Dell found distributing weak certificates – again

Dell has come under criticism for the second time this week as users' personal information was found to be vulnerable and open to attack as a result of security certificate errors. 

In a statement, Dell said that the second problem affected users who downloaded its Dell System Detect product between 20 October and 24 November 2015. Unlike the first, this was not pre-installed on computers.

Dell said it had again released a fix and said the product was removed from its site once the issue was spotted and a replacement application was made available.

Raising concerns about the company's use of commercial security certificates, Brian Spector, CEO of Certivox said: “The commercial digital certificate industry in general, is broken, and it needs to be replaced. This latest incident is just one of many whereby the commercial certificate authority's position as a single point of trust is causing serious problems.”

Craig Young, Security Researcher at Tripwire has come up with a simple test for eDellRoot certificate. When clicking on the following link, if your system is secure you will get a browser warning. https://edellroot.secur3.us/