问题出现时,链接攻击我的自由。
但是实际上是一个用新浪微博的短链接“t.c n”做掩护的脚本链接攻击。
But this was a scripted url attack under the disguise of Sina Weibo's short link "t.cn".
在本方案中,当用户执行邮件消息中的恶意链接时,就会不知不觉地执行攻击者编写的脚本。
In this scenario, the user unknowingly executes scripts written by an attacker when they follow a malicious link in a mail message.
钓鱼攻击在网上很常见,常常是以收到看似合法的电子邮件开始,邮件中含有逼真的网站(常常是银行或电子邮件供应商)的链接。
Phishing attacks are common online, and usually begin with the arrival of a legitimate-looking email containing a link to a realistic-looking website - often a bank or email provider.
请看Google News中有关罗迪市的链接,在我的专栏截稿前,关于一名男性因在法庭上攻击一位法官被警察击毙的报道共有781篇文章。
Looking at our Lodi links, the top story about a man who attacked a judge in court and was killed by police had 781 articles at my deadline for filing this column.
使用符号链接的竞争条件攻击。
事实上,WebApplicationSecurityConsortium (WASC)在2009年初就估计,所有Web站点中有87%是有漏洞,会被攻击的(有关更多信息,请参见参考资源中的链接)。
In fact, the Web Application Security Consortium (WASC) estimated in early 2009 that 87% of all Web sites were vulnerable to attack (see Resources for links to more information).
很多攻击只有在它们欺骗有特权的程序做一些计划外的事情而且程序的特权被启用时才会成功(例如,通过创建不合常理的符号链接和硬链接)。
Many attacks only work if they trick the privileged program into doing something unintended while its privileges are enabled (for example, by creating weird symbolic links and hard links).
攻击者可以蓄意地安排他们的输入,使之溢出引号之外,并在您想运行的真正查询后面链接上任意一个查询。
Attackers can deliberately craft their input so that it escapes out of quoting, and chain an arbitrary query on the end of the one you had intended to run.
用户可能会被提示单击此链接并登录到该站点,攻击者会借此获得用户的登录信息。
The user may be prompted to click on the link and log on to the Web site, whereby the attacker can seize the user's log on information.
如果您对此关心,可以参考IETFRFC 2965,可以得到关于这种攻击的详细说明(在参考资料中有相关链接)。
Details on how this attack works are explained in IETF RFC 2965, if you're curious (see Resources for a link).
但攻击者只需找到你应用防御措施或是应用链接的框架和库中的一个漏洞,就可以控制你的应用及其所拥有的权限。
But an attacker needs only to find a single hole in your defenses, or in any of the frameworks and libraries that you link against, to gain control of your app along with all of its privileges.
通常攻击者会把链接中的恶意内容编码成HEX(或其他编码方法),所以减少了用户点击时的怀疑。
Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.
攻击者可以蓄意地安排他们的输入,使之溢出引号之外,并在您想运行的真正查询后面链接上任意一个查询。
Attackers can deliberately craft their input so that it escapes out of quoting and chain an arbitrary query on the end of the one you had intended to run.
这些攻击事件在短时间内产生大量的流量链接,导致网络堵塞甚至瘫痪。
These attacks generate a lot of traffic within a short time, which may cause network congestion.
这些攻击事件在短时间内产生大量的流量链接,导致网络堵塞甚至瘫痪。
These attacks generate a lot of traffic within a short time, which may cause network congestion.
应用推荐