1、10.2.1 cookie和网臭虫() 网臭虫 第三方网站放置在其他网站面上的微小片 目的 第三方网站提供一种往 者算机上放置cookie的 途径 互网广告界: 将网臭虫称“透明GIF”或“1X1GIF” 片以GIF格式建 色 “透明”,尺寸小到1X1像素 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be
2、 scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 21 10.2.2 活内容 活内容 面上嵌入的用透明的程序 可完成一些作 子商上的例子 将中的商品放入物;算税和款 展了HTML的功能 一些数据理的繁工作从忙碌的服器移到用 的客机上行 劣 有可能害客机 2013 Cengage Learning. All Rights Reserved. This edition is intended for use
3、outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 22 10.2.2 活内容() cookie、Java小用程序、JavaScript、VBScript和 Active X控件, 片、We 器插件、子件附件 脚本言: 提
4、供可行脚本 例子: JavaScript 和 VBScript Applet:很小的用程序 比典型的是在Web器中运行 有些 器有能限制JavaScript applet行的工具 活内容模 嵌入在Web网里(不可) 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, dup
5、licated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 23 10-4 Mozila Firfox的高置 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be sca
6、nned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 24 10.2.2 活内容() 客:嵌入意活内容 特洛伊木 藏在另外的程序或Web面中的程序 掩盖其真目的 可能致保密性和完整性侵害 僵尸(特洛伊木程序) 秘密接管一台算机 起其他算机的攻 僵尸网(僵尸 ) 所有受控制的算机作一个攻整体 在网中的算机全部成傀儡机也被称僵尸 2013 Cengage Learning. All Rights Reserved. Th
7、is edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 25 10.2.3 Java小用程序 Java 程言 由Sun微系公司开 广泛用于开提供活内容的网 Java
8、:是一种具有平台独立性的高程序 言 提供网的活内容 Web服器将Java小用程序随客机所求的 面一起出 大部分的情况下:操作 者是可的 可能的情况是:Java小用程序也可以行网站 者不注意的功能 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, o
9、r posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 26 10.2.3 Java小用程序() 增强了商用的功能; 解放了非常繁忙的服器端程 序 劣 可能害算机的安全(运行特洛伊木或将客机 成僵尸) 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different
10、 from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 10.2.3 Java小用程序() Java沙箱 是根据安全模式所定的 来限制Java小用 程序的活。 些 适于所有不可信的Java小用程序。 些Java小用程序尚未被明是安全的 当Java小用程序在Java沙箱限制的范内运行 , 它 客机没有完全的 限 防止了破坏保密性(泄密)和完整性(
11、除或 修改) 27 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Editio
12、n 28 10.2.4 JavaScript JavaScript JavaScript是网景公司开的一种脚本言 支持面 人 建活内容 只是很松散地基于Sun公司的Java程言 能被用于攻 JavaScript程序不能自行启 意的JavaScript程序只有在用 手启后 才会运行 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition
13、. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 29 Active X控件 Active X 控件 含有面人放在面来行特定任的程序和 属性的象 件构建 可用各种不同的程序 言 常用: C+ 和 Visual Basic 运行在安装Windows操作系的算机上 能像客机上的其他程序一 行 2013 Cengage Learning. All Rights Reserved. Thi
14、s edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 30 10.2.5 Active X控件() 全面的ActiveX 控件列表 D网站上的ActiveX面 安全
15、危 能像客机上的其他程序一行 所有系源 能破坏保密性、完整性或即需性 控件启后不能中断 Web 器 在网站企下并安装Active X控件(或其它件) 出提醒 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publi
16、cly accessible website, in whole or in part. E-Business, Tenth Edition 31 10-5 IE器中Active X下警告框 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or
17、posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 32 10.2.6 形与插件 形、 器插件和子件附件均可存可行 的内容 形:嵌入在形中的代可能会破坏客机 器插件(程序) 增强器功能 流行的插件: Adobe Flash Player, Apples QuickTime Player, Microsoft Silverlight, RealNetworks RealPlayer 能成安全威 1999 RealPlayer 插件事件 插件行藏在相媒体里的指令 2013 C
18、engage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 33 10.2.7 病毒、蠕
19、虫和防病毒件 通自 行所关的程序来示附件 附件中的宏病毒会造成害 病毒: 件 将自身附在另一个程序上的一段小程序 当宿主程序启后会行破坏活 蠕虫: 病毒 在被感染算机上自我复制的病毒 在互网上迅速播 宏病毒 嵌入在文件中的称做“宏”的小程序 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned
20、, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 34 10.2.7 病毒、蠕虫和防病毒件() ILOVEYOU 病毒 (“love bug”) 播速度惊人 感染算机并堵塞子件系 通微Outlook子件爆炸式的自我复制 造成其他危害 2001色代蠕虫和尼姆达病毒/蠕虫合体 多向病毒:以多种方式入侵算机系 2002 和 2003年:新的病毒-蠕虫合体 例如:怪物(Bugbear)病毒 2013 Cengage Learni
21、ng. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part. E-Business, Tenth Edition 35 10.2.7 病毒、蠕虫和防病毒件() 防病毒件 病毒和蠕虫 将他从客机上除或者隔离开来 2005 和 2006年:病毒 具有特洛伊木-蠕虫合威的赕N(鵑)傰輀輁圃脃愄唄渀椀琀攀猀猀漀渀匀甀洀洀攀爀猀漀洀椀渀最恾顎呓搀漀挀唀渀椀琀攀猀猀漀渀匀甀洀洀攀爀猀漀洀椀渀最恾顎呓搀漀挀尀尀愀愀挀昀愀挀昀昀戀戀攀搀夀欀稀堀漀圀氀爀焀琀