查詢結果分析
來源資料
頁籤選單縮合
題 名 | 近年網路攻擊與中國駭客活動=Recent Network Attack Forms and Chinese Attacker Activities |
---|---|
作 者 | 陳立函; 葉怡群; 陳世仁; 許富皓; | 書刊名 | 前瞻科技與管理 |
卷 期 | 特刊 2010.11[民99.11] |
頁 次 | 頁137-147 |
分類號 | 312.76 |
關鍵詞 | 大陸駭客; 資訊安全; 網路攻擊; 網軍; 駭客; China hacker; Information security; Cyber attack; Cyber army; Hacker; |
語 文 | 中文(Chinese) |
中文摘要 | 在本篇文章中我們將介紹目前最常見的網路攻擊型態與中國駭客的攻擊活動。隨著電腦的普及、網路的發達、與駭客技術的提昇,資訊安全已經成一越來越不可輕忽的問題,因此OWASP(Open Web Application Security Project)組織每三年就會發表一次Web應用程式安全威脅的前十名用以提醒世人網路攻擊的危險,而日前公佈的2010 Release版本中,Injection類型攻擊已經取代Cross-Site Scripting攻擊成為第一名的網路攻擊型態,但Cross-Site Scripting攻擊較為容易發動的特性讓它還是高掛排行榜第二名,前兩名的網路攻擊型態顯示Web應用程式需要更徹底與更可靠的輸入驗證機制,而新上榜的Security Misconfiguration和Unvalidated Redirects and Forwards 亦是嚴重的資安問題。隨著攻擊技術的提昇,對岸對於台灣網站的攻擊亦更加頻繁,從年初的教育部品德教育網被竄改首頁,一直到最近知名拍賣網站在愚人節遭駭,甚至中國Google也遭到中共駭客入侵,固然上述的攻擊有不同的來源與動機,但中共網路國防戰實力的提昇卻是一不容忽視的問題。 |
英文摘要 | Due to the popularity of computers and networks and the rapid progress of attacker skills, computer and network security become a more and more important issue. In the latest 2010 top 10 version, injection style attacks, instead of Cross-Site Scripting (XSS), become the number one threat to web applications. However, due to the easiness to launch a XSS attack, Cross-Site Scripting is still in the second place among various dangerous web threats. The report shows more thorough and reliable input confirmation mechanisms should be provided to web-related programs. Besides, new attack types, like Security Misconfiguration and Unvalidated Redirects and Forwards, are also serious threats to web applications. Along with the development of attack skills, attacks originating from the other side of Taiwan Strait also increase. These attacks either change the appearance of compromised web servers or inject vicious code into web pages to attack web browsers displaying them. Even though these attacks may have different origins and motivation, they clearly show the serious threats creating by the Chinese Net-force. |
本系統中英文摘要資訊取自各篇刊載內容。