Dell Acknowledges HTTPS Certificate Exploit - Provides Removal Tool

http://arstechnica.com/security/201...tps-certificate-fiasco-provides-removal-tool/

"The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process."​

Removal tool is here
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe

 

Sadly there's a second root certificate problem that hasn't yet been fixed, and has only just been acknowledged by Dell:

http://www.computerworld.com/articl...ngerous-dell-root-certificate-discovered.html

Installed in this case by Dell System Detect (which was already the subject of another security scare in April). Worryingly, it doesn't seem like the right hand knows what the left is doing at Dell. They just need to pull all of their code at this point and do a proper security audit.

After firing the current security team, of course.

Edit: Oh, and just to rub salt into the wound, here's another issue with Dell Foundation Services: http://arstechnica.com/security/201...p-can-be-uniquely-idd-by-snoops-and-scammers/

 

That test site doesn't work on mine, it doesn't get my service tag, the request gets an Unauthorized response.

 

Just got mine in the mail. Will a fresh install of WIndows 10 take care of this stuff or do I actually have to dig into those solutions?

 

Fresh install and don't install any Dell software.

 

Cool. Can't wait to break this thing in over the holiday weekend.