Abstract: Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The response may include the information that relates to the memory writes. The processor may determine, based on the response, an amount of memory of the memory device written to during an interval of time. The processor may detect the potential attack based on the amount of memory written to and based on the interval of time. The processor may then generate an alert based on the detection of the potential attack.

Abstract: Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The response may include the information that relates to the memory writes. The processor may determine, based on the response, an amount of memory of the memory device written to during an interval of time. The processor may detect the potential attack based on the amount of memory written to and based on the interval of time. The processor may then generate an alert based on the detection of the potential attack.

Abstract: Technologies are generally described for systems, devices and methods effective to utilize a solid state memory device. A memory device may include one or more input/output ports effective to receive data at, and facilitate transfer from, the memory device. The memory device may further include a memory controller. The memory controller may be effective to control access to data stored in the memory device. The memory device may further include two or more flash chips effective to store data in the memory device. The memory device may further include a crossbar switch. The crossbar switch may be coupled between the one or more input/output ports and the two or more flash chips. The crossbar switch may be effective to enable the one or more input/output ports to access the two or more flash chips through the memory controller.

Abstract: Methods to facilitate monitoring the execution of a first instance and a second instance, such as multiple instantiations of a program, are generally described. The methods may include generating a first instance and a second instance, appending first monitoring instructions to the first instance to produce a first modified instance and appending second monitoring instructions to the second instance to produce a second modified instance. The first and second monitoring instructions may relate to monitoring an execution of the first instance and the second instance. The processor may further send the first modified instance to a first computing device and send the second modified instance to a second computing device different from the first computing device. The computing devices may provide different computational functionality and/or may split a load in processing the program.

Abstract: Technologies are generally described for systems, devices and methods effective to utilize a solid state memory device. A memory device may include one or more input/output ports effective to receive data at, and facilitate transfer from, the memory device. The memory device may further include a memory controller. The memory controller may be effective to control access to data stored in the memory device. The memory device may further include two or more flash chips effective to store data in the memory device. The memory device may further include a crossbar switch. The crossbar switch may be coupled between the one or more input/output ports and the two or more flash chips. The crossbar switch may be effective to enable the one or more input/output ports to access the two or more flash chips through the memory controller.

Abstract: Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The response may include the information that relates to the memory writes. The processor may determine, based on the response, an amount of memory of the memory device written to during an interval of time. The processor may detect the potential attack based on the amount of memory written to and based on the interval of time. The processor may then generate an alert based on the detection of the potential attack.

Abstract: Methods to facilitate monitoring the execution of a first instance and a second instance, such as multiple instantiations of a program, are generally described. The methods may include generating a first instance and a second instance, appending first monitoring instructions to the first instance to produce a first modified instance and appending second monitoring instructions to the second instance to produce a second modified instance. The first and second monitoring instructions may relate to monitoring an execution of the first instance and the second instance. The processor may further send the first modified instance to a first computing device and send the second modified instance to a second computing device different from the first computing device. The computing devices may provide different computational functionality and/or may split a load in processing the program.

Abstract: Technologies are generally described for systems and methods configured to produce an executable code. In some examples, a developer may send machine language code to a system manager. The machine language code may include two or more machine language blocks and linking information. The system manager may include a processor configured to permute the machine language blocks to produce permuted machine language code. The processor may modify the linking information based on the permuted machine language code to produce modified linking information. The processor may link the permuted machine language code with use of the modified linking information to produce the executable code.

Abstract: A network security server constituted of: a device detection functionality, the device detection functionality arranged to detect devices on a network on an ongoing basis; a state extraction functionality arranged to read the state of each of the detected devices; an abstraction functionality arranged to translate each of the read states to a common abstract format; a state analysis functionality arranged to compare each of the translated read states with a predetermined database of states; and a session control functionality arranged to control communication of each of the detected devices responsive to the comparison with the predetermined database of states.

