I wish to research on recent network security incidents (not just
vulnerabilities, actual attacks or attempted attacks).
To find two such incidents which were reported recently (no earlier
than July 2001).
 
To have 
(i)description of how the incident occurred or the method of attack 
         
(ii)the resulting effect of the incident on the network and the
organisation owning the network
   
(iii)a recommendation on how to avoid possible future attacks of this
type
 
I need to have the article that report the incident 

Hello, I have a short little to add. One of the best resources for
computer security has always been &lt;a href=&quot;<a href="http://www.antonline.com">http://www.antonline.com</a>&quot;&gt;<a href="http://www.antonline.com">www.antonline.com</a>&lt;/a&gt; 's coverage of
recent hacks, especially during last summer's China vs. America
webpage defacement war. The other major repository of information
concerning computer security which follows your requested outline of
incident and resolution is the BugTraq mailing list and website. Both
of these wonderful sources have combined with others to form the
Security Focus website (link below). BugTraq can also be delivered to
your mailbox with updates and notifications of recent attacks and
resolutions being posted almost daily (link below).
 
 
Additional Links: 
 
BugTraq Mailing List Archive: 
&lt;a href=&quot;<a href="http://online.securityfocus.com/cgi-bin/sfonline/subscribe.pl">http://online.securityfocus.com/cgi-bin/sfonline/subscribe.pl</a>&quot;&gt;<a href="http://online.securityfocus.com/cgi-bin/sfonline/subscribe.pl">http://online.securityfocus.com/cgi-bin/sfonline/subscribe.pl</a>&lt;/a&gt; 
 
Security Focus Website: 
&lt;a href=&quot;<a href="http://www.securityfocus.com/">http://www.securityfocus.com/</a>&quot;&gt;<a href="http://www.securityfocus.com/">http://www.securityfocus.com/</a>&lt;/a&gt; 
 
 
Search Strategy: 
 
Computer Security Attacks 
&lt;a href=&quot;<a href="://www.google.com/search?q=computer+security+attacks">://www.google.com/search?q=computer+security+attacks</a>&quot;&gt;<a href="://www.google.com/search?q=computer+security+attacks">://www.google.com/search?q=computer+security+attacks</a>&lt;/a&gt; 
 
 
Glad to be of service! 
skermit-ga  

The answers are too brief.....

Aparently my answer before was not sufficient although as to the prior
wording of the question my answer was right on target. Anyways, here
is the answer to the updated question.

2002-04-25
(i) Hackers known as the "The Deceptive Duo" hacked into an FAA
computer defacing the webpage (mirror of defacement can be found here:
http://defaced.alldas.org/mirror/2002/04/24/extra-cas.faa.gov/ )
(ii) FAA denied that sensitive information was compromised saying all
the information accessed was information to be used in a congressional
hearing and public info anyways.
(iii) Tighter security concerning IIS loopholes and other webserver
buffer overflows need to be implemented so that more government sites
are not compromised.

Source #1:
http://online.securityfocus.com/news/378

2002-05-17
(i) Unknown hackers posing as Ford Motor Credit Company have stolen
over 13,000  credit reports from credit report Experian one of the
three most major reporting agencies. They used Ford Motor Credit's
authorization code to gain access to Experian's databases.
(ii) Experian discovered the incident and then sent letters via
certified mail to the 13,000 affected people, warning them of the leak
in their social security numbers, credit card numbers, etc. An
investigation is underway to calculate the amount of identify theft
and credit card fraud caused by this incident if any.
(iii) Business to business relationships must not be content with the
current level of security offered to end users and customers. Their
interactions may involve hundreds and in this case thousands of people
at a time and security liabilities are multiplied samefold. Better
authentication systems are needed to assume proper credentials in
verification and disallow criminals.

Source #2: http://www.nytimes.com/2002/05/17/technology/17IDEN.html
(free registration required to view article)

Hope that this new answer suffices your new question. Thank you again.
skermit-ga

CERT would be the primary source or the best place to start. Their
website is at www.cert.org. CERT files and publishes incident reporst
such as this one:
http://www.cert.org/incident_notes/IN-2002-03.html

Incident.org is a website that recieves thousands of reports each year
and tries to communicate those in a clear and searchable format. They
are located at
http://www.incidents.org/

WhiteHats gets more into details on some incidents they can be found
at
http://www.whitehats.com/
They also have several good open source tools for detection and
reporting.

The following may also be of some use to you as well. 
http://www.ciac.org/ciac/

http://www.sans.org/newlook/home.php

http://cert.uni-stuttgart.de/archive/incidents/2001/02/threads.html

Hope that helps you out. 

webadept-ga

A very good report of an internet security incident, along with
complete details of the attack, log files samples, etc., is available
at http://grc.com/dos/drdos.htm.

I also have a copy of another incident of a DDoS attack on the same
company, and from the same author. It seems that this is not available
at the site anymore. Can send it to you, though.

Hope this helps.

tanmoy-ga