Monday, 23 November 2015

Fuss About Self-Signed Certificate On Dell Laptops

On the Internet fuss about a self-signed certificate which all Dell laptops would be delivered. On social news site Reddit reports reader Kevin Hicks how his new XPS Dell laptop a self-signed root certificate discovered called eDellRoot. Allows users could be attacked, for example via malware that uses the certificate.

The certificate on the Dell laptops is its own private key features that can not be exported. The key however, been found to be able to be copied. Dell user Joe Nord discovered on his laptop the same root certificate using the same private key.According to Nord Hicks and this is exactly the same situation as with Lenovo and Superfish debacle. The laptops from Lenovo came with adware that could intercept the encrypted traffic using a self-signed certificate to inject in here then ads.

In the case of Dell, however, the situation looks very different. The certificate can not be used namely to issue other certificates to perform eg man-in-the-middle attacks on HTTPS sites, says another reader on Reddit. Yet there is also criticism that Dell does not use a certificate from a valid certificate authority. Dell leaves in front of Hicks that eDellRoot is a trusted certificate and not a threat. Hicks's remark that the certificate or a security risk is the Dell Webcare team announced that the company will come with an explanation of the presence of the certificate. A spokesman confirmed to Security.NL Dell later today comes with an explanation.

No comments:

Post a Comment