Forwarded From: Aleph One <aleph1t_private> > http://www.techweb.com/wire/story/TWB19980414S0013 On this subject I recommend everyone to read John Howard's thesis on the history of CERT reported attacks. Its quite interesting. The only major flaw is that John assumes that the percentage of sites that report incidents to CERT has been constant. I would argue that this is not the case, and that indeed the percentage has gone down as new people join the Internet. CERT had a high profile when they were formed after the Internet worm incident but who tells new businesses and ISPs about CERT? No one. Also hacking has become more popular and glamourus thanks to the media, and the are many more tutorial on hacking and they are easier to obtain than before. You must also understand the use of the word "attack". They take it to mean each attempt to break into a site even if they dont succeed. So if the attacks fingers you thats one. If they try ftp thats two. If they try telnet thats three. Etc. Then related attacks are grouped into incidents. The problem comes in that most people interchange "attack" and "incident" without explaining what they mean. Then you start getting some really funny numbers. Aleph One / aleph1t_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:50:41 PDT