Official Computer Talk Thread

im-just-saying.jpg
 
Was going to get a ssd then decided to drop cash on the rear disk conversion for the project car instead.
 
webby said:
they've been getting a lot of bad press over pre installed spyware
http://www.pcworld.com/article/2887392/lenovo-hit-with-lawsuit-over-superfish-snafu.html
Click to expand...
so someone just found garbage installed on Dell computers -

=======
I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root CA (Certificate Authority) by the name of eDellRoot. With it came its private key, marked as non-exportable. However, it is still possible to obtain a raw copy of the private key by using several tools available (I used NCC Group's Jailbreak tool). After briefly discussing this with someone else who had discovered this too, we determined that they are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers. For those that aren't familiar, this is a major security vulnerability that endangers all recent Dell customers.

Surely Dell had to have seen what kind of bad press Lenovo got when people discovered what Superfish was up to. Yet, they decided to do the same thing but worse. This isn't even a third-party application that placed it there; it's from Dell's very own bloatware. To add insult to injury, it's not even apparent what purpose the certificate serves. At least with Superfish we knew that their rogue root CA was needed to inject ads into your web pages; the reason Dell's is there is unclear.

If you have recently bought a Dell computer and want to see if you are affected by this, go to Start -> type "certmgr.msc" -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates and check if you have an entry with the name "eDellRoot". If so, congratulations, you've been pwned by Dell, the very company you paid for your computer!

Here is a link to the certificate, private key, and PFX file for the certificate I found on my machine. The password for the PFX file is "dell". (The certificate itself is in the eDellRoot.crt file. Do NOT import the PFX file unless you know what you're doing. I just included it for convenience.) If yours came with the eDellRoot certificate, its thumbprint will probably be:

98:A0:4E:41:63:35:77:90:C4:A7:9E:6D:71:3F:F0:AF:51:FE:69:27

And its serial number:

6b:c5:7b:95:18:93:aa:97:4b:62:4a:c0:88:fc:3b:b6

It's upsetting that Dell would do this despite the backlash Lenovo experienced from its customers and the US Department of Homeland Security, and I really hope they quickly do something to correct this. The more people that know and speak up, the faster it will happen.

UPDATE: I've been reading that a lot of people are skeptical in the sense that this CA can't actually do anything because the CA has no capabilities. I did some more research and found out that this CA can indeed sign server certificates. I've updated the list of files above to include a certificate issued by the CA with file name "badgoogle.crt", which you can also see in this screenshot. For those that are unfamiliar with how this works, a network attacker could use this CA do sign his or her own fake certificates for use on real websites and an affected Dell user would be none the wiser unless they happened to check the website's certificate chain. This CA could also be used to sign code to run on people's machines, but I haven't tested this out yet.
 
Only 5 levels away from max rank in Black Ops 3
halloween_vampire.gif
halloween_vampire.gif


12289700_10206436346005891_4302400540525337838_n.jpg
 
Don't remember the specs on my first PC. I know it had windows 95 though. It was more or less old junk parts my dad had laying around so I know it wasn't really good.
 
Bought this in '94:

evo_packardbell.png



  • Processor - 486DX2-66
  • Memory - 4MB, upgradeable to ?
  • Hard Drive - 160MB
  • Graphics Chip - Unknown, 1MB Video Memory, upgradeable to ?
  • Sound Card - Unknown
  • Optical Drive - N/A
  • Floppy Drives - 1x 1.44MB 3.5" Floppy Drive, 1x 1.2MB 5.25" Floppy Drive
  • Expansion Slots - Unknown
  • Operating System - MS-DOS 6.0/Windows 3.1
  • Navigator Version - Navigator 1.x
  • Hard Drive Format Number - N/A
  • Case Type - Late 93
  • Preinstalled Software - Windows Entertainment Pack for Packard Bell
  • Motherboard - Unknown
  • Price (If Known) - $1,600 (what I paid for it)
 
I know we used to have a lot of Packard bell stuff. I also remember being dragged to the conventions where all the vendors would try to sell the latest greatest before the internet was really popular and online ordering wasn't an option.
 
I repaired so many Packard bell computers back in the day.... :spazface: Makes me do this just looking at that. Memories
 
You must log in or register to reply here.
Back
Top