrong by sending out mails to people registered on their site even when not signed up for any newsletter to notify them of wowdigger
20:18.44wereHamsterkrka, as soon as wow needs access to the private key, the trojan can read it too
20:18.55malrethCidan: then the solution is to make the result of the keylogging useless
20:19.04AntiarcCidan: This trojan doesn't hook the keyboard, it watches the memory space in WoW.exe that holds your credentials as you type them in
20:19.04Cidanagain, not possible.
20:19.07*** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116)
20:19.17*** join/#wowi-lounge sioraiocht (n=rtharper@nat-router-1.stannes.ox.ac.uk)
20:19.24CidanWell then the coder is new to it.
20:19.24krkawereHamster: wow would never read the private key directly
20:19.45krkajust the result of f(private key, some random value)
20:19.46CidanIF I were to do something this horrible, I would hook on to your hardware before the data is even sent to WoW.
20:19.50ScytheBlade1Okay, mouse.dll is resident... somewhere else
20:19.53ScytheBlade1As another name
20:20.09CidanThere is no protection against it; sans a good virus protection software.
20:20.10wereHamsterkrka, f would need access to the key then..
20:20.13CidanAnd even those can be fooled.
20:20.14malrethkrka: i like your idea... there could even be collector edition versions of the keygen device... sell them for $10 a pop
20:20.31malrethwereHamster: f is contained on a separate hardware device
20:20.36Fisker-well we all know that cog|work uses UIC now
20:20.37krkawereHamster: yes, like i said, the key would be stored on the device
20:20.46wereHamsterah, alright then..
20:20.59kaiden|workwell can you really expect anything less, in china your account is hacked less than 7 minutes after you set your password
20:21.00krkathe keylogger could only catch the one time login keys
20:21.04krkawhich are useless
20:21.22kaiden|workin fact.. keylogging/hacking of wow over there is SO bad they have an 8 digit # that they have to enter along with their passwords as a seed
20:21.32Cidanwhich again ergh
20:21.38Cidanit won't work, period
20:21.39malrethkaiden|work: no kidding?
20:21.55kaiden|workmalreth, naw they talk about it all the time in news reports
20:22.01malrethCidan: a one-time password is useless after it's been used
20:22.02kaiden|worki have a friend who's chinese and he reads the news to me
20:22.14Cidanmalreth: And how do you suppose this one time password is generated?
20:22.15cog|workFisker-: or not
20:22.22CidanHow does the server communicate to the client what the key is?
20:22.35Cidanand then push that data to a dongle
20:22.38kaiden|workCidan, i think a not so bad idea is that you are asked a question a random question from your history
20:22.39malrethCidan: as krka has mentioned, by using a hardware device separate from the computer
20:22.42*** join/#wowi-lounge Kandoko (n=Testing@adsl-068-159-119-207.sip.gsp.bellsouth.net)
20:22.44kaiden|workand everytime a password is generated
20:22.50kaiden|workand it's visual it tells you the password, you key it in
20:22.53krkasame way that account keys are created
20:22.56kaiden|workand you login and the password is immediately deleted
20:22.59Cidandongles have been cracked 20 thousand times over
20:23.00krkaprinted inside boxes
20:23.02Cidanthey are worthless
20:23.08malretho_O
20:23.14krkawhat do you mean cracked?
20:23.19malrethyeah...
20:23.21Cidancracked, reversed, made WORTHLESS
20:23.22kaiden|workkrka, stepped on
20:23.23kaiden|worklol
20:23.24kaiden|work;p
20:23.28krkaplease elaborate
20:23.33malrethyes, please
20:23.38krkaalso, isn't a dongle typically something that's plugged into the computer?
20:23.49krkaor do i have the wrong definition of dongle in my mind?
20:23.58Cidanyes, isn't that what you meant by using a hardware device separate from the computer?
20:24.01malrethah, yeah. we're not talking about dongles
20:24.07Cidanelaborate then
20:24.10malrethdongles connect to the computer
20:24.15krkaseparate = not connected to the computer
20:24.28kd3aren't RSA-style keys still safe unless they pull a paypal style stunt
20:24.33Cidanso... then what?  a network device?  magic fairy dust?
20:24.35malrethOTP fobs are sent directly from blizzard to you
20:24.42krkayou're not reading what i am writing
20:24.59krka1) the blizzard login page writes a challenge-key
20:25.05kd3separate physical device, generates an 8-digit key every 30 seconds or so. never touches the computer itself
20:25.06Cidanto where/what?
20:25.06krka2) you enter the challenge-key on your dongle
20:25.14Cidanoh
20:25.14krkaerrr. or not a dongle
20:25.15krkawhatever
20:25.16wereHamsternews from Rush: The new virus is a false positive
20:25.16Cidanhahaha
20:25.17Cidanhahaha
20:25.18Cidanno
20:25.21Intangirhey wereHamster i made an addon
20:25.27CidanGive me like 3 hours, and I'll have that undone
20:25.29krka3) the device outputs a one time password
20:25.33Intangirintangir.googlecode.com
20:25.36krka4) you enter that password at the wow login
20:25.48malrethCidan: ok... you do that
20:26.07krkaCidan: is there something fundamentally unsound with that strategy?
20:26.14Cidanhm
20:26.15Cidanlet's see
20:26.21krkaassuming that the device and blizzard login server have a shared secret key
20:26.28krka(or some assymmetric variant)
20:26.35Cidanwhere do we begin?
20:26.38wereHamsterwhy doesn't windows have a function that locks the GUI for one process only? So nobody else can read input events?
20:26.41Cidannow, all I need is your account name
20:26.51wereHamster.. like XGrabServer()?
20:26.52Cidansince I can crack the hash on that silly hardware machine in 3 hours
20:26.59CidanI type your password
20:26.59ScytheBlade1Anyone know how to restart lsass? ;)
20:26.59Cairennso, the new version popping positive is a false positive?
20:27.02Cidaner, user
20:27.03krkacrack the hash?
20:27.09krkado you even know what the hash function is?
20:27.14Cidanit gives me the OTP hash on screen
20:27.15malrethCidan: no... you'd have to crack the hash on *my* silly hardware machine
20:27.28Cidanoh, so they are paired?
20:27.33Cidanaccount to machine?
20:27.35malrethyou are not in posession of my keygen fob
20:27.52krkayou can crack sha-256 in 3 hours?
20:28.03krkayou should publish some scientific paper, i think
20:28.29Cidanconsider it for a second
20:28.34Cidanjust think about what you're saying
20:28.48CidanYou have a hardware coded to your account
20:28.48malrethCidan: we are thinking about what we're saying
20:28.58|Jelly|Kraqule <-- any of you?
20:29.09krka5d1d0866fa1e502ef60a636f4e6f9bb581190a68619c6f965da5ac2a698ba59b
20:29.13krkawhat does that say for instance?
20:29.16krkalet me know in 3 hours :)
20:29.20kd3http://en.wikipedia.org/wiki/Hardware_token
20:29.24kd3one of those ^
20:30.00ScytheBlade1To anyone who has played with the keylogger: clean out your IE cache...
20:30.02krkaCidan: yes, that's right. the device would be included with the wow box
20:30.02CidanHm
20:30.06ScytheBlade1Even if you don't use IE, it's in there
20:30.53krkaScytheBlade1: what about linux users? :)
20:31.04AntiarcScytheBlade1: Elaborate?
20:31.10ScytheBlade1krka: it's cached in there somewhere ;P
20:31.13kaiden|workhow about we get back to the problems at hand
20:31.15kd3ie's still got a cache inside of wine
20:31.24kaiden|workwhere does this trojan inside of UICentral send it's data to
20:31.32ScytheBlade1Antiarc: one thing I noticed is that it spawns some iexplore.exe processes, and uses that to download updata.exe
20:31.41|Jelly|www.rushisalyingfuckwad.net ?
20:31.52AntiarcAhh, I missed the process spawn. I figured it was direct.
20:31.55ScytheBlade1Antiarc: likewise, it's sitting around in your cache, and in my case, in multiple places due to how IE stores it all
20:31.57amrokrka: feel good that we use competent operating systems
20:31.58ScytheBlade1Nope
20:32.04AntiarcScytheBlade1: Not in mine :P
20:32.05krkacheck
20:32.10AntiarcI wiped that virtual drive already.
20:32.14Fisker-FLAWLESS VICTORY
20:32.15ScytheBlade1haha
20:32.18AntiarcNuke it from orbit. It's the only way to be sure.
20:32.18ScytheBlade1That's one way to do it
20:32.21Fisker-Leo down with 5 up
20:32.22Fisker-no healers
20:32.33krkaCidan: busy cracking my example? :)
20:32.39ScytheBlade1Antiarc: er, lol... it's in the LocalService profile. Hahaha.
20:32.47kd3fisker; most adrenaline-packed way to finish boss fights
20:32.48ScytheBlade1Which makes sense, but still
20:32.55CidanWell I can think of one way.  The game will spit out a random string/auth to the user.  The user inputs that string/auth into the hardware and out it comes with the OTP based on a mathematical algorithm.
20:33.09Fisker-i was kiting the shadowimage
20:33.12CidanAll of which seems fine, but the issue here is we don't need to crack the algorithm
20:33.20Fisker-worked for a good 20 seconds or so
20:33.24*** join/#wowi-lounge Shirik|Ecole (n=nospam@155.31.172.121)
20:33.30CidanAll we need to do is find out what the seed of it is, if any, or how it works.
20:33.48krkathat's a very difficult task for cryptographic hash functions, such as sha-256
20:34.25Fisker-noes
20:34.28Fisker-no itamz for me
20:34.37ScytheBlade1Antiarc: and NetworkService..
20:34.45CidanYou're relying on data->hardware->hash, you have the plain unencrypted data at somepoint, you can like do something like the ac crew did with WEP/WPA, which is trivial.
