Incidents

An incident, as defined by CERT, may cover more than one site - in fact they could cover hundreds, thousands or even tens of thousands of sites. An incident may also be an ongoing case for a considerable time. Given this, the incidents reported may be considered as under-reporting the true extent of the problem.

Figure 19 - Incidents reported 1989 - 2003
[Source: CERT] - these are the most recently available figures as at April 2007

A vulnerability within a system may lead to a person (malicious or not) exploiting this and this could lead to an incident.

Many of the weaknesses identified could be linked to a later incident. The most famous of these is arguable the 'Morris' worm of 1988 that exploited a weakness in sendmail and other programs. Whilst this was a well known and publicised event, there were a number of installations that still had the relevant version sendmail in place for a considerable time after the 'worm' was released with all associated press coverage.

It is therefore reasonable to conclude that a number of the CERT incidents, if not the majority, are malicious.[1].

[1] An example of a non malicious incident was the patch from Microsoft that affected digital signatures and stopped a number of web servers accepting the digital certificates as genuine.

A Guide To Computer Crime
Incidents An incident, as defined by CERT, may cover more than one site - in fact they could cover hundreds, thousands or even tens of thousands of sites. An incident may also be an ongoing case for a considerable time. Given this, the incidents reported may be considered as under-reporting the true extent of the problem. Figure 19 - Incidents reported 1989 - 2003 [Source: CERT] - these are the most recently available figures as at April 2007 A vulnerability within a system may lead to a person (malicious or not) exploiting this and this could lead to an incident. Many of the weaknesses identified could be linked to a later incident. The most famous of these is arguable the 'Morris' worm of 1988 that exploited a weakness in sendmail and other programs. Whilst this was a well known and publicised event, there were a number of installations that still had the relevant version sendmail in place for a considerable time after the 'worm' was released with all associated press coverage. It is therefore reasonable to conclude that a number of the CERT incidents, if not the majority, are malicious.[1]. [1] An example of a non malicious incident was the patch from Microsoft that affected digital signatures and stopped a number of web servers accepting the digital certificates as genuine.	Practitioner.Com: An Introduction to Computer Crime
Return To An Introduction to Computer Crime