攻击者可以利用这一点来“骗过”数据验证来攻击程序。
Attackers can use this fact to "slip through" data validators to attack programs.
攻击程序使用的最常见方式之一就是利用这些程序向其他程序发出请求的方式。
And one of the most common ways to attack programs is to exploit how they make requests to other programs.
本实例是一个系统攻击程序。仅供读者学习和测试之用,否则后果自负。
This example is to attack a system process. Readers for learning and testing, or else at your peril.
如果您的程序是数据的浏览器或者编辑器——比如文字处理器或者图像显示器——那么那些数据有可能来自攻击者,所以那是不可信的输入。
If your program is a viewer or editor of data—such as a word processor or an image displayer—that data might be from an attacker, so it's an untrusted input.
这种“帮助”也可以帮助攻击者创建用于误导程序的数据。
This "help" can also aid an attacker to create data to mislead the program.
然后,收集到的信息可以用来分配资源和识别那些可能易受恶意的用户和程序攻击的机器。
The information harvested can then be used to allocate resources and identify machines that may be vulnerable to attack by rogue users and programs.
它们正在攻击您的程序-您准备好了吗?
使用这种模式,可以在一个已知的网络攻击或者病毒程序沿着网络传播期间,暂时地锁定电脑。
Use this mode to temporarily lock down computers during a known network attack or when a malicious program is spreading.
由于这个事实,将所有可执行代码转移到包含0的地址就会使得攻击该程序困难多了。
Since that's the case, moving all executable code to addresses with a 0 in it makes attacking the program far more difficult.
在SQL注入攻击中,程序会创建一个SQL命令,并将其发送给SQL解释器。
In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.
这个程序允许攻击者包括可以修改SQL命令意义的字符。
The program allows an attacker to include characters that change the meaning of that SQL command.
在当天工作时间快要结束的时候,一个公司里的用户打开了一个垃圾邮箱里的邮件,他打开了它,然后程序的攻击开始了。
At the end of the day, a user within that company opened an email. It went into his spam box, he opened it, and that launched the attack.
如果受攻击的程序是由系统管理员启动的,那么恶意代码将作为原始程序的一部分进行执行,给黑客系统中的管理员特权。
If the attacked program was initiated by a system administrator, the malicious code will then run as a part of the original program, giving the attacker administrator privileges on the system.
网站的访问量收到了绊倒安全机制,让人觉得这个搜索引擎在受到一个垃圾邮件程序的攻击。
The volume of searches the site received tripped safety mechanisms and made the search engine think it was under attack from a spambot.
问题是,如果攻击者可以控制程序用到的底层库,那么攻击者就可以控制整个程序。
The problem is that if an attacker can control the underlying libraries used by a program, the attacker can completely control the program.
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
在缓冲溢出攻击中,黑客利用了程序执行期间存储分配中的特定计算机程序漏洞。
In a buffer overflow attack, the hacker takes advantage of specific type of computer program bug that involves the allocation of storage during program execution.
在模糊测试中,用随机坏数据(也称做fuzz)攻击一个程序,然后等着观察哪里遭到了破坏。
In fuzz testing, you attack a program with random bad data (aka fuzz), then wait to see what breaks.
而根据veracode的Wysopal所说,搜索“gets ”函数——一个臭名昭著的不安全字符串操作——可以揭示很可能易受内存溢出攻击的程序。
And, searching for the function "gets" — a notoriously insecure string operation — can reveal programs that are likely vulnerable to a memory overflow, said Veracode's Wysopal.
通过这种方式,如果该程序被攻击者利用,其访问权限显然是最小的。
That way, if the program is exploited in some way, its access is explicitly minimized.
攻击活动包括列出每个应用程序中的模块。
The attack activity can include listing of modules within each application.
这样可以让攻击者控制内部数据,甚至控制整个程序。
That will let the attacker control internal data and possibly take over the program.
最近爆发的几起重大数据失窃事件,就是电子邮件和数据系统等网络应用程序遭受黑客攻击的结果。
Yet, most of the major data breaches in recent news have been the result of attacks on Web apps like email and data systems.
从根本上讲,所有这些方法都能减轻从程序接管攻击到拒绝服务攻击的缓冲区溢出攻击所带来的破坏。
Fundamentally, all these approaches reduce the damage of a buffer overflow attack from a program-takeover attack into a denial-of-service attack.
如果攻击者通过应用程序显示一组HTML,这有可能就会带来麻烦。
If the attacker has the application display a set of HTML, trouble may creep in.
或者,FLOSS是否会更不安全,因为攻击者获得了更多的信息-这会使得进行对程序的攻击更容易吗?
Or, will FLOSS be less secure because attackers have more information — making it easier to create attacks against the program?
这不如永久地去除特权好,因为如果攻击者可以控制您的程序,攻击者就可以重新启用特权并利用它。
This isn't as good as permanently dropping the privilege, since if an attacker can take control of your program, the attacker can re-enable the privilege and exploit it.
这样做可使SQL更加易于维护,且可使您的应用程序免受SQL注入攻击。
Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.
测试额外的安全性和可攻击性问题;例如,所部署应用程序上会间接伤害数据中心中其他应用程序的恶意攻击。
Testing for additional security and vulnerability issues; for example, malicious attacks on a deployed application that can indirectly harm other applications in the data center.
测试额外的安全性和可攻击性问题;例如,所部署应用程序上会间接伤害数据中心中其他应用程序的恶意攻击。
Testing for additional security and vulnerability issues; for example, malicious attacks on a deployed application that can indirectly harm other applications in the data center.
应用推荐