Technical papers
Here you will find a range of papers aimed at system administrators and security specialists on a variety of topical issues. Some of these papers have been presented at security seminars and technical conferences around the world.
10 steps to better secure your Mac laptop from physical data theft
This paper describes the steps that Mac users can take to improve the physical security of their laptops - away from the safety of the corporate environment with its security controls and into new environments with new risks and threats - discussing the context and benefits of each change.
Securing websites
In this paper Chris Mitchell, Virus Analyst at Sophos, discusses some of the common ways that web servers are attacked, the reasons why they are targeted, and details various techniques in which they – and the websites they host – can be protected.
Modern web attacks
In this paper, Fraser Howard, principal virus researcher at Sophos, explores how modern malware uses the web to infect victims. The increased use of compromised web sites in attacks is discussed and illustrated with examples of real attacks. Finally, methods to defend against such attacks are discussed.
The game goes on: An analysis of modern spam techniques
This paper analyses the many modern anti-anti-spam techniques, with statistical reports and real-life examples. Methods of combating these often highly effective and 'popular' spam techniques are explored.
This paper was presented at the VB Conference 2006
Can strong authentication sort out phishing and fraud?
Leading anti-malware expert, Paul Ducklin, addresses the following questions: can strong authentication (especially so-called two factor authentication) sort out phishing and fraud? Will smarter technology leave us safe from organised crime, or are there aspects of phishing and on-line fraud which will allow the bad guys to keep stealing from unfortunate victims no matter what we do?
This paper was presented at the VB Conference 2006
The challenge of detecting and removing installed threats
In this paper, Jason Bruce, Detection Development Manager at SophosLabs, discusses scanning techniques for detecting and removing threats that have been installed on computers, with a focus on the difficulties faced in removing threats that are comprised of many installed components. Jason concludes by highlighting that the measure of success of threat removal is not always as clear cut as the measures used in the detection tests the industry has become used to.
This paper was presented at the VB Conference 2006
