• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Dell pulls a Superfish... [Ars]

Essence_of_War

Essence_of_War

Platinum Member
http://arstechnica.com/security/201...ships-pcs-with-self-signed-root-certificates/

In a move eerily similar to the Superfish debacle that visited Lenovo in February, Dell is shipping computers that come preinstalled with a digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.

The self-signed transport layer security credential, which was issued by an entity calling itself eDellRoot, was preinstalled as a root certificate on at least two Dell laptops, one an Inspiron 5000 series notebook and the other an XPS 15 model. Both are signed with the same private cryptographic key. That means anyone with moderate technical skills can extract the key and use it to sign fraudulent TLS certificates for any HTTPS-protected website on the Internet. Depending on the browser used, any Dell computer that ships with the root certificate described above will then accept the encrypted Web sessions with no warnings whatsoever. At least some Dell Inspiron desktops and Precision M4800 models are also reported to be affected.
Click to expand...

Dell claims that their techs are investigating.

It doesn't seem clear what the purpose of this is, so if you're using a dell system you should probably keep up on this.

(Aside: Mods, if you think this is more appropriate in Security, feel free to move it)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top