如果您的程序是数据的浏览器或者编辑器——比如文字处理器或者图像显示器——那么那些数据有可能来自攻击者,所以那是不可信的输入。
If your program is a viewer or editor of data—such as a word processor or an image displayer—that data might be from an attacker, so it's an untrusted input.
黑客可以使用这种攻击技巧来检索、破坏或删除数据。
A hacker could use this attack technique to retrieve, corrupt, or delete data.
消息探听——通过检查消息中所有或部分内容对数据隐私进行直接攻击。
Message snooping — a direct attack on data privacy by examining all or part of the content of a message.
所有类型的电脑都容易遭受电力故障或数据被盗。但是细菌对于网络攻击是免疫的。你可以对信息进行安全地保护。
All kinds of computers are vulnerable to electrical failures or data theft. But bacteria are immune from cyber attacks. You can safeguard the information.
通过诱使一个WPA发送大量的数据,然后无需使用字典式攻击,而是使用数学方法就可以破解掉它。
This is done by tricking a WPA to send out a large amount of data, and then mathematically cracking it without using a dictionary attack.
但是当你查看数据时,就会发现那些被攻击的市场并不是被随意选中的。
When you look at the data, however, it is hard to argue that the markets have been attacking at random.
一种保护在文档透明性基础上构建的敏感数据免受攻击的方法是通过加密部分XML文档来降低透明性。
One way to protect sensitive data from attacks built on document transparency is to curtail the transparency by encrypting parts of XML documents.
这样使得操纵返回地址困难多了,但它不会阻止改变调用函数的数据的缓冲区溢出攻击。
This makes it much harder to manipulate the return address, but it doesn't defend against buffer overflow attacks that change the data of calling functions.
除了溢出的利用以外,SQL注入是另一类依赖于开发人员没测试输入数据的疏漏的攻击。
In addition to the overflow exploits, SQL injection is one other type of attack that relies on developer oversight by not testing incoming data.
答案在各种情况下不尽相同;实际上,您的程序可能会通过您所没有想到的途径得到攻击者的数据。
The answer is from a surprising number of places; in fact, your program may be getting data from an attacker in ways you weren't prepared for.
如果程序无论如何还是使用了结果数据,那么攻击者会尝试填满缓冲区,以便在数据被截断时使用他希望的任何内容来填充缓冲区。
If the program USES the resulting data anyway, an attacker will try to fill up the buffer so that when the data is truncated, the attacker will fill the buffer with what the attacker wanted.
只要可能,请确保您发送的数据不会受到攻击者的控制。
When possible, make sure that the data you send won't be controlled by an attacker.
数据也暗示肝脏和肾脏可能是乙苯毒性攻击目标。
Data also suggests that the liver and kidneys may be a target of toxicity for ethylbenzene.
使用看起来可信任的中间媒介传输恶意数据的攻击被称为“交叉站点恶意内容”攻击。
Attacks that exploit an apparently trustworthy intermediary to pass on malicious data are called "cross-site malicious content" attacks.
在网络上传输的数据容易受到各种网络攻击,例如嗅探网络传输、不可抵赖性、篡改数据、欺骗、拦截和捕捉回复。
The data transmitted over the network is susceptible to network attacks like snooping the network traffic, non-repudiation, tampering the data, spoofing, hijacking, and capture-replay.
不幸的是,将数据从攻击者传递到对数据进行解释的库是非常常见的。
Unfortunately, passing data from attackers to libraries that interpret that data is common.
然而,事实上所有的在线数据都极容易遭受数据损坏、恶意攻击甚至意外删除。
However, the fact remains that any data that is online is susceptible to data corruption, malicious attacks, and even accidental deletion.
受到攻击的数据包括用户姓名及电子邮箱地址,介绍信,个人简历及一些两年前的信息。
The compromised data included names and email addresses, covering letter and CVs, and some of the information was thought to be up to two years old.
难道就任由无人飞行器仅仅依据其数据分析就发动攻击吗?
Does it follow that an unmanned aircraft should be allowed to fire a weapon based entirely on its own data analysis?
在模糊测试中,用随机坏数据(也称做fuzz)攻击一个程序,然后等着观察哪里遭到了破坏。
In fuzz testing, you attack a program with random bad data (aka fuzz), then wait to see what breaks.
不管怎样,输入值验证和数据消毒(sanitation)是防止XSS攻击的关键因素。
In either case, input value validation and sanitization are the key to preventing XSS attacks.
数据篡改——利用访问控制机制中允许攻击者对Web服务进行未经授权调用的弱点来更改数据。
Data tampering — Exploiting weakness in the access control mechanism that permits the attacker to make unauthorized calls to the Web service to alter data.
当我追踪网络攻击时,Zone - H的数据是非常方便的工具。
When I have tracked website attacks, I've found it convenient to look at the Zone-H statistics.
这种类型的攻击只可能在数据库或密码存储已经暴露的情况下进行。
This type of attack is only possible if the database or password store is already compromised.
因此,我对于工作中得出的相关数据分析结果非常的感兴趣,这些数据最近发表在赛门铁克关于攻击工具和恶意站点的报告中。
So, I was especially interested in the results of some related data analysis that I worked on for on the recently released Symantec Report on Attack Kits and Malicious Websites.
您的应用程序可能还需要更多,但是要限制它们 ——除非是特别需要,否则不要接受潜在的攻击者的数据。
Your application might need a few more, but limit them -- don't accept data from a potential attacker unless it's critically needed.
在向重用的组件传递数据时,攻击者可能试图向您的应用程序提供数据,从而做一些您不期望的事情。
Attackers may try to provide data to your application that, when passed on to the reused component, will do what you don't expect.
常见的格式化字符串攻击来自于一个思想:攻击者可以控制显示数据所使用的格式。
The often-serious format string attack is based on the idea that an attacker can control the format used to display data.
测试额外的安全性和可攻击性问题;例如,所部署应用程序上会间接伤害数据中心中其他应用程序的恶意攻击。
Testing for additional security and vulnerability issues; for example, malicious attacks on a deployed application that can indirectly harm other applications in the data center.
测试额外的安全性和可攻击性问题;例如,所部署应用程序上会间接伤害数据中心中其他应用程序的恶意攻击。
Testing for additional security and vulnerability issues; for example, malicious attacks on a deployed application that can indirectly harm other applications in the data center.
应用推荐