即使攻击者攻击并进入了一个游戏程序,所有他能做的事情将是修改分数文件。
Even if an attacker broke into a game program, all he could do would be to change the score files.
在另一种攻击类型中,攻击者可能会修改样式表,把信息隐藏起来不让用户发现。
In another type of attack, the attacker might modify the stylesheet to hide information from users.
或攻击者可以安装一个特洛伊木马程序或不请自来的电子邮件发送软件,目的是在金融活动或造成损害品牌名称,修改公司的资源。
Or an attacker might be able to install a Trojan horse program or unsolicited E-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources.
这个程序允许攻击者包括可以修改SQL命令意义的字符。
The program allows an attacker to include characters that change the meaning of that SQL command.
基于网络的攻击:这些攻击依赖于对网络数据包的低层访问,试图通过修改通信流或者发现这些数据包中的信息来危害系统。
Network-based attacks: these attacks rely on low-level access to network packets and attempt to harm the system by altering this traffic or discovering information from these packets.
这些修改不会显著增强计算机的安全性,但是只尝试强力攻击标准端口22的一般脚本会失败,不会造成损害。
These changes don't substantially add to the security of your machine, but a common script that just tries brute force attacks at the standard port 22 will fail harmlessly.
黑客攻击的一种形式就包括修改恶意数据到ARP映射缓存,即所谓的ARP中毒。
One form of hacker attack even involves feeding bad data to ARP tables, a practice known as ARP poisoning.
当测试一个抵御模糊攻击的应用程序时,不可能做纯黑盒测试,但通过一些明显的修改,基本的想法还是可以应用的。
When you're testing a fuzz-resistant application, you can't do pure blackbox testing, but with some obvious modifications, the basic ideas still apply.
它们旨在保护数据在传输过程中不被查看、修改或攻击。
They aim to protect the data from being viewed, modified, or hacked while in transit.
尽管攻击者可能会修改您发送的数据,但是您需要确保组件会按照您希望的方式对您发送的数据进行处理。
You'll need to make sure that the component will interpret the data you send the way you expect, even if an attacker can influence the value of that data.
如果攻击者可以添加或修改某些以短横线或斜线开头的内容,并将其传递给命令行程序,那么这些内容就可能会被错误地当作选项进行处理。
If an attacker can get a leading dash or slash into something that will be passed down to a command-line program, it might get misinterpreted as an option.
现在让我们来修改消息,就像使用“中间人”攻击的黑客那样
Now let's modify the message, as a hacker might using a "man in the middle" attack
这次攻击之后,几家不相关的网站,包括LinkedIn和Woot,均给他们的用户发送邮件提醒他们,如果他们所用密码与在Gawker上的密码一样,需要尽快修改。
Following the attack several unrelated websites, including LinkedIn and Woot, sent E-mail to their users warning them to change their passwords if these were the same ones as they used for Gawker.
这种攻击类似于ping洪水攻击,但它能巧妙地修改进程。
This attack is similar to the ping flood attack but with a clever modification to the process.
如果您提供加密,则攻击者通常仍然可以通过修改您的客户机来攻击该技术。
If you provide encryption, then an attacker can generally still attack the technique by modifying your client.
另一种更狡猾的攻击方法是,入侵者可以修改通过HTTP返回的任何页面——甚至包括页面中嵌入的URL。
An even more subtle attack is that any page returned over HTTP can be potentially altered by an intruder — even URLs embedded in the page.
在这种攻击中,用户可以修改url来显示其他用户帐户的信息。
In such attacks, users modify URLs to display information of other user accounts.
这一设置确保攻击者不能修改JNDI命名空间。
This setting ensures that attackers cannot modify the JNDI namespace.
比如说,当某个用户正在进行在线转帐操作时,攻击者把目标帐户修改为属于他自己的帐户也是可行的。
For example, as a user is making an online money transfer, it is possible for an attacker to change the destination account to one that belongs to him.
攻击者将其恶意输入注入到sql语句中,以修改查询语句的逻辑。
The attacker injects his malicious inputs to the SQL statement to change the query's logic.
此外,利用这些漏洞之一,攻击者可以修改任何服务器配置参数。
In addition, leveraging one of these vulnerabilities, an attacker can modify any server configuration parameter.
更新的修改中还包括暗藏xpath注入,它降低了安置攻击所需的知识。
Newer modifications include Blind XPath injection, which reduces the knowledge required to mount the attack.
夏威夷大学的科学家建议,将塔罗树修改基因来长出一种更强壮的塔罗树,以更少受到病毒攻击的影响。
Scientists from the University of Hawaii are suggesting that the tarot be genetically modified to create a stronger plant less subject to the virus attacking it.
当他修改email地址之后,他会去一个忘记密码网页,可能一个新的密码就会被发送到攻击者的电子邮箱里了。
After he changed it, he will go to the forgotten-password page and the (possibly new) password will be mailed to the attacker's E-mail address.
历史上,很多攻击利用的是命令shell处理IFS环境变量的方法,但是当今大部分的shell(包括GNUbash)已经经过了修改,从而使IFS难以利用。
Historically, many attacks exploited the way the command shell handled the IFS environment variable, but most of today's shells (including GNU bash) have been modified to make IFS harder to exploit.
然而,攻击者也可以通过修改email地址来接管帐户。
However, the attacker may also take over the account by changing the E-mail address.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
“毒蛇守护”修改为:猎人获得毒蛇守护,使远程和近战攻击能够恢复法力,但降低你的伤害50%。
Aspect of the viper changed to - the hunter takes on the aspect of the viper, causing ranged and melee attacks to regenerate mana but reducing your total damage done by 50%.
通过修改url,攻击者可以对数据库结构逆向开发,有可能找到用户姓名、口令甚至信用卡号。
By modifying the URL, attackers can reverse-engineer the database structure and potentially find users' names, passwords, or even credit card Numbers.
改进了一种可抵抗去同步攻击的数字音频盲水印算法,该算法通过修改多个采样值的统计均值嵌入同步码,解决了空域嵌入同步码的不稳定性问题。
A robust digital audio watermarking algorithm is presented, which can resist desynchronization attack effectively. We embed synchronization code by modifying the mean value of several samples.
应用推荐