23 March 2009

twitter badness?

so, a few days ago i was working on a project, and noticed that GoDaddy allows web sites which use their SSL certificates to post a flashie thing on their website allowing visitors to check the status of the cert. (see the bottom of tweepme.com for an example).

It turns out that GoDaddy actually has the blank certificate image stored on their servers, and that it is accessible via http in addition to https.

This means it could easily be used for spoofing by anyone that knows how to:
a) manipulate an image in an image editing software application or
b) manipulate an image in any number of programming languages

So, I decided to make the following tweet at twitter:

"interesting. if you know how to manipulate images, you too can spoof godaddy's SSL seal: http://is.gd/o1pM"

It was posted, and then disappeared about 15 minutes later.
I reposted it. Half an hour later, it was gone again.

So I talked to a friend of mine that follows me on twitter and had him pull up my page in his browser, and also in his third party application on a mobile device. I then posted again. He confirmed that it showed on my twitter profile page, but that it didn't hit his feed, nor his mobile device. About half an hour later, it disappeared again.

I then posted a tweet about the fact that my tweets were going missing for some reason. That also vanished about 20 minutes after posting.

So, I posted a tweet about something completely unrelated, that stayed.

At that point, I sent a request into twitter support asking whether I was triggering their ToS violation or such and that this was leading to my tweets vanishing. As yet (3 days later), it's not even been assigned to anyone to review.

Hmm... Interesting.

03 March 2009

network upgrade!

I've been wanting to upgrade to business class Road Runner for some time, but haven't had the chance to do so until now. There's a lot of reasons behind my wanting to do this, some of them are:

  • static IP addresses are only available via Road Runner's business class offering

  • while download speeds are the same or less than residential, upload speed is significantly higher (on paper)

  • the residential cable modem I have only works at 10M half duplex for the 'client' side interface, which means while i run a gig-e or 100M full network in my home, I'm throttled to that at my uplink.

So, I put the call in, got the quote, signed it, and sent it back.
2 days later and I have a shiny new modem. But even better, I have this:

Bandwidth Thoughput from MyHouse to Various Places

rochester, ny (http://rochester.speedtest.frontiernet.net/)
down - 7.013 Mbps
up - 1.415 Mbps

los angeles, california (http://lax.speedtest.dslextreme.com/speed.php)
down - 4.505 Mbps
up - 1.385 Mbps

san francisco, california (http://helpme.att.net/dsl/speedtest/)
down - 8.782 Mbps
up - 1.460 Mbps

dallas, texas (http://www.gospeedtest.com/index.html)
down - 4.075 Mbps
up - 0.854 Mbps

ASNCheck Script

While working on a project today I decided that it would be handy to have a script that could take an AS number (from stdin or from a list of them) and check the health status of it (via things like DNSBL for example), specifically gathering information that could lead one to determine the relative infection/compromise level.

Ideally, such a script would be able to alternatively take an IP address, determine the AS for it and then report on both the IP provided as well as the overall "health" of the AS associated with it.

Well, some of that I managed to whip out tonight, though not all.

I'll keep working on this, but I think it's useful enough now to warrant posting (I normally do *not* make code public in this raw a state, so take note that there are very likely bugs in this).

That said, here's 'asncheck.py'.
In its current state, it just returns a list of IP addresses from a given AS which are in the dShield current watchlist.

#! /usr/bin/env python
# ------------------------------------------------
# asncheck:
# retrieves the current dshield watchlist for
# a given AS, returning just the IP addresses.
# sample url:
# https://secure.dshield.org/asdetailsascii.html?as=123
# ------------------------------------------------
# written by:
# jason ross (algorythm@gmail.com)
# ------------------------------------------------
import sys

def main():
# here beginneth the script
opts = parmsdealer()

if (opts.verbose == 1):
print "\nRetrieving information for AS Number " + opts.asn + ":\n"

if (opts.infile):
filedata = open(opts.infile, 'rU')
except IOError:
print "unable to open input file \'" + opts.infile + "\'\n"
print "Unexpected error:", sys.exc_info()[0]
for line in filedata:
print line
asn = line.split(opts.delim, 3)[int(opts.col)]

if (opts.asn):
asn = opts.asn

dshield(asn, opts.verbose)

#print '{0}.{1}.{2}.{3}'.format(oct1.zfill(3),oct2.zfill(3),oct3.zfill(3),oct4.zfill(3))

def parmsdealer():
import sys
from optparse import OptionParser
version="\nasncheck: version 0.1\nauthor: jason ross \n"
usage="\n\n%prog [OPTIONS]\n"
parser = OptionParser(usage=usage, version=version)

# set up command line arguments

parser.add_option("-v", "--verbose", dest="verbose",
action="store_true", help="turn on/off verbosity (default: off)")
parser.add_option("-a", "--asn", dest="asn",
action="store", help="specify the AS to retrieve data for (just the number, or with 'AS' prepended)")
parser.add_option("-f", "--infile", dest="infile",
action="store", help="get the AS from the specified file (can be a list)")
parser.add_option("-c", "--col", dest="col",
action="store", help="[required with -f] specifies which column in an input file contains the AS (default is to use the first column: '0')")
parser.add_option("-d", "--delim", dest="delim",
action="store", help="[required with -f] specifies the delimiter to use when parsing the input file (default is to use the ASCII pipe character (0x7c): '|')")

# process command line arguments
(options, args) = parser.parse_args()

# exit if we're missing options
if (not options.asn and not options.infile):
print "\n" + sys.argv[0] + ": missing parameter(s)\n"
print "\n"

# exit if we've got conflicting options
if (options.asn and options.infile):
print "\n" + sys.argv[0] + ": can't set both an asn and an input file (there can be only one!)\n"
print "\n"

return options

def dshield(asn, verbose):
import socket
import urllib
import urllib2
import re

# urllib2 calls socket, so we can set the timeout here
timeout = 5

baseuri = 'https://secure.dshield.org/asdetailsascii.html'

params = {}
params['as'] = asn
encparams = urllib.urlencode(params)

requri = baseuri + '?' + encparams
req = urllib2.Request(requri)

if (verbose == 1):
print "opening " + requri + "\n"

res = urllib2.urlopen(req)
except urllib2.URLError, e:
if hasattr(e, "code"):
print "site borked! HTTP error: "
print e.code
elif hasattr(e, "reason"):
print "server borked! reason: "
print e.reason
data = res.readlines()
# print data
for line in data:
if ( re.match(r"[0-9]", line) ):
ip = line.split()
print ip[0]

if __name__ == "__main__":