Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks.
The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday's removal by Dell of the dangerous eDellroot
certificate from affected Dell PCs.
With DSDTestProvider, once again a Dell support feature has inadvertently exposed customers to attacks that would be trivial to exploit. It is the same security blunder made by rival Lenovo in February with its Superfish adware
Carnegie Mellon University CERT has warned
that the DSDTestProvider certificate, which includes the private key, allows an attacker to create trusted certificates and perform impersonation, man-in-the-middle (MiTM) and passive-decryption attacks.