Business Insider has compiled a list of the 10 best free iPhone apps for business and the 20 best iPad apps for business travelers. The lists are pretty comprehensive, and just because you don't fly around from one meeting to the next doesn't mean you need not check them out.

From Todo and Evernote for the iPad (which has been extensively covered here on TUAW) to Yelp and Bump for the iPhone, there are some real gems to help you stay ahead of the game.

If you've got a shiny new iPad or iPhone, but you're struggling to sift the good from the bad on the App Store, this is a great place to start.

Business Insider even points out that, if you put the apps to good use, maybe you can claim the paid one's back on expenses. That's good thinking!

TUAWBest apps for road warriors and business users originally appeared on The Unofficial Apple Weblog (TUAW) on Tue, 07 Sep 2010 11:00:00 EST. Please see our terms for use of feeds.

Read | Read | Permalink | Email this | Comments

We've been writing about SSH brute force attempts for numerous times already. A lot of security researchers are collecting various information about such brute force attacks and numerous other tools exist that can prevent or block them.
DRG (Dragon Research Group), which is a volunteer research organization dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, last month published a very nice paper about such SSH brute force attempts. Among the other things, the paper lists a whole bunch of tools that can be used in order to limit or block SSH brute force attempts, and configuration recommendations that will help you increase security of your SSH installations. Check the paper at http://www.dragonresearchgroup.org/insight/sshpwauth-tac.html
Additionally, DRG is also publishing a list of IP addresses of SSH attackers that were detected on various pods DRG uses, that are spread around the world. This list is available at http://www.dragonresearchgroup.org/insight/sshpwauth.txt.
DRG also created a very cool tag cloud showing most common usernames and passwords that have been tried in latest SSH brute force attacks. The cloud is available at http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html - check it make sure there arent any of your passwords there :). Both the list and the cloud are updated every hour.
More information about DRG is available at http://www.dragonresearchgroup.org/ and Im sure they could use more pod runners.
--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

If the measure of a good logo is that it is memorable, Google is setting new records. On the day after Labor Day, the search giant is featuring a new variation on its well-known name in which the logo breaks up and runs from your cursor -- and people are wondering why.

According to news reports, the new, interactive logo is only available to users in the U.S. and Britain. It shows the Google name in circles of color that disperse away from the tip of your cursor and then, as if on invisible elastic bands, bounce back to form the name when your the cursor is moved away.

Google's Birthday

The logo also does its thing if you grab the top bar and move the browser window.

Google has a tradition of modifying its logo to reflect a holiday or special occasion, like Halloween, the artist Rene Magritte's birthday, or the launch of the Hubble telescope, but this dynamically interactive version takes the tradition to new dimensions. It is also sparking a great deal of commentary on the Web as to its meaning.

For one thing, the holiday-related logos often lead to an explanation when the logo is clicked, but that is not the case here -- it's literally not possible to click on the dispersing name.

Some commenters are suggesting it is related to Google's date-of-incorporation birthday, which is September 7. The company was founded in 1998.

Others mention that the programming trick is a particle movement simulator, using Javascript. The company has previously honored science-related occasions, such as "doodles" on the logo that honored H.G. Well's The War of the Worlds, on the occasion of his 143rd birthday. Perhaps Google is honoring some as-yet-unrevealed particle-related achievement?

Then there's HTML5, which has become a hot topic because of Apple's refusal to allow Adobe's Flash technology...

The Berlin show is for regular folks, not just industry insiders. About 230,000 attend to see the electronics products, some of them freshly announced.

Dell Inc. doesn't have to start over in its quest to become a significant purveyor of technology for businesses after losing a multibillion dollar bidding contest for an obscure data-storage maker.

But it won't be easy, either, for Dell to shake its "Dude, you're getting a Dell" image and move into the more profitable business of selling powerful behind-the-scenes technology to other companies.

Dell, which launched the bidding contest for 3Par Inc. on Aug. 16, conceded defeat Thursday and said it won't match the latest offer from its archrival, Hewlett-Packard Co.

HP raised the stakes to $33 per share, or about $2.07 billion -- 83 percent above Dell's first offer and more than three times what 3Par stock was trading at then. Dell's latest offer had been a dollar per share less, or about $2 billion.

Dell was hoping to buy 3Par so it could diversify its business more quickly.

Dell's made-to-order computer business helped make PCs inexpensive and ubiquitous, but other companies including HP found ways to build even cheaper machines using contract manufacturers.

Although HP was able to expand beyond the business of selling computers, Dell has remained very much a computer company, with more than half its revenue coming from PCs last fiscal year. Rising component costs and the PC industry's race to rock-bottom prices, accelerated by the rise of cheap netbooks from competitors such as Acer Inc., combined to sap much of the profit out of Dell's core business.

