Jump to content

Dell certificates vulnerability: How to protect your Windows systems


RV_

Recommended Posts

Got Dell? If not, don't bother, this only affects Dell computers.

 

A pair of digital certificates released by Dell produced a vulnerability that could expose Windows systems to risk. Learn the scope of the threat and how to remediate it.

 

Here is a website that tests your Dell computer for it: https://edell.tlsfun.de/

 

For those who don't understand certificates, or whose eyes roll up if the talks turns to a fake CA issuing bogus certificates, then do read this whole article because it is a terrific primer on Certificates, why they are good, and how they can be bad when compromised.

 

Excerpt:

"Dell announced earlier this week that some of its homegrown digital (SSL) certificates used by Dell Foundation Services and Dell System Detect programs (which are intended to enhance support functions) have generated a significant security vulnerability for Windows systems. Essentially, if either certificate exists on a given computer, that computer can be lured to trust malicious systems, which might then expose it to malware or hacking attempts.

Before I go into specifics about where the threat may apply and how to protect your systems against it, here's a quick background on how certificates work.

A primer on digital certificates

 

A digital certificate ensures the identity of a site that is connected to by an application such as a web browser. Its purpose is to assure the visitor (or application) that the site really is who it claims to be to prevent misrepresentation, which can assist in criminal or malevolent wrongdoing. Traffic is then encrypted to and from the site to protect the data it contains.

 

All the details are here: http://www.techrepublic.com/article/dell-certificates-vulnerability-how-to-protect-your-windows-systems/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531

Link to comment
Share on other sites

It appears that other than checking in this article if your Dell is one of the affected ones this is over.

 

Microsoft Removes Trust for eDellroot Certificates

 

Excerpt:

 

"In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers.

 

In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates and has updated its Certificate Trust List (CTL)."

 

The company claims the move is preventative in nature, as it’s unaware of any attacks related to the certificates currently.
- See more at: https://threatpost.com/microsoft-removes-trust-for-edellroot-certificates/115515/#sthash.eyygYTVH.dpuf

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...