Given the number of Thinkpad users in the wild, this is a particularly sensitive vulnerability that should be patched as soon as possible.
Parents beware! Given the proximity of the Christmas holiday, this breach is particularly important. You may have set and forgotten these credentials a season ago, so go check, update, and monitor accordingly.
This is a very lucid explanation of the Dell self-signed certificate issue that has spread across the IT security sites and forums the last couple of days. It is being compared to the Lenovo Superfish debacle of earlier in the year, but Dell’s issue appears to be less diabolical and easier to remedy.
This is fantastic advice from Brian Krebs for 2-factor authentication at Amazon, especially entering the holiday shopping season.
I honestly do not know what to say or where to begin. I cannot say that I am surprised that yet another government agency has failed to fund and execute an effective IT security program. This is a systemic problem and I believe it should be addressed before additional controls are passed down to the private sector. The approach of “do as I say and not as I do” can no longer be allowed to stand.