Yesterday, some concerned Dell PC owners brought a Superfish-y issue to light. It turns out that Dell had installed self-signed root certificates on some of its PCs, and it also included the private key used to generate the certificate. With those tools in hand, an attacker could have generated a valid certificate for any secure website on the Internet, allowing them to carry out a man-in-the-middle attack on affected PCs. Now, Dell has officially acknowledged this vulnerability, and it's provided instructions for removing the rogue certificates.
According to Dell, the "eDellRoot" and other self-signed root certificates on its PCs were installed as part of the Dell Foundation Services support application. The company says the certificates were meant to make it easier for its online support personnel to get the service tag from customer machines, and that it wasn't using the certificates to collect personal customer info.
Dell has posted a manual process for removing the certificates (docx), and it says it'll issue a software update starting today that'll automatically check for and remove the certificates from affected PCs. The company promises that it's removing the certificate from all new Dell systems from here on out, as well.
|Razer Kiyo and Seiren X set the stage for streaming excellence||18|
|MSI Cubi 3 Silent and Silent S can be seen but not heard||11|
|Massdrop's Vast 35" VA display lives up to its name||28|
|Spitballing the performance of Nvidia's purported GTX 1070 Ti||19|
|Friday deals: a huge monitor, racing gear, audio, and more||21|
|G.Skill 3800 MT/s SO-DIMMs put lightning in tiny bottles||9|
|Cooler Master bedazzles the MasterLiquid Lite ML120L and ML240L||4|
|Razer Electra V2 offers affordable immersion||8|
|Samsung 360 Round camera captures the world from all angles||11|
|I'm pretty sure that with $200 I could buy a better 4K webcam, a better desk mic, some decent lighting and still have change leftover to throw a party...||+15|