http://arstechnica.com/security/2015/11/...t-certificates/
Quote:
Dell is shipping computers that come preinstalled with a digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.
Read it and weep.
Best strategy is not to let untrusted sources install software on your computer
Quote:
Dell issued a statement early Monday morning that said technicians are investigating the reports. Until they and other outside experts weigh in, it's too early to say how widespread and severe this problem is. What is clear now is that the eDellRoot certificate was generated two months after the Superfish debacle came to light and that it poses a risk to at least some Dell customers. Ironically, Dell has publicly capitalized on the Superfish debacle even as it engaged in a blunder that poses the same threat to its own users. People who find this certificate installed on their computer should temporarily use only Firefox to browse to HTTPS-protected sites.
That is ok, people are used to switching to FF to migitate the latest IE blunder.
Quote:
Dell is shipping computers that come preinstalled with a digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.
Read it and weep.
Best strategy is not to let untrusted sources install software on your computer
Quote:
Dell issued a statement early Monday morning that said technicians are investigating the reports. Until they and other outside experts weigh in, it's too early to say how widespread and severe this problem is. What is clear now is that the eDellRoot certificate was generated two months after the Superfish debacle came to light and that it poses a risk to at least some Dell customers. Ironically, Dell has publicly capitalized on the Superfish debacle even as it engaged in a blunder that poses the same threat to its own users. People who find this certificate installed on their computer should temporarily use only Firefox to browse to HTTPS-protected sites.
That is ok, people are used to switching to FF to migitate the latest IE blunder.
Last edited: