Abstract: The disclosed computer-implemented method for performing operations on restricted mobile computing platforms may include (1) receiving a request to perform an operation on a mobile device, (2) requesting access to a synchronization profile of the mobile device that represents the current state of the mobile device, (3) receiving access to the synchronization profile, and (4) performing the operation on the mobile device by performing an analogous operation on the synchronization profile. In some examples, the operation may require access to a current state of the mobile device, and a mobile computing platform of the mobile device may place a limitation on the ability of third-party software to (a) inspect the current state of the mobile device, (b) modify the current state of the mobile device, and/or (c) execute resource-intensive operations via the mobile device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for determining whether transmission of sensitive data is expected may include (1) identifying a computer program that is to be analyzed to determine whether the computer program unexpectedly transmits sensitive data, (2) simulating user input to the computer program while the computer program is executing, (3) identifying a context of the simulated user input, (4) identifying transmission of sensitive data that occurs after the user input is simulated, (5) determining, based on the context of the simulated user input, whether the transmission of sensitive data would be an expected result of the user input, and (6) performing a security action with respect to the computer program based on whether the transmission of sensitive data is expected. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for classifying package files as Trojans may include (1) detecting a resemblance between an unclassified package file and a known legitimate package file, (2) determining that the unclassified package file is signed by a different signatory than a signatory that signed the known legitimate package file, (3) determining that a feature of the unclassified package file is suspicious, the feature being absent from the known legitimate package file, and (4) classifying the unclassified package file as a Trojan version of the known legitimate package file based on the unclassified package file being signed by the different signatory and having the suspicious feature. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing web browser histories may include (1) identifying a website visited via a web browser, (2) selecting one or more website categories for which websites are not to be referenced in the web browser history, (3) querying a website categorization database to verify whether the visited website belongs to a selected website category, (4) receiving, in response to querying the website categorization database, an indication that the website belongs to a selected website category, and (5) blocking, based on the website belonging to a selected category, the website from being referenced in the web browser history. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying private keys that have been compromised may include (1) identifying a private key that enables a signatory to digitally sign applications, (2) collecting information about the private key from at least one public source, (3) determining, based on the information collected from the public source, that the private key has been compromised and is accessible to unauthorized signatories, and (4) performing a security action in response to determining that the private key has been compromised and is accessible to the unauthorized signatories. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying private keys that have been compromised may include (1) identifying a private key that enables a signatory to digitally sign applications, (2) collecting information about the private key from at least one public source, (3) determining, based on the information collected from the public source, that the private key has been compromised and is accessible to unauthorized signatories, and (4) performing a security action in response to determining that the private key has been compromised and is accessible to the unauthorized signatories. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A parsing module identifies a framed page within a web page received from a network. The parsing module further identifies information regarding the frame such as the framed page's uniform resource locator. A lookup module accesses a memory module to determine if the identified information regarding the frame is included in a protection list stored in the memory module. A notification module notifies a client's user that the framing web page is fraudulent if the identified information regarding the frame is included in the protection list. Alternatively, the parsing module is adapted to identify a security tag within the framed page indicating that the framed page is not permitted to be displayed within a frame. If the framed page includes a security tag, the notification module notifies the client's user that the framing web page is fraudulent.

Abstract: Known legitimate applications are analyzed to establish a list of trusted user-agent strings used by the applications to download content from a network. Traffic interception modules connected to the network examine traffic exchanged between clients and servers on the network, recognize traffic associated with downloads of content from the network, and create content download descriptions describing the downloads. The content download descriptions are analyzed to identify content downloads using the trusted user-agent strings. Identifiers of the content downloaded using the trusted user-agent strings are added to a white list of legitimate content. Access to the white list is provided to clients and the clients use the white list to identify legitimate content.

Abstract: A method includes determining whether a transaction request has occurred during a transaction session. Upon a determination that a transaction request has occurred, the method includes parsing critical values from the transaction request and determining whether the critical values are legitimate. If the critical values are found to be suspicious instead of legitimate, the method further includes seeking approval of the transaction request from the user of the host computer system. Upon approval of the transaction request, the transaction request is allowed. Conversely, upon denial of the transaction request, the transaction request is determined to be malicious, and protective action is taken including terminating the transaction request.

Abstract: An extrusion detection system prevents the release of sensitive data from an enterprise. The system includes administration module for broadcasting taint instructions, each of which include a definition of sensitive data. The system also includes a plurality of extrusion detection nodes. Each node marks sensitive data as tainted responsive to the taint instructions, marks data that depends on sensitive data as tainted. When the potential release of tainted data is detected, an action is executed responsive to the taint instructions.

Abstract: A tracking cookie detection manager accurately detects tracking cookies. The tracking cookie detection manager identifies a third party cookie, and generates at least two requests that result in separately downloading the third party cookie. The tracking cookie detection manager examines the separately downloaded third party cookies, and determining whether they each include a unique user identifier. If the separately downloaded third party cookies do each include a unique user identifier, the tracking cookie detection manager determines that the third party cookie comprises a tracking cookie. On the other hand, if the third party cookies do not each include a unique user identifier, the tracking cookie detection manager determines that the third party cookie is not a tracking cookie.