Slashdot | Phoenix BIOS Phones Home?

Trei, Peter ptrei at rsasecurity.com
Thu Jun 21 07:24:37 PDT 2001 

Wow. I'm astonished. And upset.

thanks,

Peter Trei

> ----------
> From: 	Ray Dillinger[SMTP:bear at sonic.net]
> Reply To: 	Ray Dillinger
> Sent: 	Wednesday, June 20, 2001 11:51 AM
> Cc: 	cypherpunks at einstein.ssz.com
> Subject: 	RE: Slashdot | Phoenix BIOS Phones Home?
> 
> 
> 
> On Wed, 20 Jun 2001, Trei, Peter wrote:
> 
> 
> >To further expliain, this is no worse than Netscape or IE
> >starting with their default home pages. Also, if you to 
> >install a non-Microsoft OS, the canned app in the BIOS
> >can do absolutely nothing.
> 
> This is not quite true.  Search on their site for the acronym 
> "PXE" -- it stands for "Preboot eXtension Environment".  
> 
> I went and hunted on Pheonix's website and came across some 
> interesting things:  Aside from the preboot extension environment, 
> which allows apps made by pheonix to run on your hardware before 
> an operating system loads or in the absence of a functioning 
> OS, there is a remote-boot facility, a capability for remote 
> lockout of input from the local user, acess to the machine 
> hardware (including disks, by physical sector and track 
> addressing), etc.  They claim it's part of an "Intel's 
> initiative" to make machines "Universally Manageable and 
> Universally Managed."
> 
> Most of this crap appears to require access to the local ethernet 
> to perform -- it's not a TCP/IP issue until someone uses TCP/IP 
> to subvert another machine on the same local ethernet segment - 
> but from there it looks like they can pretty much do whatever 
> the hell they want with a machine, including remotely flashing 
> the BIOS with new applications for the preboot environment - 
> meaning if they figure out that you're running linux filesystems, 
> they can just change their sector accesses to compensate and get 
> into your files with a preboot extension.  Slick, huh?  Or they 
> can remotely install an operating system of their choice over 
> the network.
> 
> Relevant search phrases to turn up a lot of scary shit: 
> "Universally manageable and Universally managed".
> "Wired for Management"
> 
> 
> The particular URL that I'm taking this particular paranoia trip 
> on: (It's a pretty long document, look toward the bottom)
> 
> http://www.phoenix.com/PlatSS/pcplatforms/desktop/PBfeatures.pdf
> 
> Got a new system with a pheonix BIOS?  Congratulations!!  Your 
> machine may be among the "universally manageable and universally 
> managed."  Isn't that special?
> 
> 				Bear

More information about the cypherpunks-legacy mailing list