Dell’s Tumble, Google’s Fumble, And How Government Sabotage Of Internet Security Works » okTurtles Blog

IMG_2802

On Monday, the Internet received another reminder about its sad state of security. It was discovered that Dell decided to compromise their users’ Internet security in a way that’s difficult to top. As elaborated further in this post, Dell, in tandem with Google, made it possible for anyone on earth, you or me, to break every single type of HTTPS connection that Dell users were making (including HPKP connections)—shiny lock icons be damned. Their reason?

Source: Dell’s Tumble, Google’s Fumble, And How Government Sabotage Of Internet Security Works » okTurtles Blog

Superfish 2.0: Now Dell is Breaking HTTPS | Electronic Frontier Foundation

Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn’t be so bad, except Superfish’s certificates all used the same private key.

Source: Superfish 2.0: Now Dell is Breaking HTTPS | Electronic Frontier Foundation