[Micronet] Dell Computers With Self-Signed Root Certificates

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Dell Computers With Self-Signed Root Certificates

John McChesney-Young
Most people on this list will understand the significance of this better than I do, but FYI:

Dell does a Superfish, ships PCs with easily cloneable root certificates

http://arstechnica.co.uk/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Dell apologizes for HTTPS certificate fiasco, provides removal tool

http://arstechnica.com/security/2015/11/dell-apologizes-for-https-certificate-fiasco-provides-removal-tool/

If you want to see whether you should be concerned about your own Dell computer:

To find out if a computer is infected with such a certificate, visit this test site using the Chrome, Edge, or Internet Explorer browsers. If the browser establishes an HTTPS connection without displaying a warning, the computer is affected.

See the second link above for a link to an uninstaller app from Dell and manual instructions.

John

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Dell Computers With Self-Signed Root Certificates

Vivian Sophia
Of course, if your computer has been provided with the Berkeley Desktop, you don't need to worry about this issue, because whatever Dell usually loads on computers has been erased and replaced with a known set of software and settings.



Vivian Sophia
Berkeley IT 
CSS IT High-Impact Client Support Lead
Micronet Community of Practice Coordinator
University of California, Berkeley
310B Durant Hall
(510) 541-6120

On Tue, Nov 24, 2015 at 8:23 AM, John McChesney-Young <[hidden email]> wrote:
Most people on this list will understand the significance of this better than I do, but FYI:

Dell does a Superfish, ships PCs with easily cloneable root certificates

http://arstechnica.co.uk/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Dell apologizes for HTTPS certificate fiasco, provides removal tool

http://arstechnica.com/security/2015/11/dell-apologizes-for-https-certificate-fiasco-provides-removal-tool/

If you want to see whether you should be concerned about your own Dell computer:

To find out if a computer is infected with such a certificate, visit this test site using the Chrome, Edge, or Internet Explorer browsers. If the browser establishes an HTTPS connection without displaying a warning, the computer is affected.

See the second link above for a link to an uninstaller app from Dell and manual instructions.

John

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice <a href="tel:1-510-642-5511" value="+15106425511" target="_blank">1-510-642-5511 // fax <a href="tel:1-510-643-2185" value="+15106432185" target="_blank">1-510-643-2185


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Dell Computers With Self-Signed Root Certificates

Todd_Stoppenhagen

Vivian and Berkeley Team,

 

 

For the latest information regarding “eDellRoot”, please see: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate.

 

This post includes reassurances that the certificate is not malware or adware, and related only to our support site being able to pull a systems service tag.  Also included are instructions on permanently removing the certificate if needed LINK.

 

-------------

Response to Concerns Regarding eDellroot Certificate

Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward. 

Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.

 

 

Todd Stoppenhagen

Inside Account Manager

Dell | Large Institution ESL

office + 800-274-7799 ext 513-9379

direct + 512-513-9379

fax + 512-283-1543

Dell Inc. One Dell Way, RR8, Round Rock, TX 78682

How am I doing?  Please contact my manager, Denise Sikora at [hidden email] with any feedback

 

cloud     bigdata     mobility     security

     Cloud          Big Data      Mobility      Security

Management

Converged Infrastructure | Software Defined & Open Networking | Software Defined Storage

 

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Vivian Sophia
Sent: Tuesday, November 24, 2015 10:38 AM
Cc: Micronet List <[hidden email]>
Subject: Re: [Micronet] Dell Computers With Self-Signed Root Certificates

 

Of course, if your computer has been provided with the Berkeley Desktop, you don't need to worry about this issue, because whatever Dell usually loads on computers has been erased and replaced with a known set of software and settings.


 

 

Vivian Sophia

Berkeley IT 

CSS IT High-Impact Client Support Lead

Micronet Community of Practice Coordinator

University of California, Berkeley

310B Durant Hall

(510) 541-6120

 

On Tue, Nov 24, 2015 at 8:23 AM, John McChesney-Young <[hidden email]> wrote:

Most people on this list will understand the significance of this better than I do, but FYI:

 

Dell does a Superfish, ships PCs with easily cloneable root certificates

http://arstechnica.co.uk/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Dell apologizes for HTTPS certificate fiasco, provides removal tool

http://arstechnica.com/security/2015/11/dell-apologizes-for-https-certificate-fiasco-provides-removal-tool/

 

If you want to see whether you should be concerned about your own Dell computer:

 

To find out if a computer is infected with such a certificate, visit this test site using the Chrome, Edge, or Internet Explorer browsers. If the browser establishes an HTTPS connection without displaying a warning, the computer is affected.

 

See the second link above for a link to an uninstaller app from Dell and manual instructions.

 

John

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice <a href="tel:1-510-642-5511" target="_blank">1-510-642-5511 // fax <a href="tel:1-510-643-2185" target="_blank">1-510-643-2185



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.

 


Find your cloud strategy. Leverage new technology and existing investments in a scalable cloud solution. Read the article >


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Dell Computers With Self-Signed Root Certificates

Ben Gross
In reply to this post by Vivian Sophia
Thanks Vivian!

You are correct that users with a Berkeley Desktop image will not have this issue. I suspect the overall occurrence of the eDellRoot across campus is relatively low. EEI has been investigating this issue since yesterday and has found a total of about ten managed machines with this root certificate so far.

There may be more unmanaged machines with the root certificate. For these unmanaged machines, Dell has provided instructions for the removal and the link to those are in the references below. EEI is investigating an automated method to remove the root certificate (and possibly another related certificate) on managed machines. 

The most potential immediate threat to affected users is that a malicious person could use the root certificate to create false certificates for a site and the browser would show the certificate as valid, which would make phishing more effective if the user did not pay attention to the URL or if there was some other type of man in the middle attack. In general, users are much more vulnerable for out of date plugins such as Java, Acrobat, and Flash than for this vulnerability, but an attacker could potentially exploit both vulnerabilities so it is worth treating the issue as serious.

Instructions from Dell with fix:

Response to Concerns Regarding eDellroot Certificate

Best two overview articles:

Dell does a Superfish, ships PCs with easily cloneable root certificates | Ars Technica

Dell apologizes for HTTPS certificate fiasco, provides removal tool | Ars Technica

Best article with technical details:

Dude, You Got Dell’d: Publishing Your Privates - Blog - Duo Security

Additional references:

Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections - Hanno's blog

Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish : technology

Dell Shipping Superfish-Style Root Cert, Private Key | Threatpost

Joe Nord personal blog: New Dell computer comes with a eDellRoot trusted root certificate

Errata Security: Some notes on the eDellRoot key

Dell Promises To Kill Dangerous Security Certificate It Shipped On PCs - Forbes

Ben Gross
Manager, Endpoint Engineering and Infrastructure
Information Services and Technology Division
University of California, Berkeley

On Tue, Nov 24, 2015 at 8:37 AM, Vivian Sophia <[hidden email]> wrote:
Of course, if your computer has been provided with the Berkeley Desktop, you don't need to worry about this issue, because whatever Dell usually loads on computers has been erased and replaced with a known set of software and settings.



Vivian Sophia
Berkeley IT 
CSS IT High-Impact Client Support Lead
Micronet Community of Practice Coordinator
University of California, Berkeley
310B Durant Hall
<a href="tel:%28510%29%20541-6120" value="+15105416120" target="_blank">(510) 541-6120

On Tue, Nov 24, 2015 at 8:23 AM, John McChesney-Young <[hidden email]> wrote:
Most people on this list will understand the significance of this better than I do, but FYI:

Dell does a Superfish, ships PCs with easily cloneable root certificates

http://arstechnica.co.uk/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Dell apologizes for HTTPS certificate fiasco, provides removal tool

http://arstechnica.com/security/2015/11/dell-apologizes-for-https-certificate-fiasco-provides-removal-tool/

If you want to see whether you should be concerned about your own Dell computer:

To find out if a computer is infected with such a certificate, visit this test site using the Chrome, Edge, or Internet Explorer browsers. If the browser establishes an HTTPS connection without displaying a warning, the computer is affected.

See the second link above for a link to an uninstaller app from Dell and manual instructions.

John

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice <a href="tel:1-510-642-5511" value="+15106425511" target="_blank">1-510-642-5511 // fax <a href="tel:1-510-643-2185" value="+15106432185" target="_blank">1-510-643-2185


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Dell Computers With Self-Signed Root Certificates

Jeff Anderson-Lee

On Tue, Nov 24, 2015 at 3:10 PM, Ben Gross <[hidden email]> wrote:
The most potential immediate threat to affected users is that a malicious person could use the root certificate to create false certificates for a site and the browser would show the certificate as valid, which would make phishing more effective if the user did not pay attention to the URL or if there was some other type of man in the middle attack.

Further, I thought the issue was that Microsoft (not just Dell) trusts this root certificate by default, so as I read it *any* machine running a Microsoft OS will trust the bogus signed certificates until Microsoft revokes trust in that root certificate. Or am I reading it wrong and it is only machines from Dell with a Microsoft OS that have trust by default?

Jeff Anderson-Lee



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.