Dell pulls a Superfish... [Ars]

[Essence_of_War]

http://arstechnica.com/security/201...ships-pcs-with-self-signed-root-certificates/

In a move eerily similar to the Superfish debacle that visited Lenovo in February, Dell is shipping computers that come preinstalled with a digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.

The self-signed transport layer security credential, which was issued by an entity calling itself eDellRoot, was preinstalled as a root certificate on at least two Dell laptops, one an Inspiron 5000 series notebook and the other an XPS 15 model. Both are signed with the same private cryptographic key. That means anyone with moderate technical skills can extract the key and use it to sign fraudulent TLS certificates for any HTTPS-protected website on the Internet. Depending on the browser used, any Dell computer that ships with the root certificate described above will then accept the encrypted Web sessions with no warnings whatsoever. At least some Dell Inspiron desktops and Precision M4800 models are also reported to be affected.

Dell claims that their techs are investigating.

It doesn't seem clear what the purpose of this is, so if you're using a dell system you should probably keep up on this.

(Aside: Mods, if you think this is more appropriate in Security, feel free to move it)

 

[master_shake_]

i mean if dell didn't see what was happening over lenovo is was denial at best and malice at worst.