| Thread Tools |
30th November 2015, 14:13 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,618
| Superfish 2.0: now Dell is breaking HTTPS From the good women and men over at the EFF: Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites. Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link. Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one. Alternatively, just buy a Mac and don't deal with this nonsense. http://osnews.com/story/28975/Superf...breaking_HTTPS |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
1,500 iOS apps are vulnerable to an HTTPS-crippling bug | Stefan Mileschin | WebNews | 0 | 22nd April 2015 06:08 |
Lenovo still distributing Superfish | Stefan Mileschin | WebNews | 0 | 10th March 2015 08:40 |
Microsoft, McAfee vs. SuperFish | Stefan Mileschin | WebNews | 0 | 23rd February 2015 11:25 |
How could Lenovo miss its Superfish security hole? | Stefan Mileschin | WebNews | 0 | 22nd February 2015 14:47 |
Superfish site downed after Lenovo debacle | Stefan Mileschin | WebNews | 0 | 22nd February 2015 14:38 |
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | jmke | WebNews | 0 | 19th February 2015 09:46 |
HTTPS is vulnerable to BREACH exploit – feds lack easy solution | Stefan Mileschin | WebNews | 0 | 4th August 2013 20:54 |
Breaking Limitations! CPU OC on ECS H87, B85, and H81 Motherboards | Stefan Mileschin | WebNews | 0 | 8th July 2013 06:52 |
How Apple's Story Is Like 'Breaking Bad' | Stefan Mileschin | WebNews | 0 | 5th September 2012 07:25 |
Firefox 14 rolls out: Google searches default to HTTPS, OS X Lion users get fullscree | Stefan Mileschin | WebNews | 0 | 18th July 2012 08:02 |
Thread Tools | |
| |