Why Seating Is Important For Emotional Behavioral Disabilities

/0 Comments/in /by

Here at Comfybummy.com, we know the importance of comfortable seating for kids. It helps them develop a good attitude and can help their spine grow correctly.

In 2020, the researcher Corinne E. Bloom Williams at the University of South Florida conducted a study where she evaluated the use of alternative seating with kids at risk for emotional, behavioral disabilities.

Looking at the results of her study, we believe even the researcher got caught by surprise by the results.

The Method She Used

She did the study with three groups of kids, ages 4-8.

Group A sat on a standard classroom seat or chair that is usually found in the classroom. This group didn’t have any additional seating method to help them be comfortable or sit correctly because they had been used to sitting like this since kindergarten.

Group B had an office chair with back support but no armrests. This helped build up their back muscles and spine correctly while they sat in the chair, which was effective with older kids (like adults).

Group C had an office chair with back support and armrests; however, instead of using the standard form of armrests that generally come with office chairs, they had unique armrests that didn’t make contact with the arms. Instead, it had a metal object at the end of each armrest about 10 cm long and very thin. When placed between the arm and chest while leaning on the chair back, it helped open up their chests for better breathing.

The Most Remarkable Results

As part of this study, three teachers were asked to give their feedback using this scale:

  1. Strongly Disagree
  2. Somewhat Disagree
  3. Neither Agree nor Disagree
  4. Somewhat Agree
  5. Strongly Agree

When faced with the following claim, the teachers averaged 1.3/5, which indicate that they strongly disagreed:

“My students do not have problems with staying in their seats and being on task when seated in a typical classroom chair.”

Stability Stools

  • Stability Stools helped my students focus on their task (Average: 4.3/5)
  • My students were able to stay seated longer when seated on the stability stool (Average: 4.3/5)
  • I would use stability stools in my classroom (Average: 5/5)

Scoop Rocker Chair had the same results as the Stability Stools.

The Conclusion Of The Study

From this study, we’ve learned that having the correct seating can change children’s moods and prevent emotional, behavioral disabilities. If you need to buy furniture for your child, think about their comfort first so they’ll be able to develop good habits.

Your child’s spine will thank you!

If you want to learn more about this study, you can download the PDF here.

The post Why Seating Is Important For Emotional Behavioral Disabilities appeared first on Comfy Bummy.

Papasan chair for kids

/0 Comments/in /by

If you’re looking for a fun and funky piece of furniture to add to your child’s room, why not take a look at the Papasan chair. An Indonesian chair similar in design to a bowl, this funky piece of furniture will add bright colors to your child’s room.

What is Papasan chair?

A Papasan chair is a small-sized rounded flat bottom circular woven wicker chair, often with a cushion. The word “Papasan” is from two words in the Indonesian language that describe something round and sitting. The traditional Papasan chairs are woven from rattan; however, modern variations can be found made from any sort of fabric, including cotton or leather. The traditional style is woven in the same way as a basket, therefore, making it quite sturdy.

This type of chair is specifically designed for people looking to relax or sleep in the chair. When the Papasan chair was invented, it is believed that they were created to aid people who suffered from sleep and nervous disorders, and anxiety.

Can kids use Papasan chairs?

It is definitely possible to use this chair by kids. This chair is ideal for children who like to sit and read, listen to music, play video games or watch TV. The traditional Papasan chair can be challenging to climb into for smaller children; however, the modern versions of the Papasan chair are much lower than the traditional ones.

The modern version of the chair has an oblong rattan or metal frame round in shape, with a plush cushion. A child can easily climb into this type of chair, whereas climbing into the traditional Papasan chair may prove to be more difficult.

What are the benefits of using Papasan chairs for kids?

Papasan chairs are great for kids because they offer a lot of benefits. Firstly, Papasan chairs can be pretty expensive, and this type of chair is ideal for the child in your life who has everything and requires nothing.

Other than that, it’s an excellent piece to accompany any bedroom furniture, especially if you’re looking to add something vibrant and fun.

They are incredibly comfortable, which means that kids can easily curl up with a good book, take a nap or even read the newspaper in this chair.

Kids love to lounge about and relax; therefore, if you’re looking for them to sit still for any amount of time without squirming around like madmen, having something comfortable is an advantage.

What’s the best Papasan chair?

There are a handful of options available when it comes to Papasan chairs. However, not all of them provide the same quality.

