Superfish 2.0: now Dell is breaking HTTPS

by Guest Post on November 28, 2015

in Tips

From the good women and men over at the EFF:

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn’t be so bad, except Superfish’s certificates all used the same private key. That meant all the affected computers were vulnerable to a “man in the middle” attack in which an attacker could use that private key to eavesdrop on users’ encrypted connections to websites, and even impersonate other websites.
Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link.

Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one.

Alternatively, just buy a Mac and don’t deal with this nonsense.

{ Comments on this entry are closed }

The Art Of The Pitch

November 26, 2015

 I’m fortunate in my day to day. I have the privilege of hearing new and exciting ideas, both by seasoned and budding entrepreneurs. I remind myself that not too many moons ago, I was in their shoes pitching for money, product and development support and, at times, attention. Being that much of my job is […]

Read the full article →

‘Microsoft’s software is Malware’

November 25, 2015

Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) This page explains how Microsoft software is malware. Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or […]

Read the full article →

Tablelist Gets You Into Hot Clubs With The Push Of A Button

November 23, 2015

 We’ve all heard about FOMO (fear of missing out), but what about FOGO? That’s short for “fear of going out,” and it’s the problem that CEO Julian Jung said he’s trying to solve with Tablelist. Jung compared his startup to Uber — in the same way that getting car service before Uber could be “intimidating,” […]

Read the full article →

Lumia 950 reviews: too little, too late

November 21, 2015

The first reviews for Microsoft’s latest flagship smartphones are coming in, the first device with Windows 10 for phones. This is going to be the big one, right? After several false starts and restarts, this was finally going to be it, everyone told us. The Verge: In the mobile world, Microsoft is way behind Google […]

Read the full article →

Updates to Chrome platform support

November 20, 2015

Earlier this year, we announced that Google Chrome would continue support for Windows XP through the remainder of 2015.  At that time, we strongly encouraged users on older, unsupported platforms such as Windows XP to update to a supported, secure operating system. Such older platforms are missing critical security updates and have a greater potential […]

Read the full article →

Data Deduplication in Windows Server Technical Preview 4

November 19, 2015

With the release of Windows Server Technical Preview 4, I’d like to send one primary message to all of our customers using or evaluating Windows Server Data Deduplication (which I assume applies to you since you are reading this posting!): Test at full scale! I’ve seen the telemetry from hundreds of dedup installations using Windows […]

Read the full article →

HotelTonight Launches Tonight +1 To Entice Guests To Stay An Extra Night

November 19, 2015

 HotelTonight, the last-minute hotel booking app, just launched a new feature called Tonight +1, which lets users add a second night during check-out for an additional discount. Here’s how it works: When available, Tonight +1 will automatically appear during checkout, prompting users to add an extra night to their stay. The second night will only display when […]

Read the full article →

Blogging about Midori

November 18, 2015

Enough time has passed that I feel safe blogging about my prior project here at Microsoft, “Midori”. In the months to come, I’ll publish a dozen-or-so articles covering the most interesting aspects of this project, and my key take-aways. Midori was a research/incubation project to explore ways of innovating throughout Microsoft’s software stack. This spanned […]

Read the full article →

Work Folders for iOS: November update – advanced features on mobile devices

November 17, 2015

  Earlier this year, in January and April, we released the Work Folders app for Apple® iPad and iPhone. Since its release, a lot of work has been done to integrate Work Folders with the larger ecosystem to help enhance enterprise control and protection of corporate owned data inside the Work Folders app. With the […]

Read the full article →