Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0110 Certificate installed with Dell Foundation Services allows man-in-the-middle attack 25 November 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Dell Foundation Services Operating System: Windows Impact/Access: Access Privileged Data -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Mitigation Member content until: Friday, December 25 2015 Comment: AusCERT has received reports that a private key and pass-phrase have been publicly disclosed for a certificate shipped with Dell Foundation Services. OVERVIEW Dell Foundation Services software (provided on Dell PCs) since August 2015 has included an eDellRoot Certificate Authority. AusCERT has received reports that the private key and pass-phrase for this CA have been publicly released. [1] IMPACT Systems with the Dell Foundation Services application installed which contain the eDellRoot CA are vulnerable to potential man-in- the-middle attacks. This certificate can be used to sign for arbitrary domains. However, Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems with Dell Foundation Services software installed with moving forward. [2][3][4] MITIGATION AusCERT recommends that you take the time to investigate how this has impacted on your systems. If you locate the eDellRoot CA it should be removed. This site can be used to check for the eDellRoot CA: https://edell.tlsfun.de/ If the eDellRoot CA is installed it can be removed by: Start -> type "certmgr.msc" -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates -> locate eDellRoot and remove. Dell systems with Dell Foundation Services software installed will remove the eDellRoot certificate starting from 24 November 2015 via a software update. [1] REFERENCES [1] Response to Concerns Regarding eDellroot Certificate http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate [2] Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections https://blog.hboeck.de/archives/876-Superfish-2.0-Dangerous-Certificate-on-Dell-Laptops-breaks-encrypted-HTTPS-Connections.html [3] Security Bug in Dell PCs Shipped Since 8/15 http://krebsonsecurity.com/2015/11/security-bug-in-dell-pcs-shipped-since-815/ [4] Dude, You Got Dell’d: Publishing Your Privates https://www.duosecurity.com/blog/dude-you-got-dell-d-publishing-your-privates AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVlUSEX6ZAP0PgtI9AQKFkxAAwBtMrjZHLYlgTY6MGN7dauSDt9ehXWX8 a200yn+zKCsysjtQIRdu7XNLqosK9rrbHar2+t9Jn23L+nmJRKn2RKFZHapIVJrX cm2rxjChir9pNPHF07ODDpf/5ZpCmESBvDg7I8bqOkB3YKN7vmLEQdZO+1xXtpH4 nNZLZUg6nAGVBAUB8DmUk7KQ+5rPf+3L+X4SHauZvrfKtvFGZiRyvl+CsK8iRynP 7dydpsRtzm2iJGek5nzAlsWT4RGScd2vVdo33AI0iBlFNV59v4RCT93DvBAQH2f9 +GBt5/Q3dVbTok6X2fBtLGBX4EkObZarcWs0GS3tM/NxRzHcwNV1tmC/u8ULM0iJ GiCCIrIGbmTl7+JXx1TZSzqS6DHRZEg9XgNtdp77od6QEEjC3ck5KF6OUiTfb8U/ 134CpefrgOl1IfLPLBGy0qw+/8bMKoQMxtggHLqhV1jplo1X8QZPgqvijlhTZ5YR diBkpivqFvlQE3PX6ngKVGZuQ6T8HeAQG8g4ir6+eeUzcCEPiN+VGeG8jyCLsPVc dPDzG3UPGJmqHLDmv5xhPmvNhaHWgw/RJTykOPcZRP0Htb8UD7XlCNjOFT2g5ihU 1IUP064RfV9CwXJjfWPjrdiFyTQvvinb/4+qro4L/mcLPBEGhPAsb4XnBpbc3tIO qdEwWpwUuA0= =2HbE -----END PGP SIGNATURE-----