One of the best options, in my opinion, is the OSP Home Furnishings Wicker Papasan Chair. (Sponsored link)

This chair provides a comfortable sitting experience with its generous cushioning. It is made from the best materials that are highly durable. With this chair, you get your money’s worth.

The OSP Home Furnishing Papasan Chair’s 360-Degree Swivel is what makes it so unique. Thanks to that, you and your kid to spin without resistance or noise, allowing you to move about freely.

The post Papasan chair for kids appeared first on Comfy Bummy.

Conti Ransom Gang Starts Selling Access to Victims

/0 Comments/in /by

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.

A redacted screenshot of the Conti News victim shaming blog.

“We are looking for a buyer to access the network of this organization and sell data from their network,” reads the confusingly worded message inserted into multiple recent victim listings on Conti’s shaming blog.

It’s unclear what prompted the changes, or what Conti hopes to gain from the move. It’s also not obvious why they would advertise having hacked into companies if they plan on selling that access to extract sensitive data going forward. Conti did not respond to requests for comment.

“I wonder if they are about to close down their operation and want to sell data or access from an in-progress breach before they do,” said Fabian Wosar, chief technology officer at computer security firm Emsisoft. “But it’s somewhat stupid to do it that way as you will alert the companies that they have a breach going on.”

The unexplained shift comes as policymakers in the United States and Europe are moving forward on efforts to disrupt some of the top ransomware gangs. Reuters recently reported that the U.S. government was behind an ongoing hacking operation that penetrated the computer systems of REvil, a ransomware affiliate group that experts say is about as aggressive and ruthless as Conti in dealing with victims. What’s more, REvil was among the first ransomware groups to start selling its victims’ data.

REvil’s darknet victim shaming site remains offline. In response, a representative for the Conti gang posted a long screed on Oct. 22 to a Russian language hacking forum denouncing the attack on REvil as the “unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.”

“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?” reads the Conti diatribe. “Is server hacking suddenly legal in the United States or in any of the US jurisdictions? Suppose there is such an outrageous law that allows you to hack servers in a foreign country. How legal is this from the point of view of the country whose servers were attacked? Infrastructure is not flying there in space or floating in neutral waters. It is a part of someone’s sovereignty.”

Conti’s apparent new direction may be little more than another ploy to bring victim companies to the negotiating table, as in “pay up or someone will pay for your data or long-term misery if you don’t.”

Or maybe something just got lost in the translation from Russian (Conti’s blog is published in English). But by shifting from the deployment of ransomware malware toward the sale of stolen data and network access, Conti could be aligning its operations with many competing ransomware affiliate programs that have recently focused on extorting companies in exchange for a promise not to publish or sell stolen data.

However, as Digital Shadows points out in a recent ransomware roundup, many ransomware groups are finding it difficult to manage data-leak sites, or hosting stolen data on the dark web for download.

After all, when it takes weeks to download one victim’s data via Tor — if indeed the download succeeds at all — the threat of leaking sensitive data as a negotiation tactic loses some of its menace. It’s also a crappy user experience. This has resulted in some ransomware groups exposing data using public file-sharing websites, which are faster and more reliable but can be taken down through legal means quite quickly.

Data leak sites also can offer investigators a potential way to infiltrate ransomware gangs, as evidenced by the recent reported compromise of the REvil gang by U.S. authorities.

“On 17 Oct 2021, a representative of the REvil ransomware gang took it to a Russian-speaking criminal forum to reveal that their data-leak sites had been ‘hijacked’,” Digital Shadows’ Ivan Righi wrote. “The REvil member explained that an unknown individual accessed the hidden services of REvil’s website’s landing page and blog using the same key owned by the developers. The user believed that the ransomware gang’s servers had been compromised and the individual responsible for the compromise was ‘looking for’ him.”

A recent report by Mandiant revealed that FIN12 — the group believed to be responsible for both Conti and the Ryuk ransomware operation — has managed to conduct ransomware attacks in less than 3 days, compared to more than 12 days for attacks involving data exfiltration.

Seen through those figures, perhaps Conti is merely seeking to outsource more of the data exfiltration side of the business (for a fee, of course) so that it can focus on the less time-intensive but equally profitable racket of deploying ransomware.

“As Q4 comes near, it will be interesting to see if issues relating to managing data leak sites will discourage new ransomware groups [from pursuing] the path of data-leak sites, or what creative solutions they will create to work around these issues,” Righi concluded. “The Ryuk ransomware group has proven itself to remain effective and a top player in the ransomware threat landscape without the need for a data-leak site. In fact, Ryuk has thrived by not needing a data leak site and data exfiltration.”

