unixwiz – Page 16 – anything dealing with *NIX or what ever I want to write about

September 16, 2009September 16, 2009

iPhone security patch

It seems that Apple finally released a patch for the iPhone about the security issue I wrote about back on May 1st (More Security Stuff)

From Apple’s Web Site:

WebKit

CVE-ID: CVE-2009-2797

Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0

Impact: User names and passwords in URLs may be disclosed to linked sites

Description: Safari includes the user name and password from the original URL in the referer header. This may lead to the disclosure of sensitive information. This update addresses the issue by not including user names and passwords in referer headers. Credit to James A. T. Rice of Jump Networks Ltd for reporting this issue.

Not sure when James reported it though. So I don’t know if I found it before him or not. Anyways, here is my suggestion, if you use an iPhone and have EVER logged in to a web site with a username and password, you need to change that password immediately and then apply the patch from Apple to your iPhone. I know there are some people who view my site that use an iPhone and are clicking on links from other websites, therefore sending your username and password to me as well.

September 12, 2009

Poor Man’s Network Traffic Meter

Set out tonight to find a way to log “network traffic” through the interfaces on my solaris box. What I was wanting was the actually amount of traffic going through the interfaces. First thought was to use netstat. But that only shows “packets” and the packets could be differing sizes. So I ended up using kstat. I wrote this simple little script to grab the interface names, and then use kstat to get the data out of the network module for each card:

#!/bin/ksh
#Get list of Ethernet Cards in machine:
MyHOST="`hostname`"
OS="`uname -r`"
if [ ${OS} == "5.10" ] ; then
   MyETHERS="`/usr/sbin/dladm show-dev | awk '{print $1}'`"
else
   MyETHERS="`/usr/sbin/ifconfig -a | awk '{print $1}' | grep \":\" | awk -F':' '{print $1}' | sort -u | grep -v \"^lo0\"`"
fi
COUNT=0
while [ $COUNT -lt 800 ]; 
  do
  for i in `echo $MyETHERS`
  do
    OBYTES="`/usr/bin/kstat -p -c net -n $i -s obytes64 | awk '{print $2}'`"
    RBYTES="`/usr/bin/kstat -p -c net -n $i -s rbytes64 | awk '{print $2}'`"
    SNAPTIME="`perl -e \"print(time());\"`"
    echo "${MyHOST},${i},${SNAPTIME},${OBYTES},${RBYTES}"
    OBYTES=
    RBYTES= 
    SNAPTIME=
  done
  sleep 10
  COUNT="`expr $COUNT + 1`"
done

You have to be root to run this, but that is only because of the dladm command I am using on Solaris 10. If you don’t want to run it as root, then comment out the if statement and just leave the line that uses ifconfig. When you run it, it will produce an output like this:

gonzo,elxl0,1252806095,37255837,715035
gonzo,rge0,1252806096,605012664015,863919572622
gonzo,elxl0,1252806106,37255837,715035
gonzo,rge0,1252806107,605012664377,863919573090

The output is formated as hostname, ethernet, time of the run, sending bytes, and receiving bytes. (The time is the epoch time.) The above script will only run 800 times, pausing 10 seconds between each run of the kstat. You can change how long it runs by changing the line:

while [ $COUNT -lt 800 ];

Just change the 800 to some other number. The second item to change is the “interval” time and that is controled by the :

sleep 10

You probably don’t want to run this every second. Every 10 is about right, as it will allow me to get the traffic with out much overhead.

The second script I did, was a little php script (but can be done in probably any language, but I use php for just about everything. This script takes output from the file you created above (just run the above script, redirect it to a file) and gives you a human readable output.

Note if you have more than one ethernet card active in your system, currently you will need to
“grep” out each card to it’s own file. If you have a bunch of machines, you should probably import the data from above in to a mysql db, and then modify this script to pull the info from it.

