Dell security error widens as researchers dig deeper

24 Nov 2015 | Author: | No comments yet »

Dell Plans Fix for Security Flaw That Could Let Hackers Snoop on Traffic.

The flaw, discovered by a private security researcher and announced Sunday, highlights the difficulty of implementing encryption schemes to protect computer users.New models from the XPS, Precision and Inspiron families include a powerful root CA certificate called eDellRoot, which puts the machines’ owners at risk of identity theft and banking fraud.

The certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell’s cert and key to silently decrypt the victims’ web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. He said certificate authorities are not necessarily problematic, “but they become a problem when a manufacturer like Dell misconfigures them to trust anything on the web with a universal key that works across Dell computers, and root access.” Mr. And if you can’t wait for the official advice, you can try deleting the .DLL from the filesystem, and the cert from the Windows certificate manager – or use Mozilla’s Firefox because that web browser has its own set of trusted certificates, and ignores the rogue eDellRoot. ®

White said owners of the flawed computers can protect themselves when surfing the Web by using Mozilla Corp.’s Firefox browser, which uses its own software to vet the security of websites. Joe Nord, a computer programmer and blogger, detailed how eDellRoot works and how easy it is to gain access to the security key in a blog post earlier Sunday. More from WSJ.D: And make sure to visit WSJ.D for all of our news, personal tech coverage, analysis and more, and add our XML feed to your favorite reader.

Here you can write a commentary on the recording "Dell security error widens as researchers dig deeper".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site