Raspberry Pi Foundation Asked to Install Malware

Earlier this week the Rpi foundation were approached by a lady called Linda. Linda asked the team if they would ever so kindly distribute an exe file alongside their Linux operating system, Raspian. The e-mail they were sent asks if the foundation would perform the miracle of running an exe on a Linux operating system in return for a sum of money based on a Price Per Installation scheme (PPI).

It’s amazingly surprising the sheer cheek that this company has, as they’re asking one of the world’s most know organizations to cheat its customers. Why on earth would this company think they would go along with it? I don’t know. However, I can safely say that the foundation has not accepted this fantastic offer. The Raspberry Pi foundation is now a huge corporation with over 5 million Pi boards having been sold since the release of the original Pi. The use of an open source operating system has also done them wonders. There are thousands upon thousands of scripts and programs for the Pi available to the public.

Pi Facts: The name “Raspberry” originates from the fruit-based naming tradition for microcomputers in old days. “Pi” refers to “Python” because Python was one of the first programs ported to run on Raspberry Pi. Hence the rather unusual name.

Image sourced from Adafruit

WinRAR at Risk of Huge New Zero Day Vulnerability

WinRAR has a base of some 500 million users worldwide, those same users might want to take a look at a new Zero Day Vulnerability which has been detected within the newest version of the software. According to Mohammad Reza Espargham, who is a security researcher at Vulnerability – Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to a “remote code execution (RCE) flaw”. Let’s digest this flaw by breaking it down and having a closer look.

The vulnerability works by being implemented by an attacker with the aim of inserting a malicious HTML code inside the “Text to display in SFX window” section when the user is creating a new SFX file. Below is a video which conveys a test that proves the existence of this flaw, albeit in a controlled environment.

The annoying flaw with SFX files is they will start auto functioning the moment a user clicks on them, therefore, consumers cannot identify or verify if the compressed .exe file is a genuine WinRAR module or a malicious one. As of writing, there is yet to be a patch released for this flaw and Windows users are advised to refrain from clicking on any files from unknown sources. If you wish to protect yourself further, then by all means use an alternative archiving product or use strict authentication methods to secure your system.

The knock on effect of any exploit can be harmful to users, especially when a product has a consumer base which is substantial in size.

Thank you thehackernews for providing us with this information.

Image courtesy of tecnoandroid

New Tool Challenges Windows 10 Privacy Issues

So far the brand spanking new Windows 10 OS has been a huge success compared to the mishmash that was Windows 8, which tried to do its best to annoy consumers with the deletion of the Start Menu in favour of Metro.  The default option for privacy on the other hand is far less forgiving, from stealing user’s bandwidth for updates to Webcam and Microphone access, Microsoft have shifted their position.

But users could in theory attempt to shift it back again with the development of a new free app by the name of “Do Not Spy 10” This enables the user to disable the grand total of 37 Windows privacy issues with a single click. The software has been designed by German developer pXc-coding, who have developed a centralized interface which allows for easy tinkering of settings.

There are noteworthy caveats with this software, this lies with your Antivirus product which may detect this tool as malicious in nature because it can modify Windows settings, which is to be expected. Also the developer is using an advertisement campaign within the software which is mentioned in its end-user licence agreement; this means that Anti-Virus vendors may flag this as an Adware or Pup.

A quick run through Virus Total generates a report of 10/55 services which class this exe file as suspicious, 9 class it as a pup while Symantec classifies it as a Trojan. Technically this software is not malware and you can uninstall after using it once, it’s better to use good judgement and if you have any doubts, give it a miss, also check out the below links which convey details of the product.

Thank you The Hacker News and pxc-coding and facebook