Abstract: Methods and systems for efficient scaling of a domain name system (DNS) service architecture. In some embodiments a plurality of messaging servers may be separated into a number of pools. A plurality of client devices may be connected to a messaging server within a pool. When a notification is received for a target client device, a backend server may identify the pool that includes the messaging server that is connected to the target client device. The backend server may send the notification to the group of messaging servers within the identified pool while avoiding sending the notification to messaging servers within different pools.

Abstract: The disclosed computer-implemented method for asynchronously and statelessly loading data while maintaining ordering may include parsing multiple data records, appending an identifier to each data record, where the appended identifier establishes a parsing order indicating an order in which each data record was parsed, inserting the parsed data records into multiple persistent queues in parallel, and asynchronously loading the data records from the persistent queues into a database in parallel according to the appended identifiers. As such, the data records may be stored in the database in the established parsing order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing security in smart buildings may include (1) detecting the presence of a user in a smart building, (2) determining that the user is unauthorized to access at least one resource in a smart building network within the smart building, (3) in response to determining that the user is unauthorized to access the resource in the smart building network, selecting an authentication policy that provides heightened security within the smart building network, and (4) increasing security within the smart building network to reflect the presence of the user by implementing the authentication policy within the smart building network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for storing information about transmission control protocol connections may include (1) configuring a server with a transmission control protocol stack that is an alternative to a default transmission control protocol stack of an operating system of the server, (2) receiving, at the server, a request to establish a transmission control protocol connection with the server, (3) routing the request through the alternative transmission control protocol stack instead of the default transmission control protocol stack, and (4) storing, at the server via the alternative transmission control protocol stack, connection information about the transmission control protocol connection that excludes at least one item of information that would be stored by the default transmission control protocol stack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to initiating remediation of security risks on an endpoint system based on updated reputation data. According to one embodiment, a reputation service receives a request, from a first endpoint system, for reputation data about an object. A reputation service transmits, in response to the request, data indicating a current reputation of the object. The reputation service determines that the object presents a security risk and updates reputation data associated with the object to indicate that the object presents a security risk. Upon updating the reputation data, the reputation system transmits, to the first endpoint system, updated reputation data associated with the object and instructions to remedy the security risk.

Abstract: The disclosed computer-implemented method for detecting network security deficiencies on endpoint devices may include (i) detecting, at a network device, a request from an endpoint device to automatically connect to a wireless network, (ii) establishing, via the network device, a network connection between the endpoint device and a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network, (iii) determining, based on establishing the network connection between the endpoint device and the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to network attacks, and then (iv) facilitating, via the network connection, a security action on the endpoint device to protect the endpoint device against the network attacks. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing tracking of mobile devices may include (1) identifying, from a first device with wireless networking capability, an initial service set identifier used by the first device as identification for a wireless network, where a second device with wireless networking capability also uses the initial service set identifier, (2) determining, based at least in part on a time indicator at the first device, that the initial service set identifier is to be changed, (3) generating a new service set identifier for use by the first device instead of the initial service set identifier, where the new service set identifier is generated with an identifier generation algorithm that is also used by the second device, and (4) replacing use of the initial service set identifier by the first device with use of the new service set identifier. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to managing a rate of generating data requests to be processed at a service provider. An example method generally includes detecting an instance of a push notification event directed to a group of endpoint systems. The push notification event generally indicates that push notifications are to be transmitted to the group of endpoint systems to generate the data requests. A computing system determines a resource utilization associated with at least one of the data requests generated based on the push notification event and determines a push notification transmission rate based on the determined resource utilization and computing resources available at the service provider. The rate generally indicates a number of push notifications to generate and transmit over a period of time. The computing system transmits the push notifications to the group of endpoint systems based on the calculated push notification transmission rate.

Abstract: Techniques are described for network security. One method includes identifying a network-access boundary associated with a network for a location, generating a credential for the network based at least in part on the identified network-access boundary, receiving a request from a user equipment (UE) to access the network associated with the location, and transmitting the credential associated with the network based at least in part on the network-access boundary.

Abstract: The disclosed computer-implemented method for reducing network traffic by using delta transfers may include (1) receiving, from a client device, an original request message that requests at least one action from a server, (2) storing the original request message to serve as a foundation for a delta transfer that includes the original request message and at least one subsequent request message that builds upon the original request message, (3) receiving, from the client device, a subsequent request message that excludes at least a portion of the original request message to reduce redundancy between the original request message and the subsequent request message, and (4) applying the subsequent request message to the original request message to achieve the delta transfer while reducing the redundancy between the original request message and the subsequent request message. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, apparatuses, and systems relating to narrow beam communications and wireless networking are disclosed. Exemplary methods for wireless networking and communications may include identifying a geographic area, receiving topography data related to the geographic area, analyzing the topography data, identifying a first line of sight path related to a first access point location and one or more customer premises device locations based at least in part on the analyzing, and identifying a second line of sight path based at least in part on a predetermined amount.

