It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Superfish 2.0: now Dell is breaking HTTPS Superfish 2.0: now Dell is breaking HTTPS
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Superfish 2.0: now Dell is breaking HTTPS
Reply
 
Thread Tools
Old 30th November 2015, 15:13   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 130,991
Stefan Mileschin Freshly Registered
Default Superfish 2.0: now Dell is breaking HTTPS

From the good women and men over at the EFF: Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites. Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link. Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one. Alternatively, just buy a Mac and don't deal with this nonsense.

http://osnews.com/story/28975/Superf...breaking_HTTPS
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
1,500 iOS apps are vulnerable to an HTTPS-crippling bug Stefan Mileschin WebNews 0 22nd April 2015 07:08
Lenovo still distributing Superfish Stefan Mileschin WebNews 0 10th March 2015 09:40
Microsoft, McAfee vs. SuperFish Stefan Mileschin WebNews 0 23rd February 2015 12:25
How could Lenovo miss its Superfish security hole? Stefan Mileschin WebNews 0 22nd February 2015 15:47
Superfish site downed after Lenovo debacle Stefan Mileschin WebNews 0 22nd February 2015 15:38
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections jmke WebNews 0 19th February 2015 10:46
HTTPS is vulnerable to BREACH exploit feds lack easy solution Stefan Mileschin WebNews 0 4th August 2013 21:54
Breaking Limitations! CPU OC on ECS H87, B85, and H81 Motherboards Stefan Mileschin WebNews 0 8th July 2013 07:52
How Apple's Story Is Like 'Breaking Bad' Stefan Mileschin WebNews 0 5th September 2012 08:25
Firefox 14 rolls out: Google searches default to HTTPS, OS X Lion users get fullscree Stefan Mileschin WebNews 0 18th July 2012 09:02

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 03:11.


Powered by vBulletin® - Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO