Abstract: In an example, there is disclosed a computing apparatus, including a user notification interface; a context interface; and one or more logic elements forming a contextual privacy engine operable to: receive a notification; receive a context via the context interface; apply the context to the notification via a notification rule; and take an action via the user notification interface based at least in part on the applying. The contextual privacy engine may also be operable to mathematically incorporate user feedback into the notification rule. There is also described a method of providing a contextual privacy engine, and one or more computer-readable storage mediums having stored thereon executable instructions for providing a contextual privacy engine.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a whitelist; an updater, the updater being an executable object authorized to modify files within the whitelist and to launch one or more child processes; and instructions encoded within the memory to provide a system management agent to: maintain a chain of trust between the one or more child processes and the updater, wherein the one or more child processes inherit whitelist permissions associated with the updater; and track the chain of trust across a system reboot, including granting a child process the chain of trust after a reboot only if the child process has associated with it a valid certificate.

Abstract: Preventing anomalous connections includes detecting by a programmable device an attempt by a first device to connect to a second device, detecting a first connection anomaly responsive to characteristics of the first device and characteristics of one or more other devices, and prohibiting a connection between the first device and the second device responsive to detecting the first connection anomaly.

Abstract: Methods, apparatus, systems, and articles of manufacture for alerting the presence of bundled software during an installation are disclosed. An example method includes identifying installation of a software product. The software product is scanned to identify first information, the first information to include information extracted from a file associated with the software product that is indicative of a main application to be installed as part of the software product. Information displayed to a user during the installation of the software product is scanned to identify second information. Whether a bundled application is included in the software product is identified based on the first information, the second information, and the signature file.

Abstract: A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed.

Abstract: A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation.

Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Abstract: Methods, apparatus, systems, and articles of manufacture for securing a mobile device are disclosed. An example apparatus includes a housing dimensioned to receive the mobile device. A secure storage is carried by the housing. A malware scanner is carried by the housing, and is to perform a first scan of an external electronic device to detect malware. A driver loader is carried by the housing, and is to mount a secure file transfer driver in response to the first scan not identifying malware on the external electronic device. A file handler is carried by the housing, and is to detect, using the secure file transfer driver, a file to be transferred intermediate the external electronic device and the mobile device. The malware scanner is to scan the file. The file handler is to quarantine the file in response to the malware scanner detecting malware in the file.

Abstract: Disclosed is a method and system for managing contacts for a communication system by storing contact information in a centralized storage system and permitting receiving users to access the centralized contact information storage system using a token passed with communications from a sending user. The communications system may be a trusted network with trusted sending and receiving members. Each communications system member provides contact information the member may wish to make available to other parties. The member may also create a policy defining which contact information may be made available to different classes of users. A member of the communications system generates a message to send to a receiving user. A token that identifies the sending user to the communications system is embedded into the message to be sent to the receiving user.

Abstract: A system, method, and computer program product are provided for preventing data loss associated with an image. In use, an image is identified, and it is determined whether the image includes predetermined data. In addition, an action is performed based on the determination, for preventing data loss.

Abstract: Managing playback of a media file, including detecting, while a media file is playing, a trigger mechanism indicating a change in optimal play characteristics of the media file from an original format, wherein the playback of the media file is associated with a first license, in response to detecting the trigger mechanism, instructing a trusted execution environment to request an updated license from a content provider of the media file, and upon receiving a second license for the media file, the trusted execution environment enforces play of the media file using the second license for a second format. The second license allows for the play of the media file to continue at the optimal play characteristics.

Abstract: A system for securing electronic devices includes a storage device including a storage device controller processor, at least one non-transitory machine readable storage medium in firmware of the storage device communicatively coupled to the storage device controller processor, and a monitor application comprising computer-executable instructions on the medium. The instructions are readable by the storage device controller processor. The monitor application is configured to provision one or more read-only areas of the storage device, provision a candidate copy area of the storage device, reduce a maximum capacity available for user data on the storage device by a size of the read-only areas and the candidate copy area, and secure access to the read-only areas of the storage device.

Abstract: A technique allows a credential manager application on a client computer system to identify fields and forms on a web page. An analysis server may automatically crawl web pages and identify the fields and form, then push the information to the client computer system for use by the credential manager. If the credential manager discovers the information is not available, the credential manager may analyze the web form to discover the fields and form information, then provide the discovered information to the analysis server for providing to other client computers. The analysis server may use crowd-sourcing for asynchronous verification of field and form information discovered by the analysis server or provided by the client computer.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.

Abstract: In an example, a threat intelligence controller is configured to operate on a data exchange layer (DXL). The threat intelligence controller acts as a DXL consumer of reputation data for a network object, which may be reported in various different types and from various different sources. Of the devices authorized to act as reputation data producers, each may have its own trust level. As the threat intelligence controller aggregates data from various providers, it may weight the reputation reports according to trust level. The threat intelligence engine thus builds a composite reputation for the object. When it receives a DXL message requesting a reputation for the object, it publishes the composite reputation on the DXL bus.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: In an example, there is disclosed a computing apparatus having: a processor; a memory; a data interface; and one or more logic elements providing a verification engine to: receive via the data interface an input script including a request to access enterprise data; analyze the input script to determine that the input script complies with a data request criterion; apply an application programming interface (API) to the input script to collect the enterprise data; and send the enterprise data via the data interface.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to intercept a process, store execution profiling for the process if the process involves a privileged resource or a privileged operation, and analyze the code involved in each stack frame to determine malicious activity. If the process does not involve a privileged resource or a privileged operation, then the process is not analyzed.

Abstract: Context-based authentication in a secure network comprised of multiple programmable devices is described. A machine readable storage device or storage disk includes instructions that, when executed, cause a machine to obtain, from a programmable device, identity data and contextual data associated with a current authentication attempt by a user attempting to access a secure network. The contextual data indicates a number of authentication factors implementable by the programmable device in connection with the current authentication attempt. The instructions further cause the machine to determine a pattern associated with authentication of the user. The instructions further cause the machine to determine, based on the identity data, the number of authentication factors, and the pattern, a risk level associated with the current authentication attempt. The instructions further cause the machine to request additional identity data in response to the risk level not satisfying a threshold.

Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.