Abstract: Methods, systems, and media for indicating a security status of an Internet of Things (IoT) device are provided. In some embodiments, a method for indicating a security status of an IoT device is provided, the method comprising: detecting a field of view comprising an IoT device; tracking a position of the IoT device relative to the field of view; interrogating the IoT device for a status thereof; determining a security status of the IoT device based on the interrogating; selecting a graphical representation of a plurality of graphical representations based on the determined security status of the IoT device; and causing an interface to be presented that displays the graphical representation associated with the position of the IoT device in the field of view.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: Security risk evaluation across user devices is disclosed herein. An example method includes registering one or more devices associated with a first user with the computer system, determining respective security sub-scores for each item of the one or more devices, computing an overall security score for the first user based, at least in part, on an aggregation of the security sub-scores, and creating a user profile based on the overall security score, the user profile to enable the at least one of the one or more devices to exchange data with an external device when the overall security score meets a security score threshold, the user profile to prevent the at least one of the one or more devices from exchanging data with the external device when the overall security score does not meet the security score threshold.

Abstract: The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.

Abstract: There is disclosed in one example a digital video camera, including: an analog picture element; an analog-to-digital converter (ADC) to digitize input from the analog picture element; a three-dimensional (3D) scanner; compiling logic to compile the digitized input into a video stream; and insertion logic to insert interstitial 3D scene data into the video stream.

Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.

Abstract: Methods, apparatus, systems and articles of manufacture to implement a virtual private network with probe for network connectivity are disclosed. An example non-transitory computer readable storage medium is disclosed comprising instructions which, when executed, cause a machine to at least, in response to a first instruction from an operating system to establish a network tunnel, transmit a probe request to a server; and in response to not receiving, from the server, a probe response to the probe request, report that the network tunnel has been established to prevent the operating system from transmitting subsequent instructions to establish the network connection until a response to a probe request is received.

Abstract: Methods, systems, articles of manufacture and apparatus are disclosed to reduce spoofing vulnerabilities. An example apparatus to verify token integrity for a computing device includes an artifact engine to store first artifact data with a first timestamp in a device artifact storage, and store second artifact data with a second timestamp in the device artifact storage. The example apparatus includes an offchain identification protector (OIP) controller to generate a first token based on the first artifact data and the first timestamp, the first token to establish a first entry in a blockchain at a first time, and generate a second token based on the second artifact data, the second timestamp, and the first token, the second token to establish a second entry in the blockchain at a second time after the first time.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and instructions encoded within the memory to instruct the processor to: receive a uniform resource locator (URL) for analysis, the URL to access a web page via a remote server; via the network interface, retrieve from the remote server a copy of the web page; render the web page in a headless browser to provide a computer-accessible visual output; perform visual analysis of the visual output via a digital eye; compare the visual analysis to a plurality of known phishing target websites; and if the comparison identifies the web page as visually similar to a known phishing target website, detect the web page as a phishing web page.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; a user-space application including instructions to interact with a web site via a uniform resource locator (URL); and a security agent including instructions to: intercept an interaction of the user-space application with the web site; determine that the intercepted interaction is to send sensitive information to the web site; suspend the interaction; and assign a reputation to the URL.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: An apparatus, related devices and methods, having memory; and a processor operable to execute instructions stored in the memory configured to cache a first data object and a second data object received from a source in a cache group based on metadata received from the source, where the metadata identifies the first and second data objects as related and the first data object as a trigger object; receive a request from a client for the first data object; identify, based on a determination that the first data object is invalid and is the trigger object, the first data object and the second data object as invalid; request a valid first data object and a valid second data object from the source; and cache the valid first and second data objects, received from the source, in the cache group.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services.

Abstract: Methods, apparatus, systems, and articles of manufacture to deconflict malware or content remediation are disclosed. An example apparatus includes a site redirector to identify a first request to be transmitted from a client device to a destination site identified by a uniform resource locator (URL), a site verifier to determine whether the first request indicates that a user has authorized navigation to the destination site, and a URL encoder to, in response to determining that the user has authorized the navigation to the destination site, generate a data field based the domain of the destination site, the site redirector to transmit a second request to a network security monitor, the second request to indicate to the network security monitor that the user has authorized the navigation to the destination site, the second request including the data field and the URL.

Abstract: Performing content exploration includes obtaining an exploration script indicating page characteristics to explore and a definition of webpages to explore, locating DOMs required for exploration script based on the definition of webpages to explore, generating a queue of DOMs required for the exploration script, and distributing the DOMS in the queue of DOMS to a plurality of exploration devices. Each exploration device opens a DOM from the queue of DOMS in a web browser, executes the exploration script on the opened DOM to obtain DOM data for the opened DOM, and associates the generated DOM data with the opened DOM in a knowledge store.

Abstract: There is disclosed in one example a gateway apparatus, including: a hardware platform including a processor and a memory; and instructions stored within the memory to instruct the processor to: provide a domain name system (DNS) server, the DNS server to provide an encrypted DNS service, and to cache resolved domain names; receive an outgoing network packet; determine a destination address of the outgoing network packet; and upon determining that the destination address was not cached, apply a security policy.

Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.

Abstract: Methods, apparatus, systems, and articles of manufacture to deconflict malware or content remediation are disclosed. An example apparatus includes at least one processor and memory including instructions that, when executed, cause the at least one processor to at least identify data to be encoded into a token, compute a hashed string based on the data to be encoded, determine a number of characters to be included in the token, select a subset of characters from the hashed string, and generate the token using the subset of characters from the hashed string.

Abstract: A mobile device including: a position locator; a user data engine; and a reputation engine client configured to: receive a location from the position locator; operate the user data engine to provide a user profile, intent, and context data for a user, the context data including dynamic factors about the user, and the profile including relative factors about the user that are relatively static with respect to the context data from the user data engine; and determine a reputation for the location, wherein the reputation is based at least in part on a combination of the user profile, intent, and context.