Abstract: There is disclosed in one example a mobile telephone, including: a hardware platform including a processor and a memory; a telecommunication transceiver; and instructions encoded within the memory to instruct the processor to: identify a call made via the telecommunication transceiver; analyze the call and assign the call a predicted local reputation according to the analysis, including a legitimacy confidence score; if the legitimacy confidence score is less than a first threshold, terminate the call; if the legitimacy confidence score is greater than a second threshold, cease analysis of the call; and if the legitimacy confidence score is between the first and second thresholds, continue analysis of the call.

Abstract: There is disclosed in one example a computing endpoint, including: a hardware platform including a processor and a memory; an operating system to run on the hardware platform; a web browser to run on the operating system, and including an extension framework; and a management extension to run in the extension framework, and to contextually manage availability of other extensions according to a URL reputation and extension reputation.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an incoming packet via the network interface; extract from the incoming packet a source port and a source internet protocol (IP) address; correlate the source port and source IP to a device identifier (ID); receive a network policy for the device ID; and apply the network policy to the incoming packet.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify, on an electronic device, a phone number of an incoming caller device; request, via an out-of-band control channel, a digital certificate for the phone number from the incoming caller device; receive, via the out-of-band control channel, the digital certificate for the phone number from the incoming caller device; determine whether the digital certificate for the phone number is authentic; and indicate, on the electronic device, based on a determination that the digital certificate for the phone number is authentic or not authentic, whether the phone number is authentic or not authentic.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify, on an electronic device, a phone number of an incoming caller device; request, via an out-of-band control channel, a digital certificate for the phone number from the incoming caller device; receive, via the out-of-band control channel, the digital certificate for the phone number from the incoming caller device; determine whether the digital certificate for the phone number is authentic; and indicate, on the electronic device, based on a determination that the digital certificate for the phone number is authentic or not authentic, whether the phone number is authentic or not authentic.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify, on an electronic device, a phone number of an incoming caller device; request, via an out-of-band control channel, a digital certificate for the phone number from the incoming caller device; receive, via the out-of-band control channel, the digital certificate for the phone number from the incoming caller device; determine whether the digital certificate for the phone number is authentic; and indicate, on the electronic device, based on a determination that the digital certificate for the phone number is authentic or not authentic, whether the phone number is authentic or not authentic.

Abstract: There is disclosed in one example a mobile telephone, including: a hardware platform including a processor and a memory; a telecommunication transceiver; and instructions encoded within the memory to instruct the processor to: identify a call made via the telecommunication transceiver; analyze the call and assign the call a predicted local reputation according to the analysis, including a legitimacy confidence score; if the legitimacy confidence score is less than a first threshold, terminate the call; if the legitimacy confidence score is greater than a second threshold, cease analysis of the call; and if the legitimacy confidence score is between the first and second thresholds, continue analysis of the call.

Abstract: There is disclosed, by way of example, a computing apparatus having a hardware platform having a processor and a memory; and instructions encoded within the memory to: identify an online transaction involving a user; according to a plurality of contextual factors, determine a sensitivity level for the online transaction; and according to the sensitivity level, contextually increase security for the online transaction without altering at least one other online transaction.

Abstract: There is disclosed in one example a computing endpoint, including: a hardware platform including a processor and a memory; an operating system to run on the hardware platform; a web browser to run on the operating system, and including an extension framework; and a management extension to run in the extension framework, and to contextually manage availability of other extensions according to a URL reputation and extension reputation.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify, on an electronic device, a phone number of an incoming caller device; request, via an out-of-band control channel, a digital certificate for the phone number from the incoming caller device; receive, via the out-of-band control channel, the digital certificate for the phone number from the incoming caller device; determine whether the digital certificate for the phone number is authentic; and indicate, on the electronic device, based on a determination that the digital certificate for the phone number is authentic or not authentic, whether the phone number is authentic or not authentic.

Abstract: Particular embodiments described herein provide for a system that can be configured to facilitate the use of a blockchain for distributed denial of service attack mitigation, the system can include a network security provider and a validating node. The network security provider can recognize that a distributed denial of service (DDoS) attack is occurring, create a block that includes data related to the DDoS attack, and publish the block that includes the data related to the DDoS attack for addition to a blockchain. The validating node can validate the block that includes the data related to the DDoS attack and the block that includes the data related to the DDoS attack can be added to the blockchain. The block that includes the data related to the DDoS attack can be analyzed to determine how to mitigate a similar DDoS attack.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an incoming packet via the network interface; extract from the incoming packet a source port and a source internet protocol (IP) address; correlate the source port and source IP to a device identifier (ID); receive a network policy for the device ID; and apply the network policy to the incoming packet.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.

Abstract: Particular embodiments described herein provide for a system that can be configured to facilitate the use of a blockchain for distributed denial of service attack mitigation, the system can include a network security provider and a validating node. The network security provider can recognize that a distributed denial of service (DDoS) attack is occurring, create a block that includes data related to the DDoS attack, and publish the block that includes the data related to the DDoS attack for addition to a blockchain. The validating node can validate the block that includes the data related to the DDoS attack and the block that includes the data related to the DDoS attack can be added to the blockchain. The block that includes the data related to the DDoS attack can be analyzed to determine how to mitigate a similar DDoS attack.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.

Abstract: Techniques for supporting a portable index include, in response to determining that a removable computer-readable storage medium is recently mounted on a particular drive having a particular drive identifier, determining a particular media identifier for the removable computer readable storage medium. Before harvesting metadata from each file of a set of one or more files on the removable computer-readable storage medium, it is determined whether a portable index file is stored on the removable computer-readable storage medium. The portable index file includes, for each file of the set, data that associates the media identifier (312) and a relative directory path (314) for one file of the set with metadata (316) for the one file. If the portable index file is stored, then an index is caused to be retrieved from the portable index file without harvesting metadata from each file of the set.

Abstract: Techniques for supporting a portable index include, in response to determining that a removable computer-readable storage medium is recently mounted on a particular drive having a particular drive identifier, determining a particular media identifier for the removable computer readable storage medium. Before harvesting metadata from each file of a set of one or more files on the removable computer-readable storage medium, it is determined whether a portable index file is stored on the removable computer-readable storage medium. The portable index file includes, for each file of the set, data that associates the media identifier (312) and a relative directory path (314) for one file of the set with metadata (316) for the one file. If the portable index file is stored, then an index is caused to be retrieved from the portable index file without harvesting metadata from each file of the set.

Abstract: An approach is presented for providing communication services over audio messages. A voice platform determines to act on a request to establish one or more calls among one or more devices and one or more services, the one or more calls including, at least in part, an audio message associated with the one or more services. Further, the voice platform causes, at least in part, actions that result in establishment of the one or more calls for transmission and storage of the audio message at the one or more devices, the one or more services, or a combination thereof.