Here is the script to just parse one network card:

< ?php
date_default_timezone_set("EST");
$fp=fopen("Netstat.csv",r);
if ($fp) {
  $i=0;
  while (!feof($fp)) {
    $buffer=fgets($fp);
    if ($buffer) { 
      list($hostname&#91;$i&#93;,$ethernet&#91;$i&#93;,$time&#91;$i&#93;,$sending&#91;$i&#93;,$receiving&#91;$i&#93;) = explode(",",$buffer);
      $newtime=date('r',$time&#91;$i&#93;);
      if ($i != 0 ) {
        $TDIFF=($time&#91;$i&#93;-$time&#91;$i-1&#93;);
        $SDIFF=($sending&#91;$i&#93;-$sending&#91;$i-1&#93;)/$TDIFF/1024/1024;
        $RDIFF=($receiving&#91;$i&#93;-$receiving&#91;$i-1&#93;)/$TDIFF/1024/1024;
        printf("%s|%s|%s|%3.3f|%3.3f\n",$hostname&#91;$i&#93;,$ethernet&#91;$i&#93;,$newtime,$SDIFF,$RDIFF);
        $SDIFF="";
        $RDIFF="";
        $TDIFF="";
      }
      $i++;
    }
  }
}
fclose($fp);
?>

In the above, I named my redirected output to be Netstat.csv. What the above script outputs will look like this:

gonzo|rge0|Sat, 12 Sep 2009 15:44:38 -0500|0.000|0.000
gonzo|rge0|Sat, 12 Sep 2009 15:44:49 -0500|0.000|0.007
gonzo|rge0|Sat, 12 Sep 2009 15:45:04 -0500|6.677|0.065
gonzo|rge0|Sat, 12 Sep 2009 15:45:18 -0500|3.148|0.027
gonzo|rge0|Sat, 12 Sep 2009 15:45:41 -0500|5.377|0.076
gonzo|rge0|Sat, 12 Sep 2009 15:45:55 -0500|8.678|0.111
gonzo|rge0|Sat, 12 Sep 2009 15:46:16 -0500|9.499|0.117
gonzo|rge0|Sat, 12 Sep 2009 15:46:30 -0500|8.861|0.117
gonzo|rge0|Sat, 12 Sep 2009 15:46:46 -0500|9.183|0.120
gonzo|rge0|Sat, 12 Sep 2009 15:47:02 -0500|10.783|0.139
gonzo|rge0|Sat, 12 Sep 2009 15:47:15 -0500|7.103|0.093
gonzo|rge0|Sat, 12 Sep 2009 15:47:29 -0500|7.165|0.100
gonzo|rge0|Sat, 12 Sep 2009 15:47:44 -0500|6.995|0.095
gonzo|rge0|Sat, 12 Sep 2009 15:48:01 -0500|6.986|0.099
gonzo|rge0|Sat, 12 Sep 2009 15:48:15 -0500|5.678|0.069
gonzo|rge0|Sat, 12 Sep 2009 15:48:28 -0500|6.530|0.090
gonzo|rge0|Sat, 12 Sep 2009 15:48:53 -0500|3.477|0.046
gonzo|rge0|Sat, 12 Sep 2009 15:49:14 -0500|6.459|0.083
gonzo|rge0|Sat, 12 Sep 2009 15:49:31 -0500|7.754|0.105
gonzo|rge0|Sat, 12 Sep 2009 15:49:58 -0500|9.416|0.121
gonzo|rge0|Sat, 12 Sep 2009 15:50:10 -0500|10.854|0.139
gonzo|rge0|Sat, 12 Sep 2009 15:50:21 -0500|11.922|0.152
gonzo|rge0|Sat, 12 Sep 2009 15:50:31 -0500|12.556|0.165
gonzo|rge0|Sat, 12 Sep 2009 15:50:43 -0500|12.813|0.170
gonzo|rge0|Sat, 12 Sep 2009 15:50:54 -0500|14.783|0.188
gonzo|rge0|Sat, 12 Sep 2009 15:51:05 -0500|12.729|0.168
gonzo|rge0|Sat, 12 Sep 2009 15:51:16 -0500|12.018|0.148
gonzo|rge0|Sat, 12 Sep 2009 15:51:27 -0500|10.786|0.141
gonzo|rge0|Sat, 12 Sep 2009 15:51:38 -0500|13.566|0.167
gonzo|rge0|Sat, 12 Sep 2009 15:51:49 -0500|11.234|0.144
gonzo|rge0|Sat, 12 Sep 2009 15:52:01 -0500|12.914|0.165

The output is : hostname, ethernet, time of query,sending speed in Mbps, receiving speed in Mbps. As you can see from the above, I was copying some large amounts of data.

