Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: SI Ron (Crazy Music Man) who wrote (92155)	12/6/2015 5:55:23 AM
From: Vendit™	3 Recommendations Recommended By goldworldnet John Zen Dollar Round Respond to of 110653

I am not sure if this has been posted. The original article is here: davescomputertips.com Dell PCs Ship with Huge Security Hole, à la Superfish November 25, 2015 Following close on the heels of the Lenovo “Superfish” debacle comes news of yet another major manufacturer embroiled in similar securitycontroversy, this time it’s the US-based Dell. As part of an enhanced support tool, Dell installed a self-signed root certificate (eDellRoot) and corresponding private key on its computers, apparently blissfully unaware that this exposes users’ encrypted communications to potential spying. Even more surprising is that the company did this with full knowledge of Lenovo’s very similar security blunder which came to light earlier this year. In Lenovo’s case the goal was ad injection whereas Dell asserts that it was only trying to streamline remote support. Regardless of intention, this silly blunder creates a gaping security hole for those affected. At this stage it remains unclear as to exactly what models may be affected. However, Dell PC owners can check for the vulnerability here: edell.tlsfun.de (NOTE: Firefox is not vulnerable because it maintains its own certificate store – the test should be performed using Internet Explorer, Edge, or Chrome). A second rogue certificate (DSDTestProvider) has also been uncovered but it is not preloaded and only installed if/when a customer chooses to proactively download the Dell System Detect software. According to Dell… “the impact from Dell System Detect is limited to customers who used the “detect product” functionality on our support site between October 20 and November 24, 2015? Dell has confirmed the existence of the rogue certificates and provided instructions on how to permanently remove them: Dell’s admission: Response to Concerns Regarding eDellroot Certificate * Dell’s removal instructions: How to remove the eDellRoot and DSDTestProvider certificates from your system NOTE: For those who may find Dell’s instructions a tad overwhelming, Major Geeks has provided a download to automatically remove the certificate here: eDellRoot Certificate Fix *Dell also commenced pushing a software update on November 24 that will check for the certificate, and remove it if detected.