20:34.52Cairenn(seriously, guys, if someone can confirm or deny please? I want to be sure before I kick it to the next level - the new version of UIC is clean? Rushster says that it is and you guys were getting a false positive)
20:34.57krkabasically, the server knows K and prints the challenge C. Your hardware device responds with sha256(K .. C). The server can then verify that the sha256-value is correct
20:35.13ScytheBlade1Cairenn: give me one moment to reboot and confirm that I'm clean and I'll give it a go
20:35.21Cairennk
20:35.37Shirik|EcoleCairenn: I haven't been able to find it, but that doesn't mean it doesn't exist
20:35.40Shirik|Ecolehe may have just hid it better
20:35.46krkaif you don't know what K is (which a trojan won't know), it's hard to calculate what the hash will be
20:35.52Intangirhttp://intangir.org/gallery2/main.php?g2_itemId=10850
20:35.59Cairenn(sorry for the interruption, go back to where you were with the conversation)
20:35.59krkaeven if you've collected several C - hash pairs
20:35.59malrethCidan: and a key point is that K isn't ever sent from the server to you or to your computer.
20:36.08AntiarcCairenn: I believe it is clean.
20:36.09krkaam i making any sense? anyone? :)
20:36.15ScytheBlade1Cairenn: give me just a few.
20:36.16Intangirhttp://intangir.org/gallery2/main.php?g2_itemId=10859
20:36.24AntiarcCairenn: I did a install on a completely fresh VM image with no signs on infection
20:36.24CidanRight, it's on the hardware, K is on the server, and on the hardware, but not the computer
20:36.25malrethkrka: i get you
20:36.35Shirik|EcoleCairenn: I agree with Antiarc
20:36.37AntiarcAnd disassembly of the installer seems to indicate that it is gone.
20:36.38Cidanbut K is still static
20:36.42Cairennokay, so it *was* a false positive?
20:36.52AntiarcCairenn: I believe so, and said as much in the thread.
20:36.57krkaCidan: true
20:37.03Cairenngood enough, thank you, all I needed to know
20:37.05Xinhuanlol the new uicentral zip false-positived again?
20:37.07Cidanand K can't be too long, unless you want a really really long password
20:37.18CidanI don't know, seems flaky, security through obscurity, etc.
20:37.19malrethCidan: not necessarily
20:37.26krkano it's not
20:37.30Fisker-the initial one wasn't false positive right?
20:37.33krkait's a well known technique
20:37.37kaiden|workCan anyone give me the old infected version of UICentral
20:37.39malrethCidan: it is very much not obscurity... the mathematics behind it are very sound
20:37.40CairennFisker-: correct
20:37.40Xinhuanthe initial one also false positived fisker
20:37.43Xinhuani think?
20:37.45krkasecurity by shared secret key
20:37.46kaiden|workso i can do some analysis of it from a network standpoint
20:37.57Xinhuankaiden|work, pm Antiarc for a copy
20:38.13ScytheBlade1Is it still available on their website? As /updata.exe?
20:38.17ScytheBlade1Might be worth a shot
20:38.20malrethand the secret key can be very long
20:38.29kaiden|worki was gonna look at screenshotconverter and updata
20:38.31krkaand should be
20:38.49Cidanit would have to be a pretty large key, I mean, above 2048 bits
20:38.51kaiden|workgonna look at it from wireshark, processmonitor and apimon
20:38.54kaiden|workto see what calls it's making
20:39.02krkaCidan: why would you think that?
20:39.15krkai think you'd have problems with 256 bits
20:39.16Cidanbecause anything lower is becoming much easier to get around?
20:39.21Cidansee: AC/WPA/WEP
20:39.36kd3http://spyglass-server.com/keylogger/
20:39.42kd3that's the known-infected version
20:39.44malrethCidan: you're confounding the issue
20:40.01krkathis isn't like WEP, imo
20:40.07Fisker-the trojan was in system32 right?
20:40.15Cidanbut the principle is the same, shared secret key
20:40.18Shirik|EcoleFisker-: Affirmative
20:40.25Fisker-mouse.dll and what was that other one?
20:40.31|Jelly|Shirik: RED ALERT!
20:40.57AntiarcFisker-: wzcsvbc.dll
20:41.06ScytheBlade1Cairenn: just downloaded and installed, coming up clean with the file on the website now
20:41.10krkaWEP suffers from a crappy algorithm, afaik
20:41.12CidanYou should know that on my laptop I have something like 400 WEP/WPA secret keys I've decoded from my schools wireless
20:41.18Cairennthank you
20:41.18ScytheBlade1So have another confirmation ;)
20:41.28|Jelly|Cairenn!
20:41.34Cairenn|Jelly|!
20:41.38kd3huzzah. finally. only took a few months... water bill's back where it's supposed to be. ~22 bucks compared to ~150
20:41.39IndustrialCairenn!
20:41.41Cidanso a larger key will work, and I suppose it won't be an issue until really the game dies
20:41.47mikmamikma!
20:41.51Industriallol
20:41.52AntiarcDonkey!
20:41.52Cairennlol
20:41.53CidanShirik!
20:41.55Fisker-i love the people who says MAC Filtering > Encryption
20:41.55Fisker-:D
20:42.08CidanFisker-: Anyone who says that should be shot, :P
20:42.13kd3spoofing MACs: cake
20:42.21ScytheBlade1BULL
20:42.21ScytheBlade1NO
20:42.25ScytheBlade1IT'S NOT CLEAN
20:42.29AntiarcOh?
20:42.33AntiarcWhat'd you find?
20:42.33Cidanforget that, data unencrypted going through the air?  even better cake
20:42.35malrethMac Filtering > Windows Filtering
20:42.36ScytheBlade1It's just not running ScreenshotConverter.exe anymore
20:42.38Shirik|EcoleCidan!
20:42.41mikmahttp://www.kuvaton.com/kuvei/mc_donalds_kopio.jpg
20:42.44ScytheBlade1Antiarc: click said exe, see what happens
20:42.52AntiarcScytheBlade1: ScreenshotConverter.exe?
20:42.53Xinhuanwhat ScytheBlade1?
20:42.54AntiarcThe real one?>
20:42.55ScytheBlade1Antiarc: yes
20:42.57ScytheBlade1Yes
20:42.58mikmahttp://www.kuvaton.com/kuvei/chernobylxxx.jpg
20:43.06ScytheBlade1I nuked my UICentral folder, reinstalled
20:43.07ScytheBlade1It's back
20:43.12ScytheBlade1I clicked, bam, bad DLLs
20:43.16AntiarcScytheBlade1: I did, nothing in my system32 dir
20:43.30ScytheBlade1Something isn't right...
20:43.33Intangirhttp://intangir.org/gallery2/main.php?g2_itemId=10859
20:43.39Xinhuanso ScreenhotConverter contained a trojan and ScreenshotConverter contained one too?
20:43.42Intangiroh oops
20:43.52Shirik|EcoleXinhuan: afaik, only ScreenhotConverter did
20:43.55CidanShirik|Ecole: So, what should I do?  Did you see my newest post on the website?
20:43.55deltronlol nice
20:43.58CairennScytheBlade1: you serious?
20:44.01Shirik|EcoleCidan: negative
20:44.03Intangirwtf? trojans? in what?
20:44.07ScytheBlade1Cairenn: let me clean my system *again* and give it a shot
20:44.09Cairennit's still infected?
20:44.10CidanShirik|Ecole: I'm thinking either college prof or C.I.A. after I get out of school.
20:44.16cladhaireanyone able to logon to Stormrage to help me
20:44.19AntiarcScytheBlade1: I'm unable to replicate
20:44.23cladhaireideally someone who already joined my guild and ran to IF
20:44.24Xinhuanhmm
20:44.31IntangirCidan: why would you join the CIA? you fancy a career in organized crime?
20:44.31ScytheBlade1Antiarc: I'm liking your VM idea more and more ;P
20:44.36Intangirthe cia is freaking criminal as hell
20:44.38CidanIntangir: You bet!
20:44.39AntiarcHeheh, see, this is the way to do it :P
20:44.47Antiarchttp://www.microsoft.com/downloads/details.aspx?FamilyId=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en
20:44.48AntiarcEnjoy
20:44.49CidanIntangir: I live like, 15 minutes away
20:44.52Xinhuandoes the actual ScreenshotConverter actually convert screenshots?
20:44.55ScytheBlade1Yeah, I have it installed
20:44.58ScytheBlade1Just apathetic
20:45.04IntangirCidan: i pray for your soul's sake that you cant get a job there
20:45.04AntiarcXinhuan: Yes
20:45.10AntiarcI went through it with Reflector
20:45.11Xinhuanamazing!
20:45.16Xinhuanshocking even
20:45.31AntiarcIt looks for TGAs in the WoW screenshots dir and converts them using the DevIL lib packaged with UICentral
20:45.31Shirik|EcoleCidan: I've considered going into a field like that
20:45.35Intangirthey are probably the most criminal element of our government
20:45.37Shirik|Ecolemore frequently FBI, but CIA too
20:45.37krkasomeone correct me if i am wrong, but the problem with WEP is that the keysize is extremely small, and that the random seed gets reused
20:45.45krkanone of those is true in my proposal
20:46.15CidanShirik|Ecole: They are hiring like mad, I'm seriously considering it.
20:46.20Intangiri had considered FBI before.. but i mean they just keep getting more and more evasive, less about defense and more and more about intrusion and illegal raids
20:46.33Intangiri mean invasive, not evasive..
20:48.02Shirik|Ecoleokay, class is starting I gotta run
20:48.07Shirik|Ecolekeep me informed of any updates!!
20:48.25krkaCidan: how about this then - write down a theoretical attack on my proposal. feel free to use existing wep attacks if you think they apply. i have a problem seeing that.
20:49.09Cidanlol, sure, just let me find time to do all this school work + finish Conspiracy first, then I'll write an entire research paper on it
20:49.35krkacool
20:49.38ScytheBlade1Footnote: if you kill lasss.exe, the shutdown button is removed from the start menu.
20:49.56IntangirCidan: having conspiracy be riddled all over your name when you do a search on you, theres no way you will get thru cia screening ;)
20:49.57ScytheBlade1*lsass.exe
20:50.03Xinhuanhahaha
20:50.05Cidanlol
20:50.09CidanI never thought of that
20:50.10Xinhuanwho needs a shutdown button imo
20:50.13CidanAh, it'll be fine
20:50.23Industrialtip: just dont download open any exe from any addon site ever, because we are working with TEXT files anyway.
