Dell Ships Laptops with Root CA →

· · 0 comments

Rotorcowboy on Reddit:

I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root CA by the name of eDellRoot. With it came its private key, marked as non-exportable. However, it is still possible to obtain a raw copy of the private key by using several tools available (I used NCC Group’s Jailbreak tool). After briefly discussing this with someone else who had discovered this too, we determined that they are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers. For those that aren’t familiar, this is a major security vulnerability that endangers all recent Dell customers.

Was it Lenovo that started shipping malware with Superfish? This is just another reason to always go Mac—it runs Windows too if needed, but without all that crap to worry about.

via @wojtaszek

Chcesz zwrócić mi na coś uwagę lub skomentować? Zapraszam na @morid1n.