Linked by Thom Holwerda on Fri 27th Nov 2015 21:35 UTC
Privacy, Security, Encryption

From the good women and men over at the EFF:

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites.

Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link.

Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one.

Alternatively, just buy a Mac and don't deal with this nonsense.

Permalink for comment 621406
To read all comments associated with this story, please click here.
RE: Another solution
by kaiwai on Sun 29th Nov 2015 06:10 UTC in reply to "Another solution"
Member since:

If you really need Windows, think about the Signature Edition computers: vanilla Windows, no crapwares.

Or build your own.

Assuming you live in one of the limited number of countries where the signature computers are sold. The BYO option isn't a viable solution for someone who wants a notebook.

Edited 2015-11-29 06:10 UTC

Reply Parent Score: 4