Slashdot | Phoenix BIOS Phones Home?
Ray Dillinger
bear at sonic.net
Wed Jun 20 08:51:59 PDT 2001
On Wed, 20 Jun 2001, Trei, Peter wrote:
>To further expliain, this is no worse than Netscape or IE
>starting with their default home pages. Also, if you to
>install a non-Microsoft OS, the canned app in the BIOS
>can do absolutely nothing.
This is not quite true. Search on their site for the acronym
"PXE" -- it stands for "Preboot eXtension Environment".
I went and hunted on Pheonix's website and came across some
interesting things: Aside from the preboot extension environment,
which allows apps made by pheonix to run on your hardware before
an operating system loads or in the absence of a functioning
OS, there is a remote-boot facility, a capability for remote
lockout of input from the local user, acess to the machine
hardware (including disks, by physical sector and track
addressing), etc. They claim it's part of an "Intel's
initiative" to make machines "Universally Manageable and
Universally Managed."
Most of this crap appears to require access to the local ethernet
to perform -- it's not a TCP/IP issue until someone uses TCP/IP
to subvert another machine on the same local ethernet segment -
but from there it looks like they can pretty much do whatever
the hell they want with a machine, including remotely flashing
the BIOS with new applications for the preboot environment -
meaning if they figure out that you're running linux filesystems,
they can just change their sector accesses to compensate and get
into your files with a preboot extension. Slick, huh? Or they
can remotely install an operating system of their choice over
the network.
Relevant search phrases to turn up a lot of scary shit:
"Universally manageable and Universally managed".
"Wired for Management"
The particular URL that I'm taking this particular paranoia trip
on: (It's a pretty long document, look toward the bottom)
http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf
Got a new system with a pheonix BIOS? Congratulations!! Your
machine may be among the "universally manageable and universally
managed." Isn't that special?
Bear
More information about the cypherpunks-legacy
mailing list