20:50.25Intangirim going to past fake documents about you being a spy
20:50.27krkaserver says: 123112635123651351723163
20:50.28Intangiroops, i just did
20:50.31IndustrialI win
20:50.33krkaclient says: 0a5376294dcda46f917da9cb63e79a3f4ff853bc35312258dc7251e436271bab
20:50.38krkawhat's the secret key?
20:50.53wereHamsterkrka, 42
20:51.14wereHamsterteh win!!
20:51.21krkaclient says: sha256(S .. '123112635123651351723163')
20:51.28CidanI'd need some more data, I'd need to see that done about... oh, 300-400 times
20:51.38krkasure, i can generate that data set for you
20:52.11Cidango crazy, .tar.gz it somewhere
20:52.13Cidanalso
20:52.18AntiarcYou know, I really do feel bad for Rush in a way
20:52.32Cidancan someone give me the download link again for this trojan-whatever?
20:52.42wereHamsteror make a php script so he can get as many pairs as he wants
20:52.44AntiarcBecause I've been there. We had Code Red hit our network way back when. Infected all our legacy Windows servers.
20:52.51AntiarcThat was a really, really long day.
20:53.05kd3http://spyglass-server.com/keylogger/
20:53.09kd3it's in the unsafe directory
20:53.17Cidanis that the newest one?
20:53.32kd3the newest one's in unknown
20:53.51*** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
20:53.59kaiden|workok
20:54.09kaiden|workwtf is 218.85.132.165/msx1/mouse.dll :P
20:54.15ScytheBlade1Antiarc: getting a *positive* again.
20:54.15kaiden|workthat's what updata.exe is grabbing
20:54.31Antiarckaiden|work: That's the hook/reporter module
20:54.39krkaCidan:
20:54.40krkafor i in `seq 1 10`; do res=`echo -n $S$i|sha256sum`; echo $i $res; done
20:54.40krka1 bf6ccc3125d92739e17e38e06120d9e9456b7cba4dcaf42edba4f9e06be24afa -
20:54.47krkais that format ok for you?
20:54.47Cidankrka: 256 bit key?
20:54.49krkayeah
20:54.58Cidansure, I'll do mah best.
20:54.58AntiarcScytheBlade1: Still unable to replicate it here. Try this: http://forums.worldofwarcraft.com/thread.html?topicId=3168479210&sid=1 - post 5
20:55.05Cidanreally the more the better
20:55.24krkahow many do you think you need?
20:55.36krkai am so confident, i think i could give you as many as you want :)
20:55.41Cidanoh?
20:55.51Cidangive me a hundred thousand.
20:55.52malrethCidan: actually, yes... he should
20:55.53Cidanlol
20:56.10krkamalreth: you have confidence in me? =)
20:56.16malrethif there was a vulnerability then it should be researched and found
20:56.16AntiarcPatch 2.5: Blizzard introduces biometric login system. Please purchase a fingerprint scanner at your nearest hardware store to log in, now available in Arthas Collector's Editions!
20:56.17kaiden|workOUCH
20:56.18kaiden|workok
20:56.21ScytheBlade1Antiarc: would killing lsass.exe/explorer.exe, killing the thread in svchost.exe, nuking the relative files (wzcsvbc.dll and mouse.dll), fixing the registry for the WZC service manually (while setting it to disabled), rebooting, and finding a clean system count?
20:56.22kaiden|workthis is a very bad file
20:56.28ScytheBlade1Antiarc: moment as I upload this .zip I have
20:56.40Antiarckaiden|work: No shit. :P
20:56.43krka100 000 it is!
20:56.46zenzelezzgood luck killing some of those processes
20:56.55kaiden|workAntiarc, load it up and go to Analyze on that ip address
20:56.59kaiden|workand do a Follow TCP Stream
20:57.03ScytheBlade1zenzelezz: shutdown /a works wonders
20:57.08kaiden|workyou can see all the data that's going out unencoded
20:57.10krkaso, the first column is "random challenge number", second column is what the client sends to the server
20:57.11AntiarcOooh
20:57.13kaiden|workand everything it's doing
20:57.14Antiarc<PROTECTED>
20:57.16kaiden|worksure
20:57.20kaiden|workit's very very bad
20:57.20AntiarcI can't get WoW running in my VM
20:57.24ScytheBlade1Just because windows starts a shutdown doesn't mean that it has to go through with it. :)
20:57.25AntiarcI would love to see the data
20:57.27PandyaAntiarc, tbh, if i was releasing an MMO, with a similar model to wow (subsciption + have to buy the box), I'd dump a fingerprint scanner in and make biometric mandatory
20:57.34kaiden|workit looks in your WTF\Account\SavedVariables folder
20:57.38Pandyait makes sense :)
20:57.40kaiden|workand looks for your realm name
20:57.43deltronlol pand
20:57.44Antiarckaiden|work: Yeah, I know about that
20:57.44kaiden|workto know what realm you play on
20:57.46AntiarcRealmlist too
20:57.48kaiden|workyup
20:57.51krkahm, this will be a really big data file
20:57.53wereHamsterScytheBlade1, time to reinstall windows ;)
20:57.53Pandyadeltron, no really
20:57.54Cidanfingerprint scanners are insecure, they aren't used for any type of serious protection anymore
20:58.00Pandyaof course they're insecure
20:58.09kaiden|workAntiarc, yes but can you see the .php file it's grabbing the data from
20:58.09kaiden|work;)
20:58.10kaiden|worki can
20:58.17AntiarcAwesome. WTB logs. >_>
20:58.19Pandyayou do need access to the person or the person's machine though
20:58.30wereHamsterCidan, except notebooks :)
20:58.32Pandyaand you're into major issues if they have that access anyways
20:58.36kaiden|workAntiarc, it's sending the data back as variables to a .php
20:58.39CidanwereHamster: no...?
20:58.48CidanwereHamster: I mean they are on there, but it's worthless.
20:58.49Thunder_ChildVein authentication is the new big thing
20:58.55kaiden|work/?u=var&p=var&s=var&a=var&r=var&t=var
20:58.58ScytheBlade1Antiarc: okay, have to go. Will get back in a bit... and we'll see
20:59.01kaiden|worku i would assume is username
20:59.01Pandyagiven how much $$$ you could probably save due to not getting bad press and less wasted moeny on support and account thieving issues...
20:59.02kaiden|workp password
20:59.05kaiden|works server
20:59.08PandyaI actually reckon theres something in it :P
20:59.12kaiden|workdunno the others
20:59.14malrethPandya: also, a trojan can just sniff the output of the biometric scanner and use a replay attack to gain access
20:59.15Antiarckaiden|work: Yeah, I suspected as much from the disassembly
20:59.26Pandyaoh yeah, its still vulnerable, no doubt
20:59.31CidanPandya: That data has to be sent over a wire somewhere, it can be sniffed by software
20:59.35Cidanit's no better than a password
20:59.36ScytheBlade1wereHamster: I refuse to reinstall windows on principle :P
20:59.49wereHamstermalreth, that would be bad design!
20:59.59Pandyacidan, it has to be sniffed with a fingerprint, password by keyboard is more succeptible to a keylogger
21:00.07Cidan...
21:00.20Pandyageh
21:00.22malrethPandya: i agree with Cidan
21:00.23Xinhuanyou can log both either way, keyboardpassword or fingerprint ;p
21:00.23PandyaI think its a good idea
21:00.26PandyaI'm just simple ;_;
21:00.34Xinhuanits just that one is easier than the other
21:01.07malrethPandya: you're not simple... you just have no need to worry about such trivial things for you have civilizations who worship you and your dark art powers
21:01.08Pandyahow about this then
21:01.16PandyaFINGARPRINT SCANNARZ R KEWL.
21:01.18Pandyakkthx.
21:01.42Thunder_Childhttp://www.hitachi.com.sg/cat_index_214.shtml
21:01.58wereHamster"That data has to be sent over a wire somewhere, it can be sniffed by software" - you mean hardware, since software can always make sure nobody else is spying
21:02.27krkai think my data file will be about 8 mb uncompressed
21:02.32krkanot too bad i suppose
21:02.42krkaanyone else want to try to crack my secret key?
21:02.59malrethkrka: do you want to see my secret toilet tool?
21:03.12krkaerrr... what now?
21:03.18malrethit safeguards against 'secret listeners'
21:03.24krkahaha
21:03.31malrethwith it i'm not afraid to go to the toilet anymore
21:03.46malreththat's security that money CAN'T buy
21:04.03kaiden|workAntiarc, www.qiangewang.com
21:04.06kaiden|workis the domain
21:05.11kd3oh wow. I've seen that style of trojan before
21:06.19kaiden|workgotcha fucker
21:06.42kd3exceptthe main page isn't even trojaned. an older wow keylogger used to throw that page with a payload at the bottom
21:06.43deltronhmm
21:06.45kd3bah
21:06.54krkahalfway done with the data
21:07.59deltronare you hacking the matrix?
21:09.39Cidanno, finding his secret key using a SHA-2 family algo
21:10.01CidanI have no idea if I'll work it out, we'll see I guess
21:10.07malrethit's what geeks do to have fun
21:10.11Fisker-http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=8 <- :O
21:10.13malrethsome guys go out and bowl
21:10.14Cidanpretty much
21:10.16malrethothers get drunk
21:10.27malrethwe try to hack each other's secret keys
21:10.41krkadone!
21:11.41wereHamsterI give you my passphrase and you tell me my pin (which is encoded in the passphrase), ok?
21:12.52deltronwowi got haxxed?
21:13.00deltronoh those 2 other ones?
21:13.36Cairenndeltron: incgamers had a trojan in their auto installer/updater
21:13.48krkahttp://kristofer.no-ip.info/~krka/crack_challenge/
21:13.50krkathere you go Cidan
21:13.51Cairenn(formerly known as ui.wow.net)
21:13.55krkaand anyone else, if you want to try to crack my key
21:14.07deltronthat's just awesome /rolleyes
21:14.21deltronCairenn: I feel sorry for anyone who used it
21:14.25Cairennhttp://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1
21:14.33dylanmCairenn: Is my memory bad or were they ragging on wowi for gold selling or something?
21:14.45krkai tried to also include a useful problem description, in case we forget it later
21:14.50malrethyour memory is correct
21:15.01dylanmClassy dudes.
21:15.07Cairennyour memory is correct, and they're wrong
21:15.27Cairennbut that is old news, they just like to keep trying
21:15.40dylanmCairenn: Speaking of wowi, the little square ad on the right seems a little borked
21:15.43Cidanlol
21:15.45Cidancheeky bastard
21:15.46Cidanexport S="wouldn't you like to know?"
21:15.49deltronjeez can't they run clamav on their boxes?
21:16.06Cairenndylanm: which ad? the blizz hiring box?
21:16.10dylanmI just get a black box that says "DEFAULT" and when I click on it I get taken to what looks like an ad control panel?
21:16.22deltrondylanm: you're using adblock plus
21:16.27dylanmNope.
21:16.32deltronhmm
21:16.35dylanmI don't adblock.
21:16.49Cairennright below the FSP blurb?
21:17.01dylanmNaw. Right below "remove ads"
21:17.06krkaCidan: i have to make it a challenge!
21:17.07Cairennah, okay
21:17.09dylanmAnd above New & Updated
21:17.23dylanmAre you seeing it? It's there for me upon every reload
21:17.34Cairennyeah - was just making sure which one we were talking about, since there is also the blizz PSA down the right side as well
21:17.45Cidanright well, wgetting it now, don't expect a reply for a few
21:18.00CidanI have finals coming, :/
21:18.01dylanmThe link goes to ads.zam.com and redirs to
21:18.06dylanmhttp://66.228.120.99/servlet/control
21:18.07Cairennhmmm, showing fine for me
21:18.10dylanmWhcih is kinda odd
21:18.23Cairennvery
21:19.38wereHamsterI always wondered, these fine looking men and women on the spammer websites (like http://66.228.120.99/servlet/control), do they know what for their pictures are being used?
21:19.44cog|workmy ads have been ninjaed or i'd verify... :P
21:19.55Cairenncog|work: log out ;)
21:20.06cog|workNEVAH!
21:20.12Cairennhehehehe
21:20.37Cairennunfortunately, dylanm, nothing is showing as wrong for me, but I'm not always the best to try to verify, since I get a different ad stream
21:21.03Cairenn(since I get the Canadian one)
21:21.10cog|workdylanm: browser?
21:21.15dylanmcog|work: Safari
21:22.31Cairennokay, have some details about it, pinging someone else on it
21:22.52Cairennthanks for the heads up dylanm :)
21:25.04zenzelezzI get the DEFAULT too often, but I also get it on other sites
21:25.57Cairenn(4:20:39 PM) dolby-wowi: default is just that
21:25.58Cairenn(4:20:50 PM) dolby-wowi: they must be switching ad campaigns
21:25.58Cairenn(4:21:03 PM) dolby-wowi: default means it ran out of ads
21:25.58Cairenn(4:23:02 PM) dolby-wowi: may have been a momentary thing
21:25.58Cairenn(4:23:08 PM) dolby-wowi: if they were changeing ads
21:25.58Cairenn(4:23:09 PM) dolby-wowi: or soemthing
21:27.41|Jelly|(It's said default on my screen for a long time)
21:35.32*** join/#wowi-lounge DM| (n=dm@cpe-65-24-59-218.columbus.res.rr.com)
21:36.32dolby-wowiSure, quote me when I type like a first grader. =p
21:37.12Thunder_Childdolby-wowi, how is that different from usual?
21:37.21dolby-wowi=p
21:37.23Cidandolby-wowi: You play EQ2 often?
21:37.44dolby-wowiYeah
21:38.06CidanI just started up; I'm likely going to somewhat port Conspiracy in someway over to it.
21:38.21CidanI've been tinkering with the XML, it's decent
21:39.15CidanI'm actually surprised at how much I really like EQ2
21:39.49dolby-wowinice, yeah theres no lua :(  but their xml customization is quite nice.
21:40.19CidanIt's decent enough to allow for some nice things.  Is it possible to save variables to disk though?
21:40.28dolby-wowiI've been enjoying Rise of Kunark. I'd have to say its their best expansion
21:40.41CidanWell I'm only level 16, ;P
21:40.43dolby-wowino Cidan
21:41.02dolby-wowithey have content 1- 20  in RoK
21:41.09Cidanoh?
21:41.10dolby-wowifor the Sarnak race
21:41.29CidanAh, I'm a human
21:41.34CidanIt's all new to me anyways
21:41.37Cidanso I'm enjoying it all
21:42.10dolby-wowigood to hear!  I still play wow,  my guild plays both.
21:42.35CidanI sent a /feedback, requesting saving of variables, fixing <!-- --> multiline comments and a request to see group member's pets stats.
21:42.52CidanI dislike using that graphical editor though, it slows me down, :P
21:43.12dolby-wowiyeah, works for some people though
21:43.15CidanI play WoW just to code, and not even on my own account.
21:44.27krkadamn it, i already forgot my own secret key
21:44.33krkai only stored it in a terminal
21:45.34Cidanrofl
21:45.38Cidanthis will be entertaining then.
21:45.49krkayeah
21:46.25Thunder_Childheh, i just signed up for a class in S. Africa
21:48.02Cidanmy school was offereing a cruise through the Nile and staying all over Egypt/Jordan for two weeks
21:48.06CidanI *almost* went
21:50.41Thunder_Childfully paid for?
21:51.27*** join/#wowi-lounge a^i`SmaN (i=drag@mlr78-3-88-162-68-235.fbx.proxad.net)
21:51.35Cidanno
21:51.50Cidanthus why I didn't go, I didn't want to blow 3500 on it.
21:53.33AntiarcHey, keylogger people
21:53.35AntiarcOSSW...PPP.VNFI@BPFI@.DHJ.JTT..WHTS.FTW
21:53.39AntiarcThat's your URL, encoded somehow
21:54.03Antiarc10g says OSSW... = http://
21:54.05Antiarc:)
21:54.31Thunder_Childhmm... "Wal-Mart Promotions <Walmart_srkxcjf@ronlinespg72.com>" doesnt seem all that valid.....
21:55.17|Jelly|http://www.youtube.com/watch?v=juOQhTuzDQ0
21:58.36*** join/#wowi-lounge Wraanger (n=Valle@vpn-111.su29.ru)
21:59.00*** join/#wowi-lounge Shirik|Ecole (n=nospam@155.31.172.121)
21:59.06Wraangerheyaz
22:00.00*** join/#wowi-lounge Drea (n=llsirsha@ip24-255-56-178.tc.ph.cox.net)
22:00.09Dreahey ya'll! hows ya doin today?
22:00.12Shirik|Ecolehi
22:01.02kaiden|workAntiarc, looks like mime encoding
22:01.03DreaSup Shirik? how's things?
22:01.26AntiarcI'm not convinced. There's a function in this file with a huge switch table. I suspect that's the translation function.
22:01.44Thunder_Childthis is a very odd photographer (nsfw) http://www.holgerpooten.com/
22:02.40Shirik|EcoleAntiarc: Any new news?
22:02.42Shirik|EcoleDrea: Same old
22:02.56AntiarcShirik|Ecole: Working on tracking down where it's sending the data, and what format.
22:03.01AntiarcIt's definitely in mouse.dll
22:03.02Shirik|Ecolethe old one, right?
22:03.10Shirik|Ecolemind sending me that dll directly?
22:03.27Shirik|EcoleI don't have a VM to mess with =(
22:04.06AntiarcI'm trying to find the call to IsDebuggerPresent() so I can haxxor it
22:04.26Shirik|Ecolepulled it up in ollydbg yet? :)
22:04.35AntiarcDoing that now actually.
22:04.52AntiarcI got a string that I think is the target URL
22:04.54AntiarcBut it's encoded
22:05.30Antiarc10002BA1  |. 68 18600010            PUSH mouse.10006018                                       ; /String2 = "OSSW...PPP.___.DHJ.JM.WHTS.FTW"
22:05.55AntiarcWait. It looks like it's just a character swap.
22:05.57AntiarcP = W
22:06.31Cairennso, what's the news on the new version guys? is it clean, infected or are we still trying to find out for sure?
22:06.38AntiarcIt's clean
22:06.51Shirik|EcoleCairenn: It's clean
22:06.56AntiarcNow we're just reverse engineering the keylogger so we can flood its target server wiht a million billion fake user/pass combos
22:07.05kaiden|workwell...
22:07.08kaiden|workwe know the target server
22:07.13kaiden|workand we know the subfolder
22:07.19Cairennokay
22:07.19kaiden|workbut we need to know the file it's accessing
22:07.27Antiarckaiden|work: What's the subfolder?
22:07.28Shirik|EcoleAntiarc: Why do you need to know where IsDebuggerPresent() is?
22:07.37Thunder_Childfor all of you south park whores "MTV Networks plans to make every clip from every episode of hit animated comedy “South Park” available for free online next year as part of a strategy to reach consumers everywhere."
22:07.40kaiden|workAntiarc, http://www.qiangewang.com/msx1/
22:07.43kaiden|worki'm missing the filename
22:07.49kaiden|workthen it calls
22:07.50AntiarcThanks kaiden|work
22:07.53AntiarcWorking on that now
22:07.55kaiden|work/?u=var&p=var&s=var&a=var&r=var&t=var
22:07.56AntiarcIt's 4 characters
22:07.58AntiarcProbably .asp
22:08.00CidanCairenn: I haven't looked at any of it, and I don't know what you have to do with say-so and what not, but I would consider it wise to not endorse it in anyway, ever
22:08.20kaiden|workwhich to me screams username password server account realm and then the last one i dont know
22:08.21Shirik|Ecolewtf is this huge switch statement I'm seeing >.>
22:08.32Shirik|EcoleCidan: Oh she's not endorsing
22:08.35CairennCidan: not why I was checking, but thanks :)
22:08.36AntiarcI suspect that's the URL decoder, Shirik|
22:08.39CidanOh okay, :P
22:08.56AntiarcHahahahahah
22:08.58Cairenn(check the front page of wowi :p )
22:09.02AntiarcYou're going to love this, kaiden|work
22:09.05Shirik|EcoleAntiarc: Found that call
22:09.15Shirik|Ecole10004C04 |. FF15 80100010 CALL DWORD PTR DS:[<&KERNEL32.IsDebugger>; [IsDebuggerPresent
22:09.27kaiden|workAntiarc, lol is the switch statement a letter for letter
22:09.29Antiarckaiden|work: I think it's post.xxx
22:09.45kaiden|worklets find out
22:09.48Shirik|EcoleIS that what you were looking for, Antiarc?
