Dell acknowledges security hole in new Computers

  • Thread starter Thread starter Sarkar
  • Start date Start date
  • Replies Replies: Replies 5
  • Views Views: Views 1,057

Sarkar

Member
Joined
1 Jun 2013
Messages
11,003
Reaction score
11,367
Major US computer company Dell Inc said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users' private data.

A pre-installed programme on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyberintrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.

"The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience," Dell said in a statement to Reuters. "Unfortunately, the certificate introduced an unintended security vulnerability."

Dell declined to say how many computers or which specific models are affected. The software began getting installed on laptops in August, according to a spokeswoman. The company also said future systems would not contain the bug.

Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.

Dell's security flaw is similar to a so-called "Superfish" programme detected on Lenovo computers earlier this year.

Dell acknowledges security hole in new laptops - Times of India
 
RE: Dell acknowledges security hole in new laptops

So will they give discounts/compensation for these laptops ;)
 
RE: Dell acknowledges security hole in new laptops

Rahulan Ratnarajah said:
So will they give discounts/compensation for these laptops ;)

Lenovo gave free mcafee subscription extension for 6 months, you can expect similar from dell too ;)
 
RE: Dell acknowledges security hole in new laptops

Thanks for the Share @Sarkar bro :tup;)
 
RE: Dell acknowledges security hole in new laptops

Update :

Users reported finding it on Dell XPS 15 and XPS 13 models, but also on a Latitude and an Inspiron 5000 series model.

Users who believe they might be affected should visit Test Website set up by security expert Kenneth White. If the website loads with no certificate error, it's a sign that the computer has the eDellRoot certificate installed.

Removing the certificate from Windows can be done with the Microsoft Management Console. To open it, users can press the windows key + r, type certlm.msc and hit Run. The certificate should be under Trusted Root Certificate Authorities > Certificates.

Dell installs self-signed root certificate on laptops, endangering users' privacy | PCWorld
 
RE: Dell acknowledges security hole in new laptops

A second dangerous Dell root certificate discovered

The second certificate is called DSDTestProvider and is installed by an application called Dell System Detect (DSD). Users are prompted to download and install this tool when they visit the Dell support website and click the “Detect Product” button.

The first certificate, which was reported earlier, is called eDellRoot and is installed by the Dell Foundation Services (DFS), an application that implements several support functions.

A second dangerous Dell root certificate discovered | Computerworld
 
Back
Top Bottom