Dell does a Superfish, ships PCs with dangerous self-signed root certificateshttp://arstechnica.com/?p=783755
-
-
Replying to @dangoodin001
.
@dangoodin001 key issue is the bundled private key. The reason Firefox warns is because it ships with its own certificates separate from OS2 replies 2 retweets 0 likes -
Replying to @kennwhite
@kennwhite@dangoodin001 Added CA certs are inherently malicious when added by anyone other than a crypto-savvy user themselves.1 reply 1 retweet 0 likes -
Replying to @RichFelker
@RichFelker@dangoodin001 there are legitimate use cases for code/module signing certs from OEMs, but only if *very* limited in scope by OS.2 replies 0 retweets 0 likes
Replying to @kennwhite
@kennwhite @dangoodin001 Legitimate signing certs are restricted to a domain the issuer owns, not the root.
10:18 AM - 23 Nov 2015
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.