For PC users it’s a case of here we go again. Earlier in 2015, PC giant Lenovo was infamously caught shipping Windows computers with a piece of useless adware containing a self-signed root certificate that opened a massive security hole for customers. This week, it was Dell’s turn. Crowdsourced researchers revealed that the company had suffered the same egregious weakness not once, but twice, this time inside a pair of tools used for remote support.
Lenovo’s issue was more embarrassing than Dell’s – the vulnerability was part of a program called Superfish witlessly put there to serve adverts inside browser sessions – but frankly from a security point this sort of distinction makes no odds. Embedding a self-signed SSL certificate with the private key in an application shipped to large numbers of users is asking for trouble and should not have happened. This sort of configuration would be normal for a development application, not the final software, which should have used a signed certificate in the filestore from a Certificate Authority (CA).
The problem in more detail: Dell’s Foundation Services remote support tool was discovered to have installed a self-signed root certificate identifying itself as ‘eDellRoot’. In common parlance, that offered anyone aware of the issue the possibility of extracting the certificate’s private key to create a means to impersonate any HTTPS website connection they fancied as part of a TLS man-in-the-middle compromise. This is very bad – browsers would accept this borrowed certificate as genuine and in most cases throw up no browser warning. Criminals could also sign malware to make it appear legitimate not to mention delve into encrypted data such as website logins by sniffing laptops connecting through public Wi-Fi.
The size of the risk? Potentially huge for any system lacking remediation (see below). This must be addressed urgently.
That all? Apparently a second tool, Dell System Detect (DSD), has been discovered trying the same insecure trick with a self-signed certificate called DSDTestProvider. The Dell private PKI keys used to create these certificates are now insecure.
How was it discovered? Technical users and interested researchers talking to one another on Reddit and other sites.
As you can see, using this new option, Page admins can set up reminders to prompt them of when to post, with the ability to set custom alerts for specific days and times. The idea here is to get people posting when their audiences are most active – and/or most receptive – in order to enhance reach and response potential.
There’s also an option to set a reminder to post before significant holidays – Martin Luther King Day is used in the example above – to help brands tap into the surrounding buzz and conversation.
It’s an interesting option – maintaining a content calendar is a great way to keep your social media strategy on track, and with this, Facebook’s looking to integrate that functionality direct into their eco-system, which will no doubt prove useful, particularly for businesses who primarily focus on The Social Network.
In order to make the most of this functionality, however, you still need to work out the optimal posting times to reach your unique audience.
There are plenty of generic posting guides available for this purpose, but to really make it work, you need to analyze your audience data, via a combination of your Page Insights tab and the additional Audience Insights tool, and work out how and when to post – and who to focus on – in order to boost engagement.
Microsoft has been accused of injecting ads and sponsored apps into Windows for quite a while and now they’re taking more direct steps to prevent users disabling them through Group Policies. Several Group Policies will be deactivated with the Anniversary Update, making it harder for IT-pros and system admins to prevent unwanted content.
When the Anniversary Update rolls out to current November Update users, there will no longer be a way to block the obnoxious ads that automatically pin themselves to your PCs start menu when you start it for the first time. In a network with all PCs connected to each other, there is a universal Group Policy that applies to every PC on the network, which means adding a new machine to the family will automatically adjust it; such as disabling the ads and sponsored apps on all new PCs, however, this change will prevent that. By disabling the Policies that take care of the advertising, system admins will have to manually remove the ads from every new PC they get.
This change doesn’t only apply to the start menu. As reported by InfoWorld, the lock screen can only be disabled on certain editions of Windows 10 from August 2nd: Enterprise, Education, and Server SKUs. This seems like an unrelated thing with no context, but Microsoft is actually, quietly, pushing ads to the lock screen too. With things like Tomb Raider and Cortana popping up there occasionally, this may be something users could want to disable but can’t anymore.
We will see how users of Windows 10 react to these changes once the Anniversary Update rolls out on August 2nd.