Vai al contenuto


Foto

Occhio ai dell. E_che_palle.tiff


Questa discussione e' stata archiviata Questo significa che non e' possibile rispondere
12 risposte a questa discussione

#1 Killer application

Killer application

    Schiavo

  • GRULLINO
  • 11.918 Messaggi:

Inviato 23 novembre 2015 - 10:08

Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish


Immagine inserita

#2 faco

faco

    mathematician

  • Membri
  • StellettaStellettaStellettaStellettaStellettaStelletta
  • 9.506 Messaggi:

Inviato 23 novembre 2015 - 10:38

ASUS FTW?

#3 Caldco

Caldco

    Schiavo

  • Grandi donatori di sperma
  • StellettaStellettaStellettaStellettaStellettaStellettaStelletta
  • 19.795 Messaggi:

Inviato 23 novembre 2015 - 10:46

ho letto: occhio ai peli delle palle

 

:ncasd:


Tutte cagne

#4 zizzefan

zizzefan

    Schiavo

  • GRULLINO
  • 4.282 Messaggi:

Inviato 23 novembre 2015 - 10:51

Formattone e via

NON APPARTENGO AI GRULLINI.

bruciassero i rom i negri e p.coso tutti insieme fintanto che non mi toglie quella stella del cazzo dal profilo


#5 euthanasia

euthanasia

    Matto

  • Donatori di sperma
  • StellettaStellettaStellettaStellettaStellettaStellettaStelletta
  • 34.163 Messaggi:

Inviato 24 novembre 2015 - 18:02

ma c'è anche la cosa del bios?



#6 thewebsurfer

thewebsurfer

    Schiavo

  • Membri
  • StellettaStellettaStellettaStellettaStellettaStelletta
  • 6.638 Messaggi:

Inviato 29 novembre 2015 - 01:19

però dell a differenza di lenovo ha rilasciato una guida per rimuovere il tutto


Non c'è più l'entropia di una volta


#7 Killer application

Killer application

    Schiavo

  • GRULLINO
  • 11.918 Messaggi:

Inviato 29 novembre 2015 - 01:30

eh si di 1 dei 2 problemi.

 

infatti c'è anche un altro certificato balordo. Non so se il tool rimuove anche il secondo o meno.


Immagine inserita

#8 thewebsurfer

thewebsurfer

    Schiavo

  • Membri
  • StellettaStellettaStellettaStellettaStellettaStelletta
  • 6.638 Messaggi:

Inviato 29 novembre 2015 - 01:37

eh si di 1 dei 2 problemi.

 

infatti c'è anche un altro certificato balordo. Non so se il tool rimuove anche il secondo o meno.

 

non mi sono informato bene però mi pare che nella pagina della guida alla rimozione si parlava pure di un certificato


Non c'è più l'entropia di una volta


#9 Killer application

Killer application

    Schiavo

  • GRULLINO
  • 11.918 Messaggi:

Inviato 29 novembre 2015 - 01:51

non mi sono informato bene però mi pare che nella pagina della guida alla rimozione si parlava pure di un certificato

 

il problema originale era 1 certificato. Adesso è venuto fuori che sono 2.

Credo che il tool rimuova solo il primo.


Immagine inserita

#10 Killer application

Killer application

    Schiavo

  • GRULLINO
  • 11.918 Messaggi:

Inviato 29 novembre 2015 - 01:52

 

Second Dell backdoor root cert found Blackhats, head straight to the airport lounge. backdoor_987356456764578567.jpg?x=648&y=
reddit.png
twitter.png
facebook.png
linkedin_alt.png
25 Nov 2015 at 05:00, Darren Pauli

A second root certificate has been found in new Dell laptops days after the first backdoor was revealed.

The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key.

Dell has been contacted for comment. The Texas tech titan has called the first certificate gaffe an "unintended security vulnerability" in boilerplate media statements.

Carnegie Mellon University CERT says it allows attackers to create trusted certificates and impersonate sites, launch man-in-the-middle attacks, and passive decryption.

"An attacker can generate certificates signed by the DSDTestProvider CA (Certificate Authority)," CERT bod Brian Gardiner says.

"Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA.

"An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."

Punters should move the DSDTestProvider certificate to the untrusted store using Windows certificate manager. They also need to kill Dell.Foundation.Agent.Plugins.eDell.dll to stop persistence.

The eDellRoot certificate was found this week in XPS, Precision, and Inspiron laptops.

Security bod Robert Graham recommends says black hats should head straight to the international airport lounge and use the handy certificates and keys to plunder executives' laptops.

"If I were a black hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications," Graham says.

"I suggest international first class, because if they can afford US$10,000 for a ticket, they probably have something juicy on their computer worth hacking." ®


Immagine inserita

#11 Killer application

Killer application

    Schiavo

  • GRULLINO
  • 11.918 Messaggi:

Inviato 29 novembre 2015 - 01:54

Ah coperto adesso che c'è una terza falla :asd:

 

 

Dell computers bundled with backdoor that blurts hardware fingerprint to websites How it works
reddit.png
twitter.png
facebook.png
linkedin_alt.png
25 Nov 2015 at 01:18, Shaun Nichols

Analysis Dell ships Windows computers with software that lets websites slurp up the machine's exact specifications, warranty status, and other details without the user knowing.

This information can be used to build a fingerprint that potentially identifies a person while she browses across the web. It can be abused by phishers and scammers, who can quote the information to trick victims into thinking they're talking to a legit Dell employee. And, well, it's just plain rude.

A website created by a bloke called Slipstream – previously in these pages for exposing security holes in UK school IT software – shows exactly how it can work.

This proof-of-concept code exploits a weakness in the design of Dell's support software to access the computer's seven-character service tag – an identifier that Dell's support website uses to look up information on the machine, including the model number, installed components, and warranty data.

Visit Slip's page above to see it in action – assuming you have a Dell running Dell Foundation Services. Be warned, though, it does play some fun chiptune music, so mute your speakers if you're still at work.

Slipstream says his website does not exploit the eDellRoot root CA certificate that turned up in new models of Dell laptops and PCs – but the Dell Foundation Services software that uses the dodgy cert.

As documented by Duo Security, Dell Foundation Services starts up a web server on TCP port 7779 that accepts requests for the service tag.

All a website has to do is, in JavaScript, request this URL:

http://localhost:777...REST/ServiceTag

and the foundation services returns exactly that – the service tag. No authentication required. This serial code can then be fed into Dell's support site to look up information about the machine.

The Register has tested the proof-of-concept site and verified that it does indeed pull up the service code on an Inspiron 15 series laptop bought in July. Slipstream also confirmed to The Reg that his script works even when the vulnerable root CA cert is removed by Dell's prescribed methods.

Aside from the possibility that a scammer could use the support number to gain user trust for a phony tech support call or other security con job, the proof-of-concept demonstrates just how deeply a third party can probe into a user's system by exploiting Dell's now-notorious support tools.

Dell was thrust into the spotlight yesterday when researchers first broke word of eDellRoot, a rogue certificate authority quietly installed on Windows machines that can be exploited by man-in-the-middle attackers to decrypt people's encrypted web traffic.

The Texas PC-slinger said the issue was merely a mishap related to its user support tools. Dell bristled at suggestions the flaw should be considered malware or adware, but nonetheless it has provided users with a removal tool.

The American biz has also pushed a software update that will automatically remove the vulnerable root CA cert from its machines. ®


Immagine inserita

#12 thewebsurfer

thewebsurfer

    Schiavo

  • Membri
  • StellettaStellettaStellettaStellettaStellettaStelletta
  • 6.638 Messaggi:

Inviato 29 novembre 2015 - 01:56

ma quali sono i laptop affetti?tutti?


Non c'è più l'entropia di una volta


#13 SuperMario=ITA=

SuperMario=ITA=

    Lo scemo del forum

  • Moderatori
  • 96.852 Messaggi:

Inviato 30 novembre 2015 - 10:04

si ma srsly

 

sono per utenza business, vuoi rompere le palle con delle backdoor? :asd:

 

:chan:


TghXItr.gif - Amare la Formattazione è la Soluzione al 90% dei Problemi della Vita