Sunday, November 22, 2015

New Dell computer comes with a eDellRoot trusted root certificate

I recently purchased a Dell Inspiron 5000 series notebook (October 2015).  Setting things up, I was surprised to see a trusted root certificate pre-installed on the machine labeled "eDellRoot".  I'm having a tough time coming up with a good reason that Dell Computer Corporation needs to be a trusted root CA on my computer.

It has me thinking things similar to the Lenovo mistakes earlier this year with Superfish which I described at the time on twitter as "Lenovo commits corporate suicide".  With this eDellRoot presence causing curiosity, I posted again on twitter and this has resulted in some queries to more specifics on what I know.

I'll start with the MMC console certificates view of the installed cert.

Observe, the eDellRoot certificate is a trusted root that expires in 2039 and is intended for "All" purposes.  Notice that this is more powerful than the clearly legitimate DigiCert certificate just above it, which spikes more curiosity.

Drill in to see the certificate details and alarm bells start going off. 

"You have a private key that corresponds to this certificate".  This is getting very fishy!  As a user computer, I should NEVER have a private key that corresponds to a root CA.  Only the certificate issuing computer should have a private key and that computer should be ... very well protected!

Certificate details

Serial number starts with "6b c5 7b 95 18 93 aa 97 4b 62" and the keys are marked non-exportable.  Notice that this doesn't mean that the private key isn't accessible, it only means that it isn't exportable.  Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid.

This is the same action that existed with Superfish and in that case, Lenovo made the tremendously awful action of using the SAME private key on every computer.  Has Dell done the same?  When I get a few minutes, I'll try this technique to dump the private key.

Is it Dell?

Consider, while I do know that this certificate came pre-installed on the computer and I do know that it is named "Dell", I do not actually know that this certificate came from Dell Computer Corporation.  Root certificates are always self-signed, so all I really know is that eDellRoot says eDellRoot is legit. Where it breaks down is that the private key IS PRESENT on my computer and that means ... bad.

I'll note that I do not see MITM website proxy as described in this Sophos blog and the sites visited check out clean using Steve Gibson's fingerprints service.  A spot checking of web browsing here and there also shows certificate chains checking out as I would expect.  What is the purpose of eDellRoot?

And request arrives, Joe, would you kindly share the eDellRoot certificate from your computer?  Okay, here you go, link

I look forward to reading comments,

Joe Nord

Tuesday, November 17, 2015

TaylorMade RSI-1 irons

Demo days with GolfSmith were in Boca Raton this past weekend at the Boca Greens country club.  My review of clubs follows.

All the major club manufactures were in attendance and I hit ... all of them.  Learned that TaylorMade RSI-1 are excellent and ended up buying a set of these for my son.  The new model year "PSI" were also on display and are ... ever so slightly better.  Better yes, but today not worth the much higher price for the new release.  They flew "same" and carried just a bit further.  The RSI-1 were notably better than the Rocketballz.

The Callaway Great Big Bertha driver was excellent which I didn't fully expect and without surprise, the TaylorMade M1 driver was top of my list.   Just wish I had an extra $500 to drop on this thing.

The surprise for the day was the excellent performance of the Wilson Staff irons.  Call me old school, but it is a happy day to see these go so well and for me, I'm not sure if I preferred them or the PSIs.   

Nothing quite like hitting clubs on the real range to see how they fly and a good day to dream of new clubs.