The Good, the Bad and the Ugly in Cybersecurity – Week 43

/0 Comments/in /by

The Good

This week, the U.S. government took a further step in its crackdown on cybercrime by introducing a ban on the export of “cybersecurity items” without a license. The new controls announced by the Commerce Department’s Bureau of Industry and Security (BIS) effectively prohibit U.S. companies from selling hardware or software that could be used in cyberattacks.

Tools that could be used for surveillance, espionage, malicious cyber activities or human rights abuse are now banned from export or resale unless permission is acquired via the new License Exception Authorized Cybersecurity Exports (ACE).

The BIS said that the new rules would help ensure that U.S. companies were “not fueling authoritarian practices”, while Gina M. Raimondo, U.S. Secretary of Commerce, said the rule was intended to block malicious threat actors accessing tools that could be used against the U.S. or its allies.

In another blow to the bad guys, RICO charges put two cybercriminals behind bars after they were convicted of aiding cybercrime with so-called bulletproof hosting services. Operators of Zeus, SpyEye, Citadel and the Blackhole Exploit Kit had rented infrastructure from the pair for use in a variety of cybercrimes, from running botnets to stealing banking credentials. Pavel Stassi and Aleksandr Skorodumov were sentenced to two and four years jail time, respectively. Two other men, Aleksandr Grichishkin and Andrei Skvortsov, were also indicted in the same case and, if brought to justice, could each face 20 years in prison.

The Bad

Cookie theft, phishing, and hackers-for-hire are all part-and-parcel of this week’s bad news in which thousands of high-profile YouTube accounts have been targeted by hackers running cryptocurrency scams.

Profitable creator channels on YouTube have been targeted by hijackers since at least 2019, according to Google, owners of the video-sharing platform. The account takeovers were targeted so that the attackers could run cryptocurrency scams not unlike those we saw on Twitter last year. However, there was a marked ramp-up of attacks over the last two years, with the scammers switching tactics to avoid Google’s attempts to detect the attacks.

The general MO involved sending a phishing email to a target offering a business opportunity, typically asking the target to test and review some product, like an AV suite. The target was then sent malware from one of over 1000 malicious domains, with the aim of running cookie-stealing malware on the victim’s machine.

Unusually, the attackers rarely bothered with persistence methods, both to avoid detection and because once the target’s cookies had been stolen, the thieves could take over their social media accounts without further action.

According to the report, the perpetrators were largely ‘hackers-for-hire’ recruited on Russian-speaking forums.


Source

Google has offered several pieces of common-sense advice for avoiding these kinds of attacks, including enabling MFA, using security software, and turning on safe-browsing protections.

The Ugly

People choosing to be “hackers-for-hire” is bad enough, but things take a turn for the worse when criminals start hiring the good guys and duping them into malicious activities. That appears to be what happened according to a report this week that claims notorious Russian-backed APT FIN7 set up a fake company called “Bastion Secure” and began hiring programmers, reverse engineers, and system administrators.


Source

The new hires were given access to a “client” and tasked with penetration testing activities such as mapping out the network, identifying users and devices and locating backup servers and files. Unbeknownst to the hired pentesters, the “client” was in fact a victim being prepped for a ransomware attack. Software given to the hires to be used in the engagements was identified as a disguised version of the Carbanak backdoor.

Potential motives for FIN7 recruiting legitimate IT specialists? Paying ‘good guys’ a salary is cheaper (and more reliable, presumably) than hiring criminals, and is easier to ensure the ‘talent’ has the requisite skills. As the researchers put it, hiring legitimate professionals helps the threat actors to balance “the need for a technically skilled team against the operators’ desire for maximum profits.”

This isn’t the first time FIN7 has set up a fake cybersecurity company. Previously, they were associated with hiring IT pros through a fake firm, “Combi Security”, in an attempt to involve them in carding campaigns. This time round, the aim was a ransomware attack. It seems it’s not just the good guys that want to hire us, and if they’re not trying to hire us, the bad guys are trying to infect us. Moral of the story for infosec professionals: “Let’s be careful out there”.

SentinelOne Named a “Strong Performer” in Forrester’s New Wave for XDR

/0 Comments/in /by

XDR is a new technology category forming before your very eyes: it’s the next phase of progression beyond EDR. The “X” in XDR stands for eXtended Detection and Response and represents visibility, prevention, detection, and response – automated – across enterprise attack surfaces. Forrester published an XDR “New Wave” that seeks to unpack this emergent, evolving space.

