Dell's 'Superfish:' Customer Discovers 'eDellRoot' Certificate And Private Key On Laptop

[Lucian Armasu]

Dell customer discovered the "eDellRoot" certificate in the Windows root store that was also bundled with its private key, allowing other attackers to forge certificates for popular websites. Dell announced a fix is coming soon.

Dell's 'Superfish:' Customer Discovers 'eDellRoot' Certificate And Private Key On Laptop : Read more

 

[koss64]

The blogger quoted isn't doing any of Dell's customers or the industry for that matter by telling them they need to panic, for situations like this running around screaming your head off isn't going to protect one customer at the end of the day. I understand the reason Dell put the certificate on their machines as it would help customer service(lots of customers I have dealt with cant find their model numbers, all they can tell me is that its a Dell or a HP) but its not excusable, you cant be putting that on people's laptops and they don't know,it would have been better if they explained why they did it and its benefits beforehand.Regardless at least they have addressed the issue and wont be putting it back on their machines and have left instructions to take it off if you so desire, again that blogger's response to this issue will only serve to get him hits and advertising revenue and not necessarily help our security shellshocked industry.

 

[KevITGuy]

I used the .EXE fix and it doesnt even fix the problem. I did the manual way to make the stuff go away. What a bunch of Bull from dell.

 

[computerguy72]

They actually reacted pretty quickly. Just 1 day after it was pointed out. This is nothing like Superfish.

 

[Guest]

"Dell's corporate customers need to panic"

In reality, any of Dell's corporate customers with any reasonable sized IT department will have their own custom build. For everyone else this is a huge deal. There goes another manufacturer off my list that I can no longer recommend.

This isn't so much an issue about the security of a bunch of laptops and desktops, it's a much more fundamental issue of trust. And it's because of that that issues like this won't just stop with customers buying laptops and desktops, but also server and storage kit too. More worrying is that Dell now owns EMC, who in turn owns VMware. Who knows what they have in mind in the enterprise. Where does it end?

 

[captaincharisma]

i guessUEFI BIOS has it cons. in this case the pc manufacturers found a way to spam and make sure thei bloatware stays on their PC's.

 

[captaincharisma]

"Dell's corporate customers need to panic"

In reality, any of Dell's corporate customers with any reasonable sized IT department will have their own custom build. For everyone else this is a huge deal. There goes another manufacturer off my list that I can no longer recommend.

This isn't so much an issue about the security of a bunch of laptops and desktops, it's a much more fundamental issue of trust. And it's because of that that issues like this won't just stop with customers buying laptops and desktops, but also server and storage kit too. More worrying is that Dell now owns EMC, who in turn owns VMware. Who knows what they have in mind in the enterprise. Where does it end?

well get ready to not recommend any of them. odds are they will start finding them on every other band name PC. i guarantee you HP is doing it

 

[d_kuhn]

I've bought a lot of Dell Workstations... they've never had any crapware bundled (that's consumer), I wonder if this isn't the same issue. With ANY new machine I always wipe and reinstall from a clean ISO (or have our Corporate IT folks put their own image on in some cases) but at least with their corporate targeted hardware I've never had any visible preinstalled junk on Dell or HP machines (the two vendors I use the most).