Dell gets Superfishy by shipping PCs with self-signed root certificates

by
from Techreport on (#VHA4)

Remember the Superfish debacle, when Lenovo shipped computers with a preinstalled rogue root certification authority (CA)? Dell seems to think that was a good idea, as it's shipping laptops and desktop PCs with a similar self-signed "eDellRoot" root CA. An attacker can use this root CA to issue valid-looking certificates for any website. In turn, those certificates will be accepted by any affected Dell machines as legit, leaving the user none the wiser.

For the unitiated, secure connections to websites (among other things) rely on a chain of trusted certificates to guarantee the safety of data in transit. Operating systems and web browsers come preinstalled with a set ...

Read more...

External Content
Source RSS or Atom Feed
Feed Location http://techreport.com/news.rss
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments