Yesterday, some concerned Dell PC owners brought a Superfish-y issue to light. It turns out that Dell had installed self-signed root certificates on some of its PCs, and it also included the private key used to generate the certificate. With those tools in hand, an attacker could have generated a valid certificate for any secure website on the Internet, allowing them to carry out a man-in-the-middle attack on affected PCs. Now, Dell has officially acknowledged this vulnerability, and it's provided instructions for removing the rogue certificates.
According to Dell, the "eDellRoot" and other self-signed root certificates on its PCs were installed as part of the Dell Foundation Services support application. The company says the certificates were meant to make it easier for its online support personnel to get the service tag from customer machines, and that it wasn't using the certificates to collect personal customer info.
Dell has posted a manual process for removing the certificates (docx), and it says it'll issue a software update starting today that'll automatically check for and remove the certificates from affected PCs. The company promises that it's removing the certificate from all new Dell systems from here on out, as well.
|Nvidia Titan V brings the power of Volta V100 to desktops||124|
|Thermaltake's Nemesis Switch has enough buttons for all your macros||10|
|Zotac Gaming MEK1 PCs have the requisite pieces of flair||5|
|Toshiba's latest hard drives store 14 TB without shingles||57|
|Friday deals: a motherboard trio, a cheap CLC, and a rodent||11|
|GeForce 388.59 drivers are ready for the Titan V apocalypse||5|
|Lite-On MU-X SSDs continue the affordable NVMe onslaught||38|
|Chrome 63 puts bad sites in solitary confinement||18|
|Empty your iPhone onto the Adata i-Memory AI720 drive||12|