Dell's customers were put at risk after a contactor lost control of a domain name used to download PC updates.
(CCM) — Dell suffered an embarrassing security lapse this summer after a web address used by recovery software installed on Dell PCs was not renewed by the contractor that controlled it, according to a BBC report.
Once the domain name dellbackupandrecoverycloudstorage.com had lapsed it was taken over by an unknown third party. This is a serious security risk because Dell's Backup and Recovery Application, which is pre-installed on many of the company's PCs, automatically downloads updates from that address.
Security expert Brian Krebs believes it is possible that the person who snapped up the domain name could have used it to distribute malware disguised as updates to Dell computers. He added on his blog that "approximately two weeks after SoftThinks, Dell's contractor, lost control over the domain, the server it was hosted on started showing up in malware alerts."
However, Dell denies that any malware was transferred, and said that SoftThinks has now bought the domain name back from the third party that had acquired it for an undisclosed fee.
This is not the first time that a big technology company has been affected by a lapsed domain name. In 1999 Microsoft forgot to renew its Hotmail.co.uk email service domain, and in 2003 it failed to renew its Passport.com single sign-on service domain. In both cases eagle-eyed customers spotted the mistake and renewed the domains on the software giant's behalf.
Image: © JPstock - Shutterstock.com