Pipe VPNX Dell Laptop Security Hole Acknowledged

Dell Laptop Security Hole Acknowledged

by
Anonymous Coward
in ask on (#VPNX)
In a similar situation to the Lenovo built in backdoor "Superfish", Dell has now acknowledged that a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users' private data. The problem is with a on-the-box support certificate intended to "provide a better, faster and easier customer support experience" but which can instead allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites. The faulty certificate can be manually removed. Dell has not stated how widespread the problem is.

History

2015-12-11 15:35
Dell Laptop Security Hole Acknowledged
pete@pipedot.org
In a similar situation to the Lenovo built in backdoor "Superfish", Dell has now acknowledged that a security hole exists in some of its recently shipped laptops that could a security hole exists in some of its recently shipped laptops that could make it easy for hackers to acintercesspt users' private data..

Dell
Tshipped a pself-signed roblot CA cemrtificate, is with a on-the-box support certift's pricvate key; intended to "provide a better, faster and easier customer support experience" but which can instead allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites. The faulty certificate is included with newer XPS, Latitude, Inspiron and Precision laptops and can be manually removed. Dell has notA string of recent key leatkage and howreuse wvulnerabilities are an alarming remindespread of the inherent trust we put in our hardware providers.

Two web-based tests are availa
blem, courtesy of Kenn White and Hanno Bick to check isf you are vulnerable.
Reply 3 comments

see also (Score: 0)

by Anonymous Coward on 2015-11-25 22:45 (#VRMC)

Lenono patched theirs (Score: 0)

by Anonymous Coward on 2015-11-27 15:13 (#VY2A)

Lenono patched theirs (Score: 0)

by Anonymous Coward on 2015-11-27 15:13 (#VY2B)