Linked by Thom Holwerda on Fri 27th Nov 2015 21:35 UTC
Privacy, Security, Encryption

From the good women and men over at the EFF:

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites.

Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link.

Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one.

Alternatively, just buy a Mac and don't deal with this nonsense.

Thread beginning with comment 621407
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Were I Microsoft
by kaiwai on Sun 29th Nov 2015 06:17 UTC in reply to "Were I Microsoft"
kaiwai
Member since:
2005-07-06

I'd immediately crack down on this shit at all levels, because it's also hurting Windows' reputation and they don't need much help. They should threaten to revoke the right to sell Windows when companies do this, and carry through with it if they don't shape up. In the long run, mistakes like this will hurt Microsoft far more than they will Dell, because the typical consumer blames Windows, not their OEM. Windows is Windows to most people out there, and they neither know nor care about what Lenovo or Dell may have done.


Goes back to what I've always said - Microsoft need to enter the PC market themselves because it is clear that the OEM's are doing such an atrocious job whilst wrecking the Windows brand whilst they're at it. When end users have issues, do they blame the OEM or do they blame Windows (and in turn Microsoft)? Then again it was Microsoft who championed the whole horizontal market model for PC's so really they've only got themselves to blame.

Reply Parent Score: 3

RE[2]: Were I Microsoft
by Kochise on Sun 29th Nov 2015 08:18 in reply to "RE: Were I Microsoft"
Kochise Member since:
2006-03-03

Sure, no more needs of OEMs, Microsoft can wreck their own distro with crapwares and telemetry, see Windows 10.

Reply Parent Score: 4

RE[2]: Were I Microsoft
by grat on Mon 30th Nov 2015 16:38 in reply to "RE: Were I Microsoft"
grat Member since:
2006-02-02

In a way, they have... the Microsoft Signature Edition.

Reply Parent Score: 2