Multicast interfaces are not enabled by default on machines provisioned into the Joyent Public Cloud. However, you can enable multicast interfaces by doing the following:
- Choose an interface to which you want to attach the multicast segment 18.104.22.168/4. Your options are
em1.Tip: We recommend
- Take note of the IP address for the chosen interface.
- Execute the following command as the root user:
route -n add -interface 224.0/4 -gateway $IP_OF_INTERFACE
- Verify the multicast segment is attached:
netstat -rn | grep 22.214.171.124
If successful, you should see something similar to the following:
126.96.36.199 10.112.0.243 U 1 0 net1 or net2
About ipf and Multicast Traffic Rules
If you plan to use
ipf (IPFilter), you will need to write rules that allow multicast traffic. You can write those rules in the following way:
pass in quick on $INTERFACE proto 2 from any to any
pass out quick on $INTERFACE proto 2 from any to any
If you need to permanently add those rules to your config, check the attached SMF manifest.
Note: If you use the attached manifest, ensure you specify the correct IP address for the
svccfg validate multicastlan.xml
svccfg import multicastlan.xml
STATE STIME FMRI
disabled 9:52:18 svc:/site/multicastlan:default
svcadm enable multicastlan
STATE STIME FMRI
online 9:52:53 svc:/site/multicastlan:default
Note: For more information on IPFilter, you can view the man page here.
This week, seen in several internet news portals the announcement of “hacking
” 55000 twitter accounts
. This kind of news tend to attract attention of the net and demonstrate the fragility of this. I like to spend some type observing the data published and speculate a bit.
Yes, after concatenate the five parts of pastebin, we have 58970 records. But after this and check how many of them are unique, only 36998 are. So, until here, the announcement was not successful.
We can consider the password list a Corpus
and with it, useful to linguistic analysis and text mining.
First, the most popular passwords:
Order Unfiltered wordcount Occurencies
1. 315475 580 1.5573
2. 123456 489 1.3130
3. 123456789 176 0.4726
4. 102030 68 0.1826
5. 123 61 0.1638
6. 12345 53 0.1423
7. 1234 45 0.1208
8. 101010 29 0.0779
9. 242424 28 0.0752
10. 12345678 27 0.0725
11. 010203 24 0.0644
12. 1234567 24 0.0644
13. 654321 23 0.0618
14. 123123 21 0.0564
15. 121212 19 0.0510
16. 123321 16 0.0430
17. sexo 16 0.0430
18. com 16 0.0430
19. 1234567890 15 0.0403
20. junior 14 0.0376
21. gay 14 0.0376
22. gatinho 13 0.0349
23. 124578 13 0.0349
24. 0123456789 13 0.0349
25. 12345678910 12 0.0322
26. brasil 12 0.0322
27. 123654 12 0.0322
28. 202020 12 0.0322
29. 159753 12 0.0322
30. adm15575 11 0.0295
31. 212121 11 0.0295
32. 151515 11 0.0295
33. 2008 10 0.0269
34. 1010 10 0.0269
35. 252525 10 0.0269
36. fernando 10 0.0269
37. redeglobo 10 0.0269
38. 112233 10 0.0269
39. eumesmo 10 0.0269
40. 000000 10 0.0269
41. 987654321 9 0.0242
42. 141414 9 0.0242
43. 123mudar 9 0.0242
44. 789456 9 0.0242
45. 696969 9 0.0242
46. ricardo 9 0.0242
47. thiago 8 0.0215
48. alexandre 8 0.0215
49. eduardo 8 0.0215
50. 456789 8 0.0215
Very interesting, then:
- The first 16 password are numbers.
- The first most popular password is 315475 (a mystery to evaluate)
- The first word is “sexo”.
- Passwords seem to predominate in portuguese (in popularity)
What is 315475?
- The phone prefix of Syracuse, NY (USA).
- One hexcolor? 580 persons love the blue?
- A common password from a spambot owner?
My vote for the spambot.
This last days, many people spoke about the new “Flashback Trojan” in OSX 10.7 (for more info, click here).
The way to know if you are infected requires some work with the terminal (two commands
). Some users “hate” the terminal or simply not know it is there, that is why I wrote a simple applescript (fast and dirty) that check in a click (to my dear friend Dario).
The resultant application (created with applescript editor) is included in this post (Check Flashback Trojan 0.1.zip
), or you can check the source code:
display dialog "Lets go to check two simple values, if the result is not equal to OK, run some antivirus or do your job with the terminal app. Also, check http://goo.gl/3FWfA" with icon stop with title "Simple Flashback Trojan detect tool"
set test1 to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment > /tmp/nada 2>&1; cat /tmp/nada | grep -i not"
set test1 to result
if test1 contains "does not exist" then
display dialog "Step 1: OK" with icon note
do shell script "rm -f /tmp/nada"
display dialog "Step 1: Something is wrong with Info LSEnvironment" with icon stop
set test2 to do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES > /tmp/nada2 2>&1; cat /tmp/nada2 | grep -i not"
set test2 to result
if test2 contains "does not exist" then
display dialog "Step 2: OK" with icon note
do shell script "rm -f /tmp/nada2"
display dialog "Step 2: Something is wrong with DYLD_INSERT_LIBRARIES" with icon stop
The log error is:
Process: VTDecoderXPCService 
Version: ??? (???)
Code Type: X86-64 (Native)
Parent Process: ??? 
