Dell’s (entirely foreseeable) security mistake

Dude, you’re getting hacked. Dell is catching heat for a program designed to make remote-support of its users much easier that in fact made hackers’ jobs a whole lot easier, too. 

The company installed a self-signed root certificate called eDellRoot on users’ computers. This would allow hackers to sign fraudulent TLS certificates on browsers.

Essentially, they could then pose as trusted services, such as Google or banking companies, and intercept users’ passwords, account names and more using a Man-in-the-Middle (MitM) attack.

Been down this road before

What makes this a particularly egregious violation? A very similar incident happened earlier this year when competitor Lenovo got in trouble for pre-packaging the Superfish malware on its machines.

Computerworld notes a bit of irony here, as Dell used that blunder as a marketing tool to advertise its own, supposedly more-secure options.

Install your own OS

For IT, the solution may be simple: Always install your own version of an operating system on purchased equipment. Original Equipment Manufacturers (OEMs) generally do their best to boost the bottom line by having very loose standards on what they will accept for pre-installs.

Another option: You can purchase stripped-down or pure versions of PCs directly from Microsoft.

Either way, just make sure that you’re keeping a close eye on any bloatware that comes on machines – and doing everything in your power to get rid of it.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy