At least two models of Dell computers have been delivered with a self-signed certificate. The problem is that hackers do not need to be particularly technical expert to fish the encryption keys from this certificate. It can then be used to sign others, false, certificates used by the browser to verify that an HTTPS protected site is the page that it purports to be. It writes Ars Technica, the whole thing was discovered by multiple users together over the weekend.
It is similar to event that Lenovo was behind the beginning of the year.
It then depends on which browser the user is running, but the trusts Dell self-signing, can thus be fooled into showing a false page that in all points similar to the real ones, without any warning to the user. According to tests rely Internet Explorer, Edge and Chrome on the certificate but Firefox displays a warning.
According to reports from users are models of Dell’s Inspiron series, Precision M4800 and Latitude affected but nothing outside the company knows about the overall scale.
Today Dell responded to the criticism. The company folds flat and apologize for the incident. The certificate is used by Dell Foundation Services, a support tool to facilitate the Dell when customers turn to them for help.
To test if your computer has the incorrect certificate, you can visit this page with Chrome, IE or Edge. If the page is opened without any protests, you should uninstall the certificate. Dell has released a tool that does just that, and the instructions to uninstall it manually.
No comments:
Post a Comment