Root CA certificate opens up folks to banking, shopping snooping, etc
23 Nov 2015 at 19:15, Shaun Nichols
Dell ships computers with all the tools necessary for crooks to spy on the owners' online banking, shopping, webmail, and more.
The US IT titan installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops. These can be abused by eavesdropping miscreants to silently decrypt encrypted web browser traffic without the victims noticing.
An attacker could, for example, set up a malicious Wi-Fi hotspot in a cafe or hospital, intercept connections from Dell machines, and completely decrypt them – a classic man-in-the-middle attack, all enabled by Dell's security blunder.
Full Article