Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: A malware detection method for detecting client participation in malware activity, in respect of a target subjected to a given attack by a client system, which is operable to run a given host application is disclosed a given security service provider is configured, which is operably coupled to the client system, to make accessible given attack information that is reported by a given attack target. An attack status query is transmitted to the security service provider from an agent that is operably coupled to the client system. In response to receiving the attack status query, the security service provider is configured to send attack information reported in respect of a given attack target to the agent, and configuring the agent to diagnose whether its corresponding client system potentially comprises an attack source of the given attack subjected on the attack target, on a basis of the received attack information.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: A method and associated systems for isolating a source of an attack that originates from a shared computing environment. A computer-security system tags outgoing packets originating from within the shared computing environment in a tamper-proof manner in order to identify which tenant of the shared environment is the true source of each packet. If one of those tenants transmits malicious packets to an external recipient, either because the tenant has malicious intent or becomes infected with malware, the transmitted malicious packets' tags allow the recipient to determine which tenant is the source of the unwanted transmissions. The recipient may then block further communications from the problematic tenant without blocking communications from other tenants of the shared environment.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: A malware detection method for detecting client participation in malware activity, in respect of a target subjected to a given attack by a client system, which is operable to run a given host application is disclosed a given security service provider is configured, which is operably coupled to the client system, to make accessible given attack information that is reported by a given attack target. An attack status query is transmitted to the security service provider from an agent that is operably coupled to the client system. In response to receiving the attack status query, the security service provider is configured to send attack information reported in respect of a given attack target to the agent, and configuring the agent to diagnose whether its corresponding client system potentially comprises an attack source of the given attack subjected on the attack target, on a basis of the received attack information.

Abstract: A method and associated systems for isolating a source of an attack that originates from a shared computing environment. A computer-security system tags outgoing packets originating from within the shared computing environment in a tamper-proof manner in order to identify which tenant of the shared environment is the true source of each packet. If one of those tenants transmits malicious packets to an external recipient, either because the tenant has malicious intent or becomes infected with malware, the transmitted malicious packets' tags allow the recipient to determine which tenant is the source of the unwanted transmissions. The recipient may then block further communications from the problematic tenant without blocking communications from other tenants of the shared environment.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: A method, and an associated computer system and computer program product. A login request is received from a user, to log into a computing resource, wherein the login request includes a password and a user identifier of the user. The received password is compared with a stored password to determine whether to grant access to the computing resource. Responsive to determining that the received password does not match the stored password, an authenticity of the login request is determined, based on one or more characteristics of the user and/or one or more checks performed against the received password. A score is calculated based on the determined authenticity of the login request. The login request is denied. Based on the calculated score, it is decided whether to lock the user and deny the user further access to the computing resource.

Abstract: A web application user is authenticated directly upon selecting a link in a notification email. In this approach, the user's web browser stores a first data string provided by the web application (e.g., in a cookie) during a prior session. The first data string encodes first data about the user that can be verified by the application. Later, the user receives the notification email that includes the link. The link encodes a second data string from which second data about the user can be verified by the application. When the end user selects the link, an authentication request is transmitted to the application. The authentication request includes both the first and second data strings. If both the first data and the second data (as obtained from their respective data strings) can be verified, the user is authenticated without having to perform any additional steps (e.g., manual entry of credentials).

Abstract: A web application user is authenticated directly upon selecting a link in a notification email. In this approach, the user's web browser stores a first data string provided by the web application (e.g., in a cookie) during a prior session. The first data string encodes first data about the user that can be verified by the application. Later, the user receives the notification email that includes the link. The link encodes a second data string from which second data about the user can be verified by the application. When the end user selects the link, an authentication request is transmitted to the application. The authentication request includes both the first and second data strings. If both the first data and the second data (as obtained from their respective data strings) can be verified, the user is authenticated without having to perform any additional steps (e.g., manual entry of credentials).

Abstract: A technique that identifies registered or guest users in web meetings. Registered and guest users are provided different forms of a meeting invite URL. A guest user receives a unique URL for the meeting that is generated with a nonce value associated with the user's contact information. The nonce value does not expose the contact information. To join the web meeting, each registered user follows a common web meeting link and authenticates. Information obtained during authentication is used to identify the registered user, whose identity is then displayed. Each guest user follows his or her unique URL to join the meeting. The web meeting service receives the nonce in the unique URL and maps it to the guest user's contact details. The service displays the guest user's contact details as the guest user's identity.