mardi 24 novembre 2015

Dell responds to concerns over certificate vulnerability

Security

Security problems are certainly nothing new, vulnerabilities seem to crop up just about everywhere. We've seen countless ones from software makers and large store chains, however shipping new computers with one built-in is less common. But, that's exactly what Dell has been doing, unintentionally of course.

A problem has been discovered in the eDellroot certificate, described as a vulnerability that allows hackers to install malware. To be fair, the problem is more than just Dell, it also lies with the makers of web browsers.

According to security researcher Brian Krebs, "Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site".

Dell is responding in a new statement issued by Laura Thomas. It acknowledges the problem, which has existed with computers that have been shipping since August of this year. Thomas states "Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it".

The company points out that the certificate itself is not malware, but was intended to aid in support of the desktops and laptops by easily identifying the model and making the support process faster.

Dell has released instructions on how remove the certificate (here) and it also pledges to push a software update which will begin rolling out today. It plans to discontinue shipping computers with this certificate.

Finally the company pledges "If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately".

Image Credit: wk1003mike/Shutterstock



Aucun commentaire:

Enregistrer un commentaire