Attack surfaces, at one point in time primarily being endpoints, are the primary sources of data creation. Today’s endpoint is where users create, store, and share. It’s the intersection point between cloud, user, and device. The endpoint is the richest source of data. Data doesn’t start and end at the endpoint. The modern endpoint is inclusive of so much more. Today’s attack surfaces encompass the cloud, containers, mobile devices, IoT, and storage. The risk and necessity for autonomous cybersecurity exists wherever data resides. We believe securing the modern enterprise is about following the data. Cybersecurity must exist wherever data is born, lives, and thrives.

SentinelOne –  XDR Strong Performer

According to Forrester, SentinelOne’s Singularity XDR platform “is the best fit for companies that want customizability and to grow into XDR.” This strong statement from Forrester confirms SentinelOne’s strategy and execution. We believe customers require more EDR automation and ease of use to drive down the time required to detect, respond, and recover. Customers today still lack fundamental visibility of their dynamic attack surfaces. Our technology has been recognized for its EDR superiority, specifically around detection and visibility before: see the latest MITRE ATT&CK Engenuity Testing where SentinelOne outperformed all other vendors with the richest automatic visibility, no missed detections, no mid-test software tweaks, and no delays. The end result is the right platform to cultivate, define, and deliver XDR excellence. It starts with delivering the most visibility and correlated detections.

The Best Fit for Companies that Want Customizability and to Grow into XDR

For us Sentinels – XDR is not just a product line nor is it a singular solution – but instead it is the guiding principle behind our product strategy.  The emergence of XDR is proof that SentinelOne’s approach to EDR has the right type of impact for our customers’ day-to-day security practices. Perfecting the balance between visibility, protection, and remediation is the art in delivering upon XDR. The technology building blocks deliver open XDR built for today’s enterprise:

  • Visibility: Ranger provides an instant and dynamic attack surface inventory for both managed and unmanaged devices for IT and security teams; its auto-deploy feature delivers coverage, protection, and control to instantly reduce risk.
  • Detection: Storyline transforms isolated data points into a cohesive, contextualized story. It takes the guesswork out of detection and enables autonomous response.
  • Protection: our patented behavioral AI is the bedrock of the Singularity XDR platform, defending in a vector-agnostic fashion as it analyzes behavioral data versus attack techniques.
  • Response: automated local responses remediate in real time saving operators time. From kill to quarantine, remediate to rollback, we’ve designed our XDR platform to autonomously respond for –  not by – the operator. Storyline Active Response (STAR) takes response to the next level leveraging cloud scale to make response customizable, instant, and dynamic.

What XDR Means for Buyers and Where Does it Come From

Forrester’s analysis reinforces several key aspects of our approach. First is their clarification that the measure of a vendor’s XDR platform is its ability “..to simplify incident response and build targeted, high-efficacy detections.” We commend analysts for articulating the need for measurable metrics such as efficacy, speed of response, and ability to scale. Everything an XDR technology does should be looked at as a means to an end: can it help a security team (regardless of size or maturity level) reduce the time it takes to detect, investigate and respond to threats?

Forrester has clarified that EDR is the backbone of XDR.  The attack landscape has proven that the endpoint is at the heart of most cross-surface attacks. Therefore, the right EDR is well positioned to deliver the best XDR as well.  Forrester recognizes that SentinelOne “is leaning into its EDR heritage as it introduces new telemetry.” Our acquisition of Scalyr provides us with a differentiated opportunity to ingest diverse data faster without speed, index, scale, and economic limitations.

Our Thoughts on the Future of XDR

Starting from the best place to see data – the endpoint – and layering more capabilities, more integrations, and the ability to correlate data quickly is the key to XDR. It’s the missing piece to shift the pendulum to the side of defenders.

Covering more surfaces, more use-cases, and more attack vectors is what our customers tell us they value. But it’s just half the challenge. Our EDR foundations extend beyond the endpoint – to network, critical infrastructure, IoT, mobile, cloud, and more. We continue to build upon our data foundation, as well introducing new technologies, such as Scalyr and the SentinelOne Marketplace, which help us to unify cybersecurity. The XDR era must deliver faster, simpler and more powerful cybersecurity that’s broader than before and even easier to use. The days of human powered EDR are becoming the legacy of a bygone time. XDR is best delivered by our patented technology and the power of AI.  A new and brighter day is ahead in cybersecurity.

