Every single Dell desktop and laptop shipped since August contains three bogus root certificates, including eDellRoot. Not only that, but two certs include their own private keys! It’s like Superfish all over again...
That means more than ten million computers were infected at source, allowing attackers to spoof secure websites. And they could install infected Windows updates, because the certificate is also able to sign code.
Oh, and if you try to remove eDellRoot, Dell’s bloatware reinstalls it. Nice.
No comments:
Post a Comment