Kryptowire’s discovery of malware in Android-based smart phones

Kryptowire announced on 2016-11-15 the discovery of malware in Android-based smart phones sold by, among others, Amazon US and BestBuy. The malware was allegedly created by Shanghai ADUPS Technology Co., Ltd. Kryptowire claims the malware sends all your text messages, all your contacts, all your call history, etc., to the domain names listed below. The ADUPS company issued a statement claiming its services are simply spam countermeasures.

Kryptowire claims these domain names resolved to the IP address 221.228.214.101.

  • bigdata.adups.com
  • bigdata.adsunflower.com
  • bigdata.adfuture.cn
  • bigdata.advmob.cn

Today, 2 days later, these domain names resolves to the IP address 118.193.254.27. The domain name rebootv5.adsunflower.com still resolves to the IP address 61.160.47.15. Be sure to adjust your ACLs if you have entered the previously known IP addresses.

Maskinoversettelse gone wrong?

Adobe har en artig språkbruk når abonnementet skal fornyes.

«I dag er årsdatoen din.»

Setningen mangler kanskje et adjektiv. Det er heller ikke bursdagen min i dag. Kanskje Adobe skal kutte ut den første setningen.

[I dag er årsdatoen din.]
I dag er årsdatoen din.

SSL Certificates issued by royalvulkan.com

A student came to my office today. His browser showed our fronter.com instance protected by a peculiar SSL certificate issued by royalvulkan.com. The norm for fronter.com instances are SSL certificates issued by COMODO CA Limited. The intrusive SSL certificate has a validity period spanning from 1996 to 2056, which is very odd. The certificate probably has a wildcard Common Name, causing it to cover all conceiveable hostnames. I have no idea how this certificate got introduced into our student’s computer. Luckily, Google Chrome spotted the faulty certificate and the student was wise enough to come and see me. Shortly after, I had to leave the student and go to class. I’ll try and update this post if he shows up again with the same problem.


I pondered this issue during the weekend. Maybe the student has somehow activated the proxy setting, sending all his (sensitive) internet traffic to an unknown third party.

Autodesk Vault Professional 2017 and Autodesk Network License Manager

I was installing Autodesk Vault Professional 2017 in the wee hours today, and I noticed the Autodesk Network License Manager was installed in C:\Autodesk\Network License Manager. That’s a bit strange when C:\Autodesk has until now been a temporary location for extracting the setup files.

I can confirm moving the files to a saner location like C:\Program Files\Autodesk\Autodesk Network License Manager doesn’t work at all. The NLM simply won’t start and nothing gets logged.

It gets even stranger as one of the LMTOOLS shortcuts wants to run lmtools.exe from the C:\Program Files\Autodesk\Autodesk Network License Manager directory, i.e. the old location. Note, this was done on a newly installed Windows Server.

In short: Be very careful when emptying the C:\Autodesk directory.

Yet another technical oriented blog, more or less