Sunday, November 29, 2015

Your New Dell Computer May Put You At Risk

Several months ago computer maker Lenovo created a stir with its "Superfish" fiasco. Now we find that Dell has fumbled, as well. If you purchased a Dell desktop or laptop computer after July 30, 2015 you may be vulnerable to online spying and malware attacks.



Dell, mistakenly, installed a root certificate with an exposed private key. So, what does this mean? Hackers can use this key to impersonate any website and trick a user into revealing login credentials - even on secure https sites. The certificate called eDellRoot was designed to assist with customer support, but it unfortunately does much more. So, what should a Dell owner do?

1. Check your computer for the bug. Go to https://edellroot.secur3.us/ . If your browser gives you a security warning - you are safe.

2. If the test above does not produce a security warning, you will need to run the Dell patch to remove the eDellRoot certificate. You may download the patch from the link below:


Modern computing devices have become increasingly complex, and securing these systems against exploits has become a herculean task. Dell's mistake is serious, but they did act quickly and decisively to ameliorate the issue.