Date/Time: 2012-03-13 16:19:35.652 -0500
OS Version: Mac OS X 10.7.3 (11D50)
Report Version: 9
Sleep/Wake UUID: C7F9D4B3-1728-4AB6-B314-FBC9E4B06761
Crashed Thread: 3 Dispatch queue: com.apple.coremedia.videodecoder-peer-38460
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00007fda92700000
VM Regions Near 0x7fda92700000:
MALLOC_TINY 00007fda92400000-00007fda92700000 [ 3072K] rw-/rwx SM=PRV
MALLOC_SMALL 00007fda92800000-00007fda93800000 [ 16.0M] rw-/rwx SM=PRV
Application Specific Information:
objc: garbage collection is OFF
VTDecoderXPCService is the sandboxing for video content in Lion. All things that are QuickTime related, audio or video, are sandboxed by this service.
The problem is caused by a corrupt video file, in my case it was a m4v file. And because the file was on the desktop, each time I restarted, or opened a finder window that opened to the desktop folder, the error would pop up.
However, some possible solutions are (each one, not together):
- Delete the file from the Desktop.
- Move the video/audio file to one directory (obviously, create them).
- Change the opening default app to another compatible, like VLC.
- In some cases, change the file extension to another, solves the problem.
For more info:
Mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. In other words is like a tcpdump from http.
- Check your python version (you need 2.6.x or 2.7.x). If have any trouble with this, install macports and
sudo port install python26
- Download urwid from here and next, uncompress and
sudo python setup.py install
- Checkout the source code with git
git clone https://github.com/cortesi/mitmproxy.git
- Install using the setup.py script. This is the output:
python setup.py install
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'install_requires' warnings.warn(msg)
copying libmproxy/__init__.py -> build/lib/libmproxy
copying libmproxy/cmdline.py -> build/lib/libmproxy
copying libmproxy/controller.py -> build/lib/libmproxy
copying libmproxy/dump.py -> build/lib/libmproxy
copying libmproxy/encoding.py -> build/lib/libmproxy
copying libmproxy/filt.py -> build/lib/libmproxy
copying libmproxy/flow.py -> build/lib/libmproxy
copying libmproxy/proxy.py -> build/lib/libmproxy
copying libmproxy/script.py -> build/lib/libmproxy
copying libmproxy/tnetstring.py -> build/lib/libmproxy
copying libmproxy/utils.py -> build/lib/libmproxy
copying libmproxy/version.py -> build/lib/libmproxy
copying libmproxy/console/__init__.py -> build/lib/libmproxy/console
copying libmproxy/console/common.py -> build/lib/libmproxy/console
copying libmproxy/console/connlist.py -> build/lib/libmproxy/console
copying libmproxy/console/connview.py -> build/lib/libmproxy/console
copying libmproxy/console/help.py -> build/lib/libmproxy/console
copying libmproxy/console/kveditor.py -> build/lib/libmproxy/console
copying libmproxy/contrib/__init__.py -> build/lib/libmproxy/contrib
copying libmproxy/contrib/pyparsing.py -> build/lib/libmproxy/contrib
copying libmproxy/resources/ca.cnf -> build/lib/libmproxy/resources
copying libmproxy/resources/cert.cnf -> build/lib/libmproxy/resources
copying and adjusting mitmproxy -> build/scripts-2.7
copying and adjusting mitmdump -> build/scripts-2.7
changing mode of build/scripts-2.7/mitmproxy from 644 to 755
changing mode of build/scripts-2.7/mitmdump from 644 to 755
copying build/lib/libmproxy/__init__.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/cmdline.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/console/__init__.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/common.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/connlist.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/connview.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/help.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/kveditor.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/contrib/__init__.py -> /Library/Python/2.7/site-packages/libmproxy/contrib
copying build/lib/libmproxy/contrib/pyparsing.py -> /Library/Python/2.7/site-packages/libmproxy/contrib
copying build/lib/libmproxy/controller.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/dump.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/encoding.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/filt.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/flow.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/proxy.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/resources/ca.cnf -> /Library/Python/2.7/site-packages/libmproxy/resources
copying build/lib/libmproxy/resources/cert.cnf -> /Library/Python/2.7/site-packages/libmproxy/resources
copying build/lib/libmproxy/script.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/tnetstring.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/utils.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/version.py -> /Library/Python/2.7/site-packages/libmproxy
byte-compiling /Library/Python/2.7/site-packages/libmproxy/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/cmdline.py to cmdline.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/common.py to common.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/connlist.py to connlist.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/connview.py to connview.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/help.py to help.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/kveditor.py to kveditor.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/contrib/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/contrib/pyparsing.py to pyparsing.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/controller.py to controller.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/dump.py to dump.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/encoding.py to encoding.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/filt.py to filt.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/flow.py to flow.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/proxy.py to proxy.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/script.py to script.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/tnetstring.py to tnetstring.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/utils.py to utils.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/version.py to version.pyc
copying build/scripts-2.7/mitmdump -> /usr/local/bin
copying build/scripts-2.7/mitmproxy -> /usr/local/bin
changing mode of /usr/local/bin/mitmdump to 755
changing mode of /usr/local/bin/mitmproxy to 755
All you need is execute the command “mitmproxy” in a terminal and configure your preferred browser to use the manual proxy at: localhost port 8080.
So nice and very useful with the uncomfortable “calls to home” from certain apps and web apps.