|
|
| Author |
Message |
| ScaredyCat |
This post is not being displayed .
|
ScaredyCat
World Chat Champion
Joined: 19 May 2012
Karma :  
|
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| DrSnoosnoo |
This post is not being displayed .
|
DrSnoosnoo
World Chat Champion
Joined: 28 Mar 2012
Karma :
|
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| DrDonnyBrago |
This post is not being displayed .
|
DrDonnyBrago
World Chat Champion
Joined: 03 Jan 2010
Karma :
|
 Posted: 09:47 - 24 Nov 2015  Post subject: |
 |
|
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| ScaredyCat |
This post is not being displayed .
|
ScaredyCat
World Chat Champion
Joined: 19 May 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| J.M. |
This post is not being displayed .
|
J.M.
World Chat Champion
Joined: 27 Mar 2011
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Polarbear |
This post is not being displayed .
|
Polarbear
Super Spammer
Joined: 24 Feb 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| J.M. |
This post is not being displayed .
|
J.M.
World Chat Champion
Joined: 27 Mar 2011
Karma :
|
Posted: 15:09 - 25 Nov 2015  Post subject: |
|
|
I haven't fully read in to it, so I can't comment for certain.
A certificate is created by a signing body and added to a computer. A website will be signed by one of the signing bodies in order to use HTTPS.
When you go on a HTTPS website, your computer verifies the website's certificate by using the signing body's certificate that is on your computer. If you don't have the signing body's certificate, you will get an error. If the website's certificate is wrong or tampered with, you will get an error.
This Dell certificate is another signing body certificate. It can be used to create valid certificates for websites. This means that whoever owns the dell certificate is able to create a certificate for any HTTPS website.
This means that person can sit in the middle of a connection between say you and the bank, and your computer would have no idea, because they can present to you a valid certificate because the Dell certificate verifies it.
These certificates by the signing body work in two parts:
- public key
- private key
The signing body will sign the certificate to the website with their private key. The public key is on your computer and you decrypt the message using their public key to verify it. (Note this is the opposite way around than encrypting a message).
ScaredyCat's screenshot clearly shows that the private key for the signing certificate is on each computer. This means that anybody can create a certificate for a website and the dell computer will accept it.
This is assuming that Dell hasn't generated a unique key for each system produced, which I would find highly unlikely.
Even if the company didn't have bad intentions, as their official comment states, this is exactly the reason why companies need to hire people that actually understand the security implications of their actions, rather than hiring just programmers.
tl;dr if you're smart, you'll probably be able to see what others do. Others will be able to see what you do too (unless you remove the certificate).
____________________
2004 R1 & 2018 XSR900 |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| CaNsA |
This post is not being displayed .
|
CaNsA
Super Spammer
Joined: 02 Jan 2008
Karma : 
|
| Posted: 15:12 - 25 Nov 2015 Post subject: |
|
|
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 10 years, 62 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating