When will computer manufacturers learn? You might remember that Lenovo got in trouble several times this year for first installing a program that spied on users' browsing, then for a rootkit meant to help customer service but that could also help hackers.
Now it's Dell's turn in the hot seat. It turns out that Dell laptops and desktops have a root certificate that contains its own private cryptographic key, which allows hackers to create fake browser security certificates. In non-technical language, a hacker can trick a Dell computer on a public network into thinking that fake websites are the real thing, especially encrypted ones like banking sites.
This problem started in August 2015 when Dell put the root certificate, called eDellRoot, on its computers to help out its customer service. Using this certificate, Dell technical support could quickly pull the system's service tag to see the computer's exact hardware and software specs.
Apparently, it didn't occur to anyone at Dell that hackers could use the certificate for other nefarious purposes. Fortunately, security researcher Joe Nord figured it out and brought it to everyone's attention.
Dell is now removing the certificate that "unintentionally introduced a security vulnerability" from computers it's shipping now. However, if you have a Dell computer made between August 2015 and late November 2015, it probably has this certificate. You can find out for sure at this page.
If you do have the certificate, Dell has detailed removal instructions (PDF). There's a patch you can download, or you can do it manually if you want. Dell promises that once you remove the certificate it won't reinstall.
The major browser manufacturers are also probably going to block the eDellRoot certificate in upcoming updates to keep it from doing things it shouldn't. So, if your browser says there's an update available, it's a good idea to install it.
This is also a good reminder to watch what you do when you're on public Wi-Fi. Hackers on the same network have ways of looking at what you're doing or even stealing sensitive information you send to websites. Learn how crooks attack you on public Wi-Fi and how you can protect yourself.