Dell pre-installing a default root certificate on new machines is a serious security faux pas, and the PC giant is deep in damage control mode. An eDellRoot removal utility is now available, but what’s getting buried in the uproar is the fact that we still don’t seem to understand how certificates and public key infrastructure work.
This week, researchers stumbled upon a previously unknown trusted root certificate authority on several Dell computers. Even though eDellRoot was not a valid CA, the fact that it was pre-installed meant the operating system automatically trusted it.
To read this article in full or to leave a comment, please click here