Abstract: A method for merging virtual layers may include creating a virtual merger layer. The method may further include identifying a first virtual layer to be added to the virtual merger layer, the first virtual layer being programmed to execute within a process space of the first virtual layer. The method may also include identifying a second virtual layer to be added to the virtual merger layer, the second virtual layer being programmed to execute within a process space of the second virtual layer that is distinct from the process space of the first virtual layer. The method may also include linking the first and second virtual layers to the virtual merger layer such that when the virtual merger layer is activated, the first and second virtual layers execute within a process space of the virtual merger layer. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented for protecting user accounts may include: 1) identifying a credential that a computing device uses to log in to a user account of an online system, where the online system is configured to perform an adverse security action in response to a number of failed attempts to log in to the user account, 2) determining that an old version of the credential is no longer valid for logging in to the user account and that a new version of the credential is required to log in to the user account, and 3) taking a remedial action that prevents the adverse security action in response to determining that the old version of the credential is no longer valid. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Access to a mobile computing device by a connected external device is limited, based on the context of the connection. The connection of the mobile computing device to an external device is detected. An identifier of the connected external device is gleaned, and the gleaned identifier is looked-up in a database of mappings between identifiers and descriptions of specific devices. The connected external device is classified as being of a specific functional category, based on the gleaned identifier and the description of the external device from the database. The functional category describes a legitimate function to be performed by the connected external device, such as data synchronizing, media playing or battery charging. The external device is provided with a level of access to the mobile computing device based on the classified functional category.

Abstract: A preferred node is selected for a specific functional role in a cluster. Dynamic and static parameters concerning the nodes are measured, including connectivity to shared storage. A user preference value is gleaned for each node, quantifying the user's preference of each corresponding node for the functional role. A preference rating is calculated for each node, based on the measured parameters and the gleaned user preference value. The preference rating indicates the node's suitability for the specific functional role, relative to the other nodes. Connectivity to shared storage in the cluster can be weighted more heavily than other parameters. Examples of specific functional roles in the cluster include becoming the master node, becoming a failover target for a specific application, or remaining in operation with access to shared cluster storage, in response to an occurrence of split brain.

Abstract: Selective projection of user interface elements between a host and a plurality of guests is provided according to a configurable policy. User interface elements generated by guests and/or the host are captured. It is determined whether to project captured elements into the user interface with which the user is currently interacting, based on the policy. In some cases, it is determined to project a captured element originating from a first user interface into a second user interface with which the user is currently interacting, based on factors such as source, destination, element attributes, element contents and/or element type. Responsive to such a determination, the captured element is projected into the current user interface, thereby presenting the projected element to the user.

Abstract: A computing device determines counts of documents that are similar to a reference document for a set of similarity ratings. Each similarity rating is based on a number of co-occurring terms between the reference document and corresponding similar documents. The computing device present the reference document and a GUI element pertaining to the documents similar to the reference document in a graphical user interface (GUI). Upon a selection of the GUI element, the computing device presents a visual representation of a correlation between the counts of similar documents and the similarity ratings in the GUI. The visual representation is provided prior to displaying at least one of the similar documents.

Abstract: Unauthorized uses of embedded objects in websites are detected, in order to protect users from phishing sites using cloned copies of such objects. Authorized parties register objects for use at legitimate locations (e.g., specific IP address ranges or domains). When a client computing device accesses a website, the objects in the website are checked against the registered objects, to determine whether the objects are registered for use by the site being accessed. Depending upon trust status information concerning the objects, the access of the website can be permitted or blocked, or the user can be warned about questionable or un-trusted embedded objects. Additionally, the party that registered an object can be notified, in the case of an indication of unauthorized use of the object by a website.

Abstract: Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.

Abstract: A query is received from a client device regarding an object. The query includes an identifier of the object and a set of associated usage attributes describing a usage of the object on the client device. A set of usage facts associated with the identified object is identified. The set of usage facts describe typical usages of the object on a plurality of client devices. A determination is made whether the usage of the object on the client device is suspicious based on the set of usage facts associated with the object and the set of usage attributes included in the query. A report is provided to the client device based on the determination.