August 30, 2009August 30, 2009

bing has bong’d

Looking through some logs I noticed a bunch of traffic coming from bing.com. Funny thing is, it is NOT people searching for something and my site coming up. It appears that bing is doing keyword searches. For example here is a list of words it has looked for so far this month:

about
adelphia
adobe
airways
cameras
cdrecord
channel
channels
cisco
citrix
clear
client
cloning
comcast
cooking
december
demand
desktop
digital
drive
drives
dtrace
dynamic
dyson
early
error
family
funny
fusion
gravelly+point
hospitals
house
january
jetblue
morgantown
mount
movies
mysql
nikon
october
opensolaris
overcurrent
passwd
password
patch
peanut
photography
photoshop
pictures
ponytail
postgresql
procmail
psrinfo
question
radio
random
replication
restoration
sendmail
server
service
should
solaris
studio
surprise
system
syswatch
table
thomas
tivoli
today
toilet
tomcat
transition
travel
trying
tvgos
update
upgrade
usairways
vacation
vmware
vsphere
weblog

The reason I can tell that it is not a person is that one, the requests are coming from a BOT. The second is that when some one actually uses BING to search for something there is additional stuff “left” on the referrer string. Is bing really that stupid about how it indexes a site? So I guess the point of this is, if you want to have your site on the top of the list with bing, just put a dictionary on your site ;-).

August 29, 2009

Snow Leopard

I received my copy of Snow Leopard today from Apple. They overnighted it and fedex was kind enough to call and tell me they tried to deliver it but was unable to. I stopped by the Fedex depot on the way home and picked it up. I decided to load it on the Laptop first because I have heard of some problems with Adobe Photoshop Elements (which I run on the Mac Pro desktop).

So what are my thoughts:
1. I think Apple shipped some faulty DVD’s. Everytime I put it in my MacBook Pro, it would try to read it and then it would eject it. I put it in the MacPro desktop and it came right up. So back to the MBP and it continued to just eject it. I then attached an LG External USB DVD drive, and it seemed to have some problems reading it on there. I then did the Apple Software update (there were a couple of Security alerts available) thinking that may help. Didn’t appear to. Then all of the sudden it loaded the installer. After an hour later and 2 reboots Snow Leopard was installed via the USB drive. They still need to work on their installer, it set at the “Time Remaining : Less than a minute” for over 10 minutes.

2. The initial startup seemed to take some time, but have not tried rebooting it yet.

3. The Finder seems extremely faster.

4. It free’d up almost 10 gig of disk space for me. I started the install with only 17gb free. After the install I now have 27.11 gb free.

So far I havn’t tried any of the other apps I use, but Adium X 1.4b9 seems to run well. I also like the new Expose, seems to organize stuff a little better. Will have to see what else has changed.

August 23, 2009August 23, 2009

Comcast Morgantown QAM Update

It seems that comcast is getting ready for the use of those little cable boxes. Rescanned today and found this (all in the clear):
2.1 – KDKA HD
4.1 – WTAE HD
4.2 – this Pittsburgh
5.1 – WDTV HD
7.2601 – WPCW CW Pittsburgh HD
11.1 – WPXI HD
11.2 – Retro TV
13.1 – WQED HD
13.2 – WQED – Create
13.3 – WQED – Neighborhoood
16.1 – WQEX / Shop NBC
18.1 – WVCW CW Clarksburgh
18.6 – WDTV SD
18.7 – WBOY SD
18.8 – WVFX SD
18.9 – WNPB D1
18.10 – Local Government channel (analog 15)
18.11 – Local Channel (analog 3)
20.1 – CSPAN
22.1 – WPMY HD
24.1 – WNPB D1
24.2 – WNPB D2 – Create
24.3 – WNPB HD
40.1 – WPCB – Religous
53.1 – WPGH HD
79.3 – KDKA SD
79.4 – WPGH SD
79.5 – WTAE SD
79.6 – WQED SD
79.7 – WPMY SD
79.8 – WPXI SD
79.9 – WPCW SD
79.10 – Fox Sports Pittsburgh
79.11 – WGN Chicago
85.111 – PPV Barker Channel
86.1316 – Music Choice
90.601 – Current

I am not sure why they decided to put all the locals on Analog, HD and SD. But I have a feeling I know why… I just wish they would make the cartoon network in the clear.