Abstract: A system for two-way authentication using two-dimensional codes is provided herein. The system includes a memory and a processor coupled to the memory. The processor is to receive a request from a remote device to access a web resource and to generate a two-dimensional code to be sent from the remote device to an authentication service to authenticate the web resource. The two-dimensional code includes an authentication request identifier. The processor is further to receive an authentication credential from the remote device, the authentication credential being obtained from the authentication service, and to authenticate the user of the remote device to the web resource using the authentication credential.

Abstract: A computer-implemented method for replacing application methods at runtime may include identifying an application at runtime that includes a target method to replace at runtime with a source method, locating a target address of a target method data structure (that includes a target code pointer to method code of the target method) within memory at runtime that is referenced by a target class, determining a source address of a source method data structure (that includes a source code pointer to method code of the source method) within memory at runtime that describes the source method, and modifying the application at runtime to have the target class reference the source method instead of the target method by copying the source method data structure from the source address to the target address and, thereby, replacing the target code pointer with the source code pointer. Various other methods and systems are also disclosed.

Abstract: A computer-implemented method for identifying code signing certificate misuse may include (1) identifying a software file that has been signed using a code signing certificate, (2) identifying a software publisher that is identified by the code signing certificate used to sign the software file, (3) obtaining a reputation score for the software file that indicates a trustworthiness of the software file independently of the code signing certificate, and (4) providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting suspicious files may include (1) detecting a file within incoming file traffic directed to a file recipient, (2) identifying a type of the file within the incoming file traffic directed to the file recipient, (3) determining a frequency with which the type of the file appears within the incoming file traffic directed to the file recipient, and (4) performing a security action on the file in response to the frequency of the type of the file within the incoming file traffic falling below a predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting suspicious Internet addresses may include (1) monitoring Internet communications of an entity (e.g., an organization or individual), (2) compiling an Internet-address history for the entity that includes one or more Internet addresses involved in the Internet communications of the entity, (3) detecting, after compiling the Internet-address history for the entity, an additional Internet address that may be used in future Internet communications involving the entity, (4) computing a similarity metric between the additional Internet address and at least one Internet-address in the Internet-address history, (5) determining that the similarity metric indicates that the additional Internet address is suspicious, and (6) performing a security action in response to determining that the similarity metric indicates that the additional Internet address is suspicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying URLs that link to potentially malicious resources may include (1) compiling a set of URLs that link to at least one potentially malicious resource, (2) identifying a common pattern of characters included in the set of URLs that link to the potentially malicious resource, (3) deriving a regular expression capable of being used to identify additional URLs that link to one or more potentially malicious resources based at least in part on the common pattern of characters, and then (4) identifying at least one additional URL that links to at least one potentially malicious resource by (i) applying the regular expression to the additional URL and then (ii) determining that the additional URL links to the potentially malicious resource based at least in part on applying the regular expression to the additional URL. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for thwarting illegitimate initialization attempts may include (1) receiving an initialization packet designed to initiate communication between a source port on a source computing device and a destination port on a destination computing device, (2) thwarting potential illegitimate initialization attempts by intentionally dropping the initialization packet, (3) receiving an additional initialization packet, (4) determining that the additional initialization packet is from the same source port on the same source computing device and is directed to the same destination port on the same destination computing device as the original initialization packet, and (5) sending an acknowledgement packet that initiates communication between the source computing device and the destination computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for discovering website certificate information may include (1) receiving, from a plurality of computing devices within a community of users, information that identifies the certificate statuses of websites visited by the computing devices, (2) identifying, by analyzing the information, at least one issue with the certificate status of at least one website visited by at least one of the computing devices, and (3) performing at least one remedial action in an attempt to correct the issue with the certificate status of the website. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for validating digital signatures may include (1) receiving, through a camera of smart glasses, an image of an object, (2) decrypting, using a processor of the smart glasses, a digital signature on the object to obtain a decrypted digital signature, (3) attempting, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature, and (4) outputting a result of the attempt to validate the object from an output component of the smart glasses. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for increasing compliance with data loss prevention policies may include (1) identifying a file that is subject to a data loss prevention policy, (2) determining a classification of the file according to the data loss prevention policy, (3) identifying a graphical user interface that is configured to display a representation of the file, and (4) enhancing the representation of the file within the graphical user interface with a visual indication of the classification of the file according to the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for preventing the installation of unapproved applications may include (1) determining that the computing device is pre-configured with a set of approved applications and (2) preventing the installation of unapproved applications onto the computing device by (a) monitoring processes running on the computing device via a daemon executing in the background of the computing device, (b) detecting, by monitoring the processes running on the computing device, an attempt to launch a process that facilitates the installation of applications onto the computing device, and (c) in response to detecting the attempt to launch the process, terminating the process before the process can facilitate the installation of an application onto the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for restoring a system volume on a computing system without requiring the system volume to be fully restored prior to being used or requiring the use of a dedicated recovery environment (e.g., the WinPE or BartPE environments). Instead, the computing system is booted directly from the restore image or by redirecting I/O interrupts to the restore image. That is, when user initiates a restore process, the system boots from the backup itself. Once booted, a background process can complete the restore process.

Abstract: The disclosed computer-implemented method for modifying applications without user input may include (1) identifying a need to modify at least one application on the computing device, (2) initiating modification of the application on the computing device, (3) while the application is being modified, monitoring event notifications generated by an accessibility service that provides user interface enhancements for disabled individuals on an operating system installed on the computing device, (4) determining, based on an analysis of an event notification generated by the accessibility service, that a user of the computing device is prompted, on the computing device, to provide input necessary to complete the modification of the application, and (5) in response to detecting that the user is prompted to provide the input, automatically supplying the input in order to complete the modification of the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A disclosed method may include (1) tracking the health of a computing system over time by calculating, for each of several time periods, a health metric that indicates the computing system's health during the time period, (2) evaluating the health metrics of the time periods to identify an anomalous time period during which the health of the computing system changed, (3) locating one or more files that were present on the computing system during the anomalous time period and absent from the computing system during one or more other time periods, and (4) basing a reputation for the file(s) on an association between the file(s) and the computing system that includes the anomalous time period and excludes the other time period. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enabling users of social-networking applications to interact using virtual personas may include (1) creating a social-networking identity associated with a user of a social-networking application, (2) creating a plurality of virtual personas that represent different real-life roles of the user as part of the user's social-networking identity, (3) receiving a request to perform at least one networking action that implicates at least one of the user's virtual personas, and then (4) directing the social-networking application to perform the networking action such that the networking action implicates the user's virtual persona without implicating the user's entire social-networking identity. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for reporting security vulnerabilities may include (1) detecting that a malware application is present on an endpoint computing system, (2) determining a window of time during which the malware application was present in a specified condition on the endpoint computing system, (3) logging a list of sensitive data items accessed during the window of time, and (4) conditioning performance of a security action to report the list of sensitive data items on a determination that both (A) a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item and (B) the malware application was accessed during the window of time. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malicious documents based on component-object reuse may include (1) identifying a plurality of malicious documents, (2) identifying a plurality of component objects that are contained within at least one malicious document from the plurality of malicious documents, (3) receiving an unknown document, (4) determining that at least one component object from the plurality of component objects was used to create the unknown document, and (5) performing a security action on the unknown document in response to determining that the component object was used to create the unknown document. Various other methods, systems, and computer-readable media are also disclosed.