Posted on 11/23/2015 9:56:26 PM PST by dayglored
Duo Security researchers found a second weak digital certificate on a new Dell Inspiron laptop
The fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.
Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.
The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.
The company acknowledged the problem on Monday and said it plans to issue instructions for how to permanently remove the certificate.
The security implications are serious. Attackers could use the private key to create their own digital certificates that could be used to make spoof websites appear legitimate.
It would also be possible to conduct a man-in-the-middle attack, spying on data traffic coming from computers on which the certificate is installed.
(Much more detail at the link)
(Excerpt) Read more at pcworld.com ...
http://www.freerepublic.com/focus/news/3364218/posts
because the problem has turned into something even worse.
And all this time I thought the man in the middle was from homeland security. Or the muslims. Or both.
Don't ask, you don't want to know... :-)
I hate Dell, and not because they wouldn’t hire me 10 years ago. They’re sloppy, their bloatware sucks, they have abysmal customer support, and their enterprise platforms are poorly designed. Now this?
If I’m not mistaken, one could very easily go into their Windows certificate store and purge the root certificate store of only the most essential root certificates. I do that at least once a year to make sure none of the programs on my system are trying to sneak something past me. Microsoft even publishes a root certificate update (quarterly, I believe).
bfl
This is a temporary issue, it seems.
They goofed. They’ll get this straightened out.
I’m for Dell on this.
But I wouldn’t buy one until this is resolved.
White Fang? That You?
FYI
Majorgeeks.com has an eDellRoot Certificate Fix, apparently released by Dell:
http://www.majorgeeks.com/files/details/edellroot_certificate_fix.html
Weren’t we just talking about a similar situation with Lenovo machines a few months ago? This is almost the equivalent of taping your password to the monitor - you know - for convenience ;’)
Well, it sure as heck ain't Black Tooth!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.