Dell shipped computers with a preloaded CA, and left the private key in, Superfish style. ANYONE can MitM ANYTHING.http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/ …
-
-
Replying to @FiloSottile
Here are the official, easy instructions to remove the eDellRoot certificate. Converted to pdf from Dell's docx: https://filippo.io/Badfish/eDellRootCertRemovalInstructions.pdf …
5 replies 9 retweets 9 likes -
Replying to @FiloSottile
@FiloSottile … Do they not provide a plain webpage?1 reply 0 retweets 0 likes -
Replying to @0xabad1dea
@0xabad1dea they didn't even provide a pdf, I had to convert a bloody docx http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate …2 replies 0 retweets 2 likes -
Replying to @FiloSottile
@FiloSottile@0xabad1dea forget that doc, it's incomplete. there is a second cert out there2 replies 1 retweet 3 likes -
Replying to @hanno
@hanno@0xabad1dea@FiloSottile Isn't the "second cert" a private key for signing drivers that any Windows system will then trust?1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@0xabad1dea@FiloSottile no, that's independent I think. there is a second cert that browsers will accept.1 reply 0 retweets 0 likes
@hanno @0xabad1dea @FiloSottile So there are THREE now?! Uhg.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.