Dell security error widens as researchers dig deeper

24 Nov 2015 | Author: | No comments yet »

Dell Plans Fix for Security Flaw That Could Let Hackers Snoop on Traffic.

Computer company Dell said a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data. Dell in a statement told Reuters, “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience…Unfortunately, the certificate introduced an unintended security vulnerability.” While consumers can manually remove the pre-installed certificate, it compromises the root security of a system and can allow cyber-criminals to read private messages, carry out phishing attacks and steal private data.

The flaw, discovered by a private security researcher and announced Sunday, highlights the difficulty of implementing encryption schemes to protect computer users. Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical. The Obama administration is expected to formally notify the US Congress of its intention to sell eight F-16 fighter jets to Pakistan in December as efforts to stop it gather momentum.

Dell said it’s posting instructions on its website for moving the flawed certificate, called eDellRoot, though this process can be technically complex. Hicks also put out a detailed report on Reddit showing how the eDellRoot certificate can actually be used by a network attacker to create fake certificates for use on real websites. Earlier reports about the notification, in the run-up to Prime Minister Nawaz Sharif’s US visit in October, were categorically and strenuously rejected by the White House. He said certificate authorities are not necessarily problematic, “but they become a problem when a manufacturer like Dell misconfigures them to trust anything on the web with a universal key that works across Dell computers, and root access.” Mr.

But the state department, which clears the sale of US military hardware to foreign nations and notifies Congress, said Monday, “We have no specific announcement to make at this time.” Besides, the spokesperson added, “as a matter of policy, we do not comment on foreign military sales until they are formally notified to Congress.” Operative words: “formally notified”. White said owners of the flawed computers can protect themselves when surfing the Web by using Mozilla Corp.’s Firefox browser, which uses its own software to vet the security of websites.

Joe Nord, a computer programmer and blogger, detailed how eDellRoot works and how easy it is to gain access to the security key in a blog post earlier Sunday. If the answer is no, the sale would stand blocked. “The executive branch has rarely ever gone against congress in such situations,” a congressional source said, adding, “the alternative is a messy showdown no one wants now.” The administration sent Congress something called the Letter Of Offer (LOA), which has been variously described also as “informal notification” or “pre-notification”, in October.

More from WSJ.D: And make sure to visit WSJ.D for all of our news, personal tech coverage, analysis and more, and add our XML feed to your favorite reader. Reports also then suggested, now discounted, that the US was prepared to offer Pakistan a nuclear deal like the one it has with India in return for capping its fast growing nuclear arsenal. The American Jewish Committee, a powerful advocacy group that is known to have supported India and related causes before, has also thrown its substantial weight behind the effort. “Pakistan has too many detractors on the Hill now for the sale to go through, not without a showdown,” one of the congressional aides said. But Michael Kugelman, a south Asia expert with think tank Woodrow Wilson Center, said the sale will indeed be opposed because of “increasing impatience” with Pakistan.

In the end, he argued, the deal will go through because there is growing appreciation of Pakistan’s counter-terrorism efforts in northern Waziristan, under operation Zarb-i-Azb.

Here you can write a commentary on the recording "Dell security error widens as researchers dig deeper".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site