22:09.51AntiarcYes, it's post.asp
22:10.03Antiarchttp://www.qiangewang.com/msx1/post.asp
22:10.06Antiarcthat's your full URL.
22:10.08kaiden|worknope
22:10.11kaiden|workthat's an http 404
22:10.12AntiarcI suspect it is :)
22:10.18AntiarcWell
22:10.19kaiden|workHTTP 404 - ??????
22:10.19kaiden|workInternet ????
22:10.21AntiarcIt's possible it's gone dark
22:10.27AntiarcOr it's a spoofed 404
22:10.31AntiarcSo prevent snooping
22:10.35kaiden|workand i'm positive it's a .php
22:10.35deltronyou guys investigating the trojan?
22:10.39Antiarcyeah, deltron
22:10.43Antiarckaiden|work: Why do you think that?
22:10.51kaiden|workbecause i can see it accessing a .php
22:10.58kaiden|worki just can't decode the .php it's accessing
22:11.04AntiarcPaste that?
22:11.05kaiden|workit just comes up as jTn.E.php
22:11.05Cidanit's a fake 404
22:11.19AntiarcOSSW...PPP.VNFI@BPFI@.DHJ.JTT..WHTS.FTW
22:11.19Antiarchttp://www.qiangewang.com/msx1/post.asp
22:11.20AntiarcSee
22:11.22AntiarcIf you line those up
22:11.30AntiarcTHose match up perfectly with a letter swap algorithm
22:11.34AntiarcO = H, for example
22:11.37AntiarcH = O
22:11.47kaiden|workoh well.. if it does match up perfectly
22:12.00Shirik|Ecoleheh
22:12.01Shirik|Ecole.FTW
22:12.02Shirik|Ecoleawesome
22:12.07deltronhehe
22:12.16Cidanyeah, and look at the letters
22:12.18kaiden|workwell.. at least i was able to provide the first and last half of it
22:12.19kaiden|work;)
22:12.21Cidanit does match up rather nicely
22:12.47Shirik|EcoleAntiarc, you never asnwered me ><
22:12.57AntiarcShirik|Ecole: What was the question?
22:13.09Shirik|Ecoleyou said you needed to find the call to IsDebuggerPresent() ?
22:13.17AntiarcOh. Heh, thanks, got sidetracked
22:13.20deltronthat site uses fake 404 pages, I am viewing it in links and it shows the IE error page heh
22:13.23Shirik|EcoleI found it
22:13.37Cidanaye, I'm using linux and it's showing me MS 404's
22:13.43kaiden|workdeltron, haha nice
22:13.46kaiden|worki should have gotten that
22:13.50kaiden|worksince i'm viewing it in firefox
22:13.52kaiden|work<< nub
22:13.54Shirik|EcoleCidan: They might use IIS
22:14.01deltron:P
22:14.07deltronI think it is IIS
22:14.14AntiarcI'm pretty sure it is IIS.
22:14.19deltronsince 'virtual directory' is an IIS thing
22:14.29Cairennit's a .php?
22:14.31kaiden|workthey do use iis
22:14.32Shirik|Ecole.asp
22:14.45kaiden|worki personally still think it's a .php but it does match up nicely as a .asp
22:14.46kaiden|work:P
22:15.04AntiarcHow do you see it connecting to a php, out of curiosity?
22:15.08AntiarcLike, what's the log message?
22:15.10CidanHm, so now we have to figure out, was it on purpose?  I haven't taken a look at it, how deeply embedded is this code?
22:15.18kaiden|workAntiarc, i'll have to load virtualbox back up
22:15.20kaiden|workgimme a minute
22:15.33Cairennhow very interesting, since we had someone upload a bruting .php to wowi last week (which, surprise surprise, never made it out to the masses)
22:15.37AntiarcCidan: Rush says that someone got a rootkit on their machine via a compromised image upload script
22:15.56kaiden|workhe doesn't get off scott free
22:15.58Pandyaowned.
22:15.59Cidanhm
22:16.02kaiden|workwe've been telling him about this for a while
22:16.11kaiden|workhe was told about this and he ignored it
22:16.16Cairenn(at least a month, kaiden|work)
22:16.26deltronhe's a bad admin then
22:16.36AntiarcI'm getting an HTTP/1.1 404 header back from that URL
22:16.42AntiarcSo I kinda suspect it's gone dark
22:16.51AntiarcBecause I'm pretty positive that's the right URL.
22:16.51kaiden|workAntiarc, i'll tell you for sure
22:16.52kaiden|workjust gimme a second
22:16.55Antiarcgreat
22:17.23CidanNow I don't know what you guys think, but I only know a handfull amount of people who can inject code this complex into a precompiled program
22:17.34AntiarcCidan: It was attached as a rider in the install program
22:17.42AntiarcHow they GOT it into the installer is another question, but yeah
22:17.59kaiden|workno post.asp is an actual 404
22:18.00Cidanwell they use the nullsoft installer, right?
22:18.02AntiarcThe installer was modified to install this trojan, which downloads and delivers the payload
22:18.06Antiarcyeah
22:18.08kaiden|workHTTP/1.1 404 Object Not Found
22:18.08kaiden|workServer: Microsoft-IIS/5.0
22:18.08kaiden|workDate: Thu, 29 Nov 2007 22:08:35 GMT
22:18.08kaiden|workConnection: close
22:18.08kaiden|workContent-Length: 3733
22:18.08kaiden|workContent-Type: text/html
22:18.15Antiarckaiden|work: Same result here
22:18.34kaiden|workgimme a second i'll show you the original tcp stream from the trojan itself trying to call home
22:18.42Shirik|EcoleDirectory Listing Denied
22:18.42Shirik|EcoleThis Virtual Directory does not allow contents to be listed.
22:18.43Shirik|Ecoleqq
22:18.50Cidanthat's not really an issue then, I guess
22:19.08AntiarcGreat, thanks kaiden|work
22:19.40AntiarcOoooh.
22:19.41Antiarcwww.qiangewang.com/msx/mouse.dll
22:19.44Antiarc<-- that's good.
22:19.45CidanYou can just unzip the NSIS installer, or just install it, monitor what it does, the remake the installer with your files added.  I suppose I can sort-of buy his story then.
22:19.48kaiden|workwe already knew that antiarx
22:19.49kaiden|work:)
22:20.03AntiarcQQ
22:20.07deltronhehe
22:20.09deltroncheck this out
22:20.14*** join/#wowi-lounge dolby-wowi (n=Dolby-wo@MMOI/Administrator/Dolby)
22:20.14*** mode/#wowi-lounge [+o dolby-wowi] by ChanServ
22:20.26deltrontelnet www.qiangewang.com 80
22:20.35deltronthen type in get /msx1/post.asp
22:20.36deltron:)
22:21.07deltronhttp://218.85.132.165:8383/msx1/post.asp
22:21.08Cidanlol
22:21.08Cidannice
22:21.12Shirik|Ecoleoh my
22:21.18Shirik|Ecolemost impressive.
22:21.20AntiarcOh, nice
22:21.25AntiarcMust have a filter in place
22:21.29AntiarcFor bad user agents
22:21.33deltronyeah
22:21.33AntiarcTo prevent browsers from seeing it.
22:21.35AntiarcGood work.
22:21.43Shirik|Ecoleintelligent
22:21.45deltronlol my pastey didn't work either
22:21.54AntiarcOh man.
22:21.58AntiarcI'll bet that login gets you a view page
22:22.02AntiarcOf all the stolen info.
22:22.05deltron^
22:22.06Shirik|Ecoleyeah
22:22.09Shirik|Ecolelet's hack it!
22:22.10Shirik|Ecolelol
22:22.20kaiden|workdont get ahead of yourself
22:22.26kaiden|workyou get that from just going to http://theip
22:22.28Shirik|Ecoleok so, let's test feeding it some info?
22:22.38deltronadmin admin
22:22.38deltronlol
22:22.45kaiden|workthe website runs on port 8383 we already knew this just from going to http://218.85.132.165/
22:22.56Antiarcdeltron: already tried that
22:23.03Cairennif you guys do get in, screenshot it all and let's get it to the folks at Blizz so they can warn their customers about it
22:23.29Cairennsince they will be able to trace the accounts with the information that'll be stored there
22:23.56kaiden|workguys post.asp is not a file
22:23.58deltronsure wish I could read chinese
22:23.59kaiden|workit doesn't exist
22:24.06kaiden|workit's an auto forward to a "webmail" system
22:24.06kaiden|work:P
22:24.06deltronoh
22:24.08CidanIf you guys give me like
22:24.09Cidan2 hours
22:24.10Cidanactually
22:24.16Cidanlet me e-mail my girlfriend at work
22:24.17AntiarcCairenn: Of course.
22:24.21Cidanshe's chinese
22:24.22Cidansec
22:24.29Shirik|Ecole<3 Cidan
22:24.41Antiarc...oh shits.
22:24.43Antiarchttp://218.85.132.165:8383/msx1/images/login_1.jpg
22:24.45Cairennloving the theoretical and challenge of trying to get into it, but remember the practical as well :)
22:24.54Shirik|Ecoleso, do you think this site has a lockout for using too many login attempts?
22:25.00kaiden|workAntiarc, told you
22:25.02deltronholy crap Antiarc
22:25.03kaiden|workit's using IMail
22:25.27AntiarcIwebmail Version2.0
22:26.01AntiarcTime to go a-googlein' for exploits!
22:26.06Shirik|Ecolescrew google
22:26.10deltronlawl
22:26.16kaiden|worki think you already found an exploit
22:26.17kaiden|workhaha
22:26.17Shirik|Ecolewhat's it called? iwebmail?
22:26.20Antiarcyeah
22:26.24Dumanheh
22:26.36AntiarcHm
22:26.39Antiarcmbx = mailbox
22:26.48Shirik|Ecoleno matching CVE entry =(
22:27.15deltronnothing on the exploit sites I know about
22:27.23Shirik|Ecolehmmm
22:27.24Shirik|EcoleSummary: Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.
22:27.27Shirik|Ecoleis IMail the same thing?
22:27.30deltronno
22:27.31Shirik|Ecoleboo
22:27.47deltronimail is a mail server
22:27.55Drealets say, i wanna do an if statement with two things to look for such as if ( "number" == isNumber() AND frame == is not hidden) then.. what's the syntax for and?
22:28.29AntiarcJust and
22:28.31kaiden|workand
22:28.31Shirik|Ecole"and"
22:28.32kaiden|worklol
22:28.38Drearight on. just makin sure. :D
22:28.45Shirik|Ecolemust be lowercase though
22:28.57Shirik|Ecolelol Antiarc did you still want this IsDebuggerPresent() call?
22:29.00Shirik|Ecolekeep getting sidetracked
22:29.02Antiarchehe, no, I'm good
22:29.04Dreawhat about not equal? ~=?
22:29.07AntiarcYes
22:29.21Dreathanks again!
22:29.30Cidanlol
22:29.35Cidanreply from girlfriend for login page
22:30.05Cidanhah
22:30.14CidanAccount number
22:30.14CidanPassword
22:30.14CidanSecurity "something" (Automatic calendar on the back)
22:30.15Cidanwtf?
22:30.26Cidanthe "wtf?" were her own words
22:30.29deltronheh
22:30.31kaiden|workthe account number is 31481
22:30.42deltrontell her you're trying to save nerd-dom
22:30.46kaiden|workthe first check is Save Password loosely translated
22:30.47Antiarckaiden|work: Where did you get that?
22:30.50kaiden|workthe second is obviously cookies
22:31.01kaiden|workAntiarc: :)
22:31.44deltronanyone got a copy of the trojan handy?
22:32.04CidanEh, at this point I'd give it up.  We have all we can get.
22:32.32CidanThe server is in Beijing, bleh.
22:32.52cog|workdeltron: http://spyglass-server.com/keylogger/ in the unsafe directory
22:33.01cog|workerr... it's not there now
22:33.23cog|workoh... RTFM i guess :P
22:33.43kd3it's there
22:33.48kd3look closely at the top
22:33.49deltronoh nice it's there
22:34.10cog|workkd3: <cog|work>oh... RTFM i guess :P
22:34.24kd3bah, boo at lag
22:34.55cog|work;)
22:34.57AntiarcHm. That Javascript at the bottom of the page, when decoded, reads <SCRIPT src="http://www.cbiznet.com/iwebmail/checkuser.asp?userid=10000003"></script>
22:35.29cladhairei'm so sick of users asking me to post my addons at other websites.
22:35.52kaiden|workcladhaire, you should post to mine!
22:35.53kaiden|workj/k
22:35.57cladhaire:P
22:36.21deltroncladhaire: post them to UIcentral! I heard it's safe there
22:38.09deltronhmm how to extract Setup.exe in lunix
22:38.29*** join/#wowi-lounge Paradox (n=Paradox@spc1-brmb4-0-0-cust625.bagu.broadband.ntl.com)
22:38.29Cidanunzip it
22:38.34*** join/#wowi-lounge |Jelly|_____ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:39.00deltrontried
22:39.28*** join/#wowi-lounge |Jelly|Ghost (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:39.38Esamynn|Workyou guys having fun?
22:39.48Cidanunzip -a Setup.exe?
22:39.57kaiden|workAntiarc, can you use that character switcher on this D.:.\.B.T.\.1.1.y.u.e.1.7.\.$
22:40.06kaiden|workwtf is d:\bt\11yue17\
22:40.16AntiarcHm
22:40.19AntiarcI was doing it mnaually
22:40.27AntiarcWe may have to get access to that function to run it
22:40.56kaiden|workhrm.. www.google.cn and search for 11yue17
22:40.59kaiden|workcomes up with a lot
22:41.01AntiarcD:\BT\11yue17\$
22:41.11CideDrea: www.lua.org/pil
22:41.29*** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:42.16Saint-Nya know
22:42.41Saint-Nif you guys talked to slouken i bet he could get a flag set up for a specific account login to get the ip ;P
22:42.55Saint-Nand then just infect and connect once ;P
22:42.59kaiden|workverified..
22:43.05kaiden|work11yue17 is a chinese worm
22:43.09deltronheh
22:43.10kaiden|workquite popular apparently
22:43.15kaiden|workhttp://bbs.cnworms.com/archiver/?tid-20229.html
22:43.21AntiarcSo that's just the working path of the project
22:43.30kaiden|workyeah
22:43.39Xinhuanlol?
22:43.47kaiden|worki just kept seeing it come up in mouse.dll
22:43.49Saint-Ni blame xin
22:43.55Xinhuan:(
22:43.56Saint-N;)
22:43.58kaiden|workXinhuan... speak the chinese for us! what's it say?!
22:43.59kaiden|worklol
22:44.09Xinhuanwhich link
22:44.12kaiden|workhttp://bbs.cnworms.com/archiver/?tid-20229.html
22:44.18*** join/#wowi-lounge |Jelly|______ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:44.35kaiden|workand this one
22:44.35kaiden|workhttp://218.85.132.165:8383/msx1/images/login_1.jpg
22:44.42Xinhuanit seems to be a website forum for a game
22:44.43kaiden|workthat's the actual home address of the worm in UICentral
22:44.56kaiden|workit's IMail running on their server
22:44.58Xinhuanthe name of this game is called
22:45.01XinhuanFootball Manager
22:45.17Xinhuando i need to explain more?
22:45.33deltronlol
22:45.35Xinhuanyou are reading a particular thread of that forum ;d
22:45.53kaiden|workxinhuan, ok what's 11yue17 mean then lol
22:45.53Xinhuanand it is between 2 teams called WORMS and EDEN
22:45.59kaiden|workit's in the mouse.dll that's being thrown around
22:46.11Xinhuanyue is a chinese word for "moon"
22:46.15Xinhuanthat's all i can tell you
22:46.42AntiarcAnd "moon" is the English word for "Lua" in Portuguese.
22:46.45AntiarcIT ALL MAKES SENSE NOW.
22:46.52cog|workZOMG!
22:46.54Xinhuan~lart Antiarc
22:46.54purlkeeps mailing Antiarc free America Online CDs until he drowns
22:47.00Antiarcnoes :(
22:47.49Xinhuand:\bt\11yue17\
22:47.55Xinhuani'm pretty sure that has no meaning in itself
22:48.01Xinhuancould just be a randomly named folder
22:48.02AntiarcIt's just the internal working path.
22:48.17Xinhuanor a unicoded chinese char folder or something stupid
22:48.22Xinhuannon-unicoded rather
22:48.41*** join/#wowi-lounge cirdan (n=chris@c-68-45-23-196.hsd1.nj.comcast.net)
22:48.43cirdanhey all
22:49.38CidanAHHH, IT'S MY EVIL NJ TWIN
22:49.41CidanKILL HIM
22:49.45*** join/#wowi-lounge tedrock (n=tedrock@d235-156-27.home1.cgocable.net)
22:49.48CidanIt's funny, because I'm from NY
22:50.14Dreahmm. how to explain this one? i got buttons showin up , and not loading unless the frame they are on, is visible, but.. they're showing up underneath the frame they are supposed to be on top of. whats the command to put them on the top? frame strata somethin i think?
22:50.15Dumanhaha
22:50.25Cidandeltron: I just took my XP VM and made a copy of the drive
22:50.45Dumanyay, worms
22:50.53CidanDrea: button:SetFrameLevel(parent:GetFrameLevel()+1)
22:51.05Cidanand make sure they are on the same strata, or the button is on a higher strata
22:51.06Dreaawesome! Thanks Cidan. :D
22:51.44cirdanok
22:51.48deltronoh well time to go home, bbl
22:51.53cirdanim trying to debug a mod
22:52.01cirdantrinketmeu isnt working on my pc
22:52.02CidanAnd what mod is that, EVIL TWIN?!
22:52.08cirdanbut works on my mac, go figure
22:52.25Cidannewest version?
22:52.25cirdanit gives a global nil error
22:52.33cirdannewest version is from april
22:52.38cirdandev is awol
22:52.42cirdanbut it mostly works
22:52.56cirdani have a clean WTF and no other mod and it still doesnt work
22:53.00DreaThat did it! right on
22:53.20cirdani added swatter, and the error is
22:53.29CidanDrea: :D
22:53.43cirdan[string "TrinketMenu_IconFrame:OnClick"] line 1;
22:54.00Xinhuanmaybe you should just copy the working copy from your mac to your PC
22:54.03CidanDrea: You may want to consider setting your interaction objects on one strata, and the frames on a lower one, so you don't run into this problem.
22:54.04cirdanattempt to index global 'TrinketMenu (a nil value)
22:54.06cirdani do that
22:54.15*** join/#wowi-lounge DM| (n=dm@cpe-65-24-59-218.columbus.res.rr.com)
22:54.19cirdanXinhuan: i use rsync to keep my settings the same
22:54.36Xinhuanno clue then
22:54.42cirdanthe error appears to be in OnClick
22:54.54cirdanand OnEnter
22:54.56Dreawell, that worked Cidan, shouldn't have any more problems... now i have to figure out how to make the buttons dissappear and redraw when i change selections.
22:55.01Saint-Nis it possible to convert from hfs to some other FS format without losing data?
22:55.06cirdanno
22:55.10Xinhuanthe fact that it says "line 1" indicates that the file didn't get copied properly and wow is reading the entire file as "1 line"
22:55.28Xinhuanprobably a CRLF or some silly EOL issue
22:56.07DreaClearAllPoints do that?
22:56.12Xinhuannow does that make sense to you?
22:56.21CidanDrea: What do you want to do, hide the button?
22:57.15cirdanXinhuan: well
22:57.29cirdani just unzipped a fresh copy and reloadui
22:57.31cirdanstill error
22:57.34cirdanlet me try to restart wow
22:57.45Xinhuanno addon i know puts onclick handlers on line 1 of their lua code ~_~
22:57.48Dreai have a number of buttons, depending on the selectionin a dropdown, that come up. I want the buttons to go away, and redraw the proper number of buttons when a new selection is made.
22:57.55cirdanXinhuan: oh i believe you..
22:58.05Xinhuanunless, it uses XML?
