To Customer Support To Customer Support

SuperFish 2.0: Dell ships laptops, PCs with gaping internet security hole

  • 23 November 2015
  • 6 replies
  • 1385 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Root CA certificate opens up folks to banking, shopping snooping, etc

 
                    


 
23 Nov 2015 at 19:15, Shaun Nichols
 
Dell ships computers with all the tools necessary for crooks to spy on the owners' online banking, shopping, webmail, and more.
 
The US IT titan installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops. These can be abused by eavesdropping miscreants to silently decrypt encrypted web browser traffic without the victims noticing.
 
An attacker could, for example, set up a malicious Wi-Fi hotspot in a cafe or hospital, intercept connections from Dell machines, and completely decrypt them – a classic man-in-the-middle attack, all enabled by Dell's security blunder.
 
Full Article

6 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
More information from Brian Krebs.
 
Security Bug in Dell PCs Shipped Since 8/15
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Meanwhile, credential that posed man-in-the-middle threat found on SCADA system.

 
                                       http://cdn.arstechnica.net/wp-content/uploads/sites/3/2015/11/sorry.jpg
 
by Dan Goodin (US) - Nov 24, 2015
 
Dell officials have apologized for shipping PCs with a certificate that made it easy for attackers to cryptographically impersonate HTTPS-protected websites and issued a software tool that removes the transport layer security credential from affected machines.
 
As some people suspected, the self-signed credentials that came preinstalled as root certificates on computers throughout Dell's product line were associated with the Dell Foundation Services, Dell officials wrote in a blog post published late Monday night. The certificates, which were issued by an entity calling itself eDellRoot, were part of a support tool that was intended to make it easier for customers to maintain their systems, the post explained. Attempting to draw a distinction between the Foundation Services app and the SuperFish man-in-the-middle adware that injected ads into the HTTPS-protected Web content displayed on Lenovo computers, Dell officials wrote:
 
Full Article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Eduard Kovacs on November 25, 2015 After news broke that Dell desktop and laptop computers include a self-signed root certificate that can be exploited for man-in-the-middle (MitM) attacks, experts found a second such certificate, along with a security issue that can be leveraged to track users.

Experts discovered last week that Dell commercial and consumer systems running an application called Dell Foundation Services included a root certificate, eDellRoot, and its private key. An MitM attacker could have exploited this weakness to intercept HTTPS communications and steal sensitive data or serve malware to the victim. Full Article
nic
Userlevel 7
Badge +56
Makes me wonder how pervasive that is across all computer makers. Someone should start researching HP 🙂
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Windows Defender lives up to its name by dealing death to Dell's dumb DLL

26 Nov 2015 at 22:46, Darren Pauli
 
The free Windows Defender tool will kill the certificates and the associated Dell.Foundation.Agent.Plugins.eDell.dll plugin that will respawn the certificate.
 
Microsoft flags the Dell scourge as Win32/CompromisedCert.D.
 
Windows 7 users can run Microsoft Security Essentials, or Redmond's Safety Scanner or Malicious Removal Tool.
 
Full Article
edwin_eekelaers
Rank
Userlevel 7
Badge +6
technically speaking i'd be interested to know how one could detect such traffic on a roague wifi spot & see if the machine's a Dell box but somehow i'm not looking for those answers here as they may fall in the non sanctioned category in this community. My reason for this would be to figure out how i can protect my machine better as i am running a Dell . I wonder how much face Dell will loose after this got out

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.