RE: Slashdot | Phoenix BIOS Phones Home?
Well, where I come from this is useful functionality! In combination with a feature called RIS (remote installation service) in Windows 2000, you can create a library of canned machine images and blast them out to machines over the network. One of our major customers has cut the time necessary to replace a failed machine down to about 15 minutes: plug in the new machine, hit F12 during boot to trigger PXE, lay down the image received from the RIS server, user logs in, and voila! As much as you & I may not like it, in many corporate environments the computer should be no more personalized than the telephone. No one gets emotionally attached to their telephone, and replacing it is a trivial affair-- all the speed dial numbers, voice mail, and so on is stored in a central box. So it is becoming with PCs. As a side note, none of this is even remotely new. Microsoft & Intel, plus their partners, have been pushing variations of this theme for almost 10 years now. My favorite feature is the one that sends a network yell for help via SNMP when someone opens the lid on a machine.
-----Original Message----- From: Ray Dillinger [mailto:bear@sonic.net] Sent: Wednesday, June 20, 2001 10:52 AM Cc: cypherpunks@einstein.ssz.com Subject: RE: Slashdot | Phoenix BIOS Phones Home?
On Wed, 20 Jun 2001, Trei, Peter wrote:
To further expliain, this is no worse than Netscape or IE starting with their default home pages. Also, if you to install a non-Microsoft OS, the canned app in the BIOS can do absolutely nothing.
This is not quite true. Search on their site for the acronym "PXE" -- it stands for "Preboot eXtension Environment".
I went and hunted on Pheonix's website and came across some interesting things: Aside from the preboot extension environment, which allows apps made by pheonix to run on your hardware before an operating system loads or in the absence of a functioning OS, there is a remote-boot facility, a capability for remote lockout of input from the local user, acess to the machine hardware (including disks, by physical sector and track addressing), etc. They claim it's part of an "Intel's initiative" to make machines "Universally Manageable and Universally Managed."
Most of this crap appears to require access to the local ethernet to perform -- it's not a TCP/IP issue until someone uses TCP/IP to subvert another machine on the same local ethernet segment - but from there it looks like they can pretty much do whatever the hell they want with a machine, including remotely flashing the BIOS with new applications for the preboot environment - meaning if they figure out that you're running linux filesystems, they can just change their sector accesses to compensate and get into your files with a preboot extension. Slick, huh? Or they can remotely install an operating system of their choice over the network.
Relevant search phrases to turn up a lot of scary shit: "Universally manageable and Universally managed". "Wired for Management"
The particular URL that I'm taking this particular paranoia trip on: (It's a pretty long document, look toward the bottom)
http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf
Got a new system with a pheonix BIOS? Congratulations!! Your machine may be among the "universally manageable and universally managed." Isn't that special?
Bear
participants (1)
-
Paul E. Robichaux