Abstract: Methods, apparatuses, and systems relating to narrow beam communications and wireless networking are disclosed. Exemplary methods for wireless networking and communications may include identifying a geographic area, receiving topography data related to the geographic area, analyzing the topography data, identifying a first line of sight path related to a first access point location and one or more customer premises device locations based at least in part on the analyzing, and identifying a second line of sight path based at least in part on a predetermined amount.

Abstract: In certain embodiments, a method includes mapping, by a first application, personally identifiable information to an anonymous identification, generating, by the first application, a key, and sending, by a first appliance, the anonymous identification and the key to a second appliance, wherein the first appliance comprises the first application. The method also includes receiving, by the first appliance and from a browser, a token generated by a second application of the second appliance, wherein the token is associated with the key. The method further includes sending, by the first appliance, the personally identifiable information to the browser after receiving the token from the browser.

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information are stored into the clipboard. A paste operation is evaluated based on the data, and the information is evaluated against a policy to determine whether the paste operation should be blocked.

Abstract: The disclosed computer-implemented method for registering user accounts with multi-factor authentication schemes used by online services may include (1) determining that a user is associated with an account with an online service that allows the user to register the account with an MFA scheme that requests the user to complete multiple authentication steps before being allowed to access the account, (2) identifying, based on an analysis of the online service, at least a portion of the information that is requested by the online service to register the account with the MFA scheme, and (3) providing the requested information to the online service such that the account is registered with the MFA scheme. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for managing data loss prevention policies for applications may include 1) maintaining, in at least one database, a categorization of at least one application as either a business application or a personal application, 2) assigning, in the database, a data loss prevention policy to the application based on the categorization of the application in the database as either a business application or a personal application, 3) detecting that the application is attempting to access sensitive data, and 4) applying, in response to the detected attempt by the application to access sensitive data, the data loss prevention policy assigned to the application to the detected attempt by the application to access sensitive data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting suspicious microcontroller messages may include (1) observing a typical interval at which messages are sent over a network by a microcontroller, (2) identifying a message sent over the network by the microcontroller, (3) determining that the interval between the message and the previous message sent by the microcontroller does not comprise the typical interval, and (4) categorizing the message as a suspicious message in response to determining that the interval does not comprise the typical interval. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to one embodiment, a computer-implemented method comprises determining a first threat score and a second threat score respectively corresponding to a first user action and a second user action on one or more computer applications and calculating an aggregate threat score for the determined threat scores. Calculating the aggregate threat score comprises summing together the first threat score and a contribution of the second threat score, wherein the contribution of the second threat score is determined based on the second threat score and a margin corresponding to the difference between a maximum threat score and the first threat score.

Abstract: A computer-implemented method for authenticating whole disk encryption systems may include (i) detecting, by a computing device, an attempt to initiate a boot process on the computing device, (ii) verifying, by the computing device, an initial decryption key, (iii) decrypting, by the computing device, an initial set of software required to boot crucial functions of the computing device using the initial decryption key, (iv) detecting, by the computing device, a secondary device running an authentication application, (v) receiving, by the computing device, a second decryption key from the authentication application on the secondary device, and (vi) completing the boot process on the computing device based on a security policy associated with the second decryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, apparatuses and systems facilitating enhanced classification of network traffic based on observed flow-based and/or host-based behaviors.

Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.

Abstract: The disclosed computer-implemented method for sending push notifications that include preferred data center routing information may include (1) configuring at least one rule for determining which data center out of a plurality of data centers is preferred to serve one or more download requests, (2) identifying a push notification that is configured to prompt a device to download data from a data center within the plurality of data centers, (3) using the rule to select, from the plurality of data centers, a preferred data center to which to route the device, and (4) embedding information about the preferred data center in the push notification sent to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically making selections in user interfaces may include (1) detecting, on a computing device, a user interface that comprises a prompt for a user of the computing device to select between a first option and a second option, (2) identifying a profile for making, on behalf of the user, a predetermined selection of one of the first option and the second option, (3) determining that the predetermined selection indicates that the first option should be selected on behalf of the user, and (4) selecting, from the prompt, the first option on behalf of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for presenting information on a graphical user interface are disclosed. In one embodiment, the techniques may be realized as a method for presenting information on a graphical user interface including displaying an endpoint interface via the graphical user interface on a display unit, determining whether an event mode for the endpoint interface has been selected, displaying the endpoint interface in the event mode when the event mode has been selected, determining whether an event has been detected, and displaying the detected event on the endpoint interface in the event mode when the event has been detected.

