Abstract: Databases that reside on a private network behind a firewall may be difficult to access from a cloud platform on the Internet. Techniques disclosed herein allow an Internet system to communicate with multiple different databases behind multiple different firewalls, however. A client-side private computer system, from behind a firewall, transmits a series of database request status inquires to a server system (not behind the firewall). These status inquiries may be sent as HTTP long poll messages. When the server wishes to query a database on the private network, it responds to one of the database request status inquiries. Because the client-side computer initiated communication, the server response is allowed to pass through the firewall when it might otherwise be blocked. Employing such techniques in parallel allows a server to interact with multiple firewalled databases without the difficulties and inconvenience of attempting a VPN connection.

Abstract: In a digital resource duplication method, the cloud server executes: a receiving step, for receiving a duplication request for a digital resource submitted by a resource requester, the duplication request comprising the identification information of the resource requester, the unique resource copy identifier, and the unique terminal identifier; a determination step, for determining, on the basis of the identification information, whether the resource requester is allowed to duplicate via the terminal a copy of the digital resource corresponding to the unique resource copy identifier; a transmitting step, for transmitting the copy to the terminal after embedding the unique terminal identifier and the identification information in the copy, when a determination result of the determination step is positive.

Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

Abstract: Disclosed herein are techniques for detecting phishing websites. In one embodiment, a method is disclosed comprising receiving, at a server, a request for a webpage from a client device; generating, by the server, and inserting an encoded tracking value (ETV) into the webpage; inserting, by the server, dynamic tracking code (DTC) into the webpage, the inserting of the DTC further comprising obfuscating the DTC; and returning, by the server, the webpage including the ETV and DTC to the client device, the DTC configured to execute upon receipt at the client device and validate the ETV upon executing.

Abstract: Some embodiments provide a method for providing metadata proxy services to different data compute nodes that are associated with different logical networks (e.g., for different tenants of a datacenter). When a data compute node (DCN) is instantiated (i.e., starts executing) in a host machine, the DCN requests for metadata associated with the DCN from a metadata server. The requested metadata includes identification and configuration data (e.g., name and description, amount of virtual memory, number of allocated virtual CPUs, etc.) for the DCN. Each DCN generates and sends out a metadata request packet after an IP address is assigned to the DCN (e.g., by a DHCP server). In some embodiments, a metadata proxy server (1) receives the metadata request packets that are sent by different DCNs associated with different logical networks, (2) adds logical network identification data to the packets, and (3) forwards the packets to a metadata server.

Abstract: Certain embodiments described herein are generally directed to checking packets at a hardware tunnel endpoint. In some embodiments, an encapsulated packet is received at a hardware tunnel endpoint. It is determined if an inner source media access control (MAC) address is associated with an outer source internet protocol (IP) address of the encapsulated packet based on a mapping of MAC addresses of virtual computing instances to IP addresses of tunnel endpoints stored at the hardware tunnel endpoint. If it is determined the inner source MAC address is not associated with the outer source IP address, the packet is dropped.

Abstract: Embodiments disclosed herein provide a system, method, and computer readable storage medium storing computer instructions for implementing a Socialware architecture encompassing a suite of applications for continuously and adaptively monitoring and filtering traffic to and from social networking sites, particularly useful in an enterprise computing environment. In some embodiments, an appliance may be coupled to a proxy server for providing a plurality of Socialware services, including analyzing, logging, and reporting on traffic to and from social networking sites. Some embodiments may allow a user to report, identify, and prevent malicious and potentially malicious content and/or activity by another user. Some embodiments may encrypt outgoing traffic to and decrypt incoming traffic from social networking sites. Some embodiments may provide an enterprise user to define and restrict certain social networking activities outside of the enterprise computing environment.

