Abstract: A computer-implemented method for applying parental-approval decisions to user-generated content. The method may include receiving, from a child, a request to upload user-generated content to the Internet. The method may also include providing the user-generated content to a guardian of the child and receiving, from the guardian of the child, a decision indicating whether the user-generated content is allowed to be uploaded to the Internet. The method may further include applying the decision of the guardian to the user-generated content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for archiving a version of a document are disclosed. The document to be archived may be web-based or written in a markup language. The content of the document is parsed. From a totality of style information accessed to display the document with an original display appearance, a subset of style information is determined. The subset of style information can impart a totality of the original display appearance to the document. An archival version of the document is created. The archival version of the document has the totality of style information represented by the subset of style information. The archival version of the document is stored. At least one of the actions of parsing, determining and creating is executed through a specially programmed processor.

Abstract: A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match.

Abstract: A computer-implemented method for securing computing devices against imposter processes may include (1) identifying a process that is subject to a security assessment, (2) determining, based on comparing an attribute of the process to an attribute of a legitimate process, that the process comprises an imposter process of the legitimate process, (3) determining that a file may have been created by the imposter process, and (4) determining a security action for the file in response to determining that the file has been created by the imposter process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for anomaly-based detection of compromised information technology (IT) administration accounts may (1) include establishing a set of permissible IT administration tasks for an IT administration account, (2) monitoring the IT administration account for activities outside the set of permissible IT administration tasks, (3) detecting a suspicious activity by identifying an activity that is outside the set of permissible IT administration tasks and therefore indicative of the IT administration account being compromised, and (4) in response to detecting the suspicious activity, performing a security action with respect to the potentially compromised IT administration account. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for estimating confidence scores of unverified signatures may include (1) detecting a potentially malicious event that triggers a malware signature whose confidence score is above a certain threshold, (2) detecting another event that triggers another signature whose confidence score is unknown, (3) determining that the potentially malicious event and the other event occurred within a certain time period of one another, and then (4) assigning, to the other signature, a confidence score based at least in part on the potentially malicious event and the other event occurring within the certain time period of one another. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing system receives an authentication request from a user device for access to a web application hosted in a cloud and determines that the authentication request is a candidate for modification based on initial user credentials in the authentication request. The computing system modifies the authentication request to include replacement user credentials that correspond to the initial user credentials and transmits the modified authentication request to the web application in the cloud. The web application determines whether the modified authentication request is valid based on the replacement user credentials.

Abstract: A computer-implemented method for detecting near field communication risks may include (1) identifying a mobile device capable of near field communication, (2) identifying an attempted near field communication involving the mobile device, (3) tracking at least one contextual behavior relating to the attempted near field communication; and (4) determining, based at least in part on the contextual behavior, that the attempted near field communication poses a risk to the mobile device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for creating behavioral signatures used to detect malware may include (1) maintaining a database that identifies (A) known malicious files and behaviors exhibited by the known malicious files and (B) known non-malicious files and behaviors exhibited by the known non-malicious files and (2) creating a behavioral signature used to detect malware by (A) determining a combination of behaviors exhibited by at least one of the known malicious files, (B) identifying the number of known malicious files that exhibit each behavior within the combination, (C) identifying the number of known non-malicious files that exhibit each behavior within the combination, and (D) determining that the number of known malicious files that exhibit each behavior within the combination exceeds the number of known non-malicious files that exhibit each behavior within the combination by a certain threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Applications running on a mobile device are monitored for suspicious actions utilizing mobile features of the mobile device. Once a suspicious action performed by an application is detected, that suspicious action is suspended. Information about the suspicious action and the application is collected and transmitted to a remote security system over a wireless network. The security system analyzes the suspicious action and the application to determine a security rating of the application, and transmit the security rating back to the mobile device. Whether the application is malware and whether the suspicious action should be allowed to continue are both determined based on the security rating.

Abstract: The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for accelerating malware analyzes in automated execution environments may include (1) monitoring a file that is undergoing a malware analysis in an automated execution environment, (2) while monitoring the file, detecting one or more behaviors exhibited by the file during the malware analysis in the automated execution environment, (3) determining, during the malware analysis, that the file exceeds a threshold level of suspicion based at least in part on the behaviors exhibited by the file, and then in response to determining that the file exceeds the threshold level of suspicion, (4) initiating a security action prior to reaching a scheduled completion of the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for rapidly securing a server in response to request for a high-assurance digital certificate. As described, a CA may issue a basic tier certificate after performing a verification process to confirm that a party requesting a certificate for a given network domain, in fact, has control of that domain. Once issued and provisioned on the server, the server can establish secure connections with clients. At the same time, the CA continues to perform progressive identity verification processes for progressively higher tiers of certificates. Once the identity verification process at each tier is complete, the CA issues a new certificate for the corresponding tier, which may then be provisioned on the server. After performing all of the identity verification processes, the server can issue the requested high-assurance certificate.

Abstract: A computer-implemented method for securely managing file-attribute information for files in a file system may comprise: 1) identifying at least one file, 2) identifying file-attribute information that identifies at least one file attribute for the file, 3) identifying volatile metadata associated with the file that contains file-attribute information, 4) determining that the file has been modified, and 5) automatically deleting the volatile metadata. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computer-implemented method for selectively authenticating a request based on an authentication policy is described. A request is received from a client. A determination is made as to which authentication threshold is applied to the request based on an authentication policy. The request is authenticated if the authentication threshold is satisfied. The authentication threshold is modified if the request is not successfully authenticated.

Abstract: A computer-implemented method to execute anti-theft procedures for a device is described. Receipt of a first audio file is detected. The first audio file is converted to a first text file. The first text file is analyzed to identify an anti-theft command. The anti-theft command is executed based at least in part on the analysis.

Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for detecting loss of sensitive information in partial data streams may include identifying partial data streams containing segments lost while capturing network traffic at a network computing device, determining characteristics of content of the partial data streams, padding content portions of the lost segments in the partial data streams, and scanning the partial data streams for sensitive information according to at least one data loss prevention (DLP) policy.

Abstract: Techniques for intelligently executing a digital signature are disclosed. In one embodiment, the techniques may be realized as a method for intelligently executing a digital signature. The method may include receiving a signature request from a user, wherein the signature request comprises a file. The method may also include performing a signature process on the file in response to receiving the signature request from the user. The method may further include scanning the signature request to generate one or more scan results, and transmitting an indication of the one or more scan results to a reputation service server.