Bad news: Dell has installed a rogue root CA on customer PCs.
Why is it bad? Because it’s trivial to perform man-in-the-middle attacks against any computer with the cert installed. Dan Goodin has an excellent writeup here.
Dell explained late yesterday evening that the cert “was intended to provide the system service tag to Dell online support”.
Wait… where have we heard something like that before?
Back in April. Regular readers of News from the Lab will recall that Dell had some remote code execution issues via “Dell System Direct” in April 2015.
Here’s the (somewhat) good news: Dell Foundation Services appears to be far less prevalent than Dell System Direct.
Want to check if you have eDellRoot installed?
As Dan Tentler suggests, hit this site: https://edell.tlsfun.de/