The eDellRoot certificate was a hot topic back in November 2015. This post just summarizes the tools to use check this and other rogue certificate on your computer.
Detection
Steps to check if your computer (mainly the Dell laptop) is vulnerable by the eDellRoot certificate
- Use Internet Explorer or Chrome (Firefox has its own certificate store, so this test site doesn’t work).
- Go to https://edell.tlsfun.de/
Removal
If the bad eDellRoot certificate is found on your computer, use the Dell’s official remover to remove it.
Audit the root CA stores
Furthermore, you can scan and audit the trusted root CA stores – both Microsoft (using by IE and Chrome) and Mozillla (using by Firefox), with the following tools:
- RCC from http://trax.x10.mx/apps.html
- the upcoming version of Sigcheck from Mark Russinovish at Microsoft
- Mark Russinovich announced this on Twitter
- As 12/22/2015, this version of Sigcheck is still in beta. Not yet available. I will post an update when the final version is available in public.
No comments:
Post a Comment