Do you have a lot of passwords? Are they too hard to remember? Then use a secure password storage database. Password Safe, Password Gorilla, xPass, and several other tools are available. They all remember your user names, passwords, URLs, etc, and store them all in a strongly-encrypted database.
Reports of the recently discovered Duqu trojan have spawned much speculation and even resulted in the trojan being dubbed “the son of Stuxnet” or “Stuxnet 2.0.”
So what is Duqu and how does it compare to Stuxnet?
Duqu is an infostealer trojan designed to sniff out sensitive data and send it to remote attackers. Conversely, Stuxnet was a worm with a malicious payload designed to programmatically alter industrial control systems.
I’ve heard Duqu called Stuxnet 2.0. Why is that?
On *nix systems, check your sshd_config and ssh_config files. In both files, the Protocol line should read “Protocol=2″ and NOT “Protocol=2,1″ or similar values that include protocol version 1 as an option. Putty should be configured to use only protocol version 2 as well.
Failure to check your SSH configuration can lead to a downgrade attack, where user credentials and the entire SSH session are recovered in the clear. If you are using SSH protocol version 1, your SSH session is no more secure than Telnet.
Passwords for computer authentication are as old as multiuser computers, and are not the best form of authentication we have. Certificates are better, but harder to manage. So, for most purposes we are stuck with passwords.
Many people deal with the proliferation of passwords either by using very weak passwords or using the same password in multiple places. The obvious downfall is that if one site gets compromised, you may lose many accounts.
Another problem is using computers you don’t trust. Sometimes you are traveling and need to access your bank from an Internet cafe or hotel computer, which may have keystroke loggers.
The root of the problem is reliance on human memory. Luckily, every time we need a computer password, we have a great memory tool at our fingertips.
Earlier today we released IPS Signatures 39866-0 and 39866-1 as part of the S603 update to our Cisco Services for IPS customers. These signatures detect or block network traffic associated with the “R2D2 trojan” allegedly used by German authorities to surveil individuals of interest. Originally discovered and announced by the Chaos Computer Club in Germany, this software contains functionality to install software, monitor and remotely control any computer it is installed upon.
This is not the first time Cisco Security Intelligence Operations has reported on this software. We released a public Malware Alert on 10/13 and discussed it in our weekly Cyber Risk Report. The following caption is from the Cyber Risk Report entry: