Linked by Thom Holwerda on Fri 27th Nov 2015 21:35 UTC
Privacy, Security, Encryption

From the good women and men over at the EFF:

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites.

Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link.

Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one.

Alternatively, just buy a Mac and don't deal with this nonsense.

Permalink for comment 621411
To read all comments associated with this story, please click here.
RE[3]: Apple, eh?
by kaiwai on Sun 29th Nov 2015 08:33 UTC in reply to "RE[2]: Apple, eh?"
kaiwai
Member since:
2005-07-06

"There is a huge difference between OS X having a bug vs. an OEM taking Windows then making it insecure by doing something stupid like what Lenovo and Dell did. The former was simply a human mistake


Wait, you're saying Superfish was just a human mistake? An application that was designed, from the ground up, to intercept and modify users' traffic in order to net Lenovo some extra profits?
"

Read what I wrote, it is abundantly clear the the bug in OS X was human error where as Superfish was Lenovo deliberately making Windows insecure by design not by accident.

Reply Parent Score: 3