Through a string of acquisitions, Dell has raced to follow IBM Corp., HP and other high-tech companies into the more lucrative business of selling data-center hardware and consulting services.

And while its servers do not generate as much revenue as its PC business, Dell is a leading maker of x86 servers, a low-end product for companies and data centers. Those servers are seeing a surge...

Microsoft last Friday said it was looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.

The bug can allow hackers to hijack Web mail accounts, steal data, and send illicit tweets, said Google security engineer Chris Evans in a message posted on the Full Disclosure mailing list.

If you're a typical wired American, you've got a bunch of tech tools you like and a bunch more you covet. You have a cell phone that can easily text. You've got a laptop configured just the way you want it. Maybe you have a Kindle for reading, or an iPad. And when the next new thing comes along, some of you will line up on the first day it's available.

So why can't work keep up? Why are you forced to use an unfamiliar, and sometimes outdated, operating system? Why do you need a second laptop, maybe an older and clunkier one? Why do you need a second cell phone with a new interface, or a BlackBerry, when your phone already does e-mail? Or a second BlackBerry tied to corporate e-mail? Why can't you use the cool stuff you already have?

More and more companies are letting you. They're giving you an allowance and allowing you to buy whatever laptop you want, and to connect into the corporate network with whatever device you choose. They're allowing you to use whatever cell phone you have, whatever portable e-mail device you have, whatever you personally need to get your job done. And the security office is freaking.

You can't blame them, really. Security is hard enough when you have control of the hardware, operating system and software. Lose control of any of those things, and the difficulty goes through the roof. How do you ensure that the employee devices are secure, and have up-to-date security patches? How do you control what goes on them? How do you deal with the tech support issues when they fail? How do you even begin to manage this logistical nightmare? Better to dig your heels in and say "no."

But security is on the losing end of this argument, and the sooner it realizes that, the better.

The meta-trend here is consumerization: cool technologies show up for the consumer market before they're available to the business market. Every corporation is under pressure from its employees to allow them to use these new technologies at work, and that pressure is only getting stronger. Younger employees simply aren't going to stand for using last year's stuff, and they're not going to carry around a second laptop. They're either going to figure out ways around the corporate security rules, or they're going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. It might even be the CEO, who wants to get to the company's databases from his brand new iPad, driving the change. Either way, it's going to be harder and harder to say no.

At the same time, cloud computing makes this easier. More and more, employee computing devices are nothing more than dumb terminals with a browser interface. When corporate e-mail is all webmail, corporate documents are all on GoogleDocs, and when all the specialized applications have a web interface, it's easier to allow employees to use any up-to-date browser. It's what companies are already doing with their partners, suppliers, and customers.

Also on the plus side, technology companies have woken up to this trend and -- from Microsoft and Cisco on down to the startups -- are trying to offer security solutions. Like everything else, it's a mixed bag: some of them will work and some of them won't, most of them will need careful configuration to work well, and few of them will get it right. The result is that we'll muddle through, as usual.

Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they're going to have loosened control over the tools they allow in order to get it.

This essay first appeared as the second half of a point/counterpoint with Marcus Ranum in Information Security Magazine. You can read Marcus's half here.

Planning a purchase from a major IT vendor? In this still-tough economy, negotiating pros recommend being aggressive and creative, as well as analyzing your requirements first so that you don't buy more than you need and know where you can compromise.

Here are the top tips from consultants who help customers negotiate pricing, terms, and conditions with vendors such as Cisco Systems, EMC, Hewlett-Packard, IBM, Microsoft, Oracle, and SAP. We've arranged them in three groups:

New scareware known as Rogue:MSIL/Zeven uses a social-engineering attack to sucker users into buying a fake antivirus program.

A recent article released by the US Department of Defense (DoD) spoke of the worst compromise in DoD history, facilitated by what was said to be the unauthorized use of a USB drive. As a result of this incident, the US government has seen fit to step up the DoD involvement, working with the US Department of Homeland Security (DHS), in an effort to protect critical national infrastructure. The full article (requires registration) by WIlliam J. Lynn, Undersecretary of Defense, speaks of the DoD and it's experiences which makes it uniquely qualified for cyberdefense. Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same, he wrote. In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy.



The announcement by the DoD that within the last 24 months it had suffered it's worst compromise in history would seem embarrassing, but then to announce in the same week that they will become more involved in the protection of national critical infrastructure is disconcerting. The DoD is the US arm for defense of national interests, however I do not believe that makes the DoD the best agency for this role.





I welcome your comment,





tony . carothers at gmail dot com




(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.