UPDATE: Windows Defender shipped updated scanning data today that detects it as "Compromised Certificate" and offers to Quarantine it.
Did that and rebooted. No bad effects found, so far. On Mon, Nov 23, 2015 at 5:36 PM, Ted Roche <[email protected]> wrote: > If I understand correctly, Dell shipped an identical self-signed root > certificate called 'eDellRoot' signed with the clever password 'dell' > that could be used by anyone in possession of the cert with any > certificate they would like, effectively making https on Dell machines > pointless. > > This is amazingly brain-dead, if true. > > Current advice is to only use FireFox on your Dell machines, to avoid > the questionable cert. > > Details: > > https://boingboing.net/2015/11/23/not-just-lenovo-dell-ships-co.html > > http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/ > > https://www.reddit.com/r/technology/comments/3twmfv/dell_ships_laptops_with_rogue_root_ca_exactly/ > > Sheesh. > > -- > Ted Roche > Ted Roche & Associates, LLC > http://www.tedroche.com -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CACW6n4ukoL2CDHyY5-8BnE6153U=yvrysr1dtjazufdshbt...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
