Dell officially acknowledges security threats to certificates other than eDellRoot



Support tool pre-installed on Dell's laptop "EDellRoot"Is a security threatening problem that also stores the private key along with the root certificate, DellPublish eDellRoot deletion toolWe are being chased by correspondence such as to do, furthermore, "DSDTestProviderI officially acknowledged that there is a similar security problem in the certificate called "

Response to Concerns Regarding eDellroot Certificate
http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

And then there were two: Another dangerous Dell root certificate discovered | PCWorld
http://www.pcworld.com/article/3008478/security/and-then-there-were-two-another-dangerous-dell-root-certificate-discovered.html

PCs running Dell support app can be uniquely ID'd by snoops and scammers | Ars Technica
http://arstechnica.com/security/2015/11/pcs-running-dell-support-app-can-be-uniquely-idd-by-snoops-and-scammers/

Lenovo's Very Adware "Superfish"By looking at the following article you can tell what is Dell's "eDellRoot" problem, which is also called "Superfish 2.0" in part because it is a recurrence of the problem.

There is a danger that Dell notebook PCs are equipped with the same root certificate & secret key and are subject to man-in-the-middle attacks - GIGAZINE


A new security problem was found in "Dell System Detect"And the root certificate installed along with Dell System Detect"DSDTestProvider". DSDTestProvider also contains a private key, so it is a security vulnerability like eDellRoot.

Dell System Detect is a software to download and install when users using Dell's PC receive support from the Dell Support website, according to Dell "In order to be able to receive better support according to individual cases" It is an auxiliary tool of. For this reason, the DSDTestProvider certificate is not preinstalled on a Dell PC like eDellRoot, so there is a difference in that only users who installed it to support it will become subjects for this trouble.

According to Dell, Dell System Detect and DSDTestProvider are exposed to security threats by certificates between 20th October 20th and 24th November, included in Dell System Detect software on Dell Support It is limited to users who use "detect product" function to transmit product identification information.

Although Dell has already removed Dell System Detect from the Dell Support site and is providing another tool that does not contain vulnerable certificates, users using Dell System Detect will uninstall the software and install DSDTestProvider It seems good to delete certificates as well.

Dell System Detect & DSDTestProvider The method of deleting a certificate is basically the same as the case of eDellRoot certificate, so please follow the following article.

Dell unveils removal tool for root certificate "eDellRoot" pointed out by vulnerability - GIGAZINE

in Software,   Security, Posted by darkhorse_log