Week 12 Review.

Web Services are defined in the reading as “component services that others might use to build bigger service.” An example of this is a service that automatically updates the stock price while you’re reading a Wall Street Journal article about a company. This lead me to the question “what is the difference between a web application and a web service?” So I did a little poking around and it looks like one of the big differences is an application is full service with a user interface and much more robust. A web service is part of a larger presentation on the webpage, like the stock price updater is just a component of the presentation of the story. If you went to the Wall Street Journal stock tracker that would be an application because it has a full interface where you can select stocks, see prices, select different periods of time for the chart and completely customize the experience.

Web services can be attractive for launching attacks because they run through ports that are often kept open so advanced queries can get through a firewall. Web services are also good for reconnaissance and have a number of opportunities for denial of service attacks.

My question for the class would simply be if my above explanation of the difference between an application and service is correct.

News article: Comcast resetting passwords of users whose account credentials were posted online http://www.zdnet.com/article/comcast-resets-passwords-after-login-details-posted-on-dark-web/

590,000 Comcast account credential combinations were released on a dark market website selling access to the accounts in exchange for bitcoin. Comcast says about 1/3 of these are still active accounts. I thought this was of interest because even though Comcast is, and will continue to be, the one who suffers the PR blowback for this, it appears it was a 3^rd party vendor who had the security breach. It reminds us how important it is to have proper controls in place with 3^rd party vendors to ensure security of data because the 3^rd party vendor won’t face near the backlash that the other company receives.