Cat spam reveals weaknesses; Dell shipped PCs with in-built dangers; Don't walk and text
Many recently shipped Dell laptops and desktops contain a root certificate that exposes users to online eavesdropping and malware attacks, security writer Brian Krebs has reported.
According to Krebs, the issue affects all new Dell laptops and desktops shipped since August.
Krebs wrote that the root certificate — named eDellRoot — includes the private cryptographic key for the certificate.
“Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site,” he wrote.
“A malicious hacker could exploit this flaw on open, public networks (think Wi-Fi hotspots, coffee shops, airports) to impersonate any website to a Dell user, and to quietly intercept, read and modify all of a vulnerable Dell system’s web traffic,” he continued.
In a company blog post, Dell acknowledged that eDellRoot “unintentionally introduced a security vulnerability”.
“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the blog post read.
Dell said the cert “is not malware or adware” and “was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers”.
The Dell blog post includes a link to instructions on removing the certificate from affected systems.
Catfact spam
Twitter users who publicly shared their telephone numbers have reportedly fallen victim to a cat-related spam attack.
According to The Verge, a concerned citizen set up a system that automatically scrapes phone numbers that have been publicly posted by Twitter users and automatically sends facts about cats to these users. The incoming messages can only be stopped by tweeting “Meow, I <3 catfacts” to NSA whistleblower Edward Snowden.
The person behind the project purportedly created it in an attempt to raise awareness of the dangers of sharing information online.
“The main cause is to spread awareness of operational security,” The Verge quoted the system’s coder as saying. “When people tweet pictures of their driver’s licences or debit cards, they usually understand their mistake upon someone retweeting it. When they tweet their phone number, they think nothing of it.”
But, “If the messages sent to them were malicious, [they] could be exploited with ease,” the coder was quoted as saying.
According to Fairfax, the cat-related messages appear to include: “A smooth, shiny coat is the sign of a healthy cat” and “The technical term for hairball is bezoar”.
Walking and texting
The University of Newcastle made tech headlines this week when the Newcastle Herald reported the uni had circulated an email to staff warning of the dangers of texting while walking.
The email reportedly said that several staff have been treated this year for injuries sustained on campus while using their phones to text, email or check social media.
‘‘When using your smart phone... you’re not in full control with the action of walking because you can’t see the path in front of you,’’ the Newcastle Herald quoted the email as saying.
The paper also quoted an unnamed staffer as saying: ‘‘I await the one about breathing and chewing.”
While advice about walking and texting may seem obvious to some, the warning is evidently necessary. The Herald cited the university’s associate director of health and safety as saying that the uni’s crosscurrent of pedestrians, cars and bikes in a bushland setting makes it dangerous to walk around while looking down, and that two staff members had been hurt in “self-declared” text-walking accidents.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.
Boosting software security with a binary approach
The discovery of a leaked access token earlier this year has shone a light on why the method we...
Safeguarding against security risks in AI agents
The chain of events and interactions initiated by AI agents can be vast and complex, often...