Same Bread; brought to you by Dell

One of the smaller pleasures in life that Lavie and I share are watching the BBC short animated series “Sarah and Duck”.

Alvis is long-gone from the nest but the animation and crack-storytelling of this series is addictive. We keep coming back from more.

There is a card game that Sarah and Duck often are found playing called “Same Bread”. When I grew up we played a variant called “Snap”. The thought is you take turns laying cards from your pile and when a match (same bread picture) results you yell “Same Bread” and slap down on the cards first to win the pile.

So what has this to do with anything?

Dell = Lenovo “Same Bread!” (well almost)

So here was Lenovo’s card from earlier this year

• Lenovo Superfish – Cleanup in Seafood Isle Needed! - GSD blog
• So that's how it works: Windows Platform Binary Table (WPBT) - GSD blog

And this week Dell’s card came out; pardon the mess but it was a messy round…they actually played two cards in this game.

Note that I’ve tried to order them from most technically helpful/detailed downward. If you just want to check/fix the issue on your Dell system, jump down to the bottom of the list.

• Dude, You Got Dell’d: Publishing Your Privates - Duo Security
• Dell installs risky “Superfish-style” security certs – what to do -  naked security by Sophos
• Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections - Hanno’s blog
• Dell Shipping Superfish-Style Root Cert, Private Key - Threatpost
• Two More Self-Signed Certs, Private Keys Found on Dell Machines - Threatpost
• Dell does a Superfish, ships PCs with easily cloneable root certificates - Ars Technica
• Dell apologizes for HTTPS certificate fiasco, provides removal tool - Ars Technica
• PCs running Dell support app can be uniquely ID’d by snoops and scammers - Ars Technica
• Dell does a Lenovo: ships laptops with rogue root CA - gHacks Tech News
• Security Bug in Dell PCs Shipped Since 8/15 - Krebs on Security
• Dell shipped computers with root CA cert, private crypto key included - Help Net Security
• Another root CA cert with key found on Dell's machines - Help Net Security
• Dell Helpfully Installs Yet Another Gaping Security Hole On Some Laptops – Consumerist
• Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA - InfoSec Handlers Diary Blog
• Not just Lenovo: Dell ships computers with self-signed root certificates - Boing Boing
• Dell apologizes for preinstalling bogus root-certificate on computers - Boing Boing
• Oops!… Dell Did It Again - News from the Lab
• Dell's Latest Laptops Are Infected With eDellRoot -  makeuseof blog
• Some notes on the eDellRoot key - Errata Security

Cleanup and Mitigation

• Test for eDellRoot certificate - provided by Hanno Böck
• eDell Root Certificate Removal Instructions (PDF link) - Dell - automated and manual removal methods
• https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe - direct download link to Dell’s provided removal tool.

Let’s Go Explore!

• Give your Windows Certificate Store a thorough scan for suspicious certs - gHacks Tech News

That post by Martin Brinkmann has a review/link to RCC to scan the Windows Certificate Store and detect potentially questionable certs. You will have to carefully research and decide on your own if any should be removed.

• RCC - check your system's trusted root certificate store - Wilders Security Forums - forum thread with lots of details on the utility.
• Sven Faw - website download page of the RCC developer.

Check out also his “CTLInfo” app. It is portable and GUI based and can show/report on the Windows system’s Root Certificate Trust List. Added to my utility collection.

These posts are also good showing CTLInfo in action:

• Why is Windows so misleading about what root certificates it trusts? - HA blog
• A critical Windows component expires in 25 hours - HA blog

Microsoft also has some helpful info.

• Configure Trusted Roots and Disallowed Certificates - Windows Server on TechNet
• Manage Trusted Root Certificates - Windows Server on TechNet

Goodness.

Claus Valca