Abstract: System and method for automatically establishing a Virtual Private Network (VPN) link between a mobile device and a VPN server over an unsecure wireless network, comprising, at the mobile device, detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, automatically initializing, based on the determination, a VPN client, the VPN client executed to establishes a VPN link between the mobile device and the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and automatically terminating the VPN client when the mobile device disconnects from the unsecure wireless network.

Abstract: A malicious encrypted traffic inhibitor connected to a computer network is disclosed. A method for inhibiting malicious encrypted network traffic communicated via a computer network also is disclosed. The malicious encrypted traffic inhibitor and method utilize an estimated measure of entropy for a portion of network traffic communicated over a network connection via the computer network. The estimated measure of entropy is calculated as a measure of a degree of indeterminacy of information communicated via the network connection, such as an estimated measure of Shannon entropy, and then compared with a reference measure of entropy for malicious encrypted network traffic. If the estimated measure of entropy for traffic communicated via the computer network is sufficiently similar to the reference measure of entropy, a positive identification of malicious traffic on the computer network can be output.

Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.

Abstract: Tier switching of spectrum access priority tier levels for networks in a multi-tier level spectrum access system is disclosed. The tier switching may be based on conditions in the networks to allow more efficient network/system operation. In an implementation, the switching of tier levels may be a swap of tier levels between a network/device and another network/device. In this case, the tier level of a network/device is switched or swapped with the tier level of another network/device and each network device operates at the tier level of the other network/device. In another implementation, the switching of tier levels may be a switching of tier levels used by a single network or a single device without any swap occurring with another network or device. In this case, the tier level of a network or device may be switched to another tier level for operation in the SAS.

Abstract: A terminal device obtains location information relating to its location, wherein the location information comprises first location information and second location information, wherein the first location information relates to a location of the terminal device within a region, and wherein the second location information identifies the region in which the terminal device is located. The terminal device forms content for a proximity service discovery message, wherein the content for the discovery message includes the first location information; calculates a message integrity code based on the content for the discovery message and the second location information; and transmits the proximity service discovery message, comprising the content for the discovery message and the computed message integrity code.

Abstract: A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.

Abstract: A location privacy protection method includes generating an identifier update notification message to be sent to at least one access point, where the identifier update notification message includes a first identifier of a wireless terminal, to indicate that the identifier update notification message is to be sent by the wireless terminal. The identifier update notification message further includes second identifier information of the wireless terminal. The method further includes sending the identifier update notification message, so that the access point acquires a second identifier according to the second identifier information, and uses the second identifier as an identifier of the wireless terminal; and sending a subsequent message including the second identifier to the access point, to indicate that the subsequent message is sent by the wireless terminal.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: The system and method for protecting multiple networked enclaves each having one or more insecure machines. The system may include an attack detector as part of a secure node (e.g., SAFE node) proxy. The system may include an attack detector external to the proxy. The proxy may support multiple detectors and its actions may include isolating an insecure machine, cleansing an insecure machine, or tattling on (impugning the reputation of) an insecure machine.

Abstract: A display apparatus includes a display unit configured to display an image, a wireless tag, a wireless communication unit configured to wirelessly communicate with an external terminal apparatus, and a control unit configured to switch an operation state of the display apparatus to at least a normal operation state and a power saving state. When detecting that the wireless tag communicates with the terminal apparatus in the power saving state, the control unit shifts the operation state to the normal operation state. The wireless communication unit returns from the power saving state to the normal operation state and establishes a wireless communication with the terminal apparatus.

Abstract: A method of destroying file contents of a file includes storing the file in a predefined file format, wherein a first part of the algorithm is integrated into a pre-execution header of the file called by an executing program or an executing operating system when the file is opened and a second part of the algorithm is integrated into a second part of the file, called by the first part of the algorithm when the first part of the algorithm is called by the executing program or the executing operating system, and modifying of the integrated algorithm includes modifying a storage structure of the algorithm so that it occurs in changed form after the opening of the file and cannot be recognized as before and storing the modified algorithm in the file.

