http://en.wikipedia.org/wiki/Login_spoofing
Login spoofings are techniques used to steal a user's password. The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program, usually called a Trojan horse under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.
登录欺骗是一种盗取用户密码的技术。攻击者控制的木马程序像正常用户一样使用用户名和密码登录。当使用某个用户名和密码进入,相关信息就会被记录下来并传送给攻击者,破坏系统的安全。
To prevent this, some operating systems require a special key combination (called a Secure attention key) to be entered before a login screen is presented, for example Control-Alt-Delete. Users should be instructed to report login prompts that appear without having pressed this secure attention sequence. Only the kernel, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised.)
为了阻止该攻击,一些操作系统需要一些关键键的组合[成为安全注意键](如Control-Alt-Delete)才能显示登录画面.系统会提示用户输入安全注意序列才能出现登录提示。只有与硬件交互的操作系统的内核才能检测到安全注意关键键的输入,所以第三方软件不能拦截安全关键键(除非系统内核被攻破了)
Login spoofing can be considered a form of social engineering.
登录欺骗被认为是社会工程的一种形式
Similarity to phishing[edit]
Whereas the concept of phishing usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with, login spoofing usually is indicative of a much more heinous form of vandalism or attack in which case the attacker has already gained access to the victim computer to at least some degree.
1486
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
