Posted on 11/24/2015 6:55:10 PM PST by dayglored
Dell has published a guide on how to remove the web security backdoor it installed in its Windows laptops and desktop PCs.
This confirms what we all know by now – that Dell was selling computers with a rather embarrassing hole it in their defenses.
New models from the XPS, Precision and Inspiron families include a powerful root CA certificate called eDellRoot, which puts the machines' owners at risk of identity theft and banking fraud.
The self-signed certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell's cert and key to silently decrypt the victims' web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website.
Stunningly, the certificate cannot be simply removed: a .DLL plugin included with the root certificate reinstalls the file if it is deleted. One has to delete the .DLL – Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate.
Dell has posted information [.docx] on how to do this properly, and future machines will not include the dangerous root CA cert. A software update process will run from November 24 that will remove the certificate automatically from machines, we're told.
(Excerpt) Read more at theregister.co.uk ...
Justifiable lawsuit.
I'm sure Dell's lawyers are producing great quantities of little green apples when they visit the corporate restroom.
Dude, I’m still not buying a Dell.
BFL
Sorry.
The only reason for not posting another thread on it tonight is that I've posted a lot of Windows Ping List threads already and I don't want to burn people out. :-)
If this issue continues to grow, I may need to do a thread that collects all the various existing threads, pings, etc. in one place.
Please, feel free to alert me to things of interest. I depend on hearing about stuff. Thanks!
bfl
Is this vulnerability only for Dell units running a Windows OS?
Does it work better than a bare metal OS reinstall? Is it as trustworthy? If not, who cares?
I believe so. I haven't heard anything regarding this problem that relates to any other OS.
If you have the option of doing a fresh install, and don't mind the reconfig and re-update required, I personally would do that.
OTOH, if the fresh install is done with a Dell supplied copy of Windows, I would be leery, even if it isn't already part of the install package, you'll have to watch for a special update that delivers the problem.
I think I’d probably just use a generic copy compatible with the license number that came with the PC, rather than an OEM-supplied version.
Sometimes that will work, other times not. The OEM license Key Code that came with the computer may be specific to the OEM version of Windows. It may even have code that checks that it's on hardware made by that particular OEM.
Well, that’s what I meant. Use the OEM version of Windows (but not a copy provided by your specific OEM), then it should work with an OEM serial number but not have the stuff you’re trying to get rid of. I had no idea there were brand-specific serial numbers. Is that what you’re saying?
The key codes are generated by a Microsoft algorithm and assigned either individually to users, or in batches to OEMs. They're not random -- they have a certain encoded pattern that is kept extremely secret. With the algorithm you can generate valid key codes to your heart's content, but the shady programs that claim to be able to do so are of course wildly illegal.
The CD/DVD usually has the code for ALL versions (Home, Home Prem, Pro, Ultimate, etc.) and the key code enables one or another of those versions during installation. Encoded in the key code is the type or types of Windows versions it is valid for. The key may also encode things about certain features that are enabled on a given model of computer it's associated with.
A given OEM (say, Dell or Toshiba) generally customizes a generic OEM release of Windows with their own crapware and features, and puts their label on the CD/DVD. The key codes that unlock that customized release are usually specific to that OEM.
So in that sense it is sort of "brand-specific", but OEMs re-brand and cross-brand so it's not always easy to track.
Caveat: the above is a loose, generic description of the process as it was a few years ago. It may have changed since, especially since Win10 is now a download rather than a supplied CD/DVD in most cases...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.