rootcertificates
Latest
Dell is the latest PC maker with a gaping security flaw, but it will fix it
Lenovo and Samsung might not be the only big Windows PC makers pre-installing software that compromises your security. Computer buyers have discovered that Dell is shipping at least some PCs (such as the new XPS 15) with a self-signed security certificate that's the same on every system. If intruders get a raw copy of the certificate's private key, which isn't hard, they have an easy way to attack every PC shipping with this code. The kicker? This is much like Lenovo's Superfish exploit, only written by the hardware vendor itself -- Dell had plenty of time to learn from its rival's mistake.
Your iPhone inherently trusts many sites, including the government's
As a matter of course, virtually all the internet-capable hardware you use supports trusted certificates, or proofs that secure data connections (such as those for apps and websites) should be legitimate. Have you ever wondered exactly how much faith your gadgets place in others, however? Thanks to Karl Kornel, we now have a good sense of how iOS 8 devices fare -- and apparently, they trust a lot of organizations. Apple's latest mobile software has no less than 222 certificates that greenlight data sharing. Most of these are from companies you'd expect to oversee security on iPads and iPhones, including Symantec's various brands (35 certificates) and Apple itself (five). However, there are also quite a few governments that also get iOS' all-clear in certain circumstances, including China, Japan, the Netherlands, Taiwan, Turkey and the US.
Apple security update addresses DigiNotar certificates
Apple has rolled out security update 2011-005 (Lion) and security update 2011-005 (Snow Leopard), which addresses the certificate trust policy regarding DigiNotar certificates. The update removes DigiNotar from the list of trusted root certificates, the list of Extended Validation certificate authorities and configuring the default system trust settings so DigitNotar certificates -- those issued by DigitNotar itself and other authorities -- are not trusted. These downloads are available through Apple's support site and via Software Update.
