Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising company called Superfish, made it possible for attackers create "secure" connections to undetectable fake versions of banking sites, corporate intranets, webmail providers, etc.
Now Dell has been caught doing the same thing, though it's not clear whether the self-signed root cert is being used to spy on users and inject ads (as was the case with Superfish) or whether the breach is aimed at accomplishing some other goal.
On Twitter, Dell has dismissed its customers' concerns, saying that "it doesn't cause any threat to the system" and recommending that users not remove it.
Dell issued a statement in the past hour that says technicians are investigating the reports. Until they and other outside experts weigh in, it's too early to say how widespread and severe this problem is. What is clear now is that the eDellRoot certificate was generated six months after the Superfish debacle came to light and that it poses a risk to at least some Dell customers. People who find this certificate installed on their computer should temporarily use only Firefox to browse to HTTPS-protected sites.
Affected people should also stay apprised of events and updates in the coming days. If the worst concerns about this root certificate are confirmed, Dell almost certainly will soon provide a tool to remove this credential. More on all of this will be coming in the hours or days to come.
Dell does a Superfish, ships PCs with self-signed root certificates
[Dan Goodin/Ars Technica]
(Image: Joe Nord)
Ukraine is asking United States FBI to help it investigate a suspected state-sponsored hack by the Russian military on Burisma, the Ukrainian energy company at the center of the impeachment of U.S. President Donald Trump.
The U.S. Labor Department Bureau of Labor Statistics (BLS) today announced changes to BLS economic data “lockup” procedures that involve removing a number of legacy computers from its Washington newsroom, effective March 1. There has been controversy around whether the change initiated today by the federal government under Donald Trump may have been aimed at […]
In Israel on Thursday, a court ordered closed-door hearings in the legal bid by Amnesty International to stop the global export of NSO Group surveillance software, which Amnesty and other human rights groups say is sold to autocratic regimes around the world to spy on journalists and dissidents, and target them more efficiently for imprisonment […]
We’ve all got a perfect website in our minds. In the past, the problem has been the barrier of language – specifically, the computer languages used to create those glittering, animation-filled pages you flock to. Now, Mac users have an alternative. Blocs 3 is a website builder that can provide an easy visual interface for […]
You can do all the pre-workout stretching in the world, but that doesn’t mean you’ll escape stiff muscles and nagging pain after a particularly grueling gym session. When those knots and their accompanying aches and soreness start barking, your options usually boil down to either a deep tissue massage or just grinning and bearing it. […]