Abstract: A first value is calculated as a function of data in an nth data block of a backup copy. The first value is then compared with each of a plurality of values in a plurality of entries, respectively, of a first data structure. The plurality of entries in the first data structure include a plurality of pointers, respectively, that correspond to a plurality of data blocks, respectively, in a storage system. If the first value compares equally to a value contained in one of the plurality of entries of the first data structure, a pointer of the one entry is added to an nth entry of a second data structure. This pointer corresponds to a copy of the nth data block that is stored in the storage system. If the first value does not compare equally with any value contained in the plurality of entries of the first data structure, (1) the nth data block is stored in the storage system, and (2) a first pointer is added to the nth entry of the second data structure.

Abstract: A graphical payment identifier is used to facilitate the automatic processing of an electronic payment. A graphical identifier payment system receives a request from a payment processing entity for a onetime use graphical payment identifier. In response, a onetime use graphical payment identifier to be displayed by the payment processing entity is generated. A request for user payment information by the payment processing entity is encoded in the graphical payment identifier, which is transmitted to the payment processing entity for display. The graphical payment identifier being displayed by the payment processing entity is captured by a registered user operated computing device. In response, the requested user payment information is transmitted to the payment processing entity, such that the electronic payment is executed automatically, without the user manually entering the requested payment information or providing a credit card.

Abstract: Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device.

Abstract: A computer-implemented method for injecting code into an application is described. In one embodiment, a metadata pointer is identified. The metadata pointer points to a first metadata section in an application startup file. The first metadata section includes application metadata. A second metadata section is created in the application startup file. The application metadata is copied to the second metadata section. The second metadata section includes copied application metadata. The copied application metadata in the second metadata section is modified. The metadata pointer is updated to point to the second metadata section.

Abstract: Techniques for improving snapshot performance are disclosed. In one embodiment, the techniques may be realized as a method for improving snapshot performance comprising initiating change block tracking for each unit of storage associated with each of a plurality of virtual machines, creating backup images of each unit of storage associated with each of the plurality of virtual machines, quiescing each of the plurality of virtual machines, and creating snapshots of each unit of storage associated with each of the plurality of virtual machines. The techniques may include identifying one or more changed blocks in at least one of the backup images using the change block tracking, editing the at least one of the backup images by replacing the identified one or more changed blocks using corresponding blocks from at least one snapshot of the snapshots, and releasing the at least one snapshot based upon a determination that editing has completed.

Abstract: A computing device receives a file. The computing device determines whether the file has previously been scanned for violations of a data loss prevention policy. If the file was previously scanned, a result of the previous scan is used to decide whether or not the file violates the data loss prevention policy. If the file was not previously scanned, the file is scanned to decide whether or not the file violates the data loss prevention policy.

Abstract: A method and apparatus for reliable I/O performance anomaly detection. In one embodiment of the method, input/output (I/O) performance data values are stored in memory. A first performance data value is calculated as a function of a first plurality of the I/O performance data values stored in the memory. A first value based on the first performance data value is calculated. An I/O performance data value is compared to the first value. A message is generated in response to comparing the I/O performance value to the first value.

Abstract: A method and apparatus for protecting sensitive information from disclosure through virtual machine files is disclosed. In one embodiment, the method includes processing virtual machine files using at least one processor to access data objects in memory that are associated with at least one virtual machine, examining the data objects using the at least one processor in accordance with a data loss prevention policy in the memory to identify, using the at least one processor, sensitive information within at least one data object of the data objects and securing, using the at least one processor, the sensitive information within the virtual machine files in the memory.

Abstract: A computer-implemented method for generating catalogs for snapshots may include (1) identifying an initial snapshot and a subsequent snapshot for a protected volume, (2) providing identifiers of the initial snapshot and the subsequent snapshot to a storage vendor application programming interface (API), (3) receiving, from the storage vendor API, an indication of at least one difference between the initial snapshot and the subsequent snapshot, and (4) synthetically generating a catalog for the subsequent snapshot based on a preexisting catalog for the initial snapshot such that the synthetically generated catalog reflects the difference between the initial snapshot and the subsequent snapshot indicated by the storage vendor API. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value.

Abstract: Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA generates certificates associated with algorithm and sends the certificates to the customer server. The customer server may prompt a user to select one or more of the certificates to install, and upon receiving the selection, the customer installs the certificates.