Just like Lenovo did at the beginning of the year, Dell has included a root certificate on some of its laptops that can be extracted by malicious actors and used for MitM (man-in-the-middle) attacks, passing dangerous content as legitimate. Digital certificates are files used to sign software as coming from a legitimate source. Root certificates are high-privilege digital certificates that are used to sign entire hierarchies of certificate structures and are usually issued by CAs (Certificate Authorities), companies that go through a large number of security checks before being granted this title. Many large software manufacturers are all CAs themselves. This includes Google, Apple, HP, Oracle, Microsoft, and, of course, Dell. The problem is that, according to the discoveries of a Reddit user, Dell has been shipping a few of its laptops with such a high-level root certificate.
View full story
ORIGINAL SOURCE: Softpedia