The Good, the Bad and the Ugly in Cybersecurity – Week 42

/0 Comments/in /by

The Good

This week saw the launch of a series of meetings tied to the recently-launched “US National Security Council Counter-Ransomware Initiative”. The overarching goal is to garner support from other countries and then band together to address the ongoing threat of ransomware.

During the “Virtual Counter-Ransomware Initiative Meetings”, US President Joe Biden and leaders from other countries agreed to focus not only on the enormous threat that ransomware poses to national infrastructures, but also to hold accountable those that participate in the “ransomware economy”. It was agreed that it should be considered unacceptable to harbor ransomware operators within the participating countries’ borders.

The list of participating countries included Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States. Notably absent, of course, were Russia, China, Iran and North Korea.

Not all of the meetings were open to the press, which makes sense given the sensitivity of some of the targets involved, like critical infrastructure. All in all, the meeting is a welcome rally call to all the participating allies and partners. Ransomware is a global problem, and requires a unified, global effort to truly counter it.

And on that note…

The Bad

This week, unfortunately, we saw no breaks in the occurrence of highly-impactful cyberattacks. Ecuador’s largest private bank, Banco Pichincha, was hit with a cyberattack over the weekend. According to a memo sent to employees, systems including email, self-service banking, and back-end banking applications were affected by the attack.


Source

Externally, the bank’s websites were affected along with ATMs and other kiosk-based services being rendered out of service. At the time of writing, it has not been confirmed whether or not this was a ransomware attack although some malware components like Cobalt Strike have already been identified in the impacted environment by investigators.

A similar scenario played out at the University of Sunderland, UK on Thursday. The university said its IT systems were likely suffering from a cyber attack and that there would be no access to email, Office 365, and all other University business systems, from home or on campus. In addition, no University networks, including Wi-Fi, would be available until further notice. As all the university’s IT systems were either overwhelmed or down, students were told to rely on updates from the school’s social media accounts for further details.

The Ugly

As if to underscore the relevance of the news stories above, this week saw the release of two ransomware reports by Google and Google-owned malware repository service VirusTotal that bleakly outline the scale of the threats facing businesses, and indeed, all of society, today.

VirusTotal’s ransomware report identified 130 different ransomware families active over the last 18 months after analyzing a staggering 80 million ransomware-related samples uploaded to the service. The report found GandCrab to be by far the most common threat out there.

  • GandCrab 78.5%
  • Babuk 7.61%
  • Cerber 3.11%
  • Matsnu 2.63%
  • Wannacry 2.41%
  • Congur 1.52%
  • Locky 1.29%,
  • Teslacrypt 1.12%
  • Rkor 1.11%
  • Reveon 0.70%

Attacks against Isreali targets were by far the most prevalent, the report stated, a statistic no sooner published than added to on Wednesday when hospital facility Hillel Yaffe Medical Center in Israel’s Northwest was forced to cancel and redirect all non-urgent procedures as a result of a ransomware attack.

Meanwhile, VirusTotal’s parent company Google said this week that on any given day, they are tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. In 2021 to date, the company said they’d seen a 33% increase in attacks compared to last year.

What does all this mean for the average business? It means, cybersecurity-wise, we live in a dangerous world in which every organization is a potential target. If you’re not taking effective precautions to prevent and contain the possibility of a ransomware or other kind of cyber attack, you are gambling in a game where the odds of escaping a serious security incident are increasingly stacked against you.

Customer Centricity, a Key to Success

/0 Comments/in /by

A Humble Beginning

7.5 years ago when I met Tomer Weingarten, our CEO and co-founder, for the first time, he was as clear then as he is today about the mission. “I’m looking for a VP of customers” he said, and back then, we had none. But it was clear that in order to make a difference, we wouldn’t just need great technology and fortuitous execution, we’d also need happy customers, and lots of them.

Fast forward to today, over 5,400 customers, and in our first ever earnings call since becoming public, Tomer mentioned our phenomenal NPS score of over 70, which is a place the best SaaS companies in the world aspire to be in. So how did we get here? And what are we doing to make it even better? I’ll try to cover some of that in this blog, and with enough likes and shares maybe we’ll even make it a series :).

The Hierarchy of Customer Success

Before SentinelOne, I spent over a decade at the network security giant Check Point, so together with nearly 20 years of experience, I’ve created this simple visualization that showcases what it’s all about. I call this the hierarchy of CS, taken from the notion of Maslow’s pyramid of needs, the basic CS needs are at the bottom, and as you go up the hierarchy, you get to where all companies want their customers to be – delighted!

