The cloud

Written on 9 April 2017, 08:34pm

Tagged with: , , ,

A little bit of research about the cloud – the metaphor for a service for which the underlying mechanics don’t need to be known and where everything is about functionality provided to the customer.

The generally quoted definition from NIST (National Institute of Standards and Technology) defines the following properties:

Essential Characteristics:
– On-demand self-service
– Broad network access
– Resource pooling
– Rapid elasticity
– Measured service

Service Models:
– Software as a Service (SaaS)
– Platform as a Service (PaaS)
– Infrastructure as a Service (IaaS)

Deployment Models:
– Private cloud
– Public cloud
– Hybrid cloud
– Community cloud

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

Refresher: CSRF vs XSS examples
CSRF – a GET request to the bank site transferring $$$ to Mallory:
http://bank.com/transfer.do?to=Mallory&amount=1000 (OWASP)
XSS
– stored – a comment in a post
– reflected – a search keyword displayed in the search results

Bad customer service from Tanita

Written on 7 February 2014, 09:55am

Tagged with: , ,

Here is a short story about Tanita Weightcheckers and how NOT to provide a service:
– in the first days of January 2013 I bought a Tanita BC543 scale. It also came with a companion iOS app where you could save your data
– I used the scale + app on a regular basis (2-3 times/week) to track my measurements and improve my shape
– I also used the web interface (weightcheckers.com) to have a better view of the graphs

– Now comes the ‘fun’ part: starting February 6th 2014, the iOS app is no longer working, the website redirects to an online store for scales, and, worst of all, all the measurement data is gone
tanita wait a moment
– I contacted the customer service via Twitter, the contact form and phone. They confirmed me by phone that all the data is deleted, and the iOS app is gone.
(more…)