Yesterday, some concerned Dell PC owners brought a Superfish-y issue to light. It turns out that Dell had installed self-signed root certificates on some of its PCs, and it also included the private key used to generate the certificate. With those tools in hand, an attacker could have generated a valid certificate for any secure website on the Internet, allowing them to carry out a man-in-the-middle attack on affected PCs. Now, Dell has officially acknowledged this vulnerability, and it's provided instructions for removing the rogue certificates.
According to Dell, the "eDellRoot" and other self-signed root certificates on its PCs were installed as part of the Dell Foundation Services support application. The company says the certificates were meant to make it easier for its online support personnel to get the service tag from customer machines, and that it wasn't using the certificates to collect personal customer info.
Dell has posted a manual process for removing the certificates (docx), and it says it'll issue a software update starting today that'll automatically check for and remove the certificates from affected PCs. The company promises that it's removing the certificate from all new Dell systems from here on out, as well.
|Nanoxia Project S case slides into home-theater setups||16|
|Nvidia previews Xavier SoC with Volta GPU for self-driving cars||15|
|be quiet! Silent Loop AIO liquid coolers hum along quietly||2|
|Microsoft catapults datacenter performance with FPGAs||43|
|Asus J3455M-E mobo sails out with Apollo Lake SoC aboard||21|
|AOC's Agon family of gaming monitors heads stateside||16|
|Google Data Saver improves mobile browsing on narrow pipes||11|
|Toshiba expands its budget SSD lineup with its OCZ TL100||13|
|Rumor: Nvidia and Apple may reunite for future Mac GPUs||30|
|Rule 51: Always leave during the first round of cuts when you still can negotiate your termination benefits.||+29|