Customer Focus Across the Company

Remember it’s not enough to have customer focus in your post-sales functions alone to reach the top of the pyramid, you really have to create an understanding and adoption of that notion in all parts of the business.

From product management (building what customers actually need), to engineering (focusing on their use cases), Sales (Listening, caring), and even G&A (like comfortable payment terms). It’s both a bottom-up and a top-down approach, where executives are not just pointing fingers, but getting in front of customers to listen and be a partner.

It’s All About the People

My brother once told me not to be cheap on my car’s tires, “it’s the only thing connecting you to the road” he said.

Well, if the company is the car, and the customer is the road, then your post-sales teams are the tires–they are the only thing connecting you to your customers. Further squeezing that analogy, it’s also the best way you can get the customer journey to go to where you want it to.

Our methodology was always to hire the best possible talent, hand-picked, and make sure they reside in the location where customers need them the most. We also use a “follow-the-sun” model for most of our services, allowing us to hire the best engineers in their business hours, and maintain better work-life balance across the board. Happier engineers translate into happier customers.

The Rocket Ship is Leaving the Atmosphere

So by now you know how successful SentinelOne’s journey has been so far, but our IPO is only the beginning. We’re continuing to grow, innovate, and take bigger bites of our market.

This is your opportunity to join, and make a difference. If you want to work in an innovative and growth environment, and love customers – your place is with us. We’re hiring for dozens of roles across all parts of the business.

Interested in Learning More About Life at SentinelOne?

Learn more about SentinelOne’s values here. Explore global career opportunities with SentinelOne here.

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

/0 Comments/in /by

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

Missouri Gov. Mike Parson (R), vowing to prosecute the St. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.

The Post-Dispatch says it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials, and that more than 100,000 SSNs were available. The Missouri state Department of Elementary and Secondary Education (DESE) reportedly removed the affected pages from its website Tuesday after being notified of the problem by the publication (before the story on the flaw was published).

The newspaper said it found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved. In other words, the information was available to anyone with a web browser who happened to also examine the site’s public code using Developer Tools or simply right-clicking on the page and viewing the source code.

The Post-Dispatch reported that it wasn’t immediately clear how long the Social Security numbers and other sensitive information had been vulnerable on the DESE website, nor was it known if anyone had exploited the flaw.

But in a press conference Thursday morning, Gov. Parson said he would seek to prosecute and investigate the reporter and the region’s largest newspaper for “unlawfully” accessing teacher data.

“This administration is standing up against any and all perpetrators who attempt to steal personal information and harm Missourians,” Parson said. “It is unlawful to access encoded data and systems in order to examine other peoples’ personal information. We are coordinating state resources to respond and utilize all legal methods available. My administration has notified the Cole County prosecutor of this matter, the Missouri State Highway Patrol’s Digital Forensics Unit will also be conducting an investigation of all of those involved. This incident alone may cost Missouri taxpayers as much as $50 million.”

While threatening to prosecute the reporters to the fullest extent of the law, Parson sought to downplay the severity of the security weakness, saying the reporter only unmasked three Social Security numbers, and that “there was no option to decode Social Security numbers for all educators in the system all at once.”

“The state is committed to bringing to justice anyone who hacked our systems or anyone who aided them to do so,” Parson continued. “A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert or decode, so this was clearly a hack.”

Parson said the person who reported the weakness was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

“We will not let this crime against Missouri teachers go unpunished, and refuse to let them be a pawn in the news outlet’s political vendetta,” Parson said. “Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them.”

In a statement shared with KrebsOnSecurity, an attorney for the St. Louis Post-Dispatch said the reporter did the responsible thing by reporting his findings to the DESE so that the state could act to prevent disclosure and misuse.

“A hacker is someone who subverts computer security with malicious or criminal intent,” the attorney Joe Martineau said. “Here, there was no breach of any firewall or security and certainly no malicious intent. For DESE to deflect its failures by referring to this as ‘hacking’ is unfounded. Thankfully, these failures were discovered.”

Aaron Mackey is a senior staff attorney at the Electronic Frontier Foundation (EFF), a non-profit digital rights group based in San Francisco. Mackey called the governor’s response “vindictive, retaliatory, and incredibly short-sighted.”

Mackey noted that Post-Dispatch did everything right, even holding its story until the state had fixed the vulnerability. He said the governor also is attacking the media — which serves a crucial role in helping give voice (and often anonymity) to security researchers who might otherwise remain silent under the threat of potential criminal prosecution for reporting their findings directly to the vulnerable organization.

