Abstract: A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Abstract: A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

Abstract: A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

Abstract: A method for improving the performance of a distributed object model over a network is disclosed. A client computer contains a client object which can call an interface on a server object located on a server computer. On the server side, the RPC dispatching layer is circumvented by providing a pointer into the DCOM dispatching layer directly from the RPC utility layer. The client can therefore specify an interface using only an interface pointer identifier, and need not also specify a RPC interface identifier. The DCOM dispatching can then call the appropriate stub for the interface specified by the client with the interface pointer identifier, while taking advantage of the RPC utility layer to perform security checking, thread management, socket management, and association management.

Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

Abstract: A method and system for analyzing the impact on software of an update to a software system is provided. The impact analysis system identifies resources that are affected by an update to the software system and identifies resources that are accessed by various software components during execution of the software components. To analyze the effects of an update, the impact analysis system identifies those accessed resources of the software components that are affected by the update as being impacted resources. The impact analysis system considers those software components that access the impacted resources to be impacted software components. The impact analysis system provides a user interface through which a user can view and analyze the impact of an update.

Abstract: Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

Abstract: A method includes placing an accent in a frame, and only letting frames with the same accent communicate with each other. This accenting is removed using an accent key immediately prior to a compilation operation. The accenting can be performed by performing an XOR operation on a data stream using a key. In one exemplary non-limiting embodiment a computing system is provided. The computing system includes a memory, and a processor coupled to the memory, the processor configured to introduce domain specificity to at least one of a script and an HTML object name. In another exemplary non-limiting embodiment, means are provided for introducing domain specificity to at least one of a script and an HTML object name and means are provided for removing the introduced domain specificity prior to a compiling operation.

Abstract: A system customizes search results. In one implementation, an exemplary system personalizes search results based on recommendations from members of online social networks to which the user belongs, who have made similar search queries in the past. The system also enables the user to arrange, insert, and delete search result entries into a customized search results queue from across multiple search engines. The user's own customizations of the search results may be shared, in turn, as recommendations for other users who submit similar search queries and who are associated with the user through online social networks. The system may automatically provide personally relevant search results for a subjective query.

Abstract: An exemplary system for monitoring search spam and protecting against search spam includes a self-monitoring subsystem to uncover spam patterns and a self-protection subsystem to protect against spam by providing spam-related information to strengthen a relevance ranking algorithm. An exemplary architecture for monitoring search spam includes a first component to receive one or more spammer targeted keywords and to search, scan and analyze URLs based at least in part on the one or more spammer targeted keywords, a second component to receive one or more URLs from the first component and to verify one or more of these URLs as a spam URL and a third component to collect spammer targeted keywords associated with one or more spam URLs and to provide one or more of the spammer targeted keywords to the first component. Other methods, systems, etc., are also disclosed.

Abstract: An exemplary method for defeating server-side click-through cloaking includes retrieving a search results page to set a browser variable, inserting a link to a page into the search results page and clicking through to the page using the inserted link. An exemplary method for investigating client-side cloaking includes providing script associated with a suspected spam URL, modifying the script to de-obfuscate the script and executing the modified script to reveal cloaking logic associated with the script. Other methods, systems, etc., are also disclosed.

Abstract: An exemplary method for protecting web browsers from spam includes providing a multi-layer model that includes a doorway layer, a redirection domain layer, an aggregator layer, a syndicator layer and an advertiser layer; identifying domains as being associated with at least one of the layers; and, based at least in part on the identifying, taking one or more corrective actions to protect web browsers from search spam. An exemplary method for identifying a bottleneck layer in a multi-layer spam model includes providing a multi-layer spam model, collecting spam advertisements, associating a block of IP addresses with the collected spam advertisements and identifying a bottleneck layer based on the block of IP addresses. Other methods, systems, etc., are also disclosed.

Abstract: An exemplary method includes providing a typographically erroneous domain name, tracing the domain name where tracing includes entering the domain name as part of a URL and recording one or more subsequent URLs, identifying a domain parking service for the domain name based at least in part on information in one of the recorded URLs, determining client identification information in at least one of the recorded URLs where the client identification information identifies a customer of the domain parking service and blocking one or more domain names based at least in part on the client identification information. Other exemplary technologies are also disclosed.

Abstract: A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

Abstract: A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

Abstract: A method and system for ranking possible causes of a component exhibiting a certain behavior is provided. In one embodiment, a troubleshooting system ranks candidate configuration parameters that may be causing a software application to exhibit an undesired behavior using support information relating to problems resulting from the settings of configuration parameters. The support information may be collected from problem reports generated by product support services personnel when troubleshooting problems that users encounter with the application. The troubleshooting system ranks the candidate configuration parameters as likely causing the application to exhibit the undesired behavior based on analysis of the support information.

Abstract: Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

Abstract: In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).