Discussed herein are systems and methods for detecting fraud, corruption, and malfunctions of applications on a user equipment by identifying and separating a software developer kit (SDK) from an application package and encasing the separated SDK in a wrapper to communicatively isolate it from the operating system and other elements of the UE. By monitoring and intercepting API calls from SDKs encased in wrappers, the UE determines what action to take based on an evaluation of the intercepted API calls.

A cache method between a server and a device includes: determining, when a first request which includes an encrypted data acquisition request and an identifier in plaintext is received from the device, whether or not cache data corresponding to the identifier is stored in a storage. When the cache data is stored, transmitting to the device a first response including the cache data. When the cache data is not stored, transmitting to the server a second request acquired by deleting the identifier from the first request and a third request for requesting the acquisition of the data; when a second response to the second request is received from the server, transmitting the second response to the device; and when a third response to the third request is received from the server, storing the cache data in the third response in association with the identifier in the storage.

It is provided computer implemented method for analysis of a software extension for installation and execution in a computing system, the method comprising obtaining a software extension from a marketplace, analyzing contents of the obtained software extension and computing a risk index based on the analyzed software extension and on information related to previously-downloaded software extensions stored in a local database, as well as related to previously detected malware. The risk index is computed before installing and executing the software extension in the computing system and wherein a high value of the risk index persuades a user to install and execute the software extension in the computing system.

Described herein is a computer implemented method comprising receiving a link to content served by a remote server, detecting activation of the link, and in response to detecting activation of the link attempting to load a passive mixed content item from a local web server. In response to determining the passive mixed content item successfully loaded the method further comprises extracting installed application information from the passive mixed content item, determining whether or not the installed application information indicates a relevant installed desktop application, and if so accessing the content referenced by the link from the remote application server using the relevant installed desktop application.

Computer security techniques are described. One example determines whether to allow a program (e.g., native executable, script, etc.) to execute. This decision is based at least in part on the source of the program, such as whether the program is provided by a privileged source. A privileged program source may be any module, mechanism, or process that can provide executable instructions, such as directory or folder (e.g., on a local disk or network-accessible store), a computing device (e.g., server computer), another program (e.g., a Web server), or the like.

Systems and methods for dynamically restricting rendering of unauthorized content included in information resources are provided herein. A computing device can identify an information resource including a content object specifying one or more graphical characteristics. The computing device can determine that the content object corresponds to a restricted content object by applying at least one of an action-based detection policy to detect actions performed on the information resource or a visual-based detection policy to detect the graphical characteristics of the content object. The computing device can modify by applying a content rendering restriction policy the information resource to alter rendering of the content element on the information resource responsive to the determination.

A method for operating a web server implemented on a computer, wherein in a launch phase, a web server process ignores requests from clients and a further process having elevated permissions of the web server process is started by the web server process, where the further process serves to execute actions with access to a predefined operating system area, following the launch phase, the web server process transitions to normal operation such that when the web server process then receives a request requiring an action with access to the predefined operating system area, the permissibility of the received request is checked by the web server process and in the event of a permissible request, the web server process and the further process communicate, which prompts the further process to execute the action with the required access to the predefined operating system area.

Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

An example processor-implemented method for retrieving a video in accordance with the present disclosure is receiving an entry of a name tag identifying a first user in a video application, assigning a second user as a contact to the first user based on the received entry of the name tag in the video application, receiving, by a viewing module of the video application, an image of a still frame extracted from a portion of a video, wherein the name tag is associated with the still frame, and the video is associated with the first user, generating, by the viewing module of the video application, a trigger based on the received image, identifying the video based on the generated trigger, and providing permission for the second user to receive the video based on a verification that the second user is a contact of the first user.

Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.