Security Vulnerability on Dell Computers!

Good Day to You,

November 27, 2015 Update:

I received an update to my previous newsletter from US-CERT. The update narrows down the time frame we need to be aware of concerning this vulnerability:

August 18, 2015 – “Dell Foundation Services (DFS) application”

November 20-23 2015 – “Certificate was preinstalled on some systems”

Below is a paste from the newsletter dated “Friday, November 27, 2015 5:14 PM”.

“The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 2015. As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems November 20–23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems.”

A friend tested the tool

On Thanksgiving Day, we spent time with friends who happen to have two (2) Dell laptops. One of them is my old one. We installed the removal tool on that computer and ran it.

The result was that the tool couldn’t find the file (not an exact quote). The removal tool had no effect on the performance of the laptop. We watch streaming music videos for a good part of the day.

Since this is an older laptop, it isn’t surprising that the tool didn’t find the file. My friend does not allow “automatic updates” on this pc (yes, he does know what he is doing).

We didn’t take the time to test the newer computer, but it does have Windows 10, which automatically updates the Windows Security Patches. I’m not sure about the Dell Application.

End of Update – Original Post is below:

I am straying away from talking about Professional Licensing, or Blogging 101 in this post for a very important public service notice.

This post is directed to anyone who owns a Dell computer.

I just received a newsletter update from one of my Federal Agency website email subscriptions that, as a former Dell computer owner really made me take notice.

I just purchased a new computer that replaced my older Dell laptop. This is too important not to post about it.

The newsletters’ contents are posted on the US-CERT website:

Dell Computers Contain CA Root Certificate Vulnerability – UNITED STATES COMPUTER EMERGENCY READINESS TEAM (US-CERT).

I’m not a particularly technical person, so instead of trying to explain what this security vulnerability is, here is a link to the Vulnerability Note:

Vulnerability Note VU#870761 – Dell Foundation Services installs root certificate and private key (dDellRoot) – Vulnerability Notes Database – Homeland Security.

Digital Encryption Icon By Dustin – Click/tap the image to view the source.
Digital Encryption Icon By Dustin – Click/tap the image to view the source.

REVOKING THE CERTIFICATE

The above Vulnerability Note lists two (2) Solutions:

The webpage talks about how to “Revoke eDellRoot certificate”.

I prefer the other recommendation.

REMOVING THE CERTIFICATE (WHAT I WOULD DO)

The Vulnerability Note lists a way to “Remove eDellRoot certificate” and provides a link to the Removal Tool.

When I clicked on the link in the Vulnerability Note, the tool automatically downloaded. I have copied the link, and you can use it here: DOWNLOAD THE TOOL.

Dell also has this post on their blog:

Response to Concerns Regarding eDellroot Certificate – Direct2Dell – The Official Dell Corporate Blog

ATTACK SCENARIOS

Under “Impact” the Vulnerability Note tells us that “Common attack scenarios include”:

“Impersonating a web site”

“Performing a MiTM attack to decrypt HTTPS traffic” – This can allow an attacker to read all encrypted web browser traffic, like our usernames and passwords.

“Installing malicious software”

I hope those of you who own a Dell computer will take the appropriate steps listed above to keep your computer and privacy safe from attack.

I’m including the Blogging 101 tag with this post, in the hope that this will be of help to the folks at Blogging University as well.

My Best to You
Arth

Author: Arth Strout

Good Day to You, My wife and I have had pets for the majority of our lives. I’m the “computer person”, although she gives inspiration in the background, she is also a very private person. So am I, when not online. At one point, when we lived in the country and times weren’t so tough, we had three (3) dogs and six (6) cats. So you see my love for pets (all animals) runs deep. I’m a firm believer that the very best relationship we can have with our pets is based upon mutual respect and proper care. Like ourselves, our pets are unique and valuable individuals with feelings. Deserving of the best quality of life. I believe that no one practice or belief is the only or best way to provide a quality of life for ourselves and our pets. Supporting Pet and Family Life Quality - I plan to do this by finding and sharing suggestions to help solve problems. My Best to You Arthur (Arth) Strout 12 Summer St., Apt. 2 Augusta, ME 04330

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s