22:58.17cirdanwtf that fixed it
22:58.22cirdangood eye
22:58.24Xinhuani think lua code inside XML starts at line 1 per script?
22:58.26Shirik|Ecolebaaaack
22:58.27CidanDrea: button:ClearAllPoints(); button:Hide();
22:58.32Shirik|EcoleXinhuan: Kinda
22:58.35Shirik|Ecolebut yes
22:58.37CidanShirik|Ecole: ...joy... woohoo...
22:58.42*** join/#wowi-lounge |Jelly|_______ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:58.42Shirik|EcoleCidan: Did you miss me?
22:58.46Shirik|Ecoleof course you did
22:58.47*** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
22:58.48CidanOh yeah, a ton, :/
22:58.54Dreais there any way to hide all the buttons at once?
22:58.56CidanSo yeah, I have to go to this stupid dinner party in DC
22:58.56Saint-Nonly by a little big
22:59.05Saint-NShirik|Ecole: for a fat guy you're rather agile"
22:59.05Shirik|Ecole172:582:42  » Join: |Jelly|_______ 2‹n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net2› 2‹clones with: |Jelly|, |Jelly|______ (2)2›
22:59.10Shirik|Ecolethat's a lot of underscores
22:59.16Shirik|EcoleSaint-N: Hahaha did you just call me fat?
22:59.24Xinhuan/chuckle
22:59.28CidanDrea: Put them inside of an invisible frame as it's parent, then parent that frame to the main frame, hide the invisible frame, woosh.
22:59.29Saint-Nyes i did tubby ;)
22:59.38Shirik|EcoleCidan can vouch for this, I am quite the opposite of fat
22:59.45Shirik|EcoleI'm underweight
22:59.45CidanYeah, no kidding
22:59.50Cidanthat kid is as skinny as a twig
22:59.52|Jelly|Shirik: It's my laptop.
22:59.58Saint-Nregardless of your actualy weight im going to assume that you're morbidly obese for the sake of jokes ;P
23:00.03Dreaerr, not sure that'll do the trick, here lemme pastey.
23:00.04|Jelly|My desktop kills it's self each time it happens.
23:00.05Shirik|Ecoleok
23:00.14Cidanbut you can't really even do that, he's so skinny it's not even funny
23:00.14Shirik|Ecole|Jelly| =(
23:00.27|Jelly|Trust me, it's super damned frustrating.
23:00.31Dreahttp://wowi.pastey.net/78260
23:00.48Saint-Ncidan: just because he's not big enough for planet status doesnt mean he doesnt deserve the oribtal moons ;)
23:00.56Xinhuan[11/30 07:01:30] <Cidan> Drea: Put them inside of an invisible frame as it's parent, then parent that frame to the main frame, hide the invisible frame, woosh.
23:01.06Xinhuanif you hide the invisible frame, its children hide too :D
23:01.46Cidancorrect, invisibleFrame:Hide() and everything that is a child of it will hide as well
23:01.54Saint-Nhis sign off always makes me thing of www.godhatesfags.com
23:01.55Cidanhm
23:02.04*** join/#wowi-lounge Cide (n=Cide@hus110a.bobbnet.com)
23:02.04*** mode/#wowi-lounge [+v Cide] by ChanServ
23:02.05Saint-Nim not sure why though
23:02.22Dreahow will that work out with a scrollin frame?
23:02.25Cidandoes Blizzard lua API have something for getting an iterator of children?
23:02.39Xinhuanframe:GetChildFrames()
23:02.43Xinhuani forgot the return values
23:02.45Xinhuanlook it up
23:02.47CidanDrea: Make the invisible frame anysize, it doesn't matter where it is or how big it is
23:02.56Cidanit doesn't have to be "in" the frame
23:03.08Cidanit just needs to have the parent->child relation
23:03.13Dreacause my next step is to get the scrolling to work with the buttons, depending on how many buttons there are
23:03.28Cidanoh, that's a bit of a pain in the pass, fyi. :P
23:03.41*** join/#wowi-lounge |Jelly|________ (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
23:03.45CidanI dislike scrolling + WoW Lua API
23:04.02Dreayeah, i know. lol. that's why i gave up and started on gettin the buttons to show up first. lol
23:04.45Dreaok, well lets try this invisible frame thing. is there a template or somethin?
23:05.00Cidanlocal f = CreateFrame("frame");
23:05.05Cidanbutton:SetParent(f);
23:05.06Cidandone
23:05.06Cidanlol
23:05.16|Jelly|clised the client on my laptop
23:05.19Dreaahh right on
23:05.39zenzelezzhttp://www.gallerischeel.dk/sjov/n603175651_500054.jpg
23:05.44Cidanand it helps if you f:SetParent(yourMainFrame);
23:05.55Cidanthen make sure you just f:Show() or f:Hide()
23:06.07*** join/#wowi-lounge alestane (n=nevin@c-76-24-240-47.hsd1.ma.comcast.net)
23:06.26Dreahmm. lemme see what i can do with that then. bbs. :D lol
23:06.56alestaneI am really getting sick of hearing about incgamers.com.
23:07.01Cidandude
23:07.08Dumanheh
23:07.10Cidandid you hear about incgamers.com?
23:07.11Cidanman
23:07.12cirdanyou guys mostly ace users here?
23:07.19Cidancirdan: AAAAAAAAAAHAHAHHAHAHAHAHAHAHAHAHAH
23:07.20Cairenncirdan: no
23:07.23CidanBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAHHAHAHAHAHA
23:07.26cog|workcirdan: #wowace
23:07.26Antiarc<-- ace addon developer >_>
23:07.28cirdangood
23:07.30alestaneWhatever works.
23:07.30zenzelezzalestane: then yuo may want to step out for a bit, it's a recurring theme here tonight :-p
23:07.30cirdan:)
23:07.32kd3that'd be the #wowace channel
23:07.33Cairennthere are people from every "school" in here
23:07.33cirdanace--
23:07.46CidanSorry, that was mean. :P
23:07.57cirdanand now a submod of cartograpehr isnt workin... tells me it has an unknown library
23:08.01cog|workmost of us aren't anti-ace, but we certainly don't deify it ;)
23:08.01cirdanthat's in the lib/
23:08.06cirdanhehe
23:08.13alestaneBabble-2.0?
23:08.13cirdancog|work: best policy to have :)
23:08.19Cairenncirdan: was there something you needed help with? .... nm, you just answered
23:08.22cirdanAceConsole-2.0
23:08.30cirdanbut it's there
23:08.40cirdanmaybe it has a confliction version or something
23:08.48alestaneI use Baggins, Cartographer, Omen and oRA2, but because I like them.
23:09.29alestaneOkay, I also have Recount but I don't use it much, it might get uninstalled to relieve system weight.
23:10.38alestaneThen I have DevTools, FocusFrame, HoloFriends, ReappearingUnitFrames and about eight self-authored add-ons.
23:10.57XinhuanDevTools...?
23:11.08alestaneSo I guess a lot of my mods are Ace after all, but it's not 'cause they're Ace.
23:11.32alestaneDevTools aka the Blessings of Iriel.
23:11.46Xinhuanwhat does it do
23:12.02cirdanyeah it's very odd...
23:12.29cirdanaceconsole is here...
23:12.41AntiarcDoes anyone have a text file list of all the US realms?
23:12.43Dumanwhat's the exact error you're getting?
23:12.44AntiarcI am le lazy
23:13.08Xinhuanpretty sure Antiarc, you can just go to http://forums.worldofwarcraft.com/child-forum.html?forumId=11119
23:13.13Xinhuanand cut/copy the list out
23:13.16AntiarcAwesome, thanks
23:13.33cirdan..\addons\cart_mailboxes\addon.lua line 70;
23:13.43alestaneDEvToolshttp://www.wowinterface.com/downloads/fileinfo.php?id=3999
23:13.53Xinhuanif it doesn't come out nicely, try ctrl-dragging the selection in firefox instead - ctrl makes firefox select table cells rather than highlight text
23:13.53alestaneSlipped and hit enter too fast.
23:14.03*** join/#wowi-lounge bleeter_ (n=bleeter@guifications/developer/bleeter)
23:14.10cirdanBad argument #3 to 'newmodule'. "AceConsole-2.0" is an unknown library
23:14.15zenzelezz~devtools
23:14.16purlIriel's DevTools, a highly useful set of debugging tools for developers on WoW. Found at   http://www.wowinterface.com/downloads/fileinfo.php?id=3999  Why isn't it in the default client yet?
23:14.36Xinhuanah Devtools
23:15.38Xinhuannot too useful then, since most of the commands are replicated in other places
23:15.48cirdanDuman: that help any? i checked google
23:16.01cirdanand it basically said there was a bad version of ace back in april
23:16.19cirdanbut this is very recent svn from files.wowace.com/cartographer_mailboxes
23:16.26Dreahmm. perhaps i did somethin wrong. but that's not workin
23:17.35Dreahttp://wowi.pastey.net/78261
23:17.41Dreawhat'd i do wrong?
23:17.49Kasothe minimum level you can cast a buff on is (buffLevel - 10) right?
23:18.04Cide>>? http://wowi.pastey.net/78261
23:18.06CideCide: input appears to be syntactically correct.
23:18.13kd3if you cast the max-rank buff it should auto-downrank as appropriate
23:18.27CideDrea: what's the issue? you're not very specific
23:18.40*** join/#wowi-lounge Funkeh`` (n=funk@host81-157-52-135.range81-157.btcentralplus.com)
23:19.08Kasoyah but im trying to work out what rank has been casted on me by a third party
23:19.20*** join/#wowi-lounge Funkeh` (n=funk@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh)
23:19.24Dreaok, i changed one thing, that fixed things a little. Basically. i'll give a for instance.
23:19.32CideDrea: unrelated, you're probably over-commenting much of the first 121 lines
23:19.36Cides/probably//
23:20.55*** join/#wowi-lounge Maul (i=43bd3483@gateway/web/cgi-irc/ircatwork.com/x-2f17cee5121a5ca7)
23:21.10cirdanDuman: hrm, i have only cartographer and _mailbox loaded, and still errors
23:21.12cog|workhey Maul
23:21.15DreaClick on the second dropdown, and choose the first item. it sets up 8 buttons. click on the second dropdown again, and choosethe 5th item. it is supposed to have only 3 buttons. but it has 8! from the first choice.