Abstract: The disclosed computer-implemented method for sending push notifications that include preferred data center routing information may include (1) configuring at least one rule for determining which data center out of a plurality of data centers is preferred to serve one or more download requests, (2) identifying a push notification that is configured to prompt a device to download data from a data center within the plurality of data centers, (3) using the rule to select, from the plurality of data centers, a preferred data center to which to route the device, and (4) embedding information about the preferred data center in the push notification sent to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for disseminating location-based reputations for link-layer wireless attacks may include (i) receiving, at a server from a first wireless client, a wireless-attack report for a location that includes (a) information that indicates that the first wireless client detected a link-layer wireless attack (e.g., a wireless-access-point spoofing attack or a deauthentication attack) at the location or (b) information that indicates that the first wireless client did not detect any link-layer wireless attacks at the location, (ii) using, at the server, the wireless-attack report to generate a reputation for link-layer wireless attacks for the location, (iii) receiving, at the server from a second wireless client, a request for the reputation of the location, and (iv) responding to the request with the reputation of the location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting illegitimate devices on wireless networks may include (1) identifying an initial set of hops that represent devices on a wireless network that relay network traffic between the computing device and a destination, (2) identifying, after identifying the initial set of hops, a new set of hops that relay the network traffic between the computing device and the destination, (3) comparing the initial set of hops to the new set of hops, and (4) determining, based on the comparison, that the new set of hops comprises an abnormality that indicates an illegitimate device is intercepting the network traffic on the wireless network between the computing device and the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically adjusting user access permissions based on beacon proximity may include (1) identifying a network-enabled device that is attempting to access a network resource that is protected by a security policy, where the security policy identifies an access level at which one or more devices may access the network resource when the devices are within range of the short-range wireless signal from the secure beacon, (2) determining that the network-enabled device is within range of the short-range wireless signal from the secure beacon, and (3) establishing, according to the security policy, the access level at which the network-enabled device is allowed to access the network resource based at least in part on the network-enabled device being within range of the short-range wireless signal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for network security may include (1) obtaining initial information that at least partially identifies an initial access point for connecting to a network, (2) after obtaining the initial information, obtaining subsequent information that at least partially identifies a subsequent access point for connecting to the same network, (3) comparing, by a security program, the initial information and the subsequent information in an attempt to detect whether the initial access point and the subsequent access point are the same, (4) detecting, based on the comparison, an indication that the initial access point and the subsequent access point are different, and (5) performing, by the security program in response to detecting the indication that the initial access point and the subsequent access point are different, a remedial action to protect a user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for optimized polling. An example method may comprise: receiving, over a transport layer connection, a first application layer request comprising a payload; storing, by a processing device, the payload in a memory; forwarding the payload to an application layer; receiving, over the transport layer connection, a second application layer request comprising no payload; and forwarding the payload to the application layer.

Abstract: A massive number of long lived connections is migrated between a source and a destination computer. Connection state information concerning each request being processed on each connection is transferred from the source to the destination computer. The source continues to respond to requests on a given connection while transferring corresponding state information. Once state information for a specific connection has been transferred, the connection is switched from the source to the destination. Connections are kept active during the shifting. While shifting traffic on a specific connection, two versions of the connection can be open simultaneously, one to the source and the other to the destination. Traffic on the connection is routed to the source computer until the shift has been completed, after which the connection on the source computer is closed, and traffic is routed to the destination.

Abstract: A SPOC server receives a request to initiate a transaction utilizing multiple separate distributed cloud based services located on separate datacenters, from an endpoint. The SPOC server generates a transaction identifier for the transaction. The SPOC server transmits the generated transaction identifier to the endpoint. Receipt of the generated transaction identifier directs the endpoint to call each one of the separate services, with the transaction identifier. Over time, the SPOC server receives a separate service completion notification with the generated transaction identifier from each one of the separate services. Each separate service completion notification indicates that the corresponding service has completed. Only in response to receiving a separate service completion notification from each one of the separate distributed cloud based services, the SPOC server transmits a transaction completion notification with the generated transaction identifier to the endpoint.

Abstract: Techniques are disclosed for monitoring and evaluating video game activity by scanning for communications between a gaming console and peripherals that wirelessly communicate with the gaming console. An activity tracker receives wireless communications sent between the gaming console and a peripheral. The activity tracker generates one or more usage metrics describing the wireless communications. The activity tracker evaluates the network data based on or more specified rules. Upon determining that the usage metrics trigger a specified rule, the activity tracker generates a notification to describing those usage metrics.