Abstract: Methods, systems, and computer-readable media for monitoring states of application packages deployed on a cloud-based application deployment platform. A notification service retrieves a copy of a deployed application package and metadata associated with the application package from the cloud-based deployment platform, and identifies libraries of the application package. The notification service can then determine which, if any, libraries are or will become out-of-date, and obtain license information about the libraries. The notification service can provide notifications of any outdated components and on license compatibilities or incompatibilities. The notification service can automatically restage the application package, or update the license, upon finding outdated components or license incompatibilities.

Abstract: Systems, methods, and non-transitory computer-readable media can identify a set of media content items associated with a first user of a social networking system. It can be determined that a second user of the social networking system is attempting to access at least a portion of the set of media content items associated with the first user. A first subset of media content items can be dynamically selected out of the set of media content items. In some cases, each media content item in the first subset can satisfy specified selection criteria. The second user can be provided with access to a representation of the first subset of media content items. In some instances, the representation of the first subset can be provided in a media access interface associated with the first user.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving, by an authorization manager of a cloud-platform, a request from an application, the request indicating a request to access personal user data stored in a database system of the cloud-platform, determining, by the authorization manager and based on user input from a user, that access to the personal user data is to be granted, and in response: providing, by the authorization manager, an access token to the application, receiving an access request from the application, the access request including the access token, and selectively providing the personal user data from a database container of the database system based on the access token, the database container being specific to the user.

Abstract: A realized topology system management (RTSM) database, comprising a database, a number of stored realized topologies, and in which the realized topologies within the DBMS are searchable. A method of generating and tracking a realized topology, comprising deriving a realized topology from an instantiated topology, storing the realized topology in a realized topology system management (RTSM) database, and storing a data file representing an association of the realized topology with data describing attributes of a number of nodes on the realized topology and relationships between the nodes.

Abstract: The invention relates to a method for enabling the user of at least one mobile terminal to access one or more of a plurality of services corresponding to a published tag by receiving published tag data and user identification data corresponding to a user who scanned the published tag and determining whether the services corresponding to the published tag data is available for users. A unique key is generated for the user, which may be provided to the user's mobile device and is indicative of the scanned published tag. The user may then present the unique key at a user terminal to obtain access to the one or more services. Moreover, because each unique key is specific to a user and/or a mobile device, a centralized secure management entity may log usage statistics of the published tags for later reference by the user.

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

Abstract: A scaling policy associated with a notification received by one or more computer systems is obtained. A first request is submitted, to a software container service, for a first current capacity of a resource. An amount by which to adjust a capacity of the resource is calculated, based at least in part on the scaling policy and the first current capacity. A second request is submitted, to the software container service, to adjust the capacity of the resource by the amount. A third request is submitted, to the software container service, for a second current capacity of the resource, and whether the second request has been fulfilled is determined based at least in part on a comparison between the second current capacity and the amount.

Abstract: Techniques for maintaining an anti-replay counter (ARC) for providing data protection in an integrated circuit are provided. A method according to these techniques includes determining a static baseline value based on an ARC value stored in a programmable read-only memory of the integrated circuit, determining the ARC value based on the static baseline value and a transient component, and storing the ARC value in a volatile memory of the integrated circuit.

Abstract: Methods and apparatus are provided for randomizing state transitions for one-time authentication tokens. A user authentication passcode is generated by determining a generation time within an epoch for initiating computation of the user authentication passcode; initiating computation of the user authentication passcode at the determined generation time; and presenting the user authentication passcode at a presentation time that is de-coupled from the generation time. The generation time occurs, for example, at a random offset from a start of the epoch. A time difference between the presentation time and a completion of the computation of the user authentication passcode comprises, e.g., a uniformly distributed random variable over a range of values having a finite mean value. The epoch optionally comprises pre-computation epochs and a variable number of user authentication passcodes are optionally computed during a given pre-computation epoch.

Abstract: User interface integration across multiple clouds is achieved by hosting UI extensions for different services in the same browser window. The UI extensions are initialized by a shell with any necessary security context for the corresponding cloud. The shell provides versioning so that the newest version of the UI is presented to users for all versions of a service. A connector in a local cloud provides translation between APIs across different clouds.

Abstract: In communication with security appliances, an electronic device for providing a holistic view of a malware attack is described. The electronic device features one or more processors and a storage device. The storage device includes aggregation logic, correlation logic, consolidation logic, and display logic: The aggregation logic is configured to receive input attributes and analysis attributes from each of the security appliances. The correlation logic attempts to find relationships between analysis attributes provided from each security appliance. The consolidation logic receives at least (i) a first analysis attribute from a first security appliance and (ii) a second analysis attribute from a second security appliance in response to the first analysis attribute corresponding to the second analysis attribute. The display logic generates display information including the consolidated input attributes.

Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. Facial recognition is applied to the submitted files. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with entities in one or more networks. A device relation model may be provided based on the entities and the network traffic. An inference engine associate the entities with privilege levels based on the device relation model based on an amount of access or an amount of control that source entities exert over the target entities. An anomaly engine may determine one or more interactions between the source entities and the target entities based on the monitored network traffic. The anomaly engine may generate escalation events based on the interactions associated with the source entities and the target entities where the target entities have a higher privilege level than the source entities. The anomaly engine may provide the escalation events to one or more users.

Abstract: A heterogeneous home network (with possibly multiple hops between devices) uses a push button configuration mechanism that ensures only one single new network node device is registered for a single push button key press event and overlapping Push-Button Configuration sessions within the heterogeneous network are prevented by an enhanced mechanism for running Push Button Configuration sessions based on a Push-Button Configuration handshake procedure triggered and initiated by a virtual or physical Push-Button-Event on a new device, which wants to join the heterogeneous network for a user friendly security bootstrapping, in which multiple network node devices in the heterogeneous network belonging already to the heterogeneous network are involved in registering the new device. The Push-Button Configuration handshake procedure is initiated to get a permission information to join the network or to proceed with the Push-Button Configuration or to get a rejection information not to join the network.

Abstract: Techniques for improved decryption of an encrypted media stream are described. In one embodiment, a system may include a receiver to receive an encrypted media stream, an extraction module to extract an encryption characteristic of the encrypted media stream, a first processor to produce configuration commands from the extracted encryption characteristic, a second processor to receive the encrypted media stream and the configuration commands, and to produce decrypted media based upon a decryption scheme indicated by the configuration commands, and a key distribution module, to distribute a decryption key to the second processor.

Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.

Abstract: A method of routing data across a network receives a session request from a client node to access at least one node in a local network having a plurality of nodes. The method also receives a client certificate (e.g., a digital certificate at least partially specified by known standards, such as the “X509 Standard”) from the client node. The client certificate has client information specifying at least one node to receive packets from the client node. Next, the method uses the client certificate to execute an authentication process. If the authentication process authenticates the client node, then the method routes data packets from the client node to at least one node in the local network as specified by the client information in the client certificate.

Abstract: Disclosed are systems and methods for repairing vulnerabilities of smart devices connected to a data network. An example method includes: transmitting a request through the network to obtain access to a smart device; obtaining settings of the smart device by accessing a configuration file containing settings of the smart device; comparing each of the settings of the device with known vulnerabilities to identify a vulnerability of the smart device that can be exploited; determining a repair action for repairing the at least one network vulnerability associated with at least one setting of the smart device based on the setting with the similar vulnerable status in the database; and transmitting instructions to the smart device to perform the repair action wherein the repair action comprises adjusting the setting of the smart device by making changes in the configuration file.

Abstract: Systems and methods are provided for enabling online entities to determine whether a user is truly the person who he says using a “two-factor” authentication technique and authenticating customer's identity utilizing a trusted authenticator.

Abstract: Systems and methods of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed until a termination condition is satisfied, the termination condition being manually and explicitly selected and being an indirect termination condition.