23:21.17cirdanlet eme try an older build
23:21.29Maulhey, just eves dropping :)
23:21.40Dreahttp://wowi.pastey.net/78262
23:22.28LunessaHello Maul. : )
23:22.44Maulhiya =)
23:23.19Dreawhat i want it to do, is when you choose something on the second dropdown, it will remove all the buttons, and redo the list of buttons again.
23:23.31Cairennhey Maul, ltns
23:23.37Dreaeach choice has a different number of buttons.
23:23.39*** join/#wowi-lounge Kaelten (n=kaelten@WoWUIDev/WoWAce/WoWIFA/CurseStaff/kaelten)
23:23.40*** mode/#wowi-lounge [+v Kaelten] by ChanServ
23:25.13alestanecog|work: Any word on the huge pile of gold in your mailbox?
23:25.15|Jelly|Lunessa: You were the one that recommended Scorched3D, right?
23:25.22Dreaplus the checkboxes, don't change between choices, they stay checked, that i could just put another entry in the table for, no biggie. but it's not redrawing the buttons.
23:25.29LunessaUmmm... no?  
23:25.31cog|workalestane: haven't heard back from the GM yet
23:25.35|Jelly|Oh.
23:25.38|Jelly|I thought you were.
23:25.38alestaneJust curious.
23:25.44|Jelly|Well. It's win to the face. Just so you know.
23:25.45Lunessanever heard of it.
23:25.59|Jelly|It's Scorched Earth, 3D.
23:26.21LunessaIt's full of awesome and win?
23:26.24Dreathink about it. i'll be back momentarily.
23:26.50|Jelly|Yes, it is. Especially if you're bored.
23:27.19CideDrea: you should tihnk about it, you know :)
23:27.24Cideit's your code logic
23:27.31Cideand honestly, you should get rid of half of your comments
23:27.45*** join/#wowi-lounge Tuller (n=chatzill@c-76-27-166-119.hsd1.va.comcast.net)
23:27.49Cidethey make the code harder to read in their current state
23:28.12CideLevelGuide_Restore(); -- tells the restore function to run.
23:28.17Cidefor example.. is completely useless
23:28.26CideFauxScrollFrame_Update(LGScrollFrame, 50,5,16);       -- 50 is max entries, 5 is number of lines, 16 is pixel height of each line
23:28.33Cideis probably your only well-placed comment
23:28.39Cideor one of the few, anyway
23:29.41CideDrea: anyway, my guess would be that you're only Show()-ing entries in your LGScrollBar_Update function
23:29.51Cidethus, when it runs twice, you're not hiding the old entries, so they remain
23:29.59*** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
23:32.11cog|workYay! I'm finally in the smallest group on a slashdot poll
23:33.07Cide"I have experienced sexual intercourse?"
23:33.15Cide~rimshot
23:33.16purlba-dum CHH
23:33.51cog|workoy
23:34.00CidanI'm so gdmfing excited
23:34.02cog|workbut yes...
23:34.07CidanI'm going to go see Avenue Q this weekend
23:34.11cog|work!
23:34.12CidanTHE INTERNET IS FOR POOOOOOOORRRNNN
23:34.14cog|worktake me!
23:34.18*** join/#wowi-lounge Wobwork (n=Wobin@203-206-178-228.perm.iinet.net.au)
23:34.19Cideoh boy
23:34.26CidanIf you're in the DC area, there are tickets still avail
23:34.26Cairenn~internet is for porn
23:34.27purl...but internet is already something else...
23:34.35Cairenn~for porn
23:34.35purlhttp://www.infested.dk/uploads/Forporn.avi
23:34.36CidanSo get them now!
23:34.40Cairennah, there we go
23:34.49cog|worki'm in the exact opposite area :(
23:35.27LunessaThe internet is for porn!
23:35.31Dreaah, well the comments are there simply for a friend who is tryin to learn and asked me to comment every line to say what it's doing.
23:35.47CidanCairenn: Link is dead, :(
23:36.14Cairennnooooo
23:36.21cog|workCidan: out of curiosity i checked my latitude and it's almost identical to DC ><
23:36.30LunessaYes KateMonster, but what you think he do /after/ ?  
23:36.50Dreai got to thinking, i went ahead and hid the invisible frame in the function that does selectin for the second dropdown, and it's still not doin it.
23:37.10Cidancog|work: rofl
23:37.14*** join/#wowi-lounge Jumpee|AFK (n=icechat5@cpe-76-166-247-247.socal.res.rr.com)
23:37.28CidanI've never seen the show, I'm dying to see it
23:37.39WobworkI want to see Spamalot =(
23:37.40alestaneWhat's this smallest poll group you're in?
23:37.41Dreaand ive got a f:Hide() in the update funciton too. and no dice
23:37.44CidanWhen I heard that it was coming to DC, I got tickets the same day
23:37.45Wobworkand "Not The Messiah"
23:37.53WobworkI -SO- want to see Not The Messiah
23:38.15*** join/#wowi-lounge Tem (n=tardmrr@WoWUIDev/WoWI/Dongle/Tem)
23:38.15*** mode/#wowi-lounge [+v Tem] by ChanServ
23:38.35WobworkBut also Spamalot after seeing Antiarc's brother doing a mimic of the songs =P
23:39.22Mike-N-GoItems like Netherstrand Longbow, they have 'Tempest Keep' on them, does that mean the raid, or any of the TK inistances?
23:39.47cirdanMike-N-Go: the legendary items in TK are for the 1 fight only
23:39.48zenzelezzraid
23:39.51Dreaseems to me that it's not removing the buttons when it hides it.
23:39.52WobworkAren't they only active and usable in the Kael fight?
23:39.57zenzelezzyeah
23:40.00cirdanWobwork: afaik yeah
23:40.03zenzelezzonce the fight ends, they vanish
23:40.17Dreajust hiding the frame, and when it shows it. it's not redrawing, it's just adding to whats there.
23:40.24Wobworkalthough I've heard some instances of "If you dc just before the wipe, you can reconnect with them after the wipe" =P
23:40.32alestaneDo you have a for loop that only goes up to the number of active buttons?
23:40.38zenzelezzWobwork: it's true
23:40.44zenzelezzseen it in my guild
23:40.51deltronwhee
23:40.54cirdanWobwork: ooo
23:40.56cirdanthat's cool
23:40.56zenzelezznot sure if they vanish when you enter combat though
23:40.57kergothhmm, why does MailFrame.xml call InboxFrameItem_OnEnter in an onupdate?
23:40.58deltronyou guys find out anything else about the trojan?
23:41.10cirdani still cant find the damn error
23:41.14cirdanevern w/old versions
23:41.33Mike-N-Gocirdan: Only for one boss fight?
23:41.52Xinhuankergoth: to update the GameTooltip every 0.2 secs
23:41.59Xinhuanlike every other thing
23:42.10cirdanMike-N-Go: they are only for the Cartographer-r56068.1
23:42.12zenzelezzyou have to kill all the other bosses in TK to get to Kael'thas, nothing else left to kill - and the room is closed when the fith starts
23:42.14cirdanerr kael fight
23:42.21Xinhuanactually its not even every 0.2s
23:42.27Xinhuanthat onupdate doesn't even check
23:42.31deltronkergoth: howdy :)
23:42.31Xinhuanit just runs as fast as it can
23:42.36Xinhuani noted it when i updated Postal's code
23:42.54Xinhuanand tried to fix it by hooking it but it messed up other addons
23:43.06kergothit also calls the onenter for every single item within a multiitem mail, does it really need to reconstruct the "multiple items (#)" tooltip that many times?
23:43.11Xinhuanso i decided meh, and undid my change
23:43.12kergothsilly blizzard
23:43.14kergothhey deltron
23:43.30Dreayeah, hiding the invisible frame doesn't actually remove the buttons.
23:44.13Dreai need a way to remove the buttons completely. between each choice
23:44.15*** join/#wowi-lounge sylvanaar (n=sylvanaa@12.179.203.116)
23:46.06Dreahmm. concieveably, i could have a third dropdown, that allows you to choose the steps. i know i can do that. what i don't get.. is how to allow the user to check the step when they're done with it.
23:48.40Jumpee|AFKAre the functions in BitLib written by Blizzard or just provided by Blizzard?
23:50.17*** join/#wowi-lounge |Jelly|AFK (n=chatzill@adsl-76-248-7-30.dsl.rcsntx.sbcglobal.net)
23:50.35cog|workJumpee: bitlib was developed by someone else (open source) and it was included in wow
23:50.51Jumpeethanks
23:51.33Jumpeecog|work: I never even knew it existed until I saw your post about it re the 2.4 changes
23:51.39*** join/#wowi-lounge kaiden (n=kaiden@c-67-170-78-181.hsd1.wa.comcast.net)
23:51.43cog|workhttp://rrt.sc3d.org/Software/Lua/
23:52.39cog|workyeah... it's rather obscure... I doubt many mods use it... Databases & communication mods for compression, perhaps
23:52.48cog|work2.4 will chang etha t though
23:54.27cirdanok i got ti workign by installing the ace2 mod directly
23:54.57cirdanone last question
23:55.02cirdananyone use wow with wine/cedega?
23:55.16alestanecog|work: I do that all the time.
23:55.20cirdani have a logitech mx revolution, tons of buttons
23:55.35cirdanwow only sees up to the scroll wheel
23:55.52cirdani cant use the left/right scroll nor the 2 thumb buttons
23:55.57cirdanbut they work in other apps and in xev
23:57.30kd3I haven't figured out how to get the key events for other buttons working properly. I've found some software that generates keystroke events when I click some buttons, but not native regular mouse events
23:57.42*** join/#wowi-lounge JoshBorke (n=Josh@WoWUIDev/WoWInterface/LegoBlock/joshborke)
23:57.56kd3alt+left, shift+pgup, etc...
23:59.21*** join/#wowi-lounge pez| (n=user@90.80-203-213.nextgentel.com)
23:59.24cirdandarn
23:59.32cirdanand no way to have an app specific context either i bet
23:59.41pez|why does this not wooork?
23:59.45cirdani'd only want those binding for wow

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.