“It’s dangerous and wrong to go after someone who behaved ethically and responsibly in the disclosure sense, but also in the journalistic sense,” he said. “The public had a right to know about their government’s own negligence in building secure systems and addressing well-known vulnerabilities.”

Mackey said Gov. Parson’s response to this incident also is unfortunate because it will almost certainly give pause to anyone who might otherwise find and report security vulnerabilities in state websites that unnecessarily expose sensitive information or access. Which also means such weaknesses are more likely to be eventually found and exploited by actual criminals.

“To characterize this as a hack is just wrong on the technical side, when it was the state agency’s own system pulling that SSN data and making it publicly available on their site,” Mackey said. “And then to react in this way where you don’t say ‘thank you’ but actually turn on the reporter and researchers and go after them…it’s just weird.”

Windows 11 Arrives | With Day One Support From SentinelOne

/0 Comments/in /by

In June, Microsoft announced Windows 11, the next version of its Windows operating system. As of October 5th, the new OS began rolling out to excited Windows users the world over. Here at SentinelOne, we made sure that our users would be supported on Windows 11 from day one, benefiting from all the trusted security features they’ve come to expect from the SentinelOne platform.

What is Windows 11 and How Do I Get It?

According to Microsoft, Windows 11 is a free upgrade for Windows 10 users that began a staggered roll out on October 5th to select devices. Windows 11 changes the design aesthetic of the Windows platform and offers a number of new features. The most important change between Windows 11 and Windows 10, however, lies under the hood.

Minimum specs for the new version of this OS include Windows 10 and at least 4GB of RAM and 64GB of storage. Even then, the primary consideration is the processor. In general, machines older than three or four years may not support Windows 11, so be sure to check Microsoft’s exact technical requirements or download the PC Health Check app before upgrading your devices.

Windows 11 Device Compatibility

If your device is compatible with Windows 11, a Microsoft update will be made available to you at some point from October 5th, with the full roll out expected to extend into 2022.

Is Windows 11 More Secure Than Windows 10?

As with any operating system update or upgrade, you should always expect security updates that improve the overall security posture of your device. The hardware requirements for Windows 11 will also ensure that, by design, devices capable of running this and later Windows OSs will not be susceptible to some known classes of vulnerabilities like Spectre and Meltdown.

However, like Windows 10 and previous versions of Microsoft’s operating systems, Windows 11 is not a complete rewrite of the Windows OS from the ground up. For compatibility reasons, much of the underlying codebase remains the same as Windows 10, and threat actors will continue to find and exploit software vulnerabilities as well as manipulate users through well known social engineering techniques like phishing and business email compromise, and deploy malware and ransomware.

Does SentinelOne Support Windows 11?

Yes, we do. If your device can run Windows 11, then you will find it is supported by the SentinelOne agent out of the box. The SentinelOne Windows agent, version 21.5 and above, fully supports the release of Windows 11.

SentinelOne supports Windows 11

Even better, there is no action required prior to upgrading to Windows 11 so long as your current agent version is 21.5 or later. The Sentinelone Windows agent provides the same security and performance coverage on Windows 11 as on Windows 10.

What About Older Versions?

For machines with a Sentinelone agent version prior to 21.5, the option to upgrade to Windows 11 will be blocked to avoid leaving the device unprotected. Ensure the SentinelOne agent is upgraded to version 21.5 or higher in order to upgrade to Windows 11.

For more information, please refer to Sentinelone support documentation or contact us.

Want To Try SentinelOne?

Want to see how SentinelOne can protect your Windows, Mac, Linux, Cloud Container, IoT and other devices? Contact us for more information or get a free demo.

The Best Delta Children Kids’ Chairs

/0 Comments/in /by

Delta Children is a United States-based company that specializes in children’s furniture. The company was founded in 1968 and has since expanded into a wide array of products.

Delta Children’s Products produces furniture for children and toddlers. The company offers a wide range of styles, including contemporary, modern, traditional, transitional, and cottage kids’ chairs.

Their goal is to provide parents with safe, high-quality products for their children. Delta pieces are known for being sturdy, attractive additions to your child’s room or play area.

The best thing is: you can find them online on Amazon! Here are some of our favorite chairs.

Delta Children Upholstered Chair

Delta Children Upholstered Chair

First up, we have the Delta Children Upholstered Chair – a fan favorite on Amazon! The fun character design of this chair makes it an excellent choice for boys and girls. It’s upholstered in microfiber fabric with a sturdy wood frame and metal legs. The chair can hold children weighing as much as 100 pounds.

