Dell Laptop Security Issue (1 Viewer)

Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Dell have installed a Trusted root certificate on a lot of Laptops. This is a security risk as it means a bad actor could use this to strip away any SSL/HTTPS encryption of your site in certain circumstances.

Dell have admitted to this and provided instructions on how to delete it.


The instruction are here.

I have just followed them on an XPS13 (Jan 15) and they worked as described.
 
OP
OP
Gromett
Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
PS: if you want to find out more what this is about just google
eDellRoot key

and

Superfish.
 
OP
OP
Gromett
Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Does it really matters?
YES!!! in a word. It makes your laptop easily hackable. I am sorry but I do banking on mine.

It is especially risky for us travelling types as we tend to use wifi away from home which is one of the ways that hackers can use this certificate authority to get in.

Subscribers  do not see these advertisements

 

Judge Mental

Funster
Deceased RIP
Sep 2, 2009
6,650
5,883
Sarth London
Funster No
8,272
MH
Possl 636 FR panel van
Exp
1994 and beyond...
Dell have installed a Trusted root certificate on a lot of Laptops. This is a security risk as it means a bad actor could use this to strip away any SSL/HTTPS encryption of your site in certain circumstances.

Dell have admitted to this and provided instructions on how to delete it.

http://en.community.dell.com/dell-b...e-to-concerns-regarding-edellroot-certificate

The instruction are here.
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx

I have just followed them on an XPS13 (Jan 15) and they worked as described.


pardon my ignorance and nervousness....but are these links kosher?:cautious:
 
OP
OP
Gromett
Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
pardon my ignorance and nervousness....but are these links kosher?:cautious:
Yes, but well done for questioning them.

Copy and paste them in a text editor. Then look at the bit directly before the first / (disregard the http://)
You can see that the domain name is dell.com and not de11.com for instance.

If you are still concerned. Type en.community.dell.com into your browser then copy and past the path (the bit after the /) to remake the URL using the full dell domain.
 
OP
OP
Gromett
Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Just a quick explainer for those who don't know.

http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

The bit in red is the protocol. This can be either http:// for normal web. https:// for secure web.
The bit in blue is called the hostname or subdomain.

The bit in green is the important bit and is the bit that needs to be spoofed by a bad actor if they want to take you elsewhere. It is called the domain name.
The bit in black is called the path. And is the same as a path on your own computer to a file. for instance c://my documents/spreadsheets/

If you are unsure about a link. Hover over the link on the page and look near the bottom of your browser window. It will show the destination of the link. For instance this link here http://www.motorhomefun.co.uk looks like it comes back here but actually goes to google.

The other trick that they will use is to replace characters that look the same. The lower case L and the Number 1 ( 1 and l) are common.

If you are ever unsure. Google for the company, type the companies domain in then add the linked path. You will definately be going to the companies official website, and if the path is wrong it will give a 404 page not found error.

There is more to it than this but basically never click on a link unless you are sure of the source.

NEVER, click on a link in an email because the source could have been hacked or faked. Unless the person sending you the link has told you by another channel that they are sending you the email with a link.

Subscribers  do not see these advertisements

 
Sep 27, 2007
837
289
Shropshire based
Funster No
453
MH
Globecar
Exp
started in 2001
Hi Gromett,

Thanks for the pointer re the certificate.

Is this a recent certificate, My Dell is coming up four years old, and I am wondering if I need to run the programme at all.

I have down loaded it, but thought I would ask first.

Thanks in anticipation.
 
OP
OP
Gromett
Feb 27, 2011
14,670
74,875
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Sorry, Dell hasn't told us which models or what year are affected. I just looked on mine to see if the cert was there and it was.
 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Latest journal entries

Funsters who are viewing this thread

Back
Top