MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
24 25 26 27 28
29 30          
2020
Months
NovDec


Mon, Oct 05, 2020 9:25 pm

Your electricity will be cut off in 30 minutes

At 11:55 AM EDT this morning, my wife received a recorded call stating our electricity would be cut off by Delmarva Power, our electric utility, in thirty minutes. She called for me to pick up the phone, but by the time I got to a phone in another room, the call was disconnected. She said the message had instructed her to hit "1" to speak to someone. The call sounded like a scam to me, since I didn't know of any issue with our electicity payments and also because I would have expected a letter well before a cutoff date and more than 30 minutes to pay any past due payment if someone called. It seemed to me an obvious attempt to panic a called party into providing a credit card to a scammer engaged in fraud, but I checked our bank account anyway and saw the last payment due had been deducted from our checking account about two weeks before the call and when I logged into Delmarva's website to check the status of our account, I saw the last payment credited and a balance of zero dollars.

Using *69, I was able to determine the listed calling number was 1-443-739-1747, but a search online for accounts of others receiving a call from a scammer using that number did not reveal other such activity. I called the number back to see how the scammer operated or to see if it might be a spoofed number, but just got a recorded message that the called party was not available, so I should leave a message. It sounded like a generic voicemail message. So, perhaps, the scammer spoofed the calling number as they often do to make it difficult to track down their identity.

[/security/scams] permanent link

Thu, Aug 27, 2020 9:30 pm

Turning off McAfee AntiVirus Plus realtime protection temporarily

To temporarily turn off the realtime antivirus protection in McAfee AntiVirus Plus, e.g., so you could move a file to another system for analysis that it might deem malware or to scan the system with other antivirus software, you can take the following steps:
  1. Open the program and click on the gear (cog) icon at the upper, right-hand corner of the window.
  2. Under the PC Security section of the Settings, you will see "Real-Time Scanning." When you click on "Real-Time Scanning" you will have the option of turning off the real-time monitoring for 15 minute intervals from 15 to 60 minutes or you can select "When I restart my PC" or "Never."

If you select a timed option, the protection will automatically turn back on after that period of time. You can also turn on protection again prior to that time by modifying the "Real-Time Scanning" setting again.

If you wish to view or restore items McAfee AntiVirus Plus has quarantined, you can click on "Quarantined items" under Settings, which will show you all files in the quarantine area, if any.

Note: these steps were tested on McAfee® AntiVirus Plus version 16.0

[/security/antivirus/mcafee] permanent link

Thu, Jun 18, 2020 7:44 pm

Verifying a website's security certificate with openssl

You can verify a website's security certificate from a command line interface (CLI), such as a shell prompt, by using OpenSSL, which is available for Linux, macOS, Microsoft Windows and other operating systems — for a Windows version, see the instructions at How to install the most recent version of OpenSSL on Windows 10 in 64 Bit. To check a certificate, you can issue the command openssl s_client -connect example.com:443 -showcerts, substituting the fully qualified domain name (FQDN) of the site you wish to check for example.com. The output for example.com is shown below.

