Location:
State:
Carrier
Country
Status

Dell admits installing security hole on laptops, apologizes,offers fix


Dell admits installing security hole on laptops, apologizes, offers fix | Network World

Dell acknowledges a root certificate it installed on its laptops was a bad idea and is pushing a patch to permanently remove it.

In a blog post company spokesperson Laura Thomas says eDellRoot was installed as a support tool to make it faster and easier for customers to service the devices. But some of those customers discovered the certificate and recognized it as a serious security threat.

“We have posted instructions to permanently remove the certificate from your system here,” Thomas writes. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.”
For those who don’t want to use the pushed patch, instructions for removing eDellRoot manually is a 17-step process that takes up 11 Word document pages, including screenshots. The patch - Click Here – can also be downloaded.
Dell acknowledges security hole in new laptops


How to remove Dell's 'Superfish 2.0' root certificate - permanently | ZDNet

Unbelievable...

The fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.

Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.

The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.
Dell PCs root certificate security error widens as researchers dig deeper | PCWorld

You would think they would have learned from the Lenovo debacle.

It seems kinda crazy they can own up to knowingly putting a vulnerability in place, apologize, and continue to do business. When will the world stop trusting them?

It's like someone over on 7 said, when you get a new PC, wipe the drive, put a clean version of Windows on it & you've eliminated all the crapware that came with it.

I always load myself.

Dell admits installing security hole on laptops, apologizes,offers fix