View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 26, 2015

Dell security woes continue with second flaw found

News: Found just days after eDellRoot vulnerability.

By Charlotte Henry

Serious questions are beginning to surround Dell in regards to their security, following the discovery of a second security flaw on its devices in just a matter of days.

The company has had to pull its Dell System Detect application, after it was discovered to contain a self signed root certificate authority.

Journalist Hanno Bock found DSDTestProvider, which allows hackers to intercept a users web traffic, and force a computer to think that an unsafe website was secure.

Dell said that the problem affects users who downloaded Dell System Detect product between 20 October and 24 November 2015.

Researchers at Caernegie Mellon University ,who were passed the information by Bock, said in their report: "An attacker can generate certificates signed by the DSDTestProvider CA. Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA."

The researchers warn that "Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."

It comes just days after the preloaded eDellRoot had been discovered. Unlike eDellRoot though, this second issue is not pre-istalled on devices. The researchers urge affected users to revoke the DSDTestProvider certificate.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The Inspiron, Precision and XPS ranges are amongst those devices affected.

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU