One of the smaller pleasures in life that Lavie and I share are watching the BBC short animated series “Sarah and Duck”.
Alvis is long-gone from the nest but the animation and crack-storytelling of this series is addictive. We keep coming back from more.
There is a card game that Sarah and Duck often are found playing called “Same Bread”. When I grew up we played a variant called “Snap”. The thought is you take turns laying cards from your pile and when a match (same bread picture) results you yell “Same Bread” and slap down on the cards first to win the pile.
So what has this to do with anything?
Dell = Lenovo “Same Bread!” (well almost)
So here was Lenovo’s card from earlier this year
- Lenovo Superfish – Cleanup in Seafood Isle Needed! - GSD blog
- So that's how it works: Windows Platform Binary Table (WPBT) - GSD blog
And this week Dell’s card came out; pardon the mess but it was a messy round…they actually played two cards in this game.
Note that I’ve tried to order them from most technically helpful/detailed downward. If you just want to check/fix the issue on your Dell system, jump down to the bottom of the list.
- Dude, You Got Dell’d: Publishing Your Privates - Duo Security
- Dell installs risky “Superfish-style” security certs – what to do - naked security by Sophos
- Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections - Hanno’s blog
- Dell Shipping Superfish-Style Root Cert, Private Key - Threatpost
- Two More Self-Signed Certs, Private Keys Found on Dell Machines - Threatpost
- Dell does a Superfish, ships PCs with easily cloneable root certificates - Ars Technica
- Dell apologizes for HTTPS certificate fiasco, provides removal tool - Ars Technica
- PCs running Dell support app can be uniquely ID’d by snoops and scammers - Ars Technica
- Dell does a Lenovo: ships laptops with rogue root CA - gHacks Tech News
- Security Bug in Dell PCs Shipped Since 8/15 - Krebs on Security
- Dell shipped computers with root CA cert, private crypto key included - Help Net Security
- Another root CA cert with key found on Dell's machines - Help Net Security
- Dell Helpfully Installs Yet Another Gaping Security Hole On Some Laptops – Consumerist
- Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA - InfoSec Handlers Diary Blog
- Not just Lenovo: Dell ships computers with self-signed root certificates - Boing Boing
- Dell apologizes for preinstalling bogus root-certificate on computers - Boing Boing
- Oops!… Dell Did It Again - News from the Lab
- Dell's Latest Laptops Are Infected With eDellRoot - makeuseof blog
- Some notes on the eDellRoot key - Errata Security
Cleanup and Mitigation
- Test for eDellRoot certificate - provided by Hanno Böck
- eDell Root Certificate Removal Instructions (PDF link) - Dell - automated and manual removal methods
- https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe - direct download link to Dell’s provided removal tool.
Let’s Go Explore!
- Give your Windows Certificate Store a thorough scan for suspicious certs - gHacks Tech News
That post by Martin Brinkmann has a review/link to RCC to scan the Windows Certificate Store and detect potentially questionable certs. You will have to carefully research and decide on your own if any should be removed.
- RCC - check your system's trusted root certificate store - Wilders Security Forums - forum thread with lots of details on the utility.
- Sven Faw - website download page of the RCC developer.
Check out also his “CTLInfo” app. It is portable and GUI based and can show/report on the Windows system’s Root Certificate Trust List. Added to my utility collection.
These posts are also good showing CTLInfo in action:
- Why is Windows so misleading about what root certificates it trusts? - HA blog
- A critical Windows component expires in 25 hours - HA blog
Microsoft also has some helpful info.
- Configure Trusted Roots and Disallowed Certificates - Windows Server on TechNet
- Manage Trusted Root Certificates - Windows Server on TechNet
Goodness.
Claus Valca
1 comment:
Never been a fan of Dell, their computers always seemed cheap (ironic as in the 90's a Dell Desktop would run you $2-$4K) and unreliable. At my work we have about 98% various Lenovo Thinkpads (with docking stations) 1% Lenovo M93P (tiny) desktop computer and the other 1% are various HP Desktops from 800G1 to 8200 and 8300 and some Z-Desktop systems which are used for the store's DVR/Camera system. Oh and whatever all-in-one touchscreen system (not Dell) we use for the self-checkouts. Then each store has an iPad and each manager as an iPhone (store delivery drivers have Samsung phones). No Dell's anywhere in our company...with the exception of some Dell monitors we have in our tech area that likely came from a store a long time ago before we switched over to HP, Lenovo or Samsung.
So how soon until we hear from Dell they were hacked and all the information they were secretly collecting has been stolen?
Post a Comment