By John Leyden
Posted: 18/02/2003 at 16:59 GMT


BIOS king Phoenix Technologies is developing its core software technologies to help users cope better with system failures.

Phoenix Core Management Environment, or cME, promises a means for OEMs to include diagnostic and self help capabilities, Internet access and remote desktop builds, even after a major system malfunction.

The technology is operating system independent and designed to be used on both PCs, servers, appliances and embedded systems.

It's at the desktop where the technology really comes alive though. Existing below the operating system, it offers not just life after the dreaded Blue Screen of Death, but a means for users to fire up system diagnostics, calendar applications and Internet access almost instantly - without waiting for Windows (or Linux) to boot.

Add to that the technology, currently in development, to allow a DVD Player to fire up in trice and we have something rather useful (and which sounds similar to Elegent's etDVD bios). Phoenix's technology is not an OS but it is looking for ISVs to write applications to bolt into its system.


http://theregister.co.uk/content/3/29374.html

one word answer:

COOL!!!!!!!!!!!!!!!!!!

...remote desktop builds...

The remote help function was the one that allowed the security flaw in XP that allowed a malicious user to delete any folder on your system.

Great. Now we'll have an avenue where someone can hack and get into your machine even when its not booted. lol.

Originally posted by Galileo
...remote desktop builds...

The remote help function was the one that allowed the security flaw in XP that allowed a malicious user to delete any folder on your system.

Great. Now we'll have an avenue where someone can hack and get into your machine even when its not booted. lol.

huh???

"Flaw in Windows XP Help and Support Center Could Enable File Deletion"

"Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance.

A security vulnerability is present in the Windows XP version of Help and Support Center, and results because a file intended only for use by the system is instead available for use by any web page. The purpose of the file is to enable anonymous upload of hardware information, with the user's permission, so that Microsoft can evaluate which devices users are not currently finding device drivers for.

This information is then used to work with hardware vendors and device teams to improve the quality and quantity of drivers available in Windows. By design, after attempting to upload an XML file containing the hardware information, the system deletes it.

An attacker could exploit the vulnerability by constructing a web page that, when opened, would call the errant function and supply the name of an existing file or folder as the argument. The attempt to upload the file or folder would fail, but the file nevertheless would be deleted. The page could be hosted on a web site in order to attack users visiting the site, or could be sent as an HTML mail in order to attack the recipient when it was opened."