New
#1
Whats up with these manufacturer's anyway? Do they not have any software people/consultants to LOOK at what they are installing in the machines they are peddling to us?
Dell acknowledges a root certificate it installed on its laptops was a bad idea and is pushing a patch to permanently remove it.
In a blog post company spokesperson Laura Thomas says eDellRoot was installed as a support tool to make it faster and easier for customers to service the devices. But some of those customers discovered the certificate and recognized it as a serious security threat.
“We have posted instructions to permanently remove the certificate from your system here,” Thomas writes. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.”Dell admits installing security hole on laptops, apologizes, offers fix | Network WorldFor those who don’t want to use the pushed patch, instructions for removing eDellRoot manually is a 17-step process that takes up 11 Word document pages, including screenshots. The patch - Click Here – can also be downloaded.
Dell acknowledges security hole in new laptops | Reuters
Whats up with these manufacturer's anyway? Do they not have any software people/consultants to LOOK at what they are installing in the machines they are peddling to us?
It's because it's all one big data grab nowadays. Instead of considering security, they were considering $$$$$$
How to remove Dell's 'Superfish 2.0' root certificate - permanently | ZDNet
Dell PCs root certificate security error widens as researchers dig deeper | PCWorldThe fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.
Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.
The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.
Yep never good to see happening,
But if you don't make sure the manufacture sends a clean install disk with a purchase or accommodate buying one outright then you must of just fell off the moon
Personally I would clean install on a new ssd and put the oem in a drawer incase hardware failure occurs within the warrantee period
I sure as hell wouldn't take any chances. It's easy enough to do a search for the problem file.
Wouldn't surprise me one bit though if you found something. Keep in mind these are the things coming to light we know about. Heaven knows how much other insecure crap is on there that we DON'T know about.
Best cure is a clean install
If you're out of warrantee there's little to be lost in doing one.
I agree. I got really paranoid about all of the ASUS code that was on this PC when we bought it. I didn't like it "phoning home" to China all the time. I moved all of the ASUS folders to a separate USB drive and renamed all of the folders/files with an "OLD" suffix. Never had a "file not found" message afterwards, but at least the system stopped communicating with ASUS. After several years, I still have the code on the disconnected drive, but haven't seen the need to use any of it so far.