Paul Ducklin, Head of Technology, Asia Pacific for Sophos, will
give two presentations at next week's AusCERT conference at The
Royal Pines Resort on the Gold Coast.
Ducklin's academically-flavoured contribution to the conference
is a paper entitled "Exploits - the past the present and the
future". This paper looks at software bugs known as
"vulnerabilities" by which computers can be taken over, or
exploited. Ducklin's paper reviews a range of techniques by which
vulnerabilities can be mitigated or, more importantly, avoided
Ducklin's interest in exploits comes from an anti-virus
perspective, because exploits controlled by a computer rather than
by a person can lead to viruses which spread without any human
intervention. This means that a single command issued on a single
computer may start a chain of events in which millions of computers
become infected without any further typing or mouse-clicking.
Almost all of the virus outbreaks numbered amongst the most severe
have been exploit-based. Well-known examples include the Morris
worm (1988), CodeRed (2001), Nimda (2001), Blaster (2003) and
Ducklin will also give a presentation called "Seeing is
Believing", a safe yet exact live demonstration of what can go
wrong if your PC is infected and co-opted into a botnet.
"Learning about botnets by joining in and controlling a real
botnet on the internet is unethical and illegal," says Ducklin.
"However, making compromised machines behave the same way in the
seclusion of the lab as they would on the worldwide internet can be
tricky. 'Seeing is believing' presents a grab-bag of techniques for
emulating a huge network with a small one, and gives a safe and
legal chance for security practitioners to experience first-hand
the power which the 'owner' of a botnet enjoys."
Ducklin is an experienced and entertaining speaker on the
security circuit, and his presentations at AusCERT are strongly
recommended to conference delegates who like their papers to be
both interesting and informative.
Sophos is also exhibiting at the conference, with technical
experts on hand to answer questions about the operation of Sophos's
products and its award-winning SophosLabs.