CERT Coordination Center 2002 Annual Report

From January through December 2002, the CERT/CC received 204,841 email messages and over 880 hotline calls reporting computer security incidents or requesting information. We received 4,129 vulnerability reports and handled 82,094 computer security incidents during this period.

The CERT/CC published 37 advisories in 2002. Among the criteria for developing an advisory are the urgency of the problem, potential impact of intruder exploitation, and existence of a software patch or workaround.

Some of the most serious intruder activities reported to the CERT/CC in 2002 were:

• Exploitation of Vulnerabilities in Microsoft SQL Server
  Intruders compromised systems through the automated exploitation of null or weak default sa passwords in Microsoft SQL Server and Microsoft Data Engine. The CERT/CC published advice on protecting systems that run Microsoft SQL Server in CA-2002-04.
  
  In July 2002, intruders continued to compromise systems and obtain sensitive information by exploiting several serious vulnerabilities in the Microsoft SQL Server. The CERT/CC published additional advice in CA-2002-22.
  
• Apache/mod_ssl Worm
  Intruders used a piece of self-propagating malicious code (referred to here as Apache/mod_ssl) to exploit a vulnerability in OpenSSL, an open-source implementation of the Secure Sockets Layer (SSL) protocol.
  
  The CERT/CC initially published CA-2002-23, describing four vulnerabilities in OpenSSL that could be used to create denial of service. When these and other vulnerabilities finally manifested themselves in the form of the Apache/mod_ssl Worm, the CERT/CC published advice in CA-2002-27.