1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dell installs self-signed root certificate on laptops, endangering users' privacy

Discussion in 'Network World' started by RSS, Nov 24, 2015.

  1. RSS

    RSS New Member Member

    Dell laptops are coming preloaded with a self-signed root digital certificate that lets attackers spy on traffic to any secure website.

    The reports first surfaced on Reddit and were soon confirmed by other users and security experts on Twitter and blogs. The root certificate, which has the power of a certificate authority on the laptops it's installed on, comes bundled with its corresponding private key, making the situation worse.

    With the private key, which is now available online, anyone can generate a certificate for any website that will be trusted by browsers such as Internet Explorer and Google Chrome that use the Windows certificate store on affected laptops. Security experts have already generated proof-of-concept certificates for *.google.com and bankofamerica.com.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page