Dell Pulls A Superfish

Dell Pulls A Superfish

1 minute read


I can't really talk about this too much unless you know about what happened with Superfish... I don't want to focus on it too much, so here's what Sophos says:

Your browser thinks it made an end-to-end encrypted connection, and in a sense it did, except that the other end of the connection was not the server – it was the Superfish filter on your own computer.
Lenovo “Superfish” controversy – what you need to know

Not Long After Superfish


Ubuntu Facts

Lenovo got a lot of crap for this, and now it's an on-going joke in the tech world... You would think how bad they got ripped into no other company would try the same thing... YOU THOUGHT WRONG ;-).

If you look at the signing date of Dell's cert it's just a couple months after the Superfish controversy with Lenovo... why... whhhyyyyy?????

What Can An Attacker Do?

Well, if an attacker can crack the cert, because it's the same cert on everyones machine, they can perform man-in-the-middle attacks (pretend to be what ever site they want), sign malicious code, sign malicious drivers, and much more because the cert was made to be a general purpose use cert, it has no restictions.

dell, superfish, self, signed, cert, certificate, root