back to article Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie

The rogue root certificate in new Dell computers – a certificate that allows people to be spied on when banking and shopping online – will magically reinstall itself even when deleted. El Reg can confirm that the eDellRoot root CA cert, discovered over the weekend, automatically reappears when removed from the Windows …


  1. Fitz_

    Hang on a minute...

    Shouldn't the story angle here be how anyone who removes these CAs are borking the proper operation of a Dell computer over 'privacy concerns' (complete with sneer quotes)?

    Perhaps we could have a picture of Michael Dell looking crestfallen while behind him a photoshopped picture of users laughing and pointing at him with a suitably snippy quote along the lines of '...and then we said it was due to 'increased risk' *snigger*'.


  2. Rene Schickbauer


    Added Dell to my blacklist for all current and future projects (no time limit, all product ranges).

    1. Little Mouse

      Re: Solution

      Dell were already on my naughty step for the shoddy lower-than-usual-spec "badged" components that they would install into new PCs. Do they still do that?

      1. This post has been deleted by its author

      2. Anonymous Coward

        Re: Solution

        "Do they still do that?"

        Got that (reasonably) under control some years ago.

        My blacklist is getting rather long. It probably won't be much time before there are only real* Chinese firms left.

        *No, not you Lenovo. Sit back down.

        1. Bronek Kozicki Silver badge

          Re: Solution

          I put Dell on my shit-list when they refused to service 30" LCD monitor I bought from them, and soon after damaged in a small accident involving heavy object hitting LCD panel. I said I would pay for a new panel as long as the service cost was competitive compared to a new monitor, but they said they can only sell me a new monitor at RRP (which at the time was well over 20% more than same monitor bought in the shops)

    2. fajensen Silver badge

      Re: Solution

      Dell follows The Way of Amstrad: Great kit back in the 1980's, sucky crap forever after.

  3. Joe Harrison

    Simple way to kill it

    It's been said before in the other thread but just move it to the "untrusted certificates" bit of certmgr.msc.

    Yes it will come back again into the list of root CAs but will also remain in the untrusted list therefore will not actually work.

    Then at your leisure you can do the DLL hacking if you still want it completely gone.

  4. TeeCee Gold badge

    And the real problem is.....

    The certificate........contains a private key that can be extracted....

    A bit more here would be useful as, from where I'm sitting, that would seem to be the actual problem rather than the existence of the damned thing.

    1. Anonymous Coward
      Anonymous Coward

      Re: And the real problem is.....

      What more do you need?

      1) Dell installed a backdoor (root cert) on the machines they were selling.

      2) Dell leaked* the keys to the backdoor they'd planted in their machines.

      * In spectular style, to *E-V-R-Y-O-N-E*

      Take your pick of "actual problem"

      1) Dell is backdooring the machines they sell.**

      2) Dell an utterly incompetent shambles incapable of operating a simple security cert management operation.**

      3) Dell has exposed its victims and the networks to which they connected to an actively exploited critical vulnerability.**

      4) Dell cannot revoke their backdoor cert and must rely on updates and informed victims to correct the problem. Some victims may remain exposed for years to come.

      5) Zombie armies are bad.



  5. -v(o.o)v-

    HPKP would detect and block this MITM as long as the MITM does not strip the header. And again DANE would have completely mitigated this.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020