The attacker knocked on their door and made a lunge for Wendy when she answered.
袭击者敲了他们的门,并在温迪开门时,向她猛冲过去。
The attacker threatened them with a gun.
袭击者用枪威胁他们。
If your program is a viewer or editor of data—such as a word processor or an image displayer—that data might be from an attacker, so it's an untrusted input.
如果您的程序是数据的浏览器或者编辑器——比如文字处理器或者图像显示器——那么那些数据有可能来自攻击者,所以那是不可信的输入。
Luckily, Zhang had just learned how to escape from an attacker, a person who plans to hurt someone.
幸运的是,张刚学会了如何从计划伤害他人的袭击者手中逃脱。
After you get all the assets for assessment identified, the next step is to identify and assess the vulnerabilities of each asset that a hacker or attacker could maliciously exploit.
识别了所有要评估的资产之后,下一个步骤就是识别并评估每种资产可能被黑客或攻击者利用的漏洞。
A creative attacker can take advantage of a buffer overflow vulnerability through stack-smashing and then run arbitrary code (anything at all).
有创造力的攻击者会透过摧毁堆叠利用缓冲区溢位的弱点,然后执行任何程序码。
The attacker then calls a customer service representative at the site, posing as the shopper and providing personal information.
攻击者接下来在网站上调用客户服务,作为购物者登录并且提供个人信息。
The sophisticated attacker finds a weakness in a similar type of software, and tries to use that to exploit the system.
富有经验的攻击者可以发现同类软件的缺点,并且尝试利用这些弱点来进入系统。
A common scenario is that the attacker calls the shopper, pretending to be a representative from a site visited, and extracts information.
一个常见的场景是攻击者打电话给购物者,假装是购物者所访问站点的代表,并且提取信息。
But missile attacks on ships are rare, so it is difficult to know just how safe a ship really is-especially if an attacker launches a dozen or so missiles at once.
但舰船受到导弹攻击的案例非常少,因此很难判断一条战舰躲过导弹攻击的劫数有多大,特别是在攻击者一次发射十多枚导弹的情况下。
Determining the identity of the attacker was a matter of narrowing down the line of potential suspects.
确定攻击者的身份需要逐渐缩小一连串嫌疑人的范围。
Women were cooking dinner, men were praying and children were playing nearby when the attacker struck, a witness said.
妇女烹饪晚餐,男子祈祷和孩子们玩附近时,攻击者击中,一位目击者说。
For instance, pseudo-random Numbers are used for process IDs and packet IDs, which makes spoofing significantly more difficult for a would-be attacker.
例如,伪随机数可用于进程ID和包id,这使得那些想要进行攻击的人很难进行欺骗。
An attacker who can convince a user to access a URL supplied by the attacker could cause script or HTML of the attacker's choice to be executed in the user's browser.
攻击者诱导用户访问由攻击者提供的URL,从而导致在用户的浏览器中执行攻击者选择的脚本或HTML。
A malicious attacker can still sniff the wire (note that password digest is not encrypted by default) and replay the entire UsernameToken, so nonce and timestamp checking are imperative.
恶意攻击者仍可以探查连接(请注意,缺省情况下密码摘要没有被加密)并回复整个UsernameToken,因此nonce和时间戳检查是缺一不可的。
Therefore, as a hack, an attacker might authenticate as a valid user, but then provide an HTTP header (perhaps the iv-cred) that implies more permissions than he actually has.
因此,攻击者可能作为一个有效用户通过认证,然后提供一个HTTP 消息头(可能为 iv-cred ),这个消息头表明他比实际上有更多的权限。
A malicious attacker can make use of this behavior and launch a remote denial-of-service attack against a vulnerable network service over the Internet.
恶意攻击者可以利用这一点,通过Internet对网络服务发动远程拒绝服务攻击。
Essentially, if you allow an attacker to run code on such a machine through any means, the attacker can completely take over the machine.
从本质上说,如果您允许攻击者在这样的机器上以任何方式运行代码,则攻击者完全可以接管该机器。
But once an attacker can run code on such a machine, the attacker instantly attains complete control.
但是,一旦攻击者可以在这样的机器上运行代码,就可以立即获取完全控制。
Even if an attacker broke into a game program, all he could do would be to change the score files.
即使攻击者攻击并进入了一个游戏程序,所有他能做的事情将是修改分数文件。
If this occurred, the sequence Numbers would definitely be different than what we expected. This also protects us from an attacker dropping a message.
如果他这么干,则序列号一定和我们所期待的不一样,这就保护了我们不受攻击者们扔消息的攻击。
Although URIs provide a lot of flexibility, if you're accepting a URI from a potential attacker, you need to check it before passing it on to anyone else.
尽管uri提供了很大的灵活性,可是如果您接收到了一个来自攻击者的URI,您需要在把它转给任何其他人之前检查它。
If an attacker can cause a buffer to overflow, then the attacker can control other values in the program.
如果攻击者能够导致缓冲区溢出,那么它就能控制程序中的其他值。
Your application might need a few more, but limit them -- don't accept data from a potential attacker unless it's critically needed.
您的应用程序可能还需要更多,但是要限制它们 ——除非是特别需要,否则不要接受潜在的攻击者的数据。
The problem is that if an attacker can control the underlying libraries used by a program, the attacker can completely control the program.
问题是,如果攻击者可以控制程序用到的底层库,那么攻击者就可以控制整个程序。
Even if monitored, a casual attacker will be stymied by the presence of backspace and other characters that apparently alter the presence or order of characters in the password string.
即使受到监视,使用后退键或者其他明显破坏密码字符串显示和顺序的字符,都可以使偶然的攻击者无所适从。
The attacker, a veteran systems administrator, has a problem with her job and takes it out on the systems she is trusted to administer, manage, and protect.
攻击者,一名经验丰富的系统管理员,在工作中遇到了问题,而拿她自己管理、保护的系统发泄。
In most cases, if you create a list of "illegal" characters, an attacker will find a way to exploit your program.
在绝大多数情况下,如果您创建了一个“非法”字符的列表,攻击者还是可以找到利用您的程序的方法。
If a system authenticates based solely on fingerprints, an attacker could reasonably construct a fake hand after carefully gathering fingerprints of an authorized user of the system.
如果系统认证仅基于指纹,则攻击者可以在仔细搜集了系统已认证用户的指纹后适当地构造一只假手。
If a system authenticates based solely on fingerprints, an attacker could reasonably construct a fake hand after carefully gathering fingerprints of an authorized user of the system.
如果系统认证仅基于指纹,则攻击者可以在仔细搜集了系统已认证用户的指纹后适当地构造一只假手。
应用推荐