Many reviewers love this colorful chair for their kids’ bedrooms and play areas. Others have purchased several chairs to create a fun reading nook in their child’s room. It can be hard to find a comfortable place for children to read, but the Delta Children Upholstered Chair makes a perfect spot.

It’s also a great choice for kids who are too big for their high chairs but not ready to sit at the table. Children can use this chair at playtime or as extra seating when they need it. Since this Delta piece is so affordable, you might even consider buying more than one!

Overall, this chair is an excellent value for the price. It’s an affordable piece that can be used in several situations!

Regardless of what cartoon is your child’s favorite, it’s likely that you will find Delta Children Upholstered Kids Chair with its beloved character:

Delta Children High Back Upholstered Chair

Delta Children High Back Upholstered Chair

Another good choice for kids is the Delta Children High Back Upholstered Chair. This budget-friendly chair features a thickly padded seat and backrest. It’s upholstered in polyester with a sturdy wood frame. The frame is built to hold up to 100 pounds of weight.

Many of these chairs feature characters that children love, whether from favorite TV shows or comic books.

It also makes a good spare chair for when you have company over! Children can place it in their rooms or at the dining table for added seating.

Delta Children Chair Desk with Storage Bin

Delta Children Chair Desk with Storage Bin

Some kids need a little extra help with their homework. A chair desk with a storage bin is a great solution for children who have difficulty staying organized.

The Delta Children Chair Desk is helpful in any room of the house, from the bedroom to the playroom. The wide surface adds ample space for your child’s books, calculators, pens, and paper. Plus, the storage bin is a great place to keep crayons, books, and other supplies.

This piece is a great way to give your child their own little work area. For years, this chair desk has been a top choice on Amazon. It’s super functional, and the attractive design makes it a great addition to any child’s room.

Delta Children Cozee Fluffy Chair with Memory Foam

Delta Children Cozee Fluffy Chair with Memory Foam

The next item on our list is the Delta Children Cozee Fluffy Chair with Memory Foam. This chair is excellent for lounging or watching TV.

The memory foam provides your child with an extra boost of comfort for those cozy movie nights. It’s also perfect for video game marathons.

The sturdy wood frame and foam filling will keep your child sitting comfortably for hours. Side pockets are designed to hold your child’s game console or snacks.

This piece is both comfortable and practical. It’s available in several colors and patterns, including:

Delta Children Chelsea Kids Upholstered Chair with Cup Holder

If you’re looking for a stylish and practical kids’ chair, then take a look at this next option: Delta Children Chelsea Kids Upholstered Chair with Cup Holder.

This piece is ideal for smaller children who may need additional support when sitting. It features an upholstered seat and backrest in polyester fabric. The seat and backrest are both padded for your child’s comfort.

The armrests on this chair will help keep younger kids from falling forward as they slouch down in their seats. Plus, the cup holder is a great place to store drinks or snacks.

This chair can also be considered a kids accent chair, as it comes in stylish colors: navy, soft pink, or grey.

Delta Children Cozee Cube Chair with Memory Foam

Delta Children Cozee Cube Chair with Memory Foam

Delta Children Cozee Cube Chair with Memory Foam is another great option on our list of the best chairs for kids.

The memory foam filling inside the chair offers extra comfort to your child as they sit down after a long day at school. It combines the comfort of a bean bag chair with the stability and support of traditional kids’ chairs.

This chair is available in three colors: navy, grey, and pink. It’s not designed for big kids, so it’s perfect for preschoolers or smaller children. If you’re looking for a gift idea that your child will love, then you have to check out this next chair.

Delta Children Saucer Chair

The final item on our list features a Delta Children Saucer Chair.

This comfy piece is made from the foam-filled cushion in durable polyester fabric. It’s designed to give your child extra comfort when lounging around or watching TV.

The durable metal frame is built to last. This piece is suitable for children ages three and up.

This stylish chair comes in designs tribute to the popular franchises:

Summary

delta-children-logo

Delta Children Chairs are great gift ideas for your kids. They are available in several attractive designs and colors.

These chairs are particularly useful if you’re looking for something to make your child feel more comfortable while watching TV or playing video games.

They are comfortable and practical while also giving every kid their own special place to sit.

More interesting reads

The post The Best Delta Children Kids’ Chairs appeared first on Comfy Bummy.