RE: Slashdot | Phoenix BIOS Phones Home?
Jim: You really don't have a good memory, do you? We dealt with this topic just 3 weeks ago. Check for the thread 'BIOS Spying' around June 1. At that time I said: --------------- Looking at this, there appears to be smoke without fire. It looks like they don't gather much in the way of data unless you download and install software via phoenixnet. At worst, it's going to reset your homepage once, and you'll pop onto it the first time you start your browser. It's not even clear that this happens without asking. What we really have here is Phoenix abusing it's power over BIOS content to pre-install an app without asking you. Barring further evidence of nefarious activity, we've all got much worse stuff to worry about. The operative quote for this list may be: "The question is not 'Are you paranoid?'. Its: 'Are you paranoid enough?'" (Cadigan). That doesn't mean, however, that it's impossible to be to be *too* paranoid. Peter Trei --------------- To further expliain, this is no worse than Netscape or IE starting with their default home pages. Also, if you to install a non-Microsoft OS, the canned app in the BIOS can do absolutely nothing.
---------- From: Jim Choate[SMTP:ravage@einstein.ssz.com]
http://slashdot.org/yro/01/06/19/2039216.shtml -- The Armadillo Group ,::////;::-. James Choate
Peter Trei
On Wed, 20 Jun 2001, Trei, Peter wrote:
To further expliain, this is no worse than Netscape or IE starting with their default home pages. Also, if you to install a non-Microsoft OS, the canned app in the BIOS can do absolutely nothing.
This is not quite true. Search on their site for the acronym "PXE" -- it stands for "Preboot eXtension Environment". I went and hunted on Pheonix's website and came across some interesting things: Aside from the preboot extension environment, which allows apps made by pheonix to run on your hardware before an operating system loads or in the absence of a functioning OS, there is a remote-boot facility, a capability for remote lockout of input from the local user, acess to the machine hardware (including disks, by physical sector and track addressing), etc. They claim it's part of an "Intel's initiative" to make machines "Universally Manageable and Universally Managed." Most of this crap appears to require access to the local ethernet to perform -- it's not a TCP/IP issue until someone uses TCP/IP to subvert another machine on the same local ethernet segment - but from there it looks like they can pretty much do whatever the hell they want with a machine, including remotely flashing the BIOS with new applications for the preboot environment - meaning if they figure out that you're running linux filesystems, they can just change their sector accesses to compensate and get into your files with a preboot extension. Slick, huh? Or they can remotely install an operating system of their choice over the network. Relevant search phrases to turn up a lot of scary shit: "Universally manageable and Universally managed". "Wired for Management" The particular URL that I'm taking this particular paranoia trip on: (It's a pretty long document, look toward the bottom) http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf Got a new system with a pheonix BIOS? Congratulations!! Your machine may be among the "universally manageable and universally managed." Isn't that special? Bear
On 20 Jun 2001, at 8:51, Ray Dillinger wrote:
The particular URL that I'm taking this particular paranoia trip on: (It's a pretty long document, look toward the bottom)
http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf
Talk about a paranoia trip... that document is no longer on the Phoenix website. Got a mirror? -- Roy M. Silvernail Proprietor, scytale.com roy@scytale.com
On Wed, 20 Jun 2001, Roy M. Silvernail wrote:
On 20 Jun 2001, at 8:51, Ray Dillinger wrote:
The particular URL that I'm taking this particular paranoia trip on: (It's a pretty long document, look toward the bottom)
http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf
Talk about a paranoia trip... that document is no longer on the Phoenix website.
Got a mirror?
Hm. Looks like capitalization counts. Sorry, I should have typed: (note capital F in "PBFeatures") http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBFeatures.pdf
participants (3)
-
Ray Dillinger
-
Roy M. Silvernail
-
Trei, Peter