Abstract: A computerized system and method for evaluating relationships between individuals and within organizations based on electronic evaluations of personal interactions. At least one of the participants in the personal interactions completes an electronic evaluation by providing a binary level input in response to a statement or question to indicate whether the interaction with another individual is favorable or not.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: A request for a content document is sent by a client device to a content server through a first network connection. A current network characteristic of the first network connection differs from a configured download constraint to download a content portion of the content document. A root document that omits the content portion of the content document and that includes a content stub is downloaded from the content server. The content stub identifies the content portion using a content identifier and specifies the configured download constraint. A network connection change to the content server from the first network connection to a second network connection that satisfies the configured download constraint to download the content portion of the content document is detected, and the content portion is downloaded using the second network connection and the content identifier within the content stub.

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

Abstract: A requirement for a pseudo-random number is identified. A usage context corresponding to the requirement is determined from among a plurality of usage contexts. A cryptographic transformation function is applied to a first pseudo-random number obtained from a pseudo-random number generator. The transformation function meets a security criterion which is based on the usage context. A result of the function is used to fulfill the requirement.

Abstract: According to one embodiment, an apparatus is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user of a plurality of users will respond to a phishing email. The apparatus is configured to receive an email, to select a first subset of the plurality of users based on the phishing score of each user in the first subset, and to select a second subset of the plurality of users based on the phishing score of each user in the second subset, wherein each user in the second subset is determined to be more likely to respond to a phishing email than each user in the first subset. The apparatus is configured to communicate the email to the first subset and to communicate the email to the second subset based on the first subset's responses to the email.

Abstract: A system and method is described herein for providing alternate software in response to a request for software by a user of a client device. The method may include receiving data associated with a request for content from a client device. The data associated with the request for content may be parsed by a processor, and then the processor may determine whether the parsed data is associated with a request for initial software. If the parsed data is associated with the request for initial software, the processor may substitute the request for initial software with an alternate request for alternate software, which is different from the initial software. Finally, the alternate request for alternate software may be sent or displayed to the client device so that the user may then be redirected to a location to download the alternate software or request a download of the alternate software.

Abstract: Client-less methods and systems destroy/break the predictive layout of, for example, a client computer memory. The methods and systems operate by injecting a library that manipulates the client computer memory during exploitation attempts.

Abstract: Secure toll-free application data network access is disclosed. Respective limits for registered traffic (e.g., application provider addresses; content type; transmission time; location; etc.) and non-registered traffic (e.g., all other traffic) may be associated with an application eligible for toll-free connectivity. As traffic is received via the toll-free connection, the data is inspected to determine first whether the traffic is registered or non-registered traffic. If registered, the quantity of data is deducted from the allowable data amount specified during provisioning for registered traffic. If non-registered, the quantity of data is deducted from the allowable amount specified during provisioning for non-registered traffic. Accordingly, a toll-free application provider can agree to sponsor a limited quantity of arbitrary traffic which may be generated as content viewed through the wrapped application.

Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

Abstract: A method for isolating a computer platform includes receiving a service request from an external requestor via a network at processing circuitry associated with a hardware barrier between the computer platform and the network, causing the service request to be loaded into a first buffer having a dual port connection to a corresponding second buffer of the computer platform, providing an indication to the computer platform to indicate the service request is loaded into the first buffer to be pulled into the second buffer of the computer platform, responsive to processing of the service request by the computer platform, receiving a message indicating a response loaded in the second buffer has been pushed to the first buffer, and communicating the response to the external requestor. The buffers form the only access point to the computer platform. The indication is the only communication initiated from the external requestor that crosses the hardware barrier without control by the computer platform.

Abstract: A method, medium, and system to receive a request for the first web resource to access the second web resource; request authorization to access to the second web resource by the first web resource; receive authorization to grant access to the second web resource for the first web resource; transmit an application programming interface (API) call from the first web resource to the second web resource for the first web resource having authorized access to the second web resource; and transmit a reply to the API call from the second web resource to the first web resource.