Abstract: A network security server constituted of: a device detection functionality, the device detection functionality arranged to detect devices on a network on an ongoing basis; a state extraction functionality arranged to read the state of each of the detected devices; an abstraction functionality arranged to translate each of the read states to a common abstract format; a state analysis functionality arranged to compare each of the translated read states with a predetermined database of states; and a session control functionality arranged to control communication of each of the detected devices responsive to the comparison with the predetermined database of states.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: A network load-balancing cluster configured to function as a transparent bridge, by connecting the load-balancing nodes in series rather than in parallel, as is done in prior-art configurations. A load-balancing algorithm and method are disclosed, by which each node in the configuration independently determines whether to process a data packet or pass the data packet along for processing by another node. To support this, load-balancing nodes are equipped with both software and hardware data pass-through capabilities that allow the nodes to pass along data packets that are processed by a different nodes.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: The present invention is directed to a method for controlling access of a user to a service provided through a network, and a system thereof. The method comprising the steps of: upon initiating a connection of the user to the network, authenticating the user; upon positively authenticating the user, creating or updating a cookie within the workstation of the user, the cookie comprising information related to access permission of the user to the service; upon requesting to access the service by the user, retrieving the information from the cookie by a gateway to the network, and enforcing the access permission on the user.

Abstract: The invention contains an application operating environment in which acceptable and/or suspect activities may be defined for an application so that unacceptable application behavior can be prevented. This is done by providing a definition table identifying the types of access and actions that the application is allowed and preventing it from carrying out other types of access and actions. The definition table may be built up using a learning process during use of the application. The environment also provides a means of checking information output to a network against a list of confidential information.

Abstract: The invention contains an application operating environment in which acceptable and/or suspect activities may be defined for an application so that unacceptable application behavior can be prevented. This is done by providing a definition table identifying the types of access and actions that the application is allowed and preventing it from carrying out other types of access and actions. The definition table may be built up using a learning process during use of the application. The environment also provides a means of checking information output to a network against a list of confidential information.

Abstract: In one aspect, the present invention is directed to a method for identifying and blocking spam email messages at an inspecting point, the method comprises the steps of: measuring the flow rate of email messages sent from an originator through the inspecting point; and if the measured flow rate exceeds a given threshold, email messages transmitted from the originator are classified as spam and/or the originator is classified as a spammer. In another aspect, the present invention is directed to a system for identifying and blocking spam email messages at an inspecting point, the system comprising: a spam detector, for classifying an email message as spam-suspected; a flow rate calculator, for calculating a flow rate of spam-suspected email messages that have reached the inspecting point; a spam indicator, for classifying spam-suspected email messages as spam by their flow rate and a threshold thereof.

Abstract: A method for blocking Spam sent to an email address of an individual, comprising: establishing an intermediating email address, for corresponding with a party of interest without revealing the permanent email address of the individual; indicating an email message sent to the intermediating email address as Spam unless the sender thereof is the party of interest. On indicating an email message as Spam, blocking the email message. On indicating an email message as non-Spam, redirecting the email message to the permanent email address of the individual. In one embodiment of the invention, the intermediating email address expires after a predefined or arbitrary period. The method may be implemented by an email client associated with the intermediating email address, an email server, a proxy server, a gateway server and so forth.

Abstract: A method for speeding up the pass time of an executable (an HTML file, a script file, a web page, an EXE file, an email message, and so forth) through a checkpoint (e.g. a gateway) in which the integrity of said executable is being tested, said method comprising: receiving and accumulating the parts of said executable that reach to said checkpoint; testing the integrity of the accumulated parts; releasing and sending the accumulated parts that have been indicated as harmless to their destination in an accelerated manner; releasing and sending the accumulated parts that have not been indicated as harmless or malicious to their destination in a moderate manner; and upon indicating the maliciousness of said accumulated parts, performing an alert procedure. According to a preferred embodiment of the invention, receiving and/or sending data is carried out at the lower levels of the OSI model, especially at the Network level.

Abstract: In one aspect, the present invention is directed to a method for detecting presence of malicious code in e-mail messages of an organization, comprising: gathering information related to incoming and/or outgoing e-mail messages of the organization; analyzing the gathered information in order to find common denominators of the gathered information that may indicate about the presence of malicious code within the messages; determining the suspicion of presence of malicious code within the e-mail messages according to the found common denominator, and/or according to the combination of the found common denominators; and upon positively determining a suspicion of presence of malicious code within the e-mail messages, activating an alerting procedure.