Readers like you keep news free for everyone.
More than 5,000 readers have already pitched in to keep free access to The Journal.
For the price of one cup of coffee each week you can help keep paywalls away.
Readers like you keep news free for everyone.
More than 5,000 readers have already pitched in to keep free access to The Journal.
For the price of one cup of coffee each week you can help keep paywalls away.
DELL HAS APOLOGISED for shipping PCs with a vulnerability and has issued a software tool to remove the problem.
The issue comes from an SSL certificate that would allow attackers to impersonate a HTTPS site and carry out man-in-the-middle attacks against users. Dell explained the certificate, called eDellRoot, wasn’t adware or malware, but a support tool designed to make it easier to service their systems.
We deeply regret that this has happened”, it said in a post. ”The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers”.
This certificate is not being used to collect personal computer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.
As well as providing instructions for permanently removing the certificate, and an uninstaller app, Dell will also push a software update later today that will check for the certificate and remove it if detected. It also said that it will be removed from all Dell systems in future.
If you bought a Dell PC recently and want to check yourself, you can do so by opening search and typing in ‘mmc’ or ‘certmgr.msc’ to open the certificate manager. When it does, click on Trusted Root Certification Authorities > Certificates and search for the eDellRoot certificate.
When you find it, select it and remove it by clicking the red x in the toolbar.
The issue first came to light over the weekend after a number of security researchers and groups expressed concern over the certificate.
Earlier this year, Lenovo was caught with a similar security flaw. The Superfish was installed by the company as a way of serving up extra ads, but security flaws meant any attacker could carry out man-in-the-middle attacks, allowing them to interpret messages like passwords, financial details and personal information.
To embed this post, copy the code below on your site