$ openssl s_client -connect example.com:443 -showcerts         CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, OU = Technology, CN = www.example.org
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Los Angeles/O=Internet Corporation for Assigned Names and Numbers/OU=Technology/CN=www.example.org
   i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
-----BEGIN CERTIFICATE-----
MIIHQDCCBiigAwIBAgIQD9B43Ujxor1NDyupa2A4/jANBgkqhkiG9w0BAQsFADBN
<text snipped>
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 907C391C745555481A141A04D65B7CD175BD5E052FF39EFD17B30848D535F0D1
    Session-ID-ctx:
    Master-Key: 9DC337D789BB8DB7CCE82BBC3EAD28C4A9E98016C98D35AD9A6B737C0B76AE3118881303F7E7890BEE0567FFC402B5F9
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - b1 7d 3a 56 0e 17 8f 5a-37 b0 4b 03 dd de 8d 98   .}:V...Z7.K.....
    0010 - 59 36 bb 73 43 e2 95 2a-9b 2e de ef 99 5e 92 d8   Y6.sC..*.....^..
    0020 - 3a 16 b6 4d 78 2b c6 a4-58 a5 5b 2e c0 8a 1f a6   :..Mx+..X.[.....
    0030 - e6 35 dd 8d 77 fb 4e 09-82 94 c0 8c 6e f8 56 41   .5..w.N.....n.VA
    0040 - 9a bb 82 a6 b1 30 5d bc-38 24 00 9c a6 a3 10 c5   .....0].8$......
    0050 - 6f cc e8 c8 25 62 6f e0-8f 7d 1a d9 18 6a db 32   o...%bo..}...j.2
    0060 - 48 07 df b0 15 fc 98 a0-5d 27 93 df 20 4c 6c ae   H.......]'.. Ll.
    0070 - cf 95 23 49 d0 c0 57 10-c1 8b 12 fa b0 c4 33 41   ..#I..W.......3A
    0080 - 2f 21 cf df dc 9a 1f 44-68 a3 76 81 0f b8 04 ab   /!.....Dh.v.....
    0090 - 59 e7 c4 29 79 28 f9 45-43 82 b9 a0 5a e5 6d 5a   Y..)y(.EC...Z.mZ

    Start Time: 1592522720
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed
$

If you wish to check on whether a particular cipher is supported, you can use the command openssl s_client -cipher followed by the particular cipher for which you wish to connect and then -connect followed by the FQDN, a colon, and then the HTTPS port, port 443, as shown below for example.com. If you see the response "handshake failure" as in the example below, the cipher is not supported.

$ openssl s_client -cipher 'ECDHE-ECDSA-AES256-SHA' -connect example.com:443
CONNECTED(00000003)
140497569793952:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 121 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1592522976
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
$

If the cipher is supported, you will see "connected" instead, as shown below.

$ openssl s_client -cipher 'ECDHE-RSA-AES128-GCM-SHA256' -connect example.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, OU = Technology, CN = www.example.org
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Los Angeles/O=Internet Corporation for Assigned Names and Numbers/OU=Technology/CN=www.example.org
   i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
<text snipped>
   Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 27 d3 5d a3 cf ac 34 0b-92 af c6 00 17 0d 15 bc   '.]...4.........
    0010 - 6b be b4 92 dc 1a 01 97-98 9c f4 2b 68 f7 fd 69   k..........+h..i
    0020 - 1c fd 25 16 21 ba aa f9-43 2b 1a 4b 54 d8 48 37   ..%.!...C+.KT.H7
    0030 - 90 f7 2f 3f 76 d1 88 22-cf db 43 77 55 40 d2 41   ../?v.."..CwU@.A
    0040 - c8 3a 8c f5 75 02 9b 88-92 92 38 f3 53 46 e7 48   .:..u.....8.SF.H
    0050 - 9a bf 2d db 78 00 cd 12-2c 30 fc f8 81 20 e9 89   ..-.x...,0... ..
    0060 - c0 8f 3c e3 e6 22 69 af-cb cd b0 ec dd 06 1b c9   ..<.."i.........
    0070 - f3 82 cb ee 85 f1 c8 6a-27 29 5b 42 7e bb 87 60   .......j')[B~..`
    0080 - c3 17 4a ff 54 41 b3 1a-8e 3b e3 30 b6 48 fa 9d   ..J.TA...;.0.H..
    0090 - b3 50 a5 2b 73 8d 59 16-4c fd b4 24 54 48 14 08   .P.+s.Y.L..$TH..

    Start Time: 1592523392
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

closed
$

[/security/encryption/openssl] permanent link

Fri, Jun 05, 2020 5:22 pm

Call from 616-465-0071 purporting to be from Amazon

My wife received a call today that was a recorded message purportedly about a suspicous Amazon charge for an iPhone. She asked me to pick up the phone, but by the time I got to the phone the call was disconnected. I used *69 to determine the calling number was 1-616-465-0071, though of course the number may have been spoofed. I searched online and didn't find anyone else reporting a fraudulent call from that number purporting to be from Amazon. I checked our Amazon account just to be certain there was no recent charge for something neither of us ordered, but I didn't see anything ordered after a recent purchase of ink for my wife's printer. I tried calling the number using *69 just to see whether I could get anyone at the other end or any identifying voice message, but only got the message "I'm sorry we can not connect your call at this time." Subsequent attempts I made to call the number resulted in a busy signal. At this point, I'm presuming the call was an attempt by a scammer to obtain information about our Amazon account or a credit card number associated with the account.

