Critical - Dell systems running Windows: eDellRoot certificate compromise

posted Nov 30, 2015, 10:49 AM by Ken Gribble   [ updated Apr 3, 2019, 2:20 PM ]


The eDellRoot certificate installed on certain Dell laptops and PCs has introduced a security vulnerability on those systems with it installed. This threat is that private keys were leaked for a Dell root certificate. This means attackers can use this certificate to modify your browsing experience and steal sensitive information.

Please ensure Windows Defender for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 is running and up-to-date. Both these packages are free. If either of those packages are up to date and running, it has probably already removed the vulnerable certificate. 
Alternatively you can manually remove this certificate.
Contact support@cs.ucdavis.edu if you have a Dell PC running Windows and cannot do either of the steps above, help desk can assist you in installing and updating the correct software.


Win32/CompromisedCert.C is a Dell root certificate for which the private keys were leaked online.

The certificates can be found in Dell PCs running these OS: Windows 10, Windows 8.1, Windows 8, Windows 7

If your Dell PC contains this certificate, it most likely vulnerable to this threat. A PC with this certificate could be vulnerable to SSL/TLS spoofing attacks, allowing an attacker to digitally sign binaries so that they are trusted by the affected PC. An attacker could gain control over your PC and browsing experience. An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites. This could allow a malicious hacker to steal your account names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.

SSG Graduate Student Presentation 2015

posted Sep 21, 2015, 4:58 PM by Ken Gribble   [ updated Apr 3, 2019, 2:33 PM ]

Malicious Email with Document.zip - Do Not Open!

posted Jun 5, 2015, 12:33 PM by Ken Gribble   [ updated Apr 3, 2019, 2:18 PM ]

From Caryn DeMorna of IET, Sending on behalf of Cheryl Washington, Chief Security Officer….


Security administrators have identified a malicious email that is being delivered via email.  The teams are working on blocking the malicious messages.  If you receive a message with a zip attachment please do not open the attachment and delete the message from your email.  The attachment that has been identified thus far is Document.zip.  However, you should not open any .zip attachment.


Caryn DeMoura

University of California, Davis

Information and Educational Technology

Campus and CS Wireless Service Changes

posted Jun 5, 2015, 9:41 AM by Ken Gribble   [ updated Apr 3, 2019, 2:18 PM ]

Because MoobilenetX will be depreciated in the near future, the Computer Science department now advises eduroam* for wireless needs. Choose your OS from the Campus Wireless Access page, and then use the eduroam instructions.

The wireless networks on campus support most wireless devices (802.11 a/b/g/n) and are available to all UC Davis computing account holdersUC Davis Guests, sponsored guests, and Eduroam account holders.


eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community.

Having started in Europe, eduroam has gained momentum throughout the research and education community and is now available in 74 territories.

eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.

University Employee Payroll Scam

posted Jan 15, 2015, 9:26 AM by Ken Gribble   [ updated Apr 3, 2019, 2:18 PM ]

University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.

Consequences of this Scam:

  • The employee’s paycheck can be stolen.
  • The money may not be returned in full to the employee.
  • The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.

If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint.

The IC3 produced a PSA in May 2014 titled “Cyber-related Scams Targeting Universities, Employees, and Students,” which mentioned this scam. The PSA can be viewed at http://www.ic3.gov/media/2014/140505.aspx.

Tips on how to Protect Yourself from this Scam

  • Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
  • Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
  • Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
  • Contact your personnel department if you receive suspicious e-mail.


1-5 of 5