Abstract: A log information collecting unit that collects log information and traffic information output from a plurality of communication devices included in a network; a normalization processing unit that normalizes the log information and traffic information collected by the log information collecting unit; a log information analysis processing unit that extracts, and analyzes according to a predetermined rule, relative log information and traffic information from the normalized log information and traffic information, and determines whether or not there is unauthorized access; and an event information notifying unit that outputs event information including information indicating importance based on a result of the determination by the log information analysis processing unit, are included.

Abstract: In a mobile network comprising a gateway for establishing a packet data connection with a user equipment, user communication is implemented on the basis of a client interface script to be executed in a browser application of the user equipment. For this purpose, the gateway receives data destined to the browser application of the user equipment. The gateway modifies the received data to provide the user equipment with the client interface script, e.g., by including an identifier of the client interface script in to the data. The gateway sends the modified data to the user equipment, thereby enabling the browser application of the user equipment to execute the client interface script. Execution of the client interface script in the browser application may for example implement a user dialog for customizing functions of the mobile network.

Abstract: A method for preventing network attacks on baseboard management controllers. The method includes receiving, by the network controller, a packet from a computer networking device on a computer network, where the packet is destined for a baseboard management controller (BMC); determining, by the network controller, whether the packet contains a tag identifying that the packet has been determined to be free of suspicious or malicious traffic; on condition that the packet has been determined to not contain the tag, sending the packet to a network inspection module, by the network controller, to be inspected for suspicious or malicious traffic; and on condition that the packet has been determined to contain the tag, sending the packet to the BMC by the network controller using a side band interface.

Abstract: Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server).

Abstract: Systems and methods for providing capture, archival, and analysis of data sent by mobile devices over a carrier network, with the systems and methods not requiring the installation of any additional software on the mobile devices, the systems and methods also providing for alerts to be generated based on the content of the data.

Abstract: An HTML document includes a JavaScript element that manages CSRF token use. When the HTML document is rendered, the JavaScript element asynchronously requests a CSRF token from the server. In response, the server generates a JWT using a keyed HMAC algorithm. The resulting JWT, which functions as a CSRF token, is returned to the user where it is stored in a protected variable inside the JavaScript element. The CSRF token is therefore stateless and isn't stored in a server-side repository. When the user later requests access to a server resource, the CSRF token is included in such request. This may be accomplished by adding a hidden input field that includes the CSRF token to the submission that's transmitted to the server. If the server cannot validate the received token using the HMAC key that was originally used to generate the token, the request is considered unauthorized and is not processed.

Abstract: An information recording apparatus has a drive unit to record digital information including digital contents; and a host unit to control reading and writing of the digital information for the drive unit. The host unit has a network processing unit to communicate with a server, a shadow determination unit to determine whether a shadow boot program to be executed prior to a boot program is executable, a shadow reading unit to read the shadow program from the drive unit when the shadow determination unit determines to be executable, a shadow execution unit to execute the shadow program, a server authentication unit to perform authentication with the server in accordance with a processing of the shadow program, and a password transmitter to transmit to the drive unit a password used for unlock of the drive unit when the authentication with the server is successful.

Abstract: An approach is provided for applying privacy policies to structured data. A privacy policy management infrastructure receives a request for an exchange of structured data among a plurality of devices. The privacy policy management infrastructure determines one or more elements of the structured data. The privacy policy management infrastructure also determines one or more privacy policies corresponding to the structured data, respective ones of the one or more elements, or a combination thereof. The privacy policy management infrastructure further determines to apply the one or more privacy policies to the structured data, respective ones of the one or more elements, or a combination thereof when initiating the exchange.

