I was up until 3:30am this morning researching something on the Internet and then all of a sudden, my desktop firewall pops-up a message asking me if I want to allow an unfamiliar “.exe” file to access the Internet. My firewall is setup, so that anytime an executable that I haven’t marked as safe wants to access the Internet, it prompts me if I want to let it out. “Oh great,” I thought to myself, “I must have been hit by some type of zero-day exploit.” I click the disallow button and right after I click the button I think, “Wait. What was the name of that executable again?” Doh!
So then I’m sitting there thinking to myself, half-awake, that it really doesn’t matter if I go back to that Website, because at this point, I’m just going to save this VMware image for analysis. I go back to the Website, click on link and sure enough, I get the firewall prompt again. The file is named plugin-container.exe. “What the heck is this?” I think. A quick Google check and yes, you probably already know this – it’s a Firefox process that runs your plug-ins under a separate process.
I recall reading headlines over the past week that Firefox has a new crash protection feature, but I didn’t realize this was it. The crash feature is mentioned in the release notes and on Mozilla’s blog, but there is no mention that this feature spawns a new process named plugin-container.exe. Lame.
I hate when stuff like this happens, but I guess it’s to be expected when I’m half asleep at the keyboard.
After reading the post and comments at Cyber Arms the other day about Trusted Computing (TC) and the Trusted Platform Module (TPM), I decided to spend some time at the Trusted Computing Group Website. I was introduced to the concepts behind TC several years ago and while I agree that it has its strong points, I have my own concerns and issues with the technology that I won’t get into here. As a result, I haven’t paid much attention to its development over the years.
While browsing the TCG Website, I stumbled upon an article that struck me in a negative way: