该攻击主要依赖于用户在浏览器中输入url却没有直接激活ssl会话,而大部分用户激活(SSL)会话都是通过点击提示的按钮。
The attack relies on users not directly calling up an SSL session by typing a URL into a browser. Most users initiate sessions by clicking on a button.
用户可能会被提示单击此链接并登录到该站点,攻击者会借此获得用户的登录信息。
The user may be prompted to click on the link and log on to the Web site, whereby the attacker can seize the user's log on information.
应用推荐