30th November 2015 By Nathan Olivarez-Giles
http://si.wsj.net/public/resources/images/BN-LK485_dell_c_G_20151123184328.jpg
A screenshot of a website, posing as bankofamerica.com, built by security researcher Kenneth White to test the
vulnerability of a Dell Inc. computer security flaw.Kenneth White
Some Dell Inc. personal computers shipped since August include a bug that could let hackers snoop on a machine’s encrypted Internet traffic.
The flaw, discovered by a private security researcher and announced Sunday, highlights the difficulty of implementing encryption schemes to protect computer users.
Dell said it was trying to make it easier for customers to verify their computers’ identities during customer-support requests. To do this, the company installed a master key, called a certificate authority or CA, on the computer to verify its identity during support sessions. But a smart hacker could use this certificate authority to create a key that would let it spy on encrypted data sent by the machine.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.