https://live.paloaltonetworks.com/t5/custom-signatures/dell-root-certificate-quot-edellroot-quot/m-p/68567#M15 <P>Good afternoon, all!</P> <P>&nbsp;</P> <P>Researchers have discovered a trusted root certificate being deployed by Dell on some newer laptops. For reference, see <A href="http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate" target="_self">here</A>.</P> <P>&nbsp;</P> <P>While an official signature from Palo Alto Networks is&nbsp;likely not forthcoming due to legitimate usage of the certificate, customers who do wish to alert when this certificate is detected by their PAN-OS appliance&nbsp;can use the exposed custom signature context "SSL-RSP-CERTIFICATE" to check for it.</P> <P>&nbsp;</P> <P>The attached signature, exported from a 7.0.3 PAN-OS device, does just that.</P> <P>&nbsp;</P> <P>Please note that this signature is:<BR /><BR />A) Not supported by Palo Alto Networks</P> <P>B) Just an example to show what can be done with our exposed custom signature contexts, and can definitely be improved upon.</P> <P>C) This signature was tested by visiting the site researcher Kenn White stood up to show what kind of security concerns may arise by this certificate being trusted. I will not provide the URL here, but it can quickly be found in Google, and is referenced in the Ars Technica article written about the issue.&nbsp;</P> <P>&nbsp;</P> <P>Additionally, and I cannot stress this enough,&nbsp;<EM>it is not a solution for the security vulnerability exposed by the presence of this certificate.</EM> Please follow Dell's guidance on the issue.</P> Thu, 26 Nov 2015 17:08:46 GMT rcole 2015-11-26T17:08:46Z https://live.paloaltonetworks.com/t5/custom-signatures/dell-root-certificate-quot-edellroot-quot/m-p/68567#M15 <P>Good afternoon, all!</P> <P>&nbsp;</P> <P>Researchers have discovered a trusted root certificate being deployed by Dell on some newer laptops. For reference, see <A href="http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate" target="_self">here</A>.</P> <P>&nbsp;</P> <P>While an official signature from Palo Alto Networks is&nbsp;likely not forthcoming due to legitimate usage of the certificate, customers who do wish to alert when this certificate is detected by their PAN-OS appliance&nbsp;can use the exposed custom signature context "SSL-RSP-CERTIFICATE" to check for it.</P> <P>&nbsp;</P> <P>The attached signature, exported from a 7.0.3 PAN-OS device, does just that.</P> <P>&nbsp;</P> <P>Please note that this signature is:<BR /><BR />A) Not supported by Palo Alto Networks</P> <P>B) Just an example to show what can be done with our exposed custom signature contexts, and can definitely be improved upon.</P> <P>C) This signature was tested by visiting the site researcher Kenn White stood up to show what kind of security concerns may arise by this certificate being trusted. I will not provide the URL here, but it can quickly be found in Google, and is referenced in the Ars Technica article written about the issue.&nbsp;</P> <P>&nbsp;</P> <P>Additionally, and I cannot stress this enough,&nbsp;<EM>it is not a solution for the security vulnerability exposed by the presence of this certificate.</EM> Please follow Dell's guidance on the issue.</P> Thu, 26 Nov 2015 17:08:46 GMT https://live.paloaltonetworks.com/t5/custom-signatures/dell-root-certificate-quot-edellroot-quot/m-p/68567#M15 rcole 2015-11-26T17:08:46Z