Abstract: Methods, computer program products, computer systems, and the like, which protect messages in an electronic messaging system, are disclosed. The methods, computer program products, computer systems, and the like include detecting an occurrence of an event, and, in response to the detecting the occurrence of the event, scanning a message. The occurrence of the event indicates that the message should be scanned. The message includes recipient information, which identifies a recipient of the message, and is stored in a message store. The message has been received at a message destination associated with the recipient. The scanning uses a malware definition. The scanning is performed prior to the message being retrieved from the message store in response to a request by the recipient to retrieve the message from the message store. The event is other than the request by the recipient to retrieve the message from the message store.

Abstract: A system and method for .Net PE files malware detection is provided. The method may include accessing two or more portable executable (PE) files and detecting at least one identical global user identifier (GUID) attribute. In response to finding identical GUID attributes, the method may include clustering a group of files into family clusters each having the same GUID attribute. The method may generate and release a signature for the family cluster. An exoneration criteria level may be set in accordance with matching characteristics associated with an acceptable software standard for the computing system or network, such that when the exoneration criteria level is reached, the PE file is exonerated from being associated with PUA or malware. Until this criterion is met, the PE file will be identified as PUA or malware. Additional GUID attributes may be identified as further proof that the PE file is polymorphic.

Abstract: Techniques for presenting information on a graphical user interface are disclosed. In one embodiment, the techniques may be realized as a method for presenting information on a graphical user interface including displaying a deployment map via the graphical user interface on a display unit, determining whether an input has been detected with respect to the deployment map, determining a type of input when the input has been detected, generating an updated deployment map based on the determined type of input, and displaying the updated deployment map on the display unit.

Abstract: The disclosed computer-implemented method for providing computing security by classifying organizations may include (1) identifying a request to classify an organization, (2) generating a web page dynamically in response to the request, the web page including content that describes the organization, (3) locating, within the web page, an advertisement that is dynamically generated by an advertisement network based at least in part on the content of the web page, (4) analyzing the advertisement to determine an organizational classification associated with the advertisement, and (5) imputing the organizational classification to the organization based at least in part on the advertisement having been dynamically generated by the advertisement network based at least in part on the content of the web page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically populating one-time-password input fields may include (1) detecting, at a first computing device of a user, an input field that requires a one-time password that is included in a message that is sent by a one-time-password provider to a second computing device of the user, (2) identifying, at the second computing device, the message that includes the one-time password, (3) transmitting the one-time password from the second computing device to the first computing device, (4) receiving, at the first computing device, the one-time password, and (5) automatically populating, at the first computing device, the input field with the one-time password. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Alerts generated by triggering signatures on endpoints are identified in samples of security telemetry. The sources of alerts are filtered. Alert tuples identifying multipart attacks are discovered. An iterative multi-pass search of alert types generated by filtered sources can be conducted. During each pass, groups of successively larger numbers of alert types generated by common sources are identified. A list of alert types can be sorted according to the number of filtered sources that generated each alert type, from most to least. Pairs of alert types with multiple common sources can be identified by traversing the sorted list of alerts types. The sorted list can be iteratively traversed, identifying successive additional alert types to add to previously identified groupings, which are used as seed groups for successive identifications. Only the portion of the sorted list appearing after the last added alert type need be examined for successive identifications.

Abstract: The disclosed computer-implemented method for disseminating location-based reputations for link-layer wireless attacks may include (i) receiving, at a server from a first wireless client, a wireless-attack report for a location that includes (a) information that indicates that the first wireless client detected a link-layer wireless attack (e.g., a wireless-access-point spoofing attack or a deauthentication attack) at the location or (b) information that indicates that the first wireless client did not detect any link-layer wireless attacks at the location, (ii) using, at the server, the wireless-attack report to generate a reputation for link-layer wireless attacks for the location, (iii) receiving, at the server from a second wireless client, a request for the reputation of the location, and (iv) responding to the request with the reputation of the location. Various other methods, systems, and computer-readable media are also disclosed.