Starting on January 2016, Microsoft's Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates removed from the Trusted Root CA Store.
Microsoft has updated the Certificate Trust list for all supported releases of Microsoft Windows so that the two digital certificates (complete with inadvertently disclosed private keys) used by Dell on its computers will no longer be trusted.
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, Carnegie Mellon University's CERT/CC warns.
The main piece of news on Monday was that Dell's desktop PCs and laptops shipped since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it.
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the danger of Man-in-the-Middle and signed malware attacks.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.