[/security/scams] permanent link

Wed, Feb 19, 2020 9:44 pm

Windows Defender detected TrojanClicker:JS/Chroject.A

I recently removed Trojan:Win32/Nymaim, which was detected by Windows Defender on a Microsoft Windows 10 system. When Windows Defender detected that malware, it prevented the weekly backup program on the system, which was the Windows 7 backup and restore utility, from completing successfully. After removing that malware, I ran the backup program again, but I found that again the backup program did not complete successfully due to Windows detecting a trojan during the backup operation. This time it was TrojanClicker:JS/Chroject.A.

[ More Info ]

[/security/trojans] permanent link

Mon, Feb 17, 2020 9:22 pm

Windows Defender detected Trojan:Win32/Nymaim

When I checked a Windows 10 system to ensure that the Windows 7 backup program that is scheduled to perform weekly backups of the system was functioning properly, I found that the last successful backup occurred on November 11, 2018. When I clicked on "More information" to determine the cause of the weekly backups failing, I saw the message "Operation did not complete successfully because the file contains a virus or potentially unwanted software." So I opened the Windows Security application by clicking on the Windows Start button, then selecting Settings, then Update & Security, then Windows Security. I then clicked on Virus & threat protection and selected Protection history, which showed an entry of "Remediation incomplete" for the backup that ran on February 16, 2020. The issue encountered was listed as "servere." I clicked on the downward-pointing arrowhead next to "severe" which showed the following for the malware detected:

Threat detected:Trojan:Win32/Nymaim
Alert level:Severe
Date:2/16/2020 10:46 PM
Category:Trojan
Details:This program is dangerous and executes commands from an attacker.

[ More Info ]

[/security/trojans] permanent link

Mon, Jan 27, 2020 10:10 pm

SUPERAntiSpyware Installation Blocked by Windows Defender

I downloaded SUPERAntiSpyware Free Edition version version 8.0.1048, an antivirus program, from the developers website on January 27, 2020. When I attempted to install it by right-clicking on the file and choosing "Run as administrator, a Windows Defender window popped up with the message below:

Windows protected your PC

Windows Defender SmartScreen prevented an unrecognized app from
starting. Running this app might put your PC at risk.
More info

When I clicked on the "X" at the top-right, hand corner of the window, the message went away, but the installation did not start.

[ More Info ]

[/security/antivirus/SUPERAntiSpyware] permanent link

Wed, Jul 24, 2019 10:26 pm

Publishers Clearinghouse Scammer

On Tuesday, July 23, 2019, I received a call from someone pretending to be a representative of Publishers Clearing House (PCH) who identified himself as Tony WIsh and told me I had won 5 1/2 million dollars, a Mercedes Benz, and free petrol for a year for the vehicle - obviously he was not someone who grew up in the U.S. to use "petrol" rather than "gas." He asked me what color car I wanted and whether I wanted the money all at once or in monthly payments and then requested personal information from me to ostensibly fill out a tax form. I asked him for a call back number as an assurance that he wasn't a scammer and he gave me the number 805-399-4139. I asked him where he was located and he told me was at the PCH headquarters in Washington, D.C., though when I immediately looked up the number, I saw it was a California number. When I pointed that out to him, he said that all PCH representatives get 8 numbers, claiming it was so the people they contacted would not have long distance charges, though the number he gave was not a local one for me. When I asked several times what street the headquarters was on in Washington, D.C., he repeated "you are breaking up." I hung up at that point.

For anyone who might receive such a call and think it could be legitimate, Publishers Clearing House states on their Fraud Protection page that "Our major winners are notified by mail or in person (at our option) and we never phone ahead to disclose that someone has won a major prize."

