Dell Laptop Security Issue

Discussion in 'Computers' started by Gromett, Nov 24, 2015.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    Dell have installed a Trusted root certificate on a lot of Laptops. This is a security risk as it means a bad actor could use this to strip away any SSL/HTTPS encryption of your site in certain circumstances.

    Dell have admitted to this and provided instructions on how to delete it.

    http://en.community.dell.com/dell-b...e-to-concerns-regarding-edellroot-certificate

    The instruction are here.
    https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx

    I have just followed them on an XPS13 (Jan 15) and they worked as described.
     
    • Like Like x 4
  2. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    PS: if you want to find out more what this is about just google
    eDellRoot key

    and

    Superfish.
     
  3. sabrinadestiny

    sabrinadestiny Read Only Funster

    Joined:
    Nov 24, 2015
    Messages:
    3
    Likes Received:
    1
    Location:
    Australia
    Does it really matters?
     
    • Like Like x 1
  4. buttons

    buttons Funster

    Joined:
    Aug 27, 2009
    Messages:
    12,868
    Likes Received:
    10,677
    Location:
    Hertfordshire
    Hi sabrinadestiny and welcome to a wet and windy motorhome fun.
     
    • Like Like x 1
  5. ROB1CHELSEA1

    ROB1CHELSEA1 Funster

    Joined:
    Sep 4, 2011
    Messages:
    2,431
    Likes Received:
    5,622
    Location:
    Park Lane Bedhampton
    :(How strange my Dell lap top packed up yesterday :(
     
  6. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    YES!!! in a word. It makes your laptop easily hackable. I am sorry but I do banking on mine.

    It is especially risky for us travelling types as we tend to use wifi away from home which is one of the ways that hackers can use this certificate authority to get in.
     
    • Like Like x 4
  7. Judge Mental

    Judge Mental Funster Deceased RIP

    Joined:
    Sep 2, 2009
    Messages:
    6,782
    Likes Received:
    6,034
    Location:
    Sarth London

    pardon my ignorance and nervousness....but are these links kosher?:cautious:
     
    • Like Like x 1
  8. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    Yes, but well done for questioning them.

    Copy and paste them in a text editor. Then look at the bit directly before the first / (disregard the http://)
    You can see that the domain name is dell.com and not de11.com for instance.

    If you are still concerned. Type en.community.dell.com into your browser then copy and past the path (the bit after the /) to remake the URL using the full dell domain.
     
    • Like Like x 2
  9. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    Just a quick explainer for those who don't know.

    http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

    The bit in red is the protocol. This can be either http:// for normal web. https:// for secure web.
    The bit in blue is called the hostname or subdomain.

    The bit in green is the important bit and is the bit that needs to be spoofed by a bad actor if they want to take you elsewhere. It is called the domain name.
    The bit in black is called the path. And is the same as a path on your own computer to a file. for instance c://my documents/spreadsheets/

    If you are unsure about a link. Hover over the link on the page and look near the bottom of your browser window. It will show the destination of the link. For instance this link here http://www.motorhomefun.co.uk looks like it comes back here but actually goes to google.

    The other trick that they will use is to replace characters that look the same. The lower case L and the Number 1 ( 1 and l) are common.

    If you are ever unsure. Google for the company, type the companies domain in then add the linked path. You will definately be going to the companies official website, and if the path is wrong it will give a 404 page not found error.

    There is more to it than this but basically never click on a link unless you are sure of the source.

    NEVER, click on a link in an email because the source could have been hacked or faked. Unless the person sending you the link has told you by another channel that they are sending you the email with a link.
     
    • Like Like x 1
  10. nomadic

    nomadic Funster

    Joined:
    Sep 27, 2007
    Messages:
    665
    Likes Received:
    174
    Location:
    Shropshire based
    Hi Gromett,

    Thanks for the pointer re the certificate.

    Is this a recent certificate, My Dell is coming up four years old, and I am wondering if I need to run the programme at all.

    I have down loaded it, but thought I would ask first.

    Thanks in anticipation.
     
  11. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,900
    Likes Received:
    13,916
    Location:
    UK
    Sorry, Dell hasn't told us which models or what year are affected. I just looked on mine to see if the cert was there and it was.
     
Loading...

Share This Page