RV_ Posted December 1, 2015 Report Share Posted December 1, 2015 Got Dell? If not, don't bother, this only affects Dell computers. A pair of digital certificates released by Dell produced a vulnerability that could expose Windows systems to risk. Learn the scope of the threat and how to remediate it. Here is a website that tests your Dell computer for it: https://edell.tlsfun.de/ For those who don't understand certificates, or whose eyes roll up if the talks turns to a fake CA issuing bogus certificates, then do read this whole article because it is a terrific primer on Certificates, why they are good, and how they can be bad when compromised. Excerpt: "Dell announced earlier this week that some of its homegrown digital (SSL) certificates used by Dell Foundation Services and Dell System Detect programs (which are intended to enhance support functions) have generated a significant security vulnerability for Windows systems. Essentially, if either certificate exists on a given computer, that computer can be lured to trust malicious systems, which might then expose it to malware or hacking attempts. Before I go into specifics about where the threat may apply and how to protect your systems against it, here's a quick background on how certificates work. A primer on digital certificates A digital certificate ensures the identity of a site that is connected to by an application such as a web browser. Its purpose is to assure the visitor (or application) that the site really is who it claims to be to prevent misrepresentation, which can assist in criminal or malevolent wrongdoing. Traffic is then encrypted to and from the site to protect the data it contains. All the details are here: http://www.techrepublic.com/article/dell-certificates-vulnerability-how-to-protect-your-windows-systems/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531 RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
RV_ Posted December 1, 2015 Author Report Share Posted December 1, 2015 It appears that other than checking in this article if your Dell is one of the affected ones this is over. Microsoft Removes Trust for eDellroot Certificates Excerpt: "In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers. In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates and has updated its Certificate Trust List (CTL)." The company claims the move is preventative in nature, as it’s unaware of any attacks related to the certificates currently.- See more at: https://threatpost.com/microsoft-removes-trust-for-edellroot-certificates/115515/#sthash.eyygYTVH.dpuf RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.