Sophos Head of Technology, Asia Pacific to address security summit in Gold Coast

May 19, 2005 Sophos Press Release

Paul Ducklin, Head of Technology, Asia Pacific for Sophos, will give two presentations at next week's AusCERT conference at The Royal Pines Resort on the Gold Coast.

Ducklin's academically-flavoured contribution to the conference is a paper entitled "Exploits - the past the present and the future". This paper looks at software bugs known as "vulnerabilities" by which computers can be taken over, or exploited. Ducklin's paper reviews a range of techniques by which vulnerabilities can be mitigated or, more importantly, avoided altogether.

Ducklin's interest in exploits comes from an anti-virus perspective, because exploits controlled by a computer rather than by a person can lead to viruses which spread without any human intervention. This means that a single command issued on a single computer may start a chain of events in which millions of computers become infected without any further typing or mouse-clicking. Almost all of the virus outbreaks numbered amongst the most severe have been exploit-based. Well-known examples include the Morris worm (1988), CodeRed (2001), Nimda (2001), Blaster (2003) and Sasser (2004).

Ducklin will also give a presentation called "Seeing is Believing", a safe yet exact live demonstration of what can go wrong if your PC is infected and co-opted into a botnet.

"Learning about botnets by joining in and controlling a real botnet on the internet is unethical and illegal," says Ducklin. "However, making compromised machines behave the same way in the seclusion of the lab as they would on the worldwide internet can be tricky. 'Seeing is believing' presents a grab-bag of techniques for emulating a huge network with a small one, and gives a safe and legal chance for security practitioners to experience first-hand the power which the 'owner' of a botnet enjoys."

Ducklin is an experienced and entertaining speaker on the security circuit, and his presentations at AusCERT are strongly recommended to conference delegates who like their papers to be both interesting and informative.

Sophos is also exhibiting at the conference, with technical experts on hand to answer questions about the operation of Sophos's products and its award-winning SophosLabs.