“A security hole that could allow attackers to access users’ personal data was inadvertently placed on Dell computers, the company has admitted,” Kevin Rawlinson reports for BBC News. “The hole represented a ‘profound security flaw’ that could allow access to bank details and other personal data, experts said.”
“Dell has issued guidance on removing the software that produced it,” Rawlinson reports. “The news comes after Lenovo was also criticised for pre-installing adware that potentially compromised security. One user, posting on Reddit, reported finding that their Dell machine came pre-installed with a self-signed root certificate authority, called ‘eDellRoot,’ and the private key associated with it.”
“In a statement released on Monday, Dell acknowledged the vulnerability and linked to a guide on permanently removing the software that caused it,” Rawlinson reports. “The firm thanked users who brought it to their attention and invited others to flag up any further security issues… Some people equated the security flaw with the Superfish adware that it emerged was being pre-installed on Lenovo computers earlier this year. The software was designed to help users shop online but experts warned that it was insecure.”
Read more in the full article here.
MacDailyNews Take: Ah, the lovely Windows cesspool. No wonder it’s going the way of the Dodo.
SEE ALSO:
Never mind the ‘Steve Jobs’ movie, get ready for the ‘Michael Dell’ biopic! – November 24, 2015
Man shoots his Dell Windows PC in fit of rage – April 22, 2015
Ten reasons why Apple Macs are better than Windows PCs – December 17, 2014
Windows to blame for Home Depot’s gigantic security breach; senior executives given new MacBooks and iPhones – November 10, 2014
VMware declares that Windows’ reign ‘is coming to an end’ – and Apple’s Mac is taking over – July 5, 2014
PC does WHAAAT!? 😉
But this sort of thing surprises literally NOBODY on the planet.
I wonder if there are nefarious government authorities who are disappointed this ‘flaw’ was discovered in the Lenovo computers.
It was called Windows!
By installing the (b)adware, we were able to sell our pc’s for less. We did it for our customers. We had no idea that….
Perhaps this can be used in arguments against pre-installing 3rd party SW in the future..
We wish. In this case, it was the security blunder of blithering idiots with NO comprehension of modern security concerns. Anyone could access the private key. That’s a DOA manoeuvre. It’s giving away the store. It say’s ‘Please, I’m begging you! PWN me!’
Okay, before all you guys get all self-righteous and stuff, a certificate error led to several applications on the Mac to require re-installation. I didn’t bash Apple for it, stuff happens.
For the Apple die-hards, I remind them of the time iPods shipped with Windows viruses on them.
Please. Apple had a certificate error and it broke some stuff — that’s a bug. Dell installed a self-signed root certificate authority with a private key. That is a willful act of subterfuge, and their “Oh, thanks guys for letting us know,” when someone found it is all CYA bullshit. I think Dell owes its customers a bit more explanation.
Agreed. This is a pretty sly move by Dell.
Agreed. I was more into this not being a Windows only issue. not defending Dell. Was it a mistake by Dell, or something more sinister? I don’t know.
So what about the people who purchased the effected computers and don’t follow these kinds of stories. How are they going to know they are at risk? Is Dell going to contact them? Is Microsoft going to release some kind of patch? I don’t care what platform you use, this is ridiculous and should not happen.
Affected.
really…
…reported finding that their Dell machine came pre-installed with a self-signed root certificate authority, called ‘eDellRoot,’ and the private key associated with it.
Dell: Still living in the last century. Smooth move. (0_o)
The Dodo were hunted to extinction by Man. They were not an evolutionary dead end like Winblows.
The real security flaw in their PCs is Windows. This has been going on for years.