Abstract: Technology is disclosed for detecting, classifying, and/or enforcing policies on social networking activity. The technology can store a content policy, classify content posted to a social network, determine that the classification corresponds to the content policy, and apply an action specified by the content policy to the posted content.

Abstract: Malicious message detection and processing systems and methods are provided herein. According to various embodiments, a method includes detecting, via an intermediary node, a link included in a message, the link being associated with an unknown resource, hashing a unique identifier for a recipient of the message, coupling the hashed identifier with the link, creating an updated link and updated message, and forwarding the updated message to the recipient.

Abstract: Managing the status of documents in a distributed storage system is disclosed. Upon determining that a first version exists and a second version having a predecessor version identifier exists, the predecessor version identifier is used to determine that the second version is related to the first version. Based upon the existence of the related second version, the status of the first version is updated.

Abstract: Malicious message detection and processing systems and methods are provided herein. According to some embodiments, the messages are emails and the method for processing emails may be facilitated by way of an intermediary node which may be cloud-based. The intermediary node may be communicatively couplable with an email client and an email server. The intermediary node may execute a method that includes analyzing a link included in an email to determine if the link is associated with a potentially malicious resource, and replacing the link with an alternate link to a trusted resource if the link is associated with a potentially malicious resource.

Abstract: Dashboards for displaying threat insight information are provided herein, as well as systems and methods for generating the same. According to some embodiments, methods for providing a threat dashboard may include locating metrics regarding a malicious attack against a targeted resource, where the metrics indicate instances where users were exposed to the malicious attack or instances where a cloud-based threat detection system prevented the user from being exposed to the malicious attack. The method may also include rendering a threat dashboard for a web browser application of a client device, where the threat dashboard includes the located metrics.

Abstract: A method for filtering unsolicited emails may comprise dynamically aggregating historical email data associated with a user or a group of users and dynamically determining one or more trusted trends criteria associated with the historical email data. The method may further comprise receiving a new email addressed to the user or the group of users, calculating a score associated with the new email based on the one or more trusted trends criteria, determining that the score is above a predetermined threshold score, and, based on the determination, selectively filtering the new email.

Abstract: A computer-implemented system and method are described for detecting obfuscated words in email messages and using this information to determine whether each email message is spam or valid email (ham).

Abstract: A system and method for removing ineffective features from a spam feature set. In particular, in one embodiment of the invention, the an entropy value is calculated for the feature set based on the effectiveness of the feature set at differentiating between ham and spam. Features are then removed one at a time and the entropy is recalculated. Features which increase the overall entropy are removed and features which decrease the overall entropy are retained. In another embodiment of the invention, the value of certain type of time consuming features (e.g., rules) is determined based on both the information gain associated with the features and the time consumed implementing the features. Those features which have relatively low information gain and which consume a significant amount of time to implement are removed from the feature set.

Abstract: A system and method are described for using different types of image fingerprints to detect spam. Specifically, one embodiment of the invention dynamically calculates both an image-specific signature (e.g., MD5 checksum) and a generic signature for each image and, if a specified number of images have the same generic signature but different image-specific signatures, then a feature is fired within a spam engine to indicate that the images are spam. By way of example, a computer-implemented method is described for detecting spam images within a stream of messages comprising: generating generic signatures and image-specific signatures for images within the stream of messages; determining if two or more images with matching generic signatures have different image-specific signatures; and updating a spam filtering engine to include the matching generic signatures if the number of images with matching generic signatures but different image-specific signatures reach a specified threshold value.

Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.

Abstract: A method is described that includes comparing a characteristic of an image to stored characteristics of spam images. The method also includes generating a signature of the present image. The method further includes comparing the signature of the present image to stored signatures of spam images. The method also includes determining the spam features corresponding to the stored signatures of spam images that match the signature of the present image.

Abstract: A method is described that includes converting the present image of resolution N to resolution M, M being less than N. The method also includes generating a signature of the present converted image. The method further includes comparing the signature of the present converted image to stored signatures of converted spam images, the converted spam images being of resolution M. The method also includes determining spam features corresponding to the stored signatures of converted spam images that match the signature of the present converted image.

Abstract: A computer-implemented system and method are described for integrating a series of auxiliary spam detection models with a base spam detection model, thereby improving the accuracy and efficiency of the overall spam detection engine.

Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.

Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.

Abstract: A system and method are described for performing a correlative statistical analysis on a stream of email messages to identify new spam campaigns. For example, a method according to one embodiment of the invention comprises: extracting a series of patterns from a stream of incoming email messages; performing a correlation between the patterns to identify recurring patterns within the stream of email messages over a specified time period; dynamically updating a spam filtering engine to include a particular recurring pattern if the number of times the particular recurring pattern is detected within the specified time period is above a first specified threshold value.

Abstract: A system for communicating a message securely between a sender and a receiver. The sender provides a key server with a string specifying the receiver. The key server obtains a message key and a particular envelope encryption key corresponding with a particular envelope decryption key, encrypts the message key with the envelope encryption key (creating the envelope), and provides the envelope to the sender-client. The sender-client encrypts the message with the message key and provides it and the envelope to the receiver. The receiver-client receives these and asks an authentication server for the envelope decryption key. The authentication server obtains the envelope decryption key and provides it to the receiver. The receiver then decrypts the envelope with the envelope decryption key, to get the message key, and decrypts the message.

Abstract: A document classification system updates the logistic regression parameters of the logistic regression algorithm used to classify the documents, using a coherent gradient method based upon the coherency between the update data regarding the classifications of the documents and the combined data including both the update data and the original data used to generate the original logistic regression parameters. The classification system can be applied to an email filtering system for filtering spam email.

Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.