New Security Concerns Raised For Google Docs

TechCrunch is running a story about three possible security issues with Google Docs recently uncovered by researcher Ade Barkah. It turns out that an image embedded into a protected document is given a URL which is not protected, allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document. Barkah also pointed out that once you've shared a document with another person, that person can see diagram revisions from any point before they gained access, forcing you to create a new document if you need to redact something. The last issue, the mechanics of which he disclosed only to Google, affects the document-sharing invitation forwarding system, which can allow somebody access to your documents after you've removed their permissions. Google made a blog post to respond to these concerns, saying that they "do not pose a significant security risk," but are being investigated. We previously discussed a sharing bug in Google Docs that was fixed earlier this month.

Access after you revoked permissions = a copy

[KiloByte]

Eh, retaining access to a copy of the document after the original author revoked permission is certainly not a security issue -- at least, not unless you believe in DRM.

Being able to read future versions, like a reverse of the first bug of the article, would be bad, but the article doesn't suggest this is the case.

Re:Access after you revoked permissions = a copy

[John+Hasler]

> Eh, retaining access to a copy of the document after the original author revoked
> permission is certainly not a security issue -- at least, not unless you believe in DRM.

This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials yet. You revoke his access in hopes of protecting your secrets but the miscreants get at them anyway using this bug.

> Being able to read future versions, like a reverse of the first bug of the article,
> would be bad, but the article doesn't suggest this is the case.

The article does not make it clear whether it is or not. I agree that the bug is much more serious if it is.

Re:Access after you revoked permissions = a copy

[Curunir_wolf]

Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published

This is nonsense. Publishers have control, it's called copyright.

If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.

Is this meant to be a troll? copyright has nothing to do with permission to access. If you give someone a copy of something, copyright means they are not allowed to copy it, not that you can take away their copy at a later time.

I mean, what are you trying to say?

Google's Right

[John+Hasler]

Since nothing on the Web is secure anyway, what's the problem? If it's an important secret keep it off the Web.

Re:Google's Right

[theshowmecanuck]

I was thinking exactly the same thing. You put your stuff on somebody else's machine, in an environment that is by design exposed to the wild, wild Internet, and better yet the server URIs are advertised to the world because it is your hosts business model to advertise where the documents are (who could use them if they couldn't find them)... If people want to trust others with their important documents in that sort of a model, then it is business Darwinianism if critical documentation are leaked. And another thing, who knows if their personnel look through peoples documents for a laugh or just being nosey. Heck, government employees risk getting fired looking up personal data of prominent people when they run for office. If government employees will do that, why wouldn't people in data centres.

Personally, I don't trust any of my documents to others to take care of. I like my stuff behind firewalls and not sitting directly on the on ramp to the Internet (had to get a car metaphor in somewhere). Mind you, I think this type of model will continue at least for a while if not forever, no matter what happens. People growing up now-a-days don't think as much about what personal information they post on the Internet, why would they care if their personal documents are managed by someone else that they don't know (other than a corporate logo).

Re:Google's Right

[tassii]

Then your corporation is an idiot. Nothing on the web is private. At the very least, Google retains the rights to those documents. Anyone who puts their trust in corporate documents to a third party application gets everything they deserve.

Re:It's nothing, Shroedinger's logarithm beats tha

[Enleth]

Just about any other application I checked this with (I recall trying OOo, Excel, KSpread, Gnumeric, python, Matlab [which purposely does not do any floating point error correction when not asked to] and Maxima) got it right, so I'm not really convinced that it's something common and hard to avoid. Well, maybe it is common if not corrected for, but definitely not hard to avoid and unheard of. Besides, other multiplies of 10 up to 10E+20 were fine, as were logarithms for several different bases and sets of values.

Business Security

[StormReaver]

If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.

The only way Google Docs isn't the dumbest thing your business can do is if your business uses the software on your own LAN/VPN, and hosts your own data on the same.

There should be a Darwin Award for businesses, if there isn't already.

Re:Business Security

[RAMMS+EIN]

``If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.''

This is true, but that doesn't mean it's actually a bad idea. The thing you have to ask yourself as a decision maker is: how much control do I have over my own company's computers, how competent are my admins, etc. etc. Then you ask the same questions about a hosted service. And then you make your choice.

If you have competent admins who you trust, the best choice may be to keep everything inside your company. However, it may well be that you don't have and/or cannot afford the necessary hardware and admins. At some point on the spectrum, hosting your documents elsewhere becomes the better choice.

Remember, you never get absolute security. Your documents are at risk when you host them inside your company, and they are at risk when you host them outside your company. Like with all other risks, you have to account for this risk. Eventually, it becomes part of the cost-benefit analysis. And the cost-benefit analysis could swing either way: hosting internally or hosting externally.

I really want to see password protected documents

[AbRASiON]

Yeah I know you need my google account to compromise the document in the first place but that's only one level of security, considering some of the things I have on google docs a second level really would be appreciated.