[Cryptography] Dells are shipping with a rogue root level CA cert
Philip Gladstone
pjsg-cryptography at nospam.gladstonefamily.net
Mon Nov 23 23:04:23 EST 2015
On 23/11/2015 15:57, Perry E. Metzger wrote:
> It seems that, not having learned from Lenovo's experience, Dell has
> started shipping laptops with a Dell provided CA cert pre-installed.
>
> http://www.techworm.net/2015/11/dell-pcs-laptops-ship-with-edellroot.html
>
> It is unclear what the CA is for, but there's a good possibility it
> isn't good...
There are a number of machines directly accessible that serve up a
certificate signed by this root CA cert. They seem to all be serving the
same cert which has CN=localhost and the same public key. This cert was
signed back on 7 April 2015.
https://twitter.com/achillean/status/668986430387949568
This doesn't answer what the CA is *for*, but it does indicate that it
is in *use*.
Philip
More information about the cryptography
mailing list