Abstract: Configuration snapshots can be obtained from various connected devices, such as network interface cards or hardware offload devices, to determine whether the configuration matches expected values. If discrepancies are determined then the appropriate values can be automatically applied to those devices. For each type and version of device, there can be a set of expected configuration values, or a golden model of configuration, that is determined and stored. The models can also be used to test updated configuration values, as the new values can be pushed to a subset of devices and the impact on performance determined. If acceptable performance improvement is detected, or another such target achieved, then the golden model can be updated with the new values and those values can be pushed out to the remainder of the devices.

Abstract: An improved system and method of measuring and evaluating a distributed denial of services (DDOS) attack includes arranging for a DDoS attack by engaging a network provider offering malicious services to attack a honeypot computerized device. The honeypot includes a packet sniffer used to measure the values of parameters of the DDoS attack useful in determining the method of attack, the origin and extent of the attack, in calculating methods for early determination that a DDoS attack is occurring, and methods of countering this type of DDoS attack before it occurs.

Abstract: A method includes (a) receiving, at a computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR, (b) verifying that the 1CSR came from the CA, (c) performing a verification procedure on the embedded 2CSR independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR, and (d) upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate to the CA, the certificate validating the identity claim made by the entity in the 2CSR.

Abstract: An improved technique involves searching for emails having a particular template generated by a phishing kit. Such a template typically includes field names corresponding to credentials that a customer inputs into a spoofed web site as part of a phishing attack. The phishing kit used in a phishing attack is typically configured to construct an email so that it arranges the credentials in a regular, tabular fashion. Accordingly, an administrator configures a receiver to search an email server for emails having a sequence of keywords in a format that matches the particular template.

Abstract: An improved technique utilizes a honeypot-style seeding of synthetic user identifiers which, if used by spear-phishing intruders, enable easy discovery of the intruders. Along these lines, an administrator of a network constructs false employee profiles on a social network with the intent of intercepting any email to that employee. Such employee profiles correspond to no actual employee of the corporation, but are in fact synthetic entities designed to appear to be an actual employee. These profiles contain identifiers that describe the employee, such as a name, position within the corporation, telephone number, educational background, past positions, and social connections. The administrator configures a receiver at the corporate network to block from entering the secure network emails that include references to any of these identifiers.

Abstract: Content randomization techniques for thwarting malicious software attacks. In one example, a method comprises the following steps. Content is received at a randomizer module from a first computing device, the content having been retrieved by the first computing device in response to a content request by a second computing device. The content is randomly altered at the randomizer module to generate randomly altered content. Log information about the random alteration to the content is maintained at the randomizer module. The randomly altered content is sent from the randomizer module to the first computing device such that the first computing device is able to provide the randomly altered content to the second computing device in response to the content request by the second computing device. Further, the random alteration may be removed from reply content using the log information.

Abstract: A technique is presented of providing, in an electronic central server, transactional information to a user. The technique includes receiving a set of transaction messages from a set of transactional information sources, each transaction message including respective transaction data. The technique also includes generating a transaction history from the set of transaction messages, the transaction history including the respective transaction data of each transaction message. The technique further includes delivering an aggregate message to a set of user devices, the aggregate message including the transaction history and being presented in atomic form to the user in order to prevent an attacker from excising particular transaction data from the aggregate message.