Dell Pulls A Superfish
I can't really talk about this too much unless you know about what happened with Superfish... I don't want to focus on it too much, so here's what Sophos says:
Not Long After Superfishh1>
Lenovo got a lot of crap for this, and now it's an on-going joke in the tech world... You would think how bad they got ripped into no other company would try the same thing... YOU THOUGHT WRONG ;-).
If you look at the signing date of Dell's cert it's just a couple months after the Superfish controversy with Lenovo... why... whhhyyyyy?????
What Can An Attacker Do?
Well, if an attacker can crack the cert, because it's the same cert on everyones machine, they can perform man-in-the-middle attacks (pretend to be what ever site they want), sign malicious code, sign malicious drivers, and much more because the cert was made to be a general purpose use cert, it has no restictions.
Let me know what you think of this article on twitter @martinoj2009!