Trojans, Passwords, Connection Files and Encryption

Announcements, news and other important information about mRemoteNG.

Trojans, Passwords, Connection Files and Encryption

Postby rmcardle » Thu Mar 21, 2013 12:11 pm

You may have heard news recently of a Trojan which targets saved passwords stored in mRemote (but not mRemoteNG) connection files.

http://blogs.mcafee.com/mcafee-labs/sou ... ve-malware
http://www.symantec.com/connect/blogs/r ... ber-attack

By default, mRemoteNG encrypts the passwords in your connection files with a standard password that is hard coded into the program. This obscures the passwords from casual snooping but still allows the connection files to be used and shared easily.

To protect yourself against threats like Trojan.Jokra, you can encrypt the passwords in your mRemoteNG connection files with your own password instead of the standard password. This will make it significantly harder for your passwords to be decrypted and is quite easy to do.

  • Open mRemoteNG.
  • Open the connection file you would like to protect.
  • Select the root "Connections" entry with the globe icon in the Connections panel tree.
  • In the Config panel, change "Password protect" to "Yes".
  • Enter you password (or passphrase) twice and click OK.
As an additional measure, you can further protect your connection file by having mRemoteNG encrypt the entire file, instead of just the passwords within the file. You might want to do this if you are worried about IP addresses or hostnames being revealed or if you have sensitive information in the Name, Description, or User Field fields.

  • Password protect the connection file as above.
  • Go to Tools->Options->Advanced.
  • Check "Completely encrypt connection file" and click "OK".
Be aware that mRemoteNG keeps several backups of your connection files and this won't protect backups that were made before you password protected your connection file. If you are using the default connection file (confCons.xml), these backups will be located in the following folder:

Code: Select all
%USERPROFILE%\AppData\Roaming\mRemoteNG

The backups are named as follows:

Code: Select all
confCons.xml.[Timestamp].backup
confCons.xml.backup
confCons.xml_BAK

You should delete these backups or move them to a secure location. After password protecting your connection file, all future backups will be protected as well.

mRemoteNG uses standard encryption APIs implemented by the .NET Framework. Since mRemoteNG is open source, the source code is freely available on GitHub for you to audit.

https://github.com/rmcardle/mRemoteNG

If you have any questions or concerns, please let me know.
User avatar
rmcardle
Site Admin
 
Posts: 459
Joined: Thu Jan 07, 2010 3:40 pm

Trojans, Passwords, Connection Files and Encryption

Sponsor
 

Re: Trojans, Passwords, Connection Files and Encryption

Postby jeffreyklassen » Thu Mar 21, 2013 2:49 pm

Awesome, thank you. I was reading my rss feeds today and read about the issue on hackernews.com. I was kinda surprised to see mRemote targeted but it made me think I may have to finally move on, until i discovered this fork. I think its great you are keeping it going.

Thanks again.
jeffreyklassen
 
Posts: 1
Joined: Thu Mar 21, 2013 2:41 pm

Re: Trojans, Passwords, Connection Files and Encryption

Postby Mozez » Sun Mar 24, 2013 11:23 pm

Nice one, thanks!
Mozez
 
Posts: 9
Joined: Mon Feb 11, 2013 6:02 am

Re: Trojans, Passwords, Connection Files and Encryption

Postby DVT_Sogh » Mon Mar 25, 2013 1:57 am

French translation of this topic in the French Subforum : viewtopic.php?f=13&t=1940
DVT_Sogh
 
Posts: 58
Joined: Thu Sep 29, 2011 2:55 am


Return to Announcements

Who is online

Users browsing this forum: No registered users and 2 guests