Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include deploying, to a computer, a hot-patched method for an original method in a method library that is dynamically loaded by a software application running on the computer, wherein the hot-patched method is configured to intercept requests from the software application to the original method. An upload policy can then be specified. Upon the hot-patched method intercepting a request from the software application to the original method to upload a given file from the computer to an Internet site, a comparison can be made between the intercepted request to the policy. In response to the comparison, the upload can be controlled.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include deploying, to a computer, a hot-patched method for an original method in a method library that is dynamically loaded by a software application running on the computer, wherein the hot-patched method is configured to intercept requests from the software application to the original method. An upload policy can then be specified. Upon the hot-patched method intercepting a request from the software application to the original method to upload a given file from the computer to an Internet site, a comparison can be made between the intercepted request to the policy. In response to the comparison, the upload can be controlled.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention method for protecting a client computer, which includes a processor and a display. The method includes analyzing a web page that was downloaded to the client computer, and identifying, by the processor, a password input field in the web page. After rendering the password input field to the display, an input to the password input field is captured, and the captured input is evaluated against a specified password policy. Finally, an alert is generated upon detecting a violation of the specified password policy.

Abstract: A method includes providing auxiliary code implementing a process for facilitating enforcement of one or more computer-usage rules, and augmenting third-party code with the auxiliary code such that execution of the third-party code carries out the process. Other embodiments are also described.

Abstract: A method and system includes a network interface and a processor. The processor is configured to augment third-party code, via the network interface, with auxiliary code implementing a process for facilitating enforcement of one or more computer-usage rules, such that execution of the third-party code carries out the process. Other embodiments are also described.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include deploying, to a computer, a hot-patched method for an original method in a method library that is dynamically loaded by a software application running on the computer, wherein the hot-patched method is configured to intercept requests from the software application to the original method. An upload policy can then be specified. Upon the hot-patched method intercepting a request from the software application to the original method to upload a given file from the computer to an Internet site, a comparison can be made between the intercepted request to the policy. In response to the comparison, the upload can be controlled.

Abstract: A method includes providing auxiliary code implementing a process for facilitating enforcement of one or more computer-usage rules, and augmenting third-party code with the auxiliary code such that execution of the third-party code carries out the process. Other embodiments are also described.

Abstract: Processing computer network requests by receiving from a requesting computer an encoded value in a domain name resolution request, where the encoded value has a valid domain name syntax, decoding the encoded value into a Uniform Resource Locator having a host portion and a non-host portion, determining that the host portion of the Uniform Resource Locator in combination with the non-host portion of the Uniform Resource Locator meets a predefined routing criterion associated with a computer network address that is associated with a proxy server, and sending the computer network address to the requesting computer in response to the domain name resolution request.

Abstract: Processing a web page by receiving from a client software application a request to retrieve a web page, processing the web page at a surrogate software application, thereby representing the web page in a model that is maintained by the surrogate software application in association with the web page, serializing a copy of any portion of the model that is maintained by the surrogate software application, thereby creating serialized data, and sending the serialized data to a mediation agent executed by the client software application, where the mediation agent is configured to deserialize the serialized data, thereby creating deserialized data, and inject the deserialized data into a model that is maintained by the client software application in association with the web page.

Abstract: Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates.

Abstract: Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates.

Abstract: Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of: sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates.

Abstract: Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of: sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates.

Abstract: The present invention discloses methods, media, and perimeter gateways for encrypted-traffic URL filtering using address-mapping interception, methods including the steps of: providing a client system having a client application for accessing websites from web servers; upon the client application attempting to access an encrypted website, performing a name-to-address query to resolve a name of the encrypted website; intercepting address-mapping responses; creating a mapping between the name and at least one network address of the encrypted website; intercepting incoming encrypted traffic; extracting a server's network address from the incoming encrypted traffic; establishing a resolved name being accessed using the mapping; and filtering the resolved name. Preferably, the step of filtering includes redirecting the encrypted traffic. Preferably, the method further includes the step of: blocking all encrypted traffic for unresolved names.