A non-transitory storage medium stores instructions readable and executable by a first computer (14) to perform an image processing method (100, 200, 400). The method includes: encrypting image data portions to generate encrypted image data portions; transmitting the encrypted image data portions from the first computer to a second server (16) different from the first computer; decrypting encrypted processed image data portions received at the first computer from the second server to produce processed image data portions and generating a processed image from the processed image data portions; and controlling a display device (24) to display the processed image or storing the processed image in a database (30).

Confining lateral traversal within a network. An authorization request identifies a credential, a protected first resource, and an identifier of a protected second resource for which authorization is requested. A lateral traversal policy associated with the second resource is identified, which constrains access to the second resource to only resources that belong to a subset of resources including the second resource. When it is determined that the credential is configured for access to the second resource, and when it is determined that the first resource belongs to the subset of resources including the second resource, an authorization token is issued, which authorizes the credential to access the second resource via the first resource. Alternatively, when it is determined that the credential is granted access to the second resource, and when it is determined that the first resource is outside of the particular subset of resources, the authorization request is denied.

A system and method for obfuscating binary codes are disclosed. In one embodiment, the system for obfuscating binary codes comprises one or more processors. The one or more processors may be configured to receive a binary file. The one or more processor may further be configured to obfuscate the binary file. The obfuscation may be based on rewriting the binary file and generating a second binary-randomized binary file. The binary file and the second binary-randomized binary file are functionally equivalent. The obfuscation may be based on randomizing the binary file at a load time, without changing functionality of the binary file.

Systems and methods to obfuscate market data on a trading device are disclosed. An example method includes receiving market data related to a tradeable object at a first computing device, generating, by the first computing device, a trading interface to present the market data to a trader and reconfiguring the trading interface from a first mode to a second mode in response to a privacy command supplied by the trader via the first computing device. The first computing device is to obfuscate the market data presented by the trading interface when in the second mode. The example method includes receiving, by a second computing device, the obfuscated market data in response to the privacy command and generating, by the second computing device, a private interface to present the obfuscated market data to the trader in response to the privacy command.

Techniques and logic are presented for encrypting and decrypting applications and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.

Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Technology for password entry security that monitors a text entry field that is not an appropriate text entry field for password entry, and, on condition that a user enters a first portion of a designated user password into the text entry field, then machine logic deletes and/or obscures at least the first portion of the password from the text entry field so that it cannot be espied or intercepted by unauthorized parties. IN some embodiments, an integer number N is designated to determine how many characters must be in the first portion entered by the user before the password text is deleted or obscured.

The technology disclosed herein enables automatic obscuration of a portion of a view shared during a screen sharing session. In a particular embodiment, a method includes receiving a view displayed by a first user system to a first user. The method further includes identifying a portion of the view not to be shared and obscuring the portion of the view to generate a shared view. Also, the method includes transmitting the shared view to a second user system over a real-time screen sharing session, wherein the second user system displays the shared view to a second user.

Configurable automated redaction of log data, including: selecting, based on one or more configurable rules, one or more portions of log data; generating obfuscated log data by replacing the one or more portions of log data with one or more obfuscated values; presenting the obfuscated log data; and providing, in response to receiving an approval of the obfuscated log data, the obfuscated log data to a remotely disposed computing device.