Remember Superfish? That was when Lenovo shipped bloatware on their laptops that included the same self-signed root certificate. Once attackers extracted the private key, they could leverage this root certificate to make every HTTPS connection look good, even if it was a fake site. Apparently, Dell made the same mistake. Watch today’s video to learn more.
Show note: I apologize for the bad sound in today’s video. I made it in a hotel room with a bad audio source.
(Episode Runtime: 2:07)
Direct YouTube Link: https://www.youtube.com/watch?v=mIc028v3XVk
EPISODE REFERENCES:
- Dell XPS and Inspiron suffer for a Superfish-like certificate flaw – Ars Technica
- Dell Superfish 2.0 lets attackers spoof legitimate web sites – The Register
- Dell Superfish 2.0 certificate keeps coming back – The Register
- Lenovo’s original Superfish issue – CNet
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply