Linked by Thom Holwerda on Fri 27th Nov 2015 21:35 UTC
Privacy, Security, Encryption

From the good women and men over at the EFF:

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites.

Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link.

Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one.

Alternatively, just buy a Mac and don't deal with this nonsense.

Permalink for comment 621408
To read all comments associated with this story, please click here.
RE: Apple, eh?
by kaiwai on Sun 29th Nov 2015 06:25 UTC in reply to "Apple, eh?"
Member since:

There is a huge difference between OS X having a bug vs. an OEM taking Windows then making it insecure by doing something stupid like what Lenovo and Dell did. The former was simply a human mistake where as the later was idiocy by OEM's who should learn that their job is to provide hardware with Windows pre-installed and not install crap additional to what is the absolute bare minimum for the system to function. It is crap like this that undermine the Windows brand yet I keep hearing all this crap about 'freedom' and how having a PC gives you 'choice' whilst ignoring that you have to make sure that you do an extensive background check into the OEMs and what they do when butchering Windows before purchasing.

Reminds me of the Android defenders going on 'freedom' and 'choice' yet how many of them install unneeded security problematic crap with their installation of Android? how many end users are thrown under the bus 12 months later when the new phone is released and Samsung can't be buggered providing Android updates? Honestly, I swear Windows defenders get their Jimmies rustled in top speed because their inability to accept that maybe there are things that Apple do better than the Windows/PC world and that maybe there are some ways in which Apple does things that OEM's should adopt rather than going on endless Mac bashing as you did in your post.

Reply Parent Score: 2