One of the smaller pleasures in life that Lavie and I share are watching the BBC short animated series “Sarah and Duck”.
Alvis is long-gone from the nest but the animation and crack-storytelling of this series is addictive. We keep coming back from more.
There is a card game that Sarah and Duck often are found playing called “Same Bread”. When I grew up we played a variant called “Snap”. The thought is you take turns laying cards from your pile and when a match (same bread picture) results you yell “Same Bread” and slap down on the cards first to win the pile.
So what has this to do with anything?
Dell = Lenovo “Same Bread!” (well almost)
So here was Lenovo’s card from earlier this year
- Lenovo Superfish – Cleanup in Seafood Isle Needed! - GSD blog
- So that's how it works: Windows Platform Binary Table (WPBT) - GSD blog
And this week Dell’s card came out; pardon the mess but it was a messy round…they actually played two cards in this game.
Note that I’ve tried to order them from most technically helpful/detailed downward. If you just want to check/fix the issue on your Dell system, jump down to the bottom of the list.
- Dude, You Got Dell’d: Publishing Your Privates - Duo Security
- Dell installs risky “Superfish-style” security certs – what to do - naked security by Sophos
- Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections - Hanno’s blog
- Dell Shipping Superfish-Style Root Cert, Private Key - Threatpost
- Two More Self-Signed Certs, Private Keys Found on Dell Machines - Threatpost
- Dell does a Superfish, ships PCs with easily cloneable root certificates - Ars Technica
- Dell apologizes for HTTPS certificate fiasco, provides removal tool - Ars Technica
- PCs running Dell support app can be uniquely ID’d by snoops and scammers - Ars Technica
- Dell does a Lenovo: ships laptops with rogue root CA - gHacks Tech News
- Security Bug in Dell PCs Shipped Since 8/15 - Krebs on Security
- Dell shipped computers with root CA cert, private crypto key included - Help Net Security
- Another root CA cert with key found on Dell's machines - Help Net Security
- Dell Helpfully Installs Yet Another Gaping Security Hole On Some Laptops – Consumerist
- Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA - InfoSec Handlers Diary Blog
- Not just Lenovo: Dell ships computers with self-signed root certificates - Boing Boing
- Dell apologizes for preinstalling bogus root-certificate on computers - Boing Boing
- Oops!… Dell Did It Again - News from the Lab
- Dell's Latest Laptops Are Infected With eDellRoot - makeuseof blog
- Some notes on the eDellRoot key - Errata Security
Cleanup and Mitigation
- Test for eDellRoot certificate - provided by Hanno Böck
- eDell Root Certificate Removal Instructions (PDF link) - Dell - automated and manual removal methods
- https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe - direct download link to Dell’s provided removal tool.
Let’s Go Explore!
- Give your Windows Certificate Store a thorough scan for suspicious certs - gHacks Tech News
That post by Martin Brinkmann has a review/link to RCC to scan the Windows Certificate Store and detect potentially questionable certs. You will have to carefully research and decide on your own if any should be removed.
- RCC - check your system's trusted root certificate store - Wilders Security Forums - forum thread with lots of details on the utility.
- Sven Faw - website download page of the RCC developer.
Check out also his “CTLInfo” app. It is portable and GUI based and can show/report on the Windows system’s Root Certificate Trust List. Added to my utility collection.
These posts are also good showing CTLInfo in action:
- Why is Windows so misleading about what root certificates it trusts? - HA blog
- A critical Windows component expires in 25 hours - HA blog
Microsoft also has some helpful info.
- Configure Trusted Roots and Disallowed Certificates - Windows Server on TechNet
- Manage Trusted Root Certificates - Windows Server on TechNet