From InfoWorld: At least some Dell laptops are shipping with a trusted root certificate authority pre-installed, something that those who discovered the CA are comparing to the Superfish adware installed on Lenovo machines that left them open to man-in the-middle attacks.
Called eDellRoot, the trusted root CA comes as part of the standard software load on new Dell machines. A Reddit contributor who uses rotocowboy for a screen name says the implications could be dire. "For those that are unfamiliar with how this works," he writes, "a network attacker could use this CA to sign his or her own fake certificates for use on real websites and an affected Dell user would be none the wiser unless they happened to check the website's certificate chain. This CA could also be used to sign code to run on people's machines, but I haven't tested this out yet."
The eDellRoot certificate is intended for all purposes, meaning its privileges are more extensive than a DigiCert certificate also installed on the machine being examined by another Dell owner, according to programmer Joe Nord, who also owns a Dell. "I'm having a tough time coming up with a good reason that Dell Computer Corporation needs to be a trusted root CA on my computer," Nord writes in his blog.
Dell hasn't responded yet to a request for an explanation of eDellRoot and whether customers should worry. This story will be updated when it does.
View: Article @ Source Site