I filed a complaint at the Federal Communications Commission (FCC) Consumer Complaints website as I usually do when I get calls from such scammers intent on defrauding those they call. I also filed a complaint at the Federal Trade Commission (FTC) Complaint Assistant site at where you can select the "Rip-offs and Impostor Scams" option.

[/security/scams] permanent link

Mon, Jul 15, 2019 10:53 pm

Scammer calling from 210-361-8678

I received a call from 210-361-8678 on my cellphone today. The call was obviously from a scammer as the message included some statement about my social security number (SSN) and legal action that would be taken against me if I didn't call the number from which I was called - I didn't note the exact message, but I found someone at the Whycall.me site at Phone: 210-361-8678 reporting a message that seemed similar if not the same as what I had heard. The other person reported he or she received the message below on July 16, 2018:

Security number is used for some fraudulent activities and due to that we have in order to suspend your social security number right away from the Law and enforcement Department and also to freeze your bank accounts before we go ahead and do that. If you need any further information about it kindly call back at 210-361-8678. Once again that's 210-361-8678. Thank you.

There were numerous other people reporting similar calls where someone was referencing a problem with the person's SSN and advising the person to call 210-361-8678. The call is obviously an attempt to defraud those called. I went to the FCC Consumer Complaint webpage and filed a complaint. I received an email response to the form I submitted with a ticket number. The email response from the FCC stated "The FCC is committed to doing what we can to protect you from these unwelcome interruptions to your day. Unwanted calls, including illegal and spoofed robocalls, are the largest category of complaints the FCC receives." It is troubling, though, that some fraudster has been engaged in this activity using the 210-361-8678 number for a year with no action taken against him. The first report I saw on the Whycall.me site was on July 16, 2018, but I saw others reporting the same issue on that webpage from that date through July 15, 2019. The Whycall.me site allows one to search for reports filed by other people on calls from telemarkers and scammers. The site describes itself thusly:

Whycall.me is a consumer complaints board used to report telemarketers, robocallers, scammers, and debt collectors that violate the law. We receive more than 6,000 complaints each month, which helps potential victims identify and avoid answering calls from problematic phone numbers. Our global phone book of numbers is powered by crowdsourcing and online data sources.

The site's homepage advises users of the site to also report the calls to relevant government agencies, which it lists. For the number that called me, the site listed the following information:

San Benito, Texas
Its exchange 361 is managed by SOUTHWESTERN BELL - TX
The number is currently on switch number SNBNTXSBDS0 (switch is a technical specification, provided here for phone hobbyists)
Around 20% of people reported it as "Recorded Message"
You are the 2nd person to search for it here.
There has been a total of 30 comments left about the number.
Latest people reported the number as that of "SCAM, "Social Security'"

I registed an account at the site and posted a note about the call I received today.

[/security/scams] permanent link

Sat, Jun 16, 2018 2:59 pm

Scam call from 1-800-222-2222

I received a call to my cellphone at noon Eastern time in the U.S. on Saturday June 16, 2018 with the calling number showing as (800) 222-2222. When I answered the call I heard a message stating the call was an automated call that would provide a chance to earn a $50 credit on your next bill. I was then prompted to hit "1" to continue. I did and heard the messaage "Please enter your Verizon billing password" at which point I ended the call. After I ended the call, I called the number back and heard the message "Welcome to America's hottest talk line. Guys, ladies are waiting to talk to you." I have Verizon as my provider for cellphone service. If a Verizon user goes to the Verizon Wireless webste, he or she can log into his or her account by providing either a mobile number or User ID with the password for his or her account. So anyone falling for the fraudulent call will, by providing the password, since the scammer will know the called number, provide the credentials the fraduster will need to use the person's Verizon account. When I looked up the number online, I found others reporting fraudulent activity from the calling number. E.g., 800-222-2222 | Suspected Scam Call | Whitepages. At that page, someone posted on June 14, 2018 3:10:48 PM that he or she received a "Verizon Wireless scam" call from that number. I logged into my account from a computer and opened a chat session with a Verizon representative to report the fraudster. She told me she was going to report it. I also submitted the number at the Federal Communications Commission (FCC) Stop Unwanted Calls and Texts webpage through the "file a complaint with the FCC" link on that page.

[/security/scams] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo