Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Have you hugged a Geek today?

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

IObit Black Friday Sale

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

5. Sergei Strelec's WinPE

6. Microsoft Visual C++ 2015-2022 Redistributable Package

7. Visual C++ Redistributable Runtimes AIO Repack

8. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Tweaking.com - Windows Repair

All the New Features Landing in Windows 11 This December

Lossless vs Lossy: When FLAC, APE, and ALAC Beat MP3 and When They Don't

Google Search Tricks You'll Actually Use in 2025 and Beyond

Fresh PC Checklist: First 12 Things to Do On a New Windows 11 Machine

Running AI Models Locally: What They Are, Where to Find Them, and How to Get Started

Deciding Between Idle State, Sleep Mode, and Shutdown: What's Best for Your PC?

How to Fix VMware Workstation "The Update Server Could Not Be Resolved" Error Installing VMware Tools

How to Remove Google Gemini from Your Phone (and Your Life)

Windows Bloat Removal Guide: Debloat Safely and Keep What You Need

Windows 11 Repair Playbook: SFC, DISM, CHKDSK Without Breaking Stuff

Dell Ships Computers with Gaping Security Hole

Posted by: Timothy Weaver on 11/24/2015 09:38 AM [ Comments ]

Worried about being spied upon? Then you might want to steer clear of a Dell computer.

Dell installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops.

How can this certificate be abused? Well, an attacker could, for example, set up a malicious Wi-Fi hotspot in a cafe or hospital, intercept connections from Dell machines, and then automatically strip away the encryption – a classic man-in-the-middle attack, all enabled by Dell's security blunder.

Reports have come in naming these as vulnerable: the XPS 15, Latitude E7450, Inspirion 5548, Inspirion 5000, Inspiron 3647, and the Precision M4800.

Firefox is not affected by the rogue certificate because it uses its own set of trusted certs.

Kenn White, information security expert, tweeted: If you have a recent XPS 15 running Windows and can load my page: https://bogus.lessonslearned.org/ then you're vulnerable to Dell's bogus root cert.

Another site to test whether your Dell is vulnerable to man-in-the-middle attacks can be found here.

MajorGeeks has a fix here.

Source: The Register

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition