Well this is timely for me. I just went through the same thought process as him 2 months ago. I used the detect service tag button on a dell.com page and it successfully found my machine's unique...
Well this is timely for me. I just went through the same thought process as him 2 months ago. I used the detect service tag button on a dell.com page and it successfully found my machine's unique dell identifier. I found the call in dev tools network tab and saw the port number it was requesting on 127.0.0.1. Then I found the process name using it using netstat. Then used normal windows add/remove programs to uninstall SupportAssist. What made it a no-brainer to remove was this 2015 story about how they were just checking that "dell" was in the url.
Forbes found that the program tested if the sites sending requests had "dell" in their URLs before acting on those requests. While this was likely intended to prevent unauthorized websites from talking to the program, the check was flawed because it not only matched www.dell.com, but also any site with "dell" in its path, for example evil-site.com/dell.
All the other investigation this kid is currently beyond me, and it's a great jump-off point for me.
I used to always re-install from an official MS ISO, like I do with all other OS's.. I need to get back into that habit.
Posted in ~comp earlier today: https://tildes.net/~comp/cxg/remote_code_execution_on_most_dell_computers And given how technical the information is, is this really appropriate for ~tech? Although...
And given how technical the information is, is this really appropriate for ~tech? Although I suppose awareness of an exploit has value even for the non-technical among us, even if they don't necessarily understand the mechanism behind it.
Well this is timely for me. I just went through the same thought process as him 2 months ago. I used the detect service tag button on a dell.com page and it successfully found my machine's unique dell identifier. I found the call in dev tools network tab and saw the port number it was requesting on 127.0.0.1. Then I found the process name using it using netstat. Then used normal windows add/remove programs to uninstall SupportAssist. What made it a no-brainer to remove was this 2015 story about how they were just checking that "dell" was in the url.
All the other investigation this kid is currently beyond me, and it's a great jump-off point for me.
I used to always re-install from an official MS ISO, like I do with all other OS's.. I need to get back into that habit.
Posted in ~comp earlier today:
https://tildes.net/~comp/cxg/remote_code_execution_on_most_dell_computers
And given how technical the information is, is this really appropriate for ~tech? Although I suppose awareness of an exploit has value even for the non-technical among us, even if they don't necessarily understand the mechanism behind it.