Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Talk nerdy to me.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

4. Visual C++ Redistributable Runtimes AIO Repack

5. Visual C++ Runtime Installer (All-In-One)

6. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Sergei Strelec's WinPE

How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

How to Fix Shallow Paint Layer Depth in Bambu Studio

Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

How To Use VLC Media Player to Trim Video Clips

What Is the $WinREAgent Folder and Can I Delete It?

Swear Your Way to Better Search Results

How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Enable, Disable, Manage, Delete or Create a System Restore Point

Dell Ships Computers with Gaping Security Hole

Posted by: Timothy Weaver on 11/24/2015 09:38 AM [ Comments ]

Worried about being spied upon? Then you might want to steer clear of a Dell computer.

Dell installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops.

How can this certificate be abused? Well, an attacker could, for example, set up a malicious Wi-Fi hotspot in a cafe or hospital, intercept connections from Dell machines, and then automatically strip away the encryption – a classic man-in-the-middle attack, all enabled by Dell's security blunder.

Reports have come in naming these as vulnerable: the XPS 15, Latitude E7450, Inspirion 5548, Inspirion 5000, Inspiron 3647, and the Precision M4800.

Firefox is not affected by the rogue certificate because it uses its own set of trusted certs.

Kenn White, information security expert, tweeted: If you have a recent XPS 15 running Windows and can load my page: https://bogus.lessonslearned.org/ then you're vulnerable to Dell's bogus root cert.

Another site to test whether your Dell is vulnerable to man-in-the-middle attacks can be found here.

MajorGeeks has a fix here.

Source: The Register

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition