Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: One embodiment provides a method for authenticating an electronic communication. The method includes parsing a header of the electronic communication to identify actual domain name data included in the header at a server receiving the electronic communication from a communication client; parsing the header to obtain purported sender data included in the header of the electronic communication; comparing the actual domain name data and purported sender data; and generating in response to the comparison an authenticity indicator, to provide a recipient of the electronic communication with an indication of the likelihood that the electronic communication was sent from a purported sender of the electronic communication.

Abstract: A method includes generating an authenticity indicator for an electronic communication based on a comparison of domain name data and purported sender data associated with the electronic communication, the authenticity indicator indicating a likelihood that the electronic communication was sent from a purported sender of the electronic communication. The authenticity indicator is presented to the recipient of the electronic communication.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A system for identifying perpetrators of fraudulent activity includes location logic for locating, extracting, or capturing identifying information from a client communication received from a client device. For example, the location logic may locate, or extract, a variety of message headers from an HTTP client request. The system may also include analyzer logic to analyze the identifying information, for example, by comparing the identifying information with previously captured identifying information from a previously received client communication. Finally, the system may include account identifier logic to identify user accounts associated with the previous client communication in which the same identifying information was extracted.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A system for identifying perpetrators of fraudulent activity includes location logic for locating, extracting, or capturing identifying information from a client communication received from a client device. For example, the location logic may locate, or extract, a variety of message headers from an HTTP client request. The system may also include analyzer logic to analyze the identifying information, for example, by comparing the identifying information with previously captured identifying information from a previously received client communication. Finally, the system may include account identifier logic to identify user accounts associated with the previous client communication in which the same identifying information was extracted.

Abstract: A method and system to verify active content included within a markup language document store multiple instances of publication information (e.g., an e-commerce listing or e-mail message) in a database associated with a server system. The stored publication information includes active content (e.g., web pages that include an executable script or point to an executable script). Selected active content is retrieved from the database, and subject to a verification process. The verification process is to verify that the selected active content is not malicious. The selected active content is selectively published based on an outcome of the verification process.

Abstract: A method and system to verify active content included within a markup language document store multiple instances of publication information (e.g., an e-commerce listing or e-mail message) in a database associated with a server system. The stored publication information includes active content (e.g., web pages that include an executable script or point to an executable script). Selected active content is retrieved from the database, and subject to a verification process. The verification process is to verify that the selected active content is not malicious. The selected active content is selectively published based on an outcome of the verification process.

Abstract: A method includes generating an authenticity indicator for an electronic communication based on a comparison of domain name data and purported sender data associated with the electronic communication, the authenticity indicator indicating a likelihood that the electronic communication was sent from a purported sender of the electronic communication. The authenticity indicator is presented to the recipient of the electronic communication.

Abstract: A method includes generating an authenticity indicator for an electronic communication based on a comparison of domain name data and purported sender data associated with the electronic communication, the authenticity indicator indicating a likelihood that the electronic communication was sent from a purported sender of the electronic communication. The authenticity indicator is presented to the recipient of the electronic communication.

Abstract: A method includes generating an authenticity indicator for an electronic communication based on a comparison of domain name data and purported sender data associated with the electronic communication, the authenticity indicator indicating a likelihood that the electronic communication was sent from a purported sender of the electronic communication. The authenticity indicator is presented to the recipient of the electronic communication.

Abstract: A system for identifying perpetrators of fraudulent activity includes location logic for locating, extracting, or capturing identifying information from a client communication received from a client device. For example, the location logic may locate, or extract, a variety of message headers from an HTTP client request. The system may also include analyzer logic to analyze the identifying information, for example, by comparing the identifying information with previously captured identifying information from a previously received client communication. Finally, the system may include account identifier logic to identify user accounts associated with the previous client communication in which the same identifying information was extracted.

Abstract: A method and apparatus for authenticating an electronic message are provided. The method includes investigating data in a header of the electronic message, and generating an authenticity indicator in response to the investigation. The authenticity indicator may provide an indication of the likelihood that the electronic message was sent from a purported sender visible to a recipient of the electronic message. In certain embodiments, the method includes presenting the authenticity indicator to the recipient of the electronic message. Investigating data in the header may include parsing the header to obtain purported sender data in a from field populated at a mail client and to obtain actual originator data, comparing the purported sender data and actual originator data, and generating the authenticity indicator in response to the comparison. The from field may be the “FROM: . . . ” field of an email message provided to identify a sender of the email message.

Abstract: A method and system for analyzing network traffic are provided. A network traffic analyzer includes a plurality of data switching devices connected to a plurality of data hubs. Each data hub may have multiple input ports and multiple output ports and may be configured to broadcast all data packets received at an input port to all output ports. Each data switching device may be configurable to forward data packets to an input port of any one of the plurality of data hubs, any subset of the plurality of data hubs, or all data hubs of the plurality of data hubs, based on a characteristic of one or more data packets. Furthermore, at least one network sensor device may be connected to an output port of a data hub of the plurality of data hubs. The network sensor device may be configured to analyze data packets in real time for, among other purposes, detecting network intrusions.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A method and system to verify active content included within a markup language document store multiple instances of publication information (e.g., an e-commerce listing or e-mail message) in a database associated with a server system. The stored publication information includes active content (e.g., web pages that include an executable script or point to an executable script). Selected active content is retrieved from the database, and subject to a verification process. The verification process is to verify that the selected active content is not malicious. The selected active content is selectively published based on an outcome of the verification process.

Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.