Abstract: A device is configured to report spam on demand. The spam is reported to a spam reporting service center in a communications network. As content is received by the device, the user of the device analyzes the content to determine if the content comprises spam. If the user determines that the content comprises spam, the user triggers the device to report the spam. The content can be of any type of content or combinations of content type, such as SMS, SMS, VM, email, VVM, VVM, and advertisements. The device comprises multiple clients configured to processes, respectively, each content type. In response to receiving the trigger, the appropriate client encapsulates the content. The encapsulated content is sent to a Report Spam client to generate a spam report. The spam report includes the encapsulated content and a disposition instruction.

Abstract: A system and method for domain control validation is presented. At a certificate authority a request is received. The request includes a certificate signing request and a first Internet protocol address. The certificate signing request identifies a domain and a certificate. A second Internet protocol address for the domain is retrieved from a domain name system. When the first Internet protocol address is the same as the second Internet protocol address, the certificate is signed, and the signed certificate is transmitted to a requester of the request. When the first Internet protocol address is not the same as the second Internet protocol address, the certificate signing request is rejected.

Abstract: A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.

Abstract: A method, system, and program to prevent leakage of confidential information included in a display content. A terminal device controls the displays of an internal display and an external display provided separately from the internal display. The terminal device includes a display control section which, when confidential information is included in an image to be displayed on the external display, causes the external display to display a substitute content instead of this image, and the internal display to display the image including the confidential information, and a confidential information processing section for performing processing on the confidential information included in the image displayed on the internal display by the display control section.

Abstract: A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation.

Abstract: The disclosed computer-implemented method for filtering interprocess communications may include (1) identifying a service process that provides a service on the computing device, (2) authenticating the service process, (3) identifying a request by a client process to use the service provided by the service process, (4) authenticating the client process, (5) receiving an interprocess communication from the client process directed toward the service process, (6) determining that the interprocess communication is malicious, and (7) in response to determining that the interprocess communication is malicious, blocking the interprocess communication from being communicated to the service process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: At least some incoming traffic is distributed into a first set of traffic groups according to a first grouping scheme. Communication activity from a potentially malicious source may be grouped in a given traffic group in which communication activity from an acceptable source is also grouped. Potentially malicious communication activity is detected in the given traffic group. Traffic in the given traffic group is processed using a first traffic processing mode associated with potentially malicious communication activity, in which at least some traffic that is distributed into the given traffic group is discarded. In response to a dynamic trigger the grouping scheme is altered to one or more further grouping schemes in order that the communication activity from the acceptable source is likely to be subsequently grouped into a traffic group which is different to a group into which the communication activity from the potentially malicious source is subsequently grouped.

Abstract: Dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions is provided. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes receiving a network policy that includes a domain name (e.g., the network policy can include a network security rule that is based on the domain name); and periodically updating Internet Protocol (IP) address information associated with the domain name by performing a Domain Name Server (DNS) query.

Abstract: Processing electronic mail can include receiving, within an electronic mail server, an electronic mail from a sender client system, sending acceptance criteria for a recipient of the electronic mail to the sender client system responsive to receiving the electronic mail, and receiving, within the electronic mail server, acceptance criteria values from the sender client system in response to the acceptance criteria for the recipient. Using a processor of the electronic mail server, a determination is made whether the acceptance criteria values comply with the acceptance criteria. Responsive to determining that the acceptance criteria values are non-compliant with the acceptance criteria, the electronic mail server rejects the electronic mail, wherein the electronic mail is not delivered to the recipient, and providing, to the sender client system, an indication of rejection of the electronic mail including a reason for non-compliance.

Abstract: A system for managing a data stream that is transmitted to an environment is provided. The system includes a receiver that receives the data stream. The data stream includes a first program, with the first program configured to be displayed in the environment. An input receives information of an individual in the environment. A processor analyzes the information, determines a demographic descriptor of the individual based on the information, and correlates the demographic descriptor of the individual with a content of the first program to determine whether a predetermined condition is satisfied. The processor further determines a second program based on the demographic descriptor of the individual and modifies the first program based on the second program when the predetermined condition is satisfied.

Abstract: A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation.