Dell Promised Security … Then Delivered a Huge Security Hole

25 Nov 2015 | Author: | No comments yet »

Dell Acknowledges Security Hole in New Laptops.

As part of the promotion of its flagship XPS 15, Dell touts the laptop’s security. “Worried about Superfish?” the product page asks, invoking a now-infamous Lenovo lapse from earlier this year. “Each application we pre-load undergoes security, privacy and usability testing to ensure that our customers experience … reduced privacy and security concerns.” That messaging remains, even after Dell has experienced a security lapse of its own—one remarkably similar to Superfish.Major U.S. computer company Dell Inc said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.

If you’ve noticed articles on Facebook loading a little quicker recently, that’s because the new Instant Articles have been launched to all iPhone users. A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks. “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.” Dell declined to say how many computers or which specific models are affected. Instant Articles load up to 10 times quicker than a regular article, and have some enriched features – such as unobtrusive autoplay videos, zoomable high-definition images and interactive maps Gamers looking forward to playing Halo 5: Guardians on its release on 27 October 2015 will have to wait to download a 9GB day one patch before the game’s multiplayer mode can run properly. Those without the patch won’t even be able to play multiplayer at all until it’s downloaded, in yet another case of a blockbuster game needing a patch on the day of launch HTC has launched its latest Desire 626 handset with the Sense 7 software which automatically detects whether you’re at work, at home or on-the-go and alters its theme to suit your location.

This advanced technology intelligently analyses your favourite photos to modify the look and feel of your apps, allowing you to modify the colour scheme and backgrounds – the ultimate in personalisation Nasa has announced that it has found evidence of flowing water on Mars. Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical. Scientists have long speculated that Recurring Slope Lineae — or dark patches — on Mars were made up of briny water but the new findings prove that those patches are caused by liquid water, which it has established by finding hydrated salts.

Dell tells WIRED that the latter could take about to a week to reach all affected models, and the manual method takes a little know-how and a lot of clicking, so your best bet is likely the patch. The company released the new phone with much fanfare, but almost all of the changes — a new camera and pressure-sensitive display — were on the inside. It turns out that any commercial or consumer Dell PC that received a software update that began in August 15 has been saddled with something called eDellRoot, a pre-installed SSL certificate with a locally stored private key. Because the key is stored on the computer itself, it doesn’t take much for a hacker to acquire it. “The same private key was found on multiple machines, meaning that anybody that has access to it can now use it to impersonate the certificate holder [i.e. the PC owner],” explains Jérôme Segura, senior security researcher at Malwarebytes. “It made matters worse that the password for that key was easily crackable.” The result is that SSL, which secures communication between your browser and the servers that power your favorite websites, could become easily compromised. “A poorly set up root certificate can give an attacker a huge advantage by seriously undermining all of a user’s private communications,” says Segura. “Emails, instant messages, passwords, and other sensitive data that would normally flow via SSL could be intercepted or manipulated without the victim’s knowledge via an attack known as man-in-the-middle,” so-called because the hacker sits between you and your myriad internet destinations, collecting any information that passes through. An SSL vulnerability is the core problem in both cases, but in Lenovo’s case the offending party was Superfish, pre-installed adware that turned out to be toxic bloat.

And over the last two months, Google has publicly shamed Symantec, the world’s largest cybersecurity company, over a bevy of misissued security certificates. As customers become more aware of the importance of security and privacy in their own lives, companies are more inclined to market it, whether they’re Blackphone or Apple (which had its own critical SSL failure revealed last year) or Dell. There is some demonstrable good in that. “I’m glad vendors talk about the degree of their security,” says Moorhead, “because it puts everyone at the company on notice that they need to be vigilant about it.” The flip side, though, is that these companies may be advertising something that’s increasingly difficult to deliver. The next, its spokesperson is sending out a statement that “We are taking steps to actively address this issue including re-evaluating our processes companywide to ensure we’re providing the utmost security to our customers.” It’s frustrating that Dell thought it had already taken those steps.

Here you can write a commentary on the recording "Dell Promised Security … Then Delivered a Huge Security Hole".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site