Clickjacking 点击劫持
Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to “play” a video but actually is tricking users to make their social networking profile information public. “点击劫持”是一种恶意攻击技术,用于跟踪网络用户,获取其私密信息或者通过让用户点击看似正常的网页来远程控制其电脑。很多浏览器和操作平台都有这样的漏洞。“点击劫持”技术可以用嵌入代码或者文本的形式出现,在用户毫不知情的情况下完成攻击,比如:点击一个表面显示是“播放”某个视频的按钮,而实际上完成的操作却是将用户的社交网站个人信息改为“公开”状态。 The word clickjacking first appeared in 2008, coined by Internet security experts Robert Hansen and Jeremiah Grossman. The term is, of course, a blend of the words click and hijacking (=illegally taking control of something). “点击劫持”(clickjacking)这个词首次出现在2008年,是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼首创的。这个词其实是“点击”(click)和“劫持”(hijacking)两个词组合而成的。 |