How to blacklist phone numbers

You want to blacklist phone numbers, that pesky telemarketer, property agent, last night’s Tinder date.  Android has a feature to block the number, but this is lost when you reset your phone.

Here is a method that will blacklist phone numbers.  Forever!

  1. Create a contact eg, “Z do not pickup”
  2. Add the number you want to block.  Don’t worry if you have more than 5.  You can add multiple numbers to each field. I have added multiple numbers for ‘work phone’ field.
  3. This contact set “All calls to voicemail”

All calls listed in that contact will go to voicemail and you will never need to hear another pitch.  As time goes by the more numbers you add, this system gets better.  You can even share blacklist phone numbers with your friends.  Just forward the contact and merge.

If you change your mind about yesterday’s Tinder date, just remove the phone number.

 

Exploring HTTPS encryption

This is a post on HTTPS encryption long time coming.  I have been patching SSL/TLS vulnerabilities in various systems, so I thought I should put all my notes in one place.

HTTPS encryption uses SSL and later TLS to protect your HTTP traffic.

  • SSLv2 – not used any more.
  • SSLv3 – vulnerable to BEAST attack link
    From Nessus scanner

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow
information disclosure if an attacker intercepts encrypted traffic
served from an affected system.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.

  • TLS1.0- vulnerable to BEAST attack
    See above.
  • TLS1.1
  • TLS1.2

cURL is a popular tool to standin as a web browser in scripts.  manpage  Here are some scripts to test HTTPS.

curl -v “https://www.myorg.org”
curl -v –tlsv1 “https://www.myorg.org”
curl -v –tlsv1.2 “https://www.myorg.org”  for cURL 7.34 or later.
curl -v –sslv2 “https://www.myorg.org”
curl -v –sslv3 “https://www.myorg.org”

List of SSL and TLS error codes from cURL mozilla

JavaSE 7 SSL overview link  These are the clients initiating the requests.

You can verify the certificate of a website by hand.  You will need OpenSSL and a CA certificate.  nixCraft