Yesterday, some concerned Dell PC owners brought a Superfish-y issue to light. It turns out that Dell had installed self-signed root certificates on some of its PCs, and it also included the private key used to generate the certificate. With those tools in hand, an attacker could have generated a valid certificate for any secure website on the Internet, allowing them to carry out a man-in-the-middle attack on affected PCs. Now, Dell has officially acknowledged this vulnerability, and it's provided instructions for removing the rogue certificates.
According to Dell, the "eDellRoot" and other self-signed root certificates on its PCs were installed as part of the Dell Foundation Services support application. The company says the certificates were meant to make it easier for its online support personnel to get the service tag from customer machines, and that it wasn't using the certificates to collect personal customer info.
Dell has posted a manual process for removing the certificates (docx), and it says it'll issue a software update starting today that'll automatically check for and remove the certificates from affected PCs. The company promises that it's removing the certificate from all new Dell systems from here on out, as well.
|Qualcomm shows progress on 5G mobile broadband||8|
|ROG Strix X370-I and B350-I are itty-bitty boards for Ryzen builds||9|
|Samsung foundry train stops at 8-nm LPP before heading to EUV||8|
|Wednesday deals: a Ryzen combo, mechanical keyboards, and storage||5|
|RX Vega prices inch downward in our latest graphics-card spot check||20|
|HP ZBook x2 detachable is a consummate professional||5|
|NZXT Grid+ v3 keeps PCs quiet with machine learning||8|
|Razer's Blade Stealth and Core V2 step to the cutting edge||14|
|Intel unveils purpose-built Neural Network Processor for deep learning||19|