Dell new laptops with Superfish-like root CA

https://www.reddit.com/r/technology/comments/3twmfv/dell_ships_laptops_with_rogue_root_ca_exactly/

It looks as if Dell learned nothing from Lenovo and their Superfish debacle. I'll have to check my new XPS when I get home from work. Anybody else with a new Dell able to confirm this?

Edit: Looks like forum tools removed "ships" from the title (did I mispell with a 't'?), could a mod fix this please? Thanks!

 

Just checked on the M3800 I got a few weeks back, and its on there

 

Yet one more reason to just do a clean Windows install right when you get a new computer.

 

Unfortunately, sometimes even this is not enough. Some root utilities are installed at the BIOS level and can reinstall themselves on a fresh Windows installation. The best defense is avoiding manufacturers who feel like they need a backdoor to your own computer. This was why I went with Dell and not another Lenovo, but now I feel like I have made a big mistake purchasing the new XPS.

 

Usually do, just havent gotten around to it yet on this one. Definitely will be taking care of that over this extended weekend though

 

...And a second one is found on Dell's laptops: http://it.slashdot.org/story/15/11/...-cert-private-key-pair-found-on-dell-computer

 

Here is Dell's response to the eDellRoot issue:

http://en.community.dell.com/dell-b...e-to-concerns-regarding-edellroot-certificate

So it looks like the Dell Update utility will remove the certificate, if it has not already been manually removed. I am still skeptical of Dell's intentions here, hopefully they don't follow this up with a sneakier implementation.

 

There's no reason to suspect foul play, only negligence/incompetence. I don't see any way Dell could have benefited from the way this was implemented (leaving both the cert and the private key on the device).

Unlike Superfish, where Lenovo profited from injecting ads, there aren't any other symptoms. All evidence points to a mistake, rather than deliberate design. The only thing in common with Lenovo is that both involved certs.

Yeah, but no other manufacturers have been found taking advantage of that capability for dodgy ends. Dell's response in this case (as well as user reports) note that systems which were re-imaged are not susceptible.

It's crummy that this happened, and Dell needs to tighten